1.This policy describes the information we process to support products and features offered by Teachers Global Limited (‘We’, ‘Us’ or ‘Teacheroo’) under the ‘Teacheroo’ brand, which is a limited company registered in England and Wales under company number 13039915 whose registered office is c/o. One New Street, Wells, Somerset BA5 2LA. Our VAT number is 299837618.
1.1. For the purposes of this clause the following defined terms shall have the following meanings:
1.1.1 “Data Protection Law” shall mean (a) the Data Protection Act 1998; or (b) the General Data Protection Regulation ((EU) 2016/679 (“GDPR”), read in conjunction with and subject to any applicable UK national legislation that provides for specifications or restrictions of the GDPR’s rules; or (c) from the date of implementation, any applicable legislation that supersedes or replaces the GDPR in the UK or which applies the operation of the GDPR as if the GDPR were part of UK national law, which may include the Data Protection Act 2018; and
1.1.2 “personal data”, “controller”, “processor”, “data subject”, and “processing” (and other parts of the verb “to process”) shall have the meaning set out in the Data Protection Law.
1.3 Each party shall comply at all times with Data Protection Law and shall not perform its obligations under these Terms in such a way as to cause the other to breach any of its applicable obligations under Data Protection Law.
1.4 In the context of these Terms, you will act as “processor” to Us who will be “controller” with respect to the personal data.
1.5 Where you process personal data shared by Us, with respect to such processing, you shall:
1.5.1 process the personal data only in accordance with these Terms and not otherwise make any use of the personal data for your own purposes;
1.5.2 only permit the personal data to be processed by persons who (i) are bound by enforceable obligations of confidentiality; (ii) who have entered into a third party data processing agreement with the third party and (iii) take steps to ensure such third parties only act on your instructions in relation to the processing;
1.5.3 protect the personal data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure;
1.5.4 remain entitled to appoint third party sub-processors. Where you appoint a third party sub-processor, you shall, with respect to data protection obligations:
(a) ensure that the third party is subject to, and contractually bound by, at least the same obligations as you;
(b) ensure you have entered into a third party data processing agreement with the sub-processor; and
(c) remain fully liable to Us for all acts and omissions of the third party,
and all sub-processors engaged by You as at the effective date of these Terms shall be deemed authorized;
1.5.5 in addition to the sub-processors engaged pursuant to paragraph 22.5.4, be entitled to engage additional or replacement sub-processors, subject to:
(a) the provisions of paragraph 22.5.4(a) to 22.5.4(c) being applied; and
(b) you notifying Us of the additional or replacement sub-processor,
and where We object to the additional or replacement sub-processor, the parties shall discuss the objection in good faith;
1.5.6 promptly alert and inform Us of any personal data breach suffered by You or by any third parties to which personal data has been transferred and provide all necessary information, co-operation and assistance to enable Us to comply with Our obligations under Data Protection Law and to reduce the impact of the incident on Our business operations and reputation;
1.5.7 at Our cost and not more than once in any 12 month period, permit Us (subject to reasonable and appropriate confidentiality undertakings and notice to you), to inspect and audit Your data processing activities to enable Us to verify and/or procure that You are complying with your obligations under this clause 22;
1.5.8 on Our reasonable request and at Our cost, assist Us to respond to requests from data subjects who are exercising their rights under the Data Protection Law;
1.5.9 on Our reasonable request and at Our cost, assist Us to comply with Our obligations under the Data Protection Law in relation to (a) notifying a supervisory authority that We have suffered a personal data breach; (b) communicating a personal data breach to an affected individual; (c) carrying out an impact assessment; and (d) where required under an impact assessment, engaging in prior consultation with a supervisory authority; and
1.5.10 unless applicable law requires otherwise, upon termination of these Terms at Our option, and unless you have a valid and lawful basis under the Data Protection Law for continuing to hold and process personal data provided by Us, (a) delete all such personal data permanently, safely and securely and provide Us with a certificate of destruction; and/or (b) return to Us all such personal data and any other information provided by Us to You; and (c) cease to process the personal data.
1.5.11 notify us promptly within 24 hours in the event that there has been or may have been a personal data breach so that We can assess the impact of that breach and whether this needs to be notified to the Information Commissioners Office within 72 hours of the breach occurring.
1.5.12 you shall indemnify and hold Us harmless on demand for any loss, damage, liabilities, penalties, expenses or fines incurred (whether foreseeable or unforeseeable or direct or indirect) as a result of you breaching your obligations under this clause 22 (Data Processing).