GenERal data protection regulation (gdpr)
WHERE WE STORE YOUR PERSONAL DATA
DATA PROCESSING AGREEMENT
- Ukeuroshops a company registered in England and Wales whose registered office is at 6 Ropley Road, Boscombe East, Bournemouth, Dorset, BH7 6RU, United Kingdom; and
- POR Limited a company registered in Scotland with number 238057 whose registered office is at 9 Royal Crescent, Glasgow, G2 7SP, United Kingdom ("Processor") of Affiliate Links.
- The Controller and the Processor entered into a service provider agreement that requires the Processor to process Personal Data on behalf of the Controller.
- This Agreement is to ensure there is proper arrangements in place relating to personal data passed from the Controller to the Processor.
- This Agreement is compliant with the requirements of Article 28 of the General Data Protection Regulation.
- The parties wish to record their commitments under this Agreement.
- This Data Processing Agreement modifies the agreement between the Parties based on the Processor's Standard Terms for clients available at https://merchants.paidonresults.com/terms
DEFINITIONS AND INTERPRETATION
In this Agreement:
- "Data Protection Laws" means the Data Protection Act 1998, together with successor legislation incorporating GDPR;
- "GDPR" means the General Data Protection Regulation;
- "Services" means the provision of Affiliate Marketing services
- Relevant personal data means personal data that the Processor processes on behalf of the Controller in connection with performing services for or obligations owed to Controller, pursuant to the Agreement;
- Controller, data subject, personal data, personal data breach, processor, processing and sensitive data shall each bear the meanings given to them in the GDPR
The Processor agrees to process the Data for the Controller only in accordance with Data Protection Laws and in particular on the following conditions:
- The Processor shall only process the Data
(1) On instructions from the Controller
(2) Only process the Data for completing the Service
(3) Only process the Data in the UK with no transfer of the Data outside of the UK (Article 28, para 3(a) GDPR);
- Data provided to the Processor for provision of the Service is pseudonymous, non-sensitive, largely technical and not related to behaviour, predictions or evaluations of consumer interest or personalities.
- Ensure that all employees and other representatives accessing the Data are (i) aware of the terms of this Agreement (ii) have received comprehensive training on Data Protection Laws and related good practice, and (iii) are bound by a commitment of confidentiality (Article 28, para 3(b) GDPR);
- The Processor have agreed to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, complying with Article 32 of GDPR
- Taking into account the nature of the processing, assist the Controller by appropriate technical measures, in so far as this is possible, for the fulfilment of the Controllers obligation to respond to requests from individuals exercising their rights laid down in Chapter III of GDPR
- Assist Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of GDPR - security, notification of data breaches, communication of data breaches to individuals, data protection impact assessments and when necessary consultation with the ICO etc, taking into account the nature of processing and the information available to the Processor (Article 28, para 3(f) GDPR);
- Immediately contact the Controller if there is any personal data breach or incident where the Data may have been compromised.
- The Processor has appointed a Data Protection Officer
The Processor shall not involve any third party in the processing of the Data without the consent of the Controller. Such consent may be withheld without reason. If consent is given a further processing agreement will be required (Article 28, para 3(d) GDPR);
CATEGORY OF DATA SUBJECTS
For the provision of the Service to the Controller, the Processor collects data related to Users (which could be Visitors, Members or Subscribers) of the Controller.
The Processor will only process and retain data related to Users who engaged with the Service provided by the Processor
PERSONAL DATA CATEGORIES
The Controller decides which Data to provide to the Processor. Personal Data Categories the Controller may provide are
- Tracking (Device Identifier, IP Address)
- Contact (User Identifier, Email Address)
Processor shall undertake:
- The appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to data transmitted, stored or otherwise processed. Pseudonymization and encryption of relevant personal data where possible;
- Immediately notify Controller of any personal data breach affecting or capable of affecting relevant personal data, and provide the Controller with all co-operation and assistance reasonably requested by the Controller to enable the Controller to notify the personal data breach to the relevant supervisory authority and relevant data subjects (as determined by the Controller)
Following full termination of the provision of the Service to the Controller, the Data Processor will delete all Personal Data in its possession as provided on request, except to the extent the Data Processor is required by Applicable law to retain some or all of the Data (in which case the Data Processor will archive the data and implement reasonable measures to prevent the Data from any further processing). The terms of this Data Processing Agreement will continue to apply to such Data.
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
USES MADE OF THE INFORMATION
We use information held about you in the following ways:
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- To carry out our obligations arising from any contracts entered into between you and us.
- To allow you to participate in interactive features of our service, when you choose to do so.
- To notify you about changes to our service.
We may also use your data, or permit selected third parties to use your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you about these by post or telephone.
If you are an existing customer, we may also contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale to you.
If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this.
If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data.
DISCLOSURE OF YOUR INFORMATION
We may disclose your personal information to any member of our group of companies.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If ukeuroshops or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at .
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
ACCESS TO INFORMATION
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.