YOMDEL DATA PROTECTION – ADDENDUM TO THE YOMDEL TERMS OF SERVICE
Last update: 3rd August 2021
1. DEFINITIONS
a. Personal Data
Any personal information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
b. Data Subject
Any person whose personal data is being collected, held or processed.
c. "Data Protection Legislation" means all applicable data protection and privacy legislation in force from time to time in the UK including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act of 2018 (“the UK GDPR”); the Data Protection Act 2018 (and regulations made thereunder) (“DPA 2018”); the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended; (all as amended, updated or re-enacted from time to time).
d. “Sub-Processor” means any person appointed by or on behalf of Yomdel to process Personal Data on behalf of the Client in connection with the delivery of services as described in the Terms of Service.
e. Restricted Transfer
Means the transfer of Personal Data collected and processed on behalf of the Client, including to Sub-Processors based outside the UK.
f. Assignment
Means any service that the Client has commissioned Yomdel to undertake through a Yomdel Service Agreement or Product Order.
g. Assessor
Means the Sub-Processor appointed by Yomdel to conduct the fieldwork for a mystery shopping Assignment.
h. Processing
The Processing is as described in the Service Agreement or Product Order relating to the product or service purchased.
2. PERSONAL DATA AND GDPR
a. The Parties acknowledge and agree that to the extent that Yomdel processes Personal Data in providing services to the Client that the Client acts as Data Controller and Yomdel acts as its Data Processor.
b. Unless otherwise agreed, all Personal Data collected from visitors to a Client website in the course of live chat engagement remains the exclusive property of the Client.
c. Unless otherwise agreed, all data not classified as Personal Data remains the property of Yomdel.
d. Any Personal Data collected by Yomdel shall be held in accordance with Data Protection Legislation.
e. Yomdel agrees to work with the Client to ensure compliance with Data Protection Legislation. The Client agrees that it is their sole responsible for establishing a lawful basis for and otherwise complying with its legal obligations in respect of the Processing.
f. Yomdel agrees to allow for the audit of our processes and procedures in compliance with Data Protection Legislation, provided that:
• except in the event of an emergency, the Client gives Yomdel not less than 30 days’ prior written notice of its intention to audit and shall not be exercised more than once each year;
• neither the Client nor its auditor will thereby be entitled to access to any data of any other Yomdel customer, or direct access to any of Yomdel’s systems, unless specifically ordered otherwise by a supervisory authority of competent jurisdiction;
• any and all information thereby coming into the possession of the Client or its auditor will be the confidential information of Yomdel;
• the Client reimburses Yomdel for any costs reasonably incurred, including for its personnel’s time and uses all reasonable efforts to avoid disruption to Yomdel’s business or operations.
g. Yomdel taking into account the nature of the processing and the information available to Yomdel, and at the Client’s cost, provide the Client with such information that the Client requires in order to comply with its obligations under relevant parts of the Data Protection Legislation, in each case provided that such information has not already been provided to the Client by Yomdel.
h. Yomdel agrees to notify the Client if, in its opinion, any instruction given by the Client breaches Data Protection Legislation, but without assuming any liability for that opinion.
i. Yomdel ensures that all persons with access to the Personal Data are subject to an obligation of confidentiality or are under an appropriate statutory obligation of confidentiality.
3. DATA SUBJECTS
a. The data subjects that Yomdel will handle on behalf of the Client can be categorised as:
i. Live chat and related services: customers, both current and potential customers or Leads as defined in the Terms of Service.
ii. Mystery shopping: A person or persons for whom data/insight is collected as a result of conducting a mystery shopping Assignment.
4. PROCESSING AND SECURITY
a. Yomdel agrees to ensure all data processed by Yomdel or its sub-processors follows the principles of a restricted transfer and is handled in accordance with the requirements put in place by the Data Protection Legislation for the processing of Personal Data outside the UK.
b. The Client agrees that for Yomdel to fulfil the contract performance, Personal Data may be processed outside the UK for legitimate interests in completing the terms of service as set out in this document.
c. Yomdel will process data only as instructed by the Client. In most cases this is the processing of personal information for the generation of leads, customer service, mystery shopping and other services described in the General Services section of the Terms of Service, Service Agreement or Product Order. Any additional requirements must be provided in writing and agreed by Yomdel.
d. The Client, as data controller, agrees to use the Personal Data only for the reason it was collected. It is the responsibility of the controller to ensure the data is used only for these purposes.
e. The nature and purpose of the processing is to ensure Yomdel provides the service as agreed with the Client and as described in the General Services.
f. The type of Personal Data being processed include:
i. Name, Email and Telephone number
ii. IP Address/Geo-Location
g. Yomdel will strive to ensure that all data relating to Clients and Data Subjects is stored and transmitted securely.
h. Yomdel will take the appropriate technical and organisational measures required under Data Protection Legislation.
i. Yomdel operators and sub-processors are bound by standard model contracts to ensure data protection principles and policies are adhered to.
j. All systems used by Yomdel and sub-processors are secured technically via strong roles and permissioning measures as well as encryption methods like SSL/TLS.
k. Yomdel and sub-processors also operate, maintain and improve policies to ensure the continued organisational measures to ensure data is held securely, including password, clear desk, data access and data privacy training policies to ensure data protection compliance on behalf of the data subjects and Client.
5. DATA RETENTION
a. Live chat visitors – we may retain Personal Data securely to the extent required by applicable Data Protection Legislation and for such period as required by law. The Company will ensure that Personal Data is processed only as necessary for the purpose requiring its storage and for no other purpose. Data may be stored as a secure backup for the time needed to secure (establish, investigate or defend) any claims that may arise due to the performance of the services. The company will only retain Personal Data relevant to the purposes for which the information is collected and will not use it in a way that is incompatible with such purposes unless such use has been subsequently authorised by the Data Subject.
b. Yomdel agrees to hold all mystery shopping and market research results/materials for a 12 month period, following completion of an Assignment (unless the Client requests in writing for this to be held for a different period) and for Yomdel to then delete all Assignment results from our systems.
c. Upon written request by the Client, Yomdel will remove or destroy the Personal Data at the termination of the service subject to Yomdel maintaining the data collected as part of back-ups for the maximum required duration as set out by Data Protection Legislation.
d. Yomdel agrees to delete Personal Data provided that the request is made in writing to the Yomdel registered address by either the Data Controller or the Data Subject.
e. Mystery Shopping: Yomdel agrees to provide the Client with Personal Data relating to the Assessors after or during the course of an Assignment so that, following completion of the Assignment, the Client is able to securely delete all Assessor personal data collected during or in connection with the Assignment, which it shall do within seven days of Yomdel completing the Assignment (and for the purposes of this clause, an Assignment shall be completed when Yomdel in its sole discretion deems it to be).