About Jigsaw Adoption

This document sets out the terms on which a recipient of personal data (the “Data Recipient”) from Jigsaw Adoption Ltd, a company registered in England under number 9172398, whose registered office is at 12 the Broadway, Amersham, Buckinghamshire, HP7 0HP (the “Company”) shall process such personal data.

 

In this document, “Data Protection Legislation” means 1) unless and until EU Regulation 2016/679 General Data Protection Regulation (“GDPR”) is no longer directly applicable in the UK, the GDPR and any national implementing laws, regulations, and secondary legislation (as amended from time to time), in the UK and subsequently 2) any legislation which succeeds the GDPR.

 

Data Processing

1.   In this Document, “personal data”, “data subject”, “data controller”, “data processor”, and “personal data breach” shall have the meaning defined in Article 4, GDPR.

2.   The Parties hereby agree that they shall both comply with all applicable data protection requirements set out in the Data Protection Legislation. This Document shall not relieve either Party of any obligations set out in the Data Protection Legislation and does not remove or replace any of those obligations.

3.   For the purposes of the Data Protection Legislation and for this Document, the Company is the “Data Controller” and the Data Recipient is the “Data Processor”.

4.   The type(s) of personal data, the scope, nature and purpose of the processing, are set out in the Data Controllers Data Protection Policy which is available on the Data Controller’s website.

5.   The Data Controller shall ensure that it has in place all necessary consents and notices required to enable the lawful transfer of personal data to the Data Processor for the purposes described in this Agreement.

6.   The Data Processor shall, with respect to any personal data processed by it in relation to its performance of any of its obligations under this Agreement:

6.1          Process the personal data only on the instructions of the Data Controller unless the Data Processor is otherwise required to process such personal data by law. The Data Processor shall promptly notify the Data Controller of such processing unless prohibited from doing so by law.

6.2          Ensure that it has in place suitable technical and organisational measures to protect the personal data from unauthorised or unlawful processing, accidental loss, damage or destruction. Such measures shall be proportionate to the potential harm resulting from such events, taking into account the current state of the art in technology and the cost of implementing those measures.

6.3          Ensure that any and all staff with access to the personal data (whether for processing purposes or otherwise) are contractually obliged to keep that personal data confidential; and

6.4          Not transfer any personal data outside of the European Economic Area without the prior consent of the Data Controller and only if the following conditions are satisfied:

6.4.1        The Data Controller and/or the Data Processor has/have provided suitable safeguards for the transfer of personal data;

6.4.2        Affected data subjects have enforceable rights and effective legal remedies;

6.4.3        The Data Processor complies with its obligations under the Data Protection Legislation, providing an adequate level of protection to any and all personal data so transferred; and

6.4.4        The Data Processor complies with all reasonable instructions given in advance by the Data Controller with respect to the processing of the personal data.

6.5          Assist the Data Controller at the Data Controller’s cost, in responding to any and all requests from data subjects in ensuring its compliance with the Data Protection Legislation with respect to security, breach notifications, impact assessments, and consultations with supervisory authorities or regulators (including, but not limited to, the Information Commissioner’s Office);

6.6          Notify the Data Controller without undue delay of a personal data breach;

6.7          On the Data Controller’s written instruction, delete (or otherwise dispose of) or return all personal data and any and all copies thereof to the Data Controller on termination of this Agreement unless it is required to retain any of the personal data by law; and

6.8          Maintain complete and accurate records of all processing activities and technical and organisational measures implemented necessary to demonstrate compliance with this Document and to allow for audits by the Data Controller and/or any party designated by the Data Controller.

7.   The Data Processor shall not sub-contract any of its obligations with respect to the processing of personal data under this Document.

 

 

 

Read more

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive cookies. To find out more about the cookies we use and how to delete them, see our privacy policy.

  I accept cookies from this site.