Data Processing Addendum

This GDPR Data Processing Addendum (“DPA”) forms part of the agreement entered into by and between the customer and Wizbit Internet Services Ltd (“Wizbit”). The purpose of this DPA is to reflect the parties’ agreement with regard to the processing of personal data in accordance with the requirements of data protection legislation as defined below.

In the course of providing services to the customer, Wizbit may process personal data on behalf of the customer. Wizbit agrees that it will comply with the following provisions with respect to any personal data provided by the customer.

1. Definitions

In this DPA, “Data Protection Legislation” means European Directives 95/46/EC and 2002/58/EC (as amended by Directive 2009/136/EC) and any legislation and/or regulation implementing or made pursuant to them, or which amends, replaces, re-enacts or consolidates any of them (including the General Data Protection Regulation (Regulation (EU) 2016/279)), and all other applicable laws relating to processing of personal data and privacy that may exist in any relevant jurisdiction.

“data controller”, “data processor”, “data subject”, “personal data”, “processing”, and “appropriate technical and organisational measures” shall be interpreted in accordance with applicable Data Protection Legislation.

“the services” shall mean any and all services requested by the customer and provided to the customer by Wizbit.

2. Categories of Data Subjects

This DPA applies to the processing of personal data relating to the customer’s clients, customers, suppliers, business partners and other end users, the extent of which is determined and controlled by the customer in its sole discretion.

3. Types of Personal Data

The type of personal data processed is determined and controlled by the customer in its sole discretion.

4. Processing of Personal Data

4.1 The parties agree that customer is the data controller and that Wizbit is its data processor in relation to personal data that is processed in the course of providing the services. The customer shall comply at all times with Data Protection Legislation in respect of all personal data it provides to Wizbit.

4.2 Wizbit will process personal data only in accordance with the written instructions of the customer. Wizbit is hereby instructed to process personal data to the extent necessary to provide the services.

4.3 Wizbit and the customer will each comply with their obligations under applicable Data Protection Legislation. The customer will comply with all applicable Data Protection Legislation when issuing any instructions to Wizbit, and will ensure that the customer has obtained all consents and rights necessary for Wizbit to process personal data as instructed.

4.4 Wizbit shall notify the customer without undue delay if, in Wizbit’s opinion, an instruction given by the customer infringes data protection legislation.

4.5 Wizbit shall implement and maintain technical and organisational measures to protect the personal data against unauthorised or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful processing, accidental loss, destruction, damage or theft of the personal data, having regard to the nature of the personal data which is to be protected.

4.6 Wizbit shall ensure that all Wizbit employees required to access personal data are informed of the confidential nature of the personal data and comply with the obligations set out in this DPA.

4.7 Wizbit shall maintain a written record of all categories of processing activities carried out on behalf of a client in accordance with application data protection legislation.

4.8 Wizbit has not appointed a data protection officer. Any enquiries relating to GDPR or other data protection legislation should be addressed to dataprotection@wizbit.net.

5. Data Subject Rights

5.1 Wizbit shall correct, delete, or otherwise process personal data and take any other measures in relation to requests from data subjects exercising their rights under application data protection legislation only in accordance with and subject to the written instructions of the customer. Wizbit shall promptly provide any required information and use its best endeavours to assist the customer in dealing with data subject requests.

5.2 The customer shall be solely responsible for dealing with data subject requests. Wizbit shall promptly notify the customer of any data subject requests or other enquiries relating to this DPA without responding directly to such requests unless.

6. Sub-processors

The customer authorises Wizbit to engage sub-processors to perform specific services on Wizbit’s behalf which may require sub-processors to process personal data. Any sub-processors to whom Wizbit transfers personal data will have entered into written agreements with Wizbit requiring that the sub-processor abide by terms substantially similar to this DPA. A list of sub-processors can be found on Flipr’s website on the Data Subprocessors page. If Wizbit engages a sub-processor to process any personal data, it will update the list of sub-processors on its website. If the customer requires prior notification of any updates to the list of sub-processors, it can request such notification by emailing dataprotection@wizbit.net. If the customer objects to any change to the list of sub-processors and the parties are unable to resolve such objection, either party may terminate the services by providing written notice to the other party.

7. Inspection and Audit

7.1 Wizbit shall make available to the client on request all information necessary to demonstrate compliance with this DPA and shall allow for and contribute to audits in relation to the processing of personal data, including inspections of any Wizbit facilities where data processing is carried out, by the customer or by an auditor acting on the customer’s behalf, to the extent required by applicable law.

7.2 The customer shall give Wizbit at least four weeks’ notice of any audit or inspection.

8. Security Breachs

8.1 Wizbit will notify the customer as soon as practicable after it becomes aware of any personal data breach affecting

8.2 In the event that Wizbit is required by law to notify a data security breach to a supervisory authority, the data subjects, or any other third parties, Wizbit shall to the extent permitted by law and reasonably possible liaise with the customer prior to making such a notification. The parties shall use their best efforts to agree on a joint approach to prevent any contradicting or inconclusive notifications. This includes providing each other with the details of any notification and the date and time on which notification will be made.

8.3 In the event of a data breach, Wizbit shall promptly take any reasonably practical measures to restore the confidentiality, integrity and availability of the personal data and to mitigate the risk of harm or any detrimental consequences for the data subjects affected.

9. Return and Deletion

9.1 Upon termination of the services Wizbit shall, at the customer’s request, securely return and/or delete all personal data to the customer.

9.2 Wizbit may retain personal data only to the extent required by law, and only for such period as required by law.