Data Processing Agreement

Data Processing Agreement

Data Processing Agreement

V1.0 - 06/04/2023

Data Processing Agreement (DPA) Overview

Introduction and Structure

  • This DPA: Integral part of the contract between the Customer and Known Research c/o Green Gourmet Ltd (Known Research).

  • Incorporation by Reference: Terms defined in the primary Agreement apply here.

  • Effective Date: Concurrent with the Agreement’s execution.

Definitions and Interpretation

  • Data Protection Terms: Definitions for key terms align with EU/UK Data Protection Law.

  • Applicable Laws: Encompasses global data protection and privacy laws, especially EU/UK Data Protection Law.

  • Data Categories: Customer Contact Data (per Panelitix’s Privacy Policy) and Video Respondent Personal Data (specific details only).

Roles and Compliance

  • Controller/Processor Roles: Both parties act as controllers for Customer Contact Data. For Video Respondent Personal Data, Customer is the controller; Known Research is the processor.

  • Compliance Obligations: Both parties commit to adhering to applicable data protection laws, using Video Respondent Data solely for market research.

Data Transfer and Protection

  • Restricted Transfers: Governed by Standard Contractual Clauses (SCCs) as per EU and UK GDPR.

  • Application of SCCs: Detailed guidance on SCCs implementation, including clauses on dispute resolution and law governance.

Prohibited Data and Usage

  • Special Category Data: Prohibition on processing sensitive data through Known Research services, except for Video Respondent Personal Data.

  • Purpose Limitation: Video Respondent Personal Data restricted to market research use.

Confidentiality and Security

  • Confidentiality Assurance: Known Research commits to maintaining data confidentiality and implementing robust protection measures.

  • Sub-Processor Regulations: Specific criteria and obligations for engaging sub-processors outlined.

Rights and Compliance Support

  • Data Subject Rights Assistance: Known Research is to aid in responding to rights requests and inquiries.

  • Impact Assessment Support: Commitment to assist in conducting data protection impact assessments.

Incident Management and Data Practices

  • Security Incident Response: Protocol for Known Research's notification and response to security incidents.

  • Data Handling Post-Termination: Instructions for data retention and deletion post-Agreement expiry.

Annexes

  • Processing Details: Annexes describe data processing activities, parties involved, and security measures.

Governance and Jurisdiction

  • Precedence of SCCs: In case of conflict, SCCs take priority.

  • Onward Transfer Conditions: Details on conditions for onward data transfers.

Security and Confidentiality Measures

  • Mandatory Security Practices: Stringent security measures Known Research commits to for data processing.

  • Subprocessing Guidelines: Conditions for Known Research engagement of subprocessors.

Cooperation and Rights Management

  • Assistance with Rights Requests: Procedures for Known Research support in handling data subject rights and regulatory inquiries.

  • Impact Assessment Assistance: Outline of support for data protection impact assessments.

Incident Response and Data Handling Protocols

  • Notification and Mitigation Procedures: Establishes processes for handling and communicating about security incidents.

  • Data Management After Agreement: Specifies obligations for handling data after Agreement termination.

Annexes for Processing Specifics

  • Annex I: Details on data processing specifics including data subjects and categories, nature of processing, and purposes.

  • Annex II: Outlines technical and organisational security measures implemented by Panelitix.

Known Research c/o Green Gourmet Ltd © 2024 - All Rights Reserved.

Known Research c/o Green Gourmet Ltd © 2024 - All Rights Reserved.

Known Research c/o Green Gourmet Ltd © 2024 - All Rights Reserved.