LEGAL

Data Processor

Our Legal Documents

DATA PROCESSING ADDENDUM FOR EEA/UK GDPR

PART A

Let’s clarify the definitions you'll need to know:

“Controller” refers to any entity, be it a person, public office, or group, that independently or collaboratively decides the 'what' and 'how' regarding handling Personal Data.

“Controller-Controller” describes the standardized clauses used for passing personal data between controllers in non-EU countries, as detailed in a European Commission decision from December 27, 2004. These clauses can be updated periodically.

“Controller-Processor” concerns the model contract terms for data transfers to processors outside the EU, specified in a European Commission directive dated February 5, 2010. These terms, too, may be revised or replaced.

“Europe” includes both the European Economic Area, embracing EU member states along with Norway, Iceland, and Liechtenstein, and the UK as of the Effective Date.

“European Data Protection Legislation” encompasses several elements: the GDPR; any relevant national or state-level GDPR implementations within the EEA; the UK-specific version of the GDPR as enacted by UK law; and other pertinent privacy laws applicable within the EEA and UK.

“GDPR” stands for the European Union's General Data Protection Regulation, officially cited as Regulation 2016/679 from April 27, 2016.

“Processor” denotes any party—whether individual, organization, or authority—that acts in data management roles on behalf of a controller.

PART B

EEA/UK CONTROLLER TO PROCESSOR

1. This section pertains when a company like Square Media Ltd is operational within the EEA or UK, or falls under GDPR ambit due to article specifics, especially when related data concerns European individuals. Also, this applies when the company serves as a processor.

2. If this section is relevant, these rules govern Square Media Ltd's handling of any transferred personal data:

2.1 Square Media Ltd will only process the transferred data for its use and its subsidiaries per the instructions they provide, except when law demands otherwise. If this occurs, they will notify the affiliates unless legally restricted.

2.2 Square Media Ltd makes sure that anyone allowed to handle personal data is obliged to maintain confidentiality, under legal or contractual terms.

2.3 Square Media Ltd is committed to imposing technical and organizational defenses to guard the data they manage against potential breaches, meeting the requirements set by Data Protection Laws.

2.4 Subcontracting of data processing obligations is off-limits unless affiliates agree in advance. Any new subcontractor appointment allows affiliates a chance to disagree. If undisputed, the agreement may proceed but will include stringent accountability and responsibility clauses.

2.5 Square Media Ltd will support affiliates' efforts to address data subject requests, using effective methods tailored to the processing nature, fulfilling roles they are bound by under data protection regulations.

2.6 If Square Media Ltd learns about a security breach involving affiliated data, they will notify the affiliate promptly, sharing all relevant details and planned countermeasures.

2.7 Assisting with privacy impact checks and discussions with supervisory bodies is another service Square Media Ltd offers affiliates, complying with GDPR requirements. They will delete or return data as affiliates prefer once they cease processing services for them.

2.8 Upon a genuine request from affiliates, Square Media Ltd will furnish necessary compliance documentation and accommodate audits, subject to confidentiality agreements where necessary.

PART C:

EEA/UK PROCESSOR TO CONTROLLER

This section applies when either the affiliate or Square Media Ltd is a data controller based in Europe, involving data handling as governed by GDPR rules.

  • If Square Media Ltd serves as a data processor, the guidelines outlined in this part won't apply—instead, refer to Part B.
  • Affiliates and Square Media Ltd both manage transferred data as controllers. They must uphold all European Data Privacy Laws faithfully, being transparent with data subjects about how their data is managed and transferred.
  • Should Square Media Ltd opt to employ another entity for data processing duties, they must ensure compliance with European Data Privacy Laws and the outlined addendum regulations.
  • If operating in an area without approved data protection standards, Square Media Ltd and affiliates will accept and implement the specified contractual clauses to manage data transfer processes.
  • SUPPLEMENTAL PROVISIONS FOR EEA/UK: This part of Exhibit A-2 applies whenever the preceding sections are active. Should unforeseen elements affect compliance with European data transfer obligations—for example, changes in legal instruments—both parties will collaborate to promptly resolve such issues.
  • Upon awareness of any government or regulatory requests for data access by an authority, Square Media Ltd will promptly alert the affiliate and adhere to protocols including challenging unauthorized access requests.
  • Should legal constraints prevent Square Media Ltd from notifying the affiliate, they will endeavor to address such restrictions legally.
  • Ensure your business stays on top of GDPR compliance. Dive into how Betsquare safeguards customer information while steering clear of hefty fines, leveraging our specialized advice.
  • DATA HANDLING EEA/UK GDPR ADDENDUM
  • The following definitions are outlined as:
  • A 'Controller' refers to any entity or organization, whether an individual or a body such as a government agency, that determines the reasons and methods for managing Personal Data, alone or with others.