Data Processing Agreement (DPA)

Fluid Business Solutions Ltd (Fluid), a company registered in England & Wales with company number 09120162 and whose registered office is at Office 9 Dalton House, Windsor Avenue, London SW19 2RR ("Processor").   

Collectively referred to as the "Parties" and each a "Party".   

BACKGROUND   

(A) Customer has entered into a subscription agreement with Processor for the use of the Fluid project management software platform (the "Services").   
(B) In the course of providing the Services, Processor may process certain Personal Data (as defined below) on behalf of Customer. 
(C) This Agreement sets forth the terms and conditions governing the processing of Personal Data by Processor on behalf of Customer.    

1. Definitions 

1.1. "Personal Data" means any information relating to an identified or identifiable natural person that is processed by Processor on behalf of Customer as part of the Services.   

1.2. "Processing" means any operation or set of operations performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.   

2. Processing of Personal Data 

2.1. Processor shall process Personal Data only in accordance with Customer's documented instructions, unless required to do so by applicable law, in which case Processor shall inform Customer of that legal requirement before processing, unless prohibited by law.   
2.2. Customer instructs Processor to process Personal Data for the following purposes:   

(a) to provide the Services in accordance with the subscription agreement; 
(b) to perform any other services agreed upon by the Parties in writing; and 
(c) to comply with other reasonable instructions provided by Customer, where such instructions are consistent with the terms of the subscription agreement.   

3. Confidentiality   

3.1. Processor shall ensure that its personnel engaged in the processing of Personal Data are informed of the confidential nature of the Personal Data and are subject to appropriate confidentiality obligations.   

4. Security   

4.1. Processor shall implement appropriate technical and organisational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data.   

5. Sub-processors 

5.1. Processor shall not engage any sub-processor without the prior written consent of Customer. Where consent is granted, Processor shall enter into a written agreement with the sub-processor containing data protection obligations that are no less protective than those in this Agreement.   

6. Data Subject Rights   

6.1. Processor shall, to the extent legally permissible, promptly notify Customer if it receives a request from a data subject to exercise their rights under applicable data protection laws. Processor shall not respond to such requests without Customer's prior written consent, unless required by law.   

7. Data Breaches   

7.1. Processor shall notify Customer without undue delay upon becoming aware of a personal data breach and shall cooperate with Customer to address such breach in accordance with applicable data protection laws.   

8. Data Retention and Deletion   

8.1. Upon termination of the Services or upon Customer's written request, Processor shall either return or delete all Personal Data, unless retention of the Personal Data is required by applicable law.   

9. Audit   

9.1. Processor shall, upon reasonable notice and at Customer's expense, allow Customer or an independent auditor appointed by Customer to conduct audits, including inspections, to verify Processor's compliance with this Agreement and applicable data protection laws. Processor shall provide Customer with all necessary information and assistance to facilitate such audits.   

9.2. Processor shall promptly address any findings or recommendations resulting from the audit and implement any necessary corrective actions to ensure compliance with this Agreement and applicable data protection laws.   

10. Liability   

10.1. Each Party's liability arising out of or in connection with this Agreement shall be subject to the limitation of liability provisions set forth in the subscription agreement.   

11. General Provisions 

11.1. This Agreement shall remain in effect for as long as Processor processes Personal Data on behalf of Customer.   

11.2. Any amendments to this Agreement must be made in writing and signed by both Parties.   

11.3. In the event of any conflict between the terms of this Agreement and the subscription agreement, the terms of this Agreement shall prevail with respect to the subject matter herein.   

11.4. This Agreement shall be governed by and construed in accordance with the laws of the United Kingdom, without regard to its conflict of laws principles.   

11.5. Any disputes arising out of or in connection with this Agreement shall be subject to the exclusive jurisdiction of the competent courts of the United Kingdom. 

Fluid logo
We provide organisations with a better, easier, and more user friendly way to deliver value, adapt, change, and meet their strategic goals.
© 2024 Fluid. All Rights Reserved.