Data Processing Agreement

This Data Processing Agreement (“Agreement”) outlines the roles and responsibilities of Digital Rugby, a brand operated by 1 Point 3 Creative Ltd (“Processor”), with an operational address at 24 Regent Place, Rugby, CV21 2PN, United Kingdom, and the Client (“Controller”).

By accepting a Quotation or Client Order, the Client agrees to be bound by this Agreement. This Agreement is applicable as of the date of the Quotation or Client Order.

1. Purpose and Scope

1.1 This Agreement outlines the roles and responsibilities of the Processor and the Controller in ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

1.2 The Processor processes personal data on behalf of the Controller for the purposes specified in the Quotation or Client Order.

2. Roles and Responsibilities

2.1 Controller Responsibilities:

Determine the purposes and means of processing personal data.
Ensure that personal data is collected and processed lawfully, fairly, and transparently.
Provide the Processor with clear instructions for processing activities.

2.2 Processor Responsibilities:

Process personal data only on documented instructions from the Controller.
Ensure that personnel authorized to process personal data are bound by confidentiality obligations.
Implement appropriate technical and organizational measures to ensure data security.

3. Processing Details

3.1 Categories of Data: Personal data processed under this Agreement may include, but is not limited to:

Contact information (e.g., names, email addresses, phone numbers).
Technical data (e.g., IP addresses, device information).
Transactional data related to services provided by the Controller.

3.2 Data Subjects: The personal data relates to the Controller’s customers, employees, and other stakeholders, as specified in the Quotation or Client Order.

3.3 Nature and Purpose of Processing: The Processor will process personal data solely for the purposes outlined in the Quotation or Client Order.

4. Security Measures

4.1 The Processor will implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Data encryption during transit and storage.
Regular security audits and assessments.
Access controls and user authentication.

4.2 The Processor will notify the Controller without undue delay upon becoming aware of any personal data breach.

5. Subprocessors

5.1 The Controller authorizes the Processor to engage subprocessors as specified in the Quotation or Client Order. The Processor will ensure that subprocessors are bound by terms that provide at least the same level of protection as this Agreement.

5.2 The Processor will inform the Controller of any intended changes concerning the addition or replacement of subprocessors, giving the Controller the opportunity to object.

6. Data Subject Rights

6.1 The Processor will assist the Controller in fulfilling data subject rights requests, including but not limited to:

Access to personal data.
Rectification or erasure of personal data.
Restriction of processing.
Data portability.

6.2 The Processor will not respond to data subject requests without the Controller’s prior written consent unless required by law.

7. Data Retention and Deletion

7.1 The Processor will retain personal data only for the duration necessary to fulfill the purposes outlined in the Quotation or Client Order or as required by applicable law.

7.2 Upon termination of this Agreement or at the Controller’s request, the Processor will delete or return all personal data, unless otherwise required by law.

8. Audits and Inspections

8.1 The Controller has the right to audit the Processor’s compliance with this Agreement. Such audits:

Must be conducted during regular business hours with reasonable notice.
Will not interfere with the Processor’s business operations.

8.2 The Processor will provide the Controller with all information necessary to demonstrate compliance.

9. Liability and Indemnification

9.1 The Processor’s liability for breaches of this Agreement is limited to the fees paid by the Controller in the 12 months preceding the breach.

9.2 The Controller agrees to indemnify the Processor against any claims, damages, or penalties arising from the Controller’s instructions or non-compliance with data protection laws.

10. Term and Termination

10.1 This Agreement will remain in effect for the duration of the Controller’s engagement with the Processor.

10.2 Either Party may terminate this Agreement with 30 days’ written notice or immediately in the event of a material breach that is not remedied within 14 days.

10.3 Upon termination, the Processor will ensure that all personal data is deleted or returned in accordance with Section 7.

11. Governing Law and Dispute Resolution

11.1 This Agreement is governed by and construed in accordance with the laws of England and Wales.

11.2 Any disputes will first be resolved amicably through negotiation. If unresolved, disputes will be subject to mediation under the rules of [Insert Mediation Institution].

11.3 Unresolved disputes may be submitted to the exclusive jurisdiction of the courts of England and Wales.

12. Notices

All notices under this Agreement must be in writing and delivered to:

Digital Rugby: 24 Regent Place, Rugby, CV21 2PN, United Kingdom

Digital Rugby

AI Powered Productivity

Branding & Creative

Social Media marketing

Web Design/Ecommerce

CRM Integration

Managed Hosting

contact info

locations

recruitment

site links

Experts in AI and Digital Solutions

get in touch