This is the Data Processing Agreement that applies to data processing carried out by us for a client. Machine Labs Ltd (“the Processor” or “Us”) is a company registered in Scotland number SC585963 with a registered office at the address shown below. You (“the Controller” or “You”) are a client of Machine Labs Ltd and are the data controller who is using our products or services to process data.
This agreement complies with the requirements of the EU General Data Protection Regulations.
Contact Details and Registered Office
Machine Labs Ltd
2 Rennie Square
Brucefield Industrial Estate
We will use Amazon Web Services, Inc. as a subprocessor. No other subprocessor will be appointed or have any personal data disclosed to unless authorized by you in writing.
Transfers of Personal Data
Personal data will only be transferred based on your specific instructions such as using the integration with MailChimp or other email provider or by using the export facility to generate a dump of all or part of your database.
Machine Labs Ltd will keep all of the personal data confidential. All of our employees have contracts committing themselves to keeping your data confidential.
Data Subject Rights
We will assist you with responding to requests from your customers or data subjects under any data protection law.
We will promptly notify you of any requests we receive from your data subjects in respect of data we are processing. We will not respond to these requests other than acknowledgement without your written instructions unless we are required to by law.
Deletion of Personal Data
Provision will be made for the deletion of personal data both through a manual method (a web interface) and an automated method (the API).
It may take up to 30 days for the personal data to be removed from all backup systems.
We will assist you with any audit, including inspections by you or another auditor appointed by you. We require four weeks notice of any audit (unless an identifiable material issue has arisen) and we may charge a fee based on reasonable time and costs for assisting with the audit.
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including as appropriate:
- the pseudonymization and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
Personal Data Breach
We will notify you as soon as possible if we become aware of a data breach affecting personal data. We will provide sufficient information to allow you to meet any obligations to inform data subjects of the data breach.
This agreement is governed by Scots Law.
This document is also available as a PDF if you need a signed hardcopy: