Data Processing Agreement
SocialCommand Media
1/7/24 UPDATED
Preamble
This Agreement outlines the data protection responsibilities of the contractual parties, stemming from the defined processing activities where personal data belonging to the Controller is processed by SocialCommand Media in adherence to the General Data Protection Regulations (“GDPR”).
• “Controller” shall have the same meaning as set out in article 4(7) of the GDPR.
• “Personal data” shall have the same meaning as set out in article 4(1) of the GDPR.
• “Processing” shall have the same meaning as set out in article 4(2) of the GDPR.
• “Processor” shall have the same meaning as set out in article 4(8) of the GDPR.
Products:
• Dedicated Server, Dedicated Hosting, Cloud Server, Virtual Private Server (VPS), Dynamic Cloud Server, Virtual Server, Managed Cloud, Private Cloud, Cloud Backup
• Web Hosting, WordPress Hosting, MyWebsite Now, MyWebsite Creator, MyWebsite Essential, MyWebsite, MyWebsite eCommerce, MyWebsite Now eCommerce, Social Buy Button, Shoplement, eShop, Website Design Service
• Email Marketing, HiDrive Cloud Storage, Managed Nextcloud, Mail Basic, Mail Business, Hosted Microsoft Exchange, Email Archiving, MyBackup
1. Duration of the Processing on Behalf of the Controller
The term of this Agreement shall persist for the duration of the provision of the services.
2. Area of Application and Responsibility
2.1. In delivering the services, the Controller may opt to store the Controller’s customer personal data (“personal data”) at the Controller’s own risk, on the platforms and data centers of SocialCommand Media. The only processing activities that may be performed by SocialCommand Media are the storage of such personal data and any backups to ensure continuity of service and disaster recovery. These backups are solely for the aforementioned purposes and shall not be available to the Controller.
2.2. The Controller shall bear sole responsibility for complying with the legal provisions of applicable data protection laws concerning such personal data, particularly the lawfulness of the data processing (“Controller” as defined under the GDPR).
3. Obligations of the Provider
3.1. To the extent that SocialCommand Media shall be considered a processor of the Controller’s customer personal data.
3.2. Any additional processing of personal data shall only occur following the Controller’s instructions, unless an exception applies as defined in the GDPR. SocialCommand Media shall promptly inform the Controller if it believes that an instruction from the Controller violates applicable laws. In such cases, SocialCommand Media reserves the right to refuse the Controller’s instructions.
3.3. SocialCommand Media shall implement technical and organizational measures to protect the Controller’s customer data and ensure the confidentiality, integrity, availability, and capacity of the systems and services. SocialCommand Media is obliged, in accordance with the GDPR, to implement a procedure for regularly reviewing the technical and organizational measures designed to ensure the security of the processing.
3.4. SocialCommand Media reserves the right to alter the agreed security measures, provided that any such amendments ensure that the agreed level of protection is not materially diminished.
3.5. SocialCommand Media agrees to reasonably assist the Controller concerning any requests and claims in accordance with the GDPR.
3.6. SocialCommand Media shall ensure that employees, subcontractors, and affiliates involved in processing the Controller’s data act in accordance with this Agreement.
3.7. SocialCommand Media shall inform the Controller promptly if it becomes aware of any breaches affecting the Controller’s personal data.
3.8. SocialCommand Media shall, once notified in writing, inform the Controller of any request for disclosure of personal data by authorities, unless expressly prohibited under applicable laws.
3.9. The Controller may contact the Data Protection Officer by sending an email to privacynotice@socialcommandmedia.com.
3.10. Upon termination of services, all customer data, personal or otherwise, shall be deleted (including the pseudonymization of data) within an appropriate timeframe, in accordance with applicable laws.
3.11. In the event of a claim against the Controller regarding any of the rights defined under the GDPR, SocialCommand Media shall provide reasonable assistance to the Controller to avert any such claim.
4. Obligations of Controller and Notification Obligations, Amendments, and Jurisdiction
4.1. The Controller shall promptly inform SocialCommand Media of any issues regarding data protection laws.
4.2. The Controller acknowledges that SocialCommand Media will ensure reasonable security and organizational measures to protect their personal data. The Controller also agrees to undertake similar security measures to ensure the protection of their personal data hosted on the SocialCommand Media platforms and data centers.
4.3. In the event of a claim against the Controller regarding any of the rights defined under the GDPR, this Agreement shall apply accordingly.
4.4. The Controller acknowledges and agrees that SocialCommand Media has no knowledge of the retained personal data or how such personal data shall be utilized and therefore, no awareness of how such personal data shall be processed, other than as stated in clause 2.1 above.
4.5. It is the Controller’s duty to ensure that appropriate backups are retained concerning the personal data described in this Agreement.
4.6. In the event SocialCommand Media receives a request for correction, deletion, or information, SocialCommand Media shall refer such requests to the Controller, provided that the Controller may be identified. SocialCommand Media shall provide reasonable assistance to the Controller. SocialCommand Media shall not be liable in the event the request is not answered at all, not answered correctly, or not answered promptly by the Controller.
4.7. In the event the personal data of the Controller is located within the SocialCommand Media data centers and suffers the risk of seizure by insolvency proceedings, law enforcement, or any other such event, SocialCommand Media shall notify the Controller promptly, if permissible by law. SocialCommand Media shall promptly inform all entities involved in the matter that the ownership and control of the data lie exclusively with the Controller, as defined in the GDPR.
4.8. Changes or additions to this Agreement may be amended at any time.
4.9. Should any conflicts arise, the provisions of this Agreement shall take precedence over the provisions of any other agreement or terms. Should any clause of this Agreement be found invalid, this shall not affect the validity of the rest of this Agreement.
4.10. The laws of England and Wales shall apply.
4.11. This Agreement supersedes all previous agreements or terms concerning this subject.
5. Subcontracting
5.1. SocialCommand Media may engage subcontractors to process personal data on behalf of the Controller. Any subcontractor engaged must comply with the same data protection obligations as set out in this Agreement and as required under the GDPR.
5.2. SocialCommand Media shall inform the Controller of any intended changes concerning the addition or replacement of subcontractors, giving the Controller the opportunity to object to such changes.
5.3. SocialCommand Media remains fully liable to the Controller for the performance of the subcontractor’s obligations.
6. Audit Rights
6.1. The Controller has the right to audit SocialCommand Media’s compliance with the terms of this Agreement and the GDPR.
6.2. Audits may be conducted by the Controller or an independent auditor chosen by the Controller. Audits must be reasonable in scope and duration and conducted at a mutually agreed time.
6.3. SocialCommand Media agrees to provide the Controller with all necessary information to demonstrate compliance with the obligations laid out in this Agreement.
7. Data Breach Notification
7.1. SocialCommand Media shall promptly inform the Controller of any data breaches involving the Controller’s personal data.
7.2. The notification shall include a description of the nature of the breach, the categories and approximate number of data subjects concerned, the categories and approximate number of personal data records concerned, and the measures taken or proposed to be taken by SocialCommand Media to address the breach.
8. International Data Transfers
8.1. SocialCommand Media shall not transfer personal data to a third country or international organization without the Controller’s prior written consent, except where required by applicable law.
8.2. Any such transfer shall comply with the provisions of Chapter V of the GDPR to ensure an adequate level of data protection.
9. Liability and Indemnity
9.1. SocialCommand Media shall be liable for any damages arising from a breach of this Agreement or the GDPR to the extent such damages result from its negligence or willful misconduct.
9.2. The Controller agrees to indemnify and hold harmless SocialCommand Media against all claims, actions, third-party claims, losses, damages, and expenses arising from any breach of this Agreement or applicable data protection laws by the Controller.
10. Amendments and Modifications
10.1. Any amendments or modifications to this Agreement must be in writing and signed by both parties to be effective.
10.2. SocialCommand Media reserves the right to update this Agreement to reflect changes in applicable laws or data protection practices. The Controller will be notified of any such updates in writing.
11. Governing Law and Jurisdiction
11.1. This Agreement shall be governed by and construed in accordance with the laws of the jurisdiction in which SocialCommand Media is established.
11.2. Any disputes arising from or in connection with this Agreement shall be subject to the exclusive jurisdiction of the courts of that jurisdiction.
12. Miscellaneous
12.1. If any provision of this Agreement is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.
12.2. This Agreement constitutes the entire understanding between the parties concerning its subject matter and supersedes all prior agreements, understandings, or representations.
