This Data Protection Addendum ("Addendum") forms part of the agreement between Vortex IQ Limited ("Data Processor") and the Customer ("Data Controller") concerning the processing of personal data under applicable data protection laws, including the UK GDPR and the Data Protection Act 2018.
Vortex IQ shall process Personal Data only on documented instructions from the Data Controller, including with regard to transfers of Personal Data to a third country or an international organisation, unless required to do so by law.
Personal Data will be processed solely for the purpose of providing the services agreed under the main agreement.
Vortex IQ shall implement appropriate technical and organisational measures to protect Personal Data against unauthorised or unlawful processing, accidental loss, destruction, or damage, in line with industry best practices and the security standards of Amazon Web Services (AWS).
Vortex IQ may engage sub-processors, including AWS, for the provision of services. Vortex IQ shall ensure that sub-processors are bound by data protection obligations consistent with this Addendum.
Vortex IQ shall assist the Data Controller in responding to requests from data subjects exercising their rights under applicable data protection laws.
Vortex IQ shall notify the Data Controller without undue delay upon becoming aware of any personal data breach affecting the Data Controller’s Personal Data.
Vortex IQ shall ensure that any transfer of Personal Data outside the UK or European Economic Area (EEA) complies with applicable data protection laws, including using appropriate safeguards such as Standard Contractual Clauses.
Upon termination or expiry of the agreement, Vortex IQ shall, at the choice of the Data Controller, delete or return all Personal Data processed on behalf of the Data Controller, unless retention is required by law.
The Data Controller shall have the right to audit Vortex IQ’s compliance with this Addendum upon reasonable notice and during normal business hours.