Personal Information Collected in the Provision of the Services.
b. Client’s Obligation to Incorporate a Compliant Cookies Policy on its Existing Site.
Where Client fails to include a pop up and link to a cookies policy at all, KAU Media Group reserves the right to immediately suspend the provision of the Services by written notice to Client and if Client fails to include a compliant pop up link and cookies policy within seven (7) days of such notice, terminate the Agreement by written notice for material breach.
c. Data Processor Obligations.
Each party agrees to comply with the provisions of the Data Protection Act 1998 (“DPA”) as may be applicable to that party. The parties acknowledge that Client is the “data controller” and KAU Media Group its “data processor” in respect of any “personal data” relating to Client’s customers, personnel, agents, subcontractors or the end-users of Client’s Existing Site which is “processed” (such terms as defined in the DPA) by KAU Media Group in providing the services hereunder, including without limiting the generality of the foregoing, the quality assurance and Campaign assessment activities.
i. KAU Media Group will maintain appropriate technological and organisational measures against unauthorised or unlawful processing of the personal data and against accidental loss or destruction of, or damage to, the personal data.
ii. KAU Media Group will only process the personal data for the purpose of providing the Services and in accordance with Client’s instructions (which Client warrants shall at all times be in accordance with, and shall not cause KAU Media Group to be in breach of, applicable law) to the extent that they are consistent with the same and do not result in any material additional obligations for KAU Media Group.
iii. Client acknowledges and agrees that KAU Media Group may in providing the advertising services hereunder engage third parties who may process the personal data for a subset of the purposes permitted to KAU Media Group and that KAU Media Group may process or cause the personal data to be processed outside the EEA provided that it has imposed similar safeguards on such sub-processors.
d. General Data Protection Regulation (GDPR)
Further to the EU GDPR enforcement from 25th May 2018, KAU Media Group, in it’s capacity as a data processor, will ensure:
- Adequate information security is in place;
- Sub Processors are not to be used without the consent of the Client (Data Controller);
- Cooperation with the relevant Data Protection Authorities in the event of an enquiry;
- Reporting of data breaches to the Client (Data Controller) without delay;
- Appointment of a Data Protection Officer, where necessary;
- Retention of all records with respect to processing activities;
- Compliance with EU trans border data transfer rules;
- Agreement with Client (Data Controller) to help comply with data subjects rights;
- Assistance to Client (Data Controller) in managing the consequences of data breaches;
- Deletion or return of all personal data at the choice of the Client (Data Controller), with data not retained beyond the maximum retention period of time;
Note: Batch deletions shall take place in 6 monthly cycles
- The Client (Data Controller) is informed if the processing instructions infringe GDPR;
i. Call Recording:
Unless the Client informs KAU Media Group otherwise, call recording will be offered as standard on the premise legality is justified by demonstrating the purpose fulfils any of the six conditions below:
- The people involved in the call have given consent to be recorded
- Recording is necessary for the fulfilment of a contract
- Recording is necessary for fulfilling a legal requirement
- Recording is necessary to protect the interests of one or more participants
- Recording is in the public interest, or necessary for the exercise of official authority
- Recording is in the legitimate interests of the recorder, unless those interests are overridden by the interests of the participants in the call
All customer data obtained via smartchat scripts are only to be used for the purpose further to the enquiry made via smartchat, and not used for marketing purposes unless otherwise consented to within the script.
Management of all cookies in line with GDPR is the responsibility of the Client (Data Controller) on their respective website.