V1.0 - 06/04/2023
Data Processing Agreement (DPA) Overview
Introduction and Structure
This DPA: Integral part of the contract between the Customer and Known Research c/o Green Gourmet Ltd (Known Research).
Incorporation by Reference: Terms defined in the primary Agreement apply here.
Effective Date: Concurrent with the Agreement’s execution.
Definitions and Interpretation
Data Protection Terms: Definitions for key terms align with EU/UK Data Protection Law.
Applicable Laws: Encompasses global data protection and privacy laws, especially EU/UK Data Protection Law.
Data Categories: Customer Contact Data (per Panelitix’s Privacy Policy) and Video Respondent Personal Data (specific details only).
Roles and Compliance
Controller/Processor Roles: Both parties act as controllers for Customer Contact Data. For Video Respondent Personal Data, Customer is the controller; Known Research is the processor.
Compliance Obligations: Both parties commit to adhering to applicable data protection laws, using Video Respondent Data solely for market research.
Data Transfer and Protection
Restricted Transfers: Governed by Standard Contractual Clauses (SCCs) as per EU and UK GDPR.
Application of SCCs: Detailed guidance on SCCs implementation, including clauses on dispute resolution and law governance.
Prohibited Data and Usage
Special Category Data: Prohibition on processing sensitive data through Known Research services, except for Video Respondent Personal Data.
Purpose Limitation: Video Respondent Personal Data restricted to market research use.
Confidentiality and Security
Confidentiality Assurance: Known Research commits to maintaining data confidentiality and implementing robust protection measures.
Sub-Processor Regulations: Specific criteria and obligations for engaging sub-processors outlined.
Rights and Compliance Support
Data Subject Rights Assistance: Known Research is to aid in responding to rights requests and inquiries.
Impact Assessment Support: Commitment to assist in conducting data protection impact assessments.
Incident Management and Data Practices
Security Incident Response: Protocol for Known Research's notification and response to security incidents.
Data Handling Post-Termination: Instructions for data retention and deletion post-Agreement expiry.
Annexes
Processing Details: Annexes describe data processing activities, parties involved, and security measures.
Governance and Jurisdiction
Precedence of SCCs: In case of conflict, SCCs take priority.
Onward Transfer Conditions: Details on conditions for onward data transfers.
Security and Confidentiality Measures
Mandatory Security Practices: Stringent security measures Known Research commits to for data processing.
Subprocessing Guidelines: Conditions for Known Research engagement of subprocessors.
Cooperation and Rights Management
Assistance with Rights Requests: Procedures for Known Research support in handling data subject rights and regulatory inquiries.
Impact Assessment Assistance: Outline of support for data protection impact assessments.
Incident Response and Data Handling Protocols
Notification and Mitigation Procedures: Establishes processes for handling and communicating about security incidents.
Data Management After Agreement: Specifies obligations for handling data after Agreement termination.
Annexes for Processing Specifics
Annex I: Details on data processing specifics including data subjects and categories, nature of processing, and purposes.
Annex II: Outlines technical and organisational security measures implemented by Panelitix.