This is the Data Processing Agreement that applies to data processing carried out by us for a client. Machine Labs Ltd (“the Processor” or “Us”) is a company registered in Scotland number SC585963. You (“the Controller” or “You”) are a client of Machine Labs Ltd who is a data controller and is using our products or services to process data.
This agreement complies with the requirements of the EU General Data Protection Regulations.
Machine Labs Ltd
46 Melville Street
We will use Amazon Web Services, Inc. as a subprocessor. No other subprocessor will be appointed or have any personal data disclosed to unless authorized by you in writing.
Transfers of Personal Data
Personal data will only be transferred based on your specific instructions such as using the integration with MailChimp or other email provider or by using the export facility to generate a dump of all or part of your database.
Machine Labs Ltd will keep all of the personal data confidential. All of our employees have contracts committing themselves to keeping your data confidential.
We will assist you with any audit, including inspections by you or another auditor appointed by you. We require four weeks notice of any audit (unless an identifiable material issue has arisen) and we may charge a fee based on reasonable time and costs for assisting with the audit.
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
- the pseudonymisation and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
Deletion of Personal Data
Provision will be made for the deletion of personal data both through a manual method (a web interface) and an automated method (the API).
It may take up to 30 days for the personal data to be removed from all backup systems.