AUTOCHECK DATA PROCESSING AGREEMENT
CONTRACT DETAILS
PROCESSOR
- Company Name and Company Number: Geminii Software Limited (Company Number: 11085282)
- Address: 453 Carr Place, Preston, PR5 8AU
- Email: admin@geminii.uk
CUSTOMER
- Customers of Geminii Software (Autocheck)
Each party shall be referred to as a “Party” or, collectively, the “Parties.”
PROCESSING DETAILS
Purpose
For the purpose of the Processor providing software, maintaining that software, and supporting customers in using that software.
Scope and Nature of the Processing
The Processor will process personal data on behalf of the Controller for the following purposes:
- Authentication: Allocating, distributing, and managing user access to Autocheck products and services.
- Support: Providing third-line support for the Controller.
- Audit: Enabling real-time data access and usage tracking.
- Licensing: Providing access to billing and licensing information.
The lawful basis for processing is determined by the Controller, with potential reliance on GDPR Article 9(2)(h) and GDPR Article 6(1)(e) (public interest).
Categories of Data Subjects
- Customers
- Users
- Vehicles
- Parts
- Product Groups
Categories of Personal Data
- Name
- Address
- Email address
- Marketing preferences
- Location information
- IP addresses
- Vehicle data
Duration of Processing
For the duration that the Processor provides services to the Customer, or as long as necessary to fulfil the Purpose.
BACKGROUND
The Processor is providing services to the Customer where processing of Customer Personal Data is required to fulfil the Purpose (as defined in the Contract Details). This Agreement sets out the terms under which the Processor will process Customer Personal Data in compliance with Data Protection Laws.
1. DEFINITIONS AND INTERPRETATION
1.1 Definitions
- Agreement: This Data Processing Agreement, including the Contract Details and any attached Schedules.
- Customer Personal Data: Personal data processed by the Processor on behalf of the Customer, as detailed in the Contract Details.
- Contract Details: The agreed terms between the Parties outlined in this document.
- Data Protection Laws: All applicable data protection and privacy legislation in the UK, including:
- The UK GDPR as defined in Section 3(10) of the Data Protection Act 2018.
- The Data Protection Act 2018.
- The Privacy and Electronic Communications Regulations 2003 (SI 2003/2426).
- Data Controller, Data Processor, Data Subject, Personal Data, Processing: As defined in the UK GDPR.
- Duration of Processing: The period during which the Processor processes Customer Personal Data, as specified in the Contract Details.
- DP Regulator: The Information Commissioner’s Office (ICO) or any relevant supervisory authority.
- Personal Data Breach: A breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
- Sub-Processor: Any third party engaged by the Processor to carry out processing activities on behalf of the Customer.
1.2 Interpretation
- References to statutes include amendments, replacements, or re-enactments.
- “Writing” or “written” includes email.
- Clause headings do not affect interpretation.
2. DATA PROTECTION ROLES AND RELATIONSHIP
2.1 The Customer is the Data Controller, and the Processor is the Data Processor of Customer Personal Data.
2.2 Both Parties will comply with all applicable Data Protection Laws. This Agreement does not relieve either Party of its obligations under these laws.
3. DATA PROCESSING OBLIGATIONS
3.1 Record-Keeping:
Each Party will maintain records of data processing activities as required by Data Protection Laws.
3.2 Processor Responsibilities:
The Processor shall:
- 3.2.1 Process Customer Personal Data only according to documented instructions from the Customer.
- 3.2.2 Implement appropriate security measures, including:
- Data encryption and pseudonymisation.
- Ensuring confidentiality, integrity, and resilience of systems.
- Timely data restoration capabilities.
- Regular testing and evaluation of security measures.
- 3.2.3 Maintain confidentiality and ensure authorised personnel commit to confidentiality obligations.
- 3.2.4 Assist the Customer with data subject requests and compliance obligations (costs borne by the Customer).
- 3.2.5 Notify the Customer within 48 hours of any Personal Data Breach and provide necessary information for reporting to regulators or affected data subjects.
3.3 If the Processor is required by law to process data beyond the Customer’s instructions, it will notify the Customer unless prohibited by law.
4. SUB-PROCESSORS
The Customer authorises the Processor to appoint Sub-Processors, provided that:
- Sub-Processors comply with Data Protection Laws.
- The Processor remains responsible for their actions.
- The Customer is informed of changes to Sub-Processors and can object if necessary.
5. INTERNATIONAL TRANSFERS
The Processor may transfer Customer Personal Data outside the UK or EEA, ensuring all transfers comply with Data Protection Laws and appropriate safeguards are in place.
6. LIABILITY
6.1 Neither Party limits liability for:
- Personal injury or death due to negligence.
- Fraud or fraudulent misrepresentation.
6.2 Total liability for breaches of this Agreement is limited to £50,000.
7. AUDIT
7.1 The Processor will maintain records of processing activities and make them available to the Customer upon request.
7.2 The Customer may audit the Processor’s compliance with this Agreement, with 30 days’ notice, ensuring minimal disruption to the Processor’s operations.
8. TERMINATION AND DATA RETURN/DELETION
8.1 This Agreement remains in effect for the Duration of Processing.
8.2 Upon termination, the Processor will delete or return Customer Personal Data within 30 days, unless retention is required by law.
9. INDEMNITY
The Processor’s liability for indemnity claims is capped at £50,000 or the amount paid by the Customer under the agreement in the past 12 months, whichever is lower.
10. GENERAL
- Costs: Each Party bears its own legal costs.
- Governing Law: This Agreement is governed by English law, with disputes resolved in English courts.