Data Processing
Definitions
These Data Processing Terms form part of our agreement. In these Data Processing Terms:
Appropriate Safeguards: means such legally enforceable mechanism(s) for transfers of Personal Data as may be permitted under Data Protection Laws from time to time;
Data Controller: has the meaning given to that term (or to the term “controller”) in Data Protection Laws;
Data Processor: has the meaning given to that term (or to the term “processor”) in Data Protection Laws;
Data Subject: has the meaning given to that term in Data Protection Laws;
Data Subject Request: means a request made by a Data Subject to exercise any rights of Data Subjects under Data Protection Laws;
GDPR: means the General Data Protection Regulation (EU) 2016/679;
International Organisation: means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries;
International Recipient: has the meaning given to that term in paragraph 6.1;
Personal Data Breach: means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Protected Data;
Processing: has the meanings given to that term in Data Protection Laws (and related terms such as process have corresponding meanings);
Processing Instructions: has the meaning given to that term in paragraph 2.1.1;
Protected Data: means Personal Data comprised in User Data, Enrichment Data and New Contacts, processed by Oneshot.ai on your behalf in connection with the performance of Oneshot.ai’s obligations under our agreement;
Services: means the Services as defined under our agreement;
Sub-processor: means another Data Processor engaged by Oneshot.ai for carrying out processing activities in respect of the Protected Data on behalf of you; and
Supervisory Authority: means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering Data Protection Laws.In these Data Processing Terms:
(a) references to any Data Protection Laws shall be replaced with or incorporate (as the case may be) references to any applicable laws replacing, amending, extending, re-enacting or consolidating such Data Protection Laws (including the GDPR and any new Data Protection Laws from time to time) and the equivalent terms defined in such applicable laws, once in force and applicable;
(b) a reference to a law includes all subordinate legislation made under that law; and
(c) references to paragraph numbers are to paragraphs of these Data Processing Terms.
- Data Processor and Data Controller
- The parties agree that, for the Protected Data, you shall be the Data Controller and Oneshot.ai shall be the Data Processor.
- Oneshot.ai shall process Protected Data in compliance with:
- the obligations of Data Processors under Data Protection Laws in respect of the performance of its obligations under our agreement; and
- the terms of our agreement.
- You shall comply with:
- all Data Protection Laws in connection with the processing of Protected Data, the Services and the exercise and performance of your respective rights and obligations under our agreement, including maintaining all relevant regulatory registrations and notifications as required under Data Protection Laws; and
- the terms of our agreement.
- You warrant, represent and undertake, that all instructions given by you to Oneshot.ai in respect of Personal Data shall at all times be in accordance with Data Protection Laws.
- By submitting any User Data to the Platform, you are instructing Oneshot.ai to process Personal Data to obtain and provide the data requested by you by means of the Platform. You will ensure that all necessary and appropriate consents and notices are in place to enable lawful processing by Oneshot.ai (and its Sub-Processors) of Personal Data in connection with this Agreement.
- You shall not withhold, delay or condition your agreement to any change to our agreement, the Platform or the Services requested by Oneshot.ai in order to promote compliance with Data Protection Laws by the Services, the Platform, Oneshot.ai and any Sub-Processor.
- Instructions and details of processing
- Insofar as Oneshot.ai processes Protected Data on behalf of you, Oneshot.ai:
- unless required to do otherwise by applicable law, shall (and shall take steps to ensure each person acting under its authority shall) process the Protected Data only on and in accordance with your documented instructions as set out in this paragraph 2 and the Data Processing Details below, as updated from time to time in accordance by agreement between the parties (“Processing Instructions”);
- if applicable law requires it to process Protected Data other than in accordance with the Processing Instructions, shall notify you of any such requirement before processing the Protected Data (unless applicable law prohibits such information on important grounds of public interest); and
- shall inform you if Oneshot.ai becomes aware of a Processing Instruction that, in Oneshot.ai’s opinion, infringes Data Protection Laws, provided that this shall be without prejudice to paragraphs 1.3 and 1.4.
- The processing of Protected Data to be carried out by Oneshot.ai under our agreement shall comprise the processing set out in the Data Processing Details below, as may be updated from time to time by agreement between the parties.
- Technical and organisational measures
- Oneshot.ai shall implement and maintain, the technical and organisational measures:
- in relation to the processing of Protected Data by Oneshot.ai, as set out in the Data Processing Details below; and
- taking into account the nature of the processing, to assist you insofar as is possible in the fulfilment of your obligations to respond to Data Subject Requests relating to Protected Data.
- Any additional technical and organisational measures shall be at your cost and expense.
- Using staff and other processors
- You provide general written authorisation to Oneshot.ai to engage Sub-processors to perform the Services, including Amazon Web Services (hosting), MongoDB (cloud database provider) Hunter.io (email validation) and Cognism Ltd (a source of Enrichment Data and New Contacts). You shall be given the opportunity to object to any new Sub-Processor and state your grounds for doing so. You acknowledge that Sub-Processors are essential in order for Oneshot.ai to provide the Services and that objecting to the use of a Sub-Processor may prevent Oneshot.ai from continuing to provide the Services to you. In the event that Oneshot.ai is unable to adequately address those objections, Oneshot.ai may terminate our agreement upon notice without liability to you. For the avoidance of doubt, in such circumstances Oneshot.ai shall not be obliged to refund any Subscription Fees pre-paid by you.
- Oneshot.ai shall:
- appoint each Sub-Processor under a written contract substantially on the standard terms of business of that Sub-Processor, or containing materially the same level of protection for the Personal Data as under these Data Processing Terms, that is enforceable by Oneshot.ai; and
- remain fully liable for all the acts and omissions of each Sub-Processor which constitutes a breach of these terms as if they were its own.
- Oneshot.ai shall ensure that all persons authorised by it to process Protected Data are subject to an obligation to keep the Protected Data confidential (except where disclosure is required in accordance with applicable law).
- Assistance with your compliance and Data Subject rights
- Oneshot.ai shall refer all Data Subject Requests it receives to you, provided that if the number of Data Subject Requests exceeds 5 per calendar month, you shall pay Oneshot.ai’s charges calculated on a time and materials basis at Oneshot.ai’s then current rates for recording and referring the Data Subject Requests in accordance with this paragraph 5.1.
- Oneshot.ai shall provide to you such reasonable assistance as you reasonably require (taking into account the nature of processing and the information available to Oneshot.ai) in ensuring compliance with your obligations under Data Protection Laws with respect to:
- security of processing;
- data protection impact assessments (as such term is defined in Data Protection Laws);
- prior consultation with a Supervisory Authority regarding high-risk processing; and
- notifications to the Supervisory Authority and/or communications to Data Subjects by you in response to any Personal Data Breach,
provided you shall pay Oneshot.ai’s charges for providing the assistance in this paragraph 5.2, such charges to be calculated on a time and materials basis at Oneshot.ai’s then-current rates for professional services.
- International data transfers
- You agree that Oneshot.ai may transfer Protected Data to countries outside the United Kingdom or to any International Organisation(s) (an “International Recipient”), provided all transfers by Oneshot.ai of Protected Data to an International Recipient shall (to the extent required under Data Protection Laws) be effected by way of Appropriate Safeguards and in accordance with Data Protection Laws. The provisions of our agreement shall constitute your instructions with respect to transfers in accordance with paragraph 2.1.
- Records, information and audit
- Oneshot.ai shall maintain, in accordance with Data Protection Laws binding on Oneshot.ai, written records of all categories of processing activities carried out on behalf of you.
- Oneshot.ai shall, in accordance with Data Protection Laws, contribute and allow for audits either by (at its option): (i) making available to you upon reasonable request interviews with Oneshot.ai personnel and documents, which you must treat confidentially under the confidentiality provisions of our agreement or under a non-disclosure agreement concluded between you and Oneshot.ai; or (ii) responding to a written security questionnaire submitted to it by you provided that you will not exercise this right more than once per year and will hold Oneshot.ai’s responses in confidence under the confidentiality provisions of our agreement.
- Breach notification
- In respect of any Personal Data Breach involving Protected Data, Oneshot.ai shall, without undue delay:
- notify you of the Personal Data Breach; and
- provide you with details of the Personal Data Breach.
DATA PROCESSING DETAILS
1 Subject-matter of processing:
Providing CRM data enrichment and enhancement services by means of the Platform.
2 Duration of the processing:
For the duration of the provision of the Services (including any retention of Personal Data comprised in the Services).
3 Nature and purpose of the processing:
To provide the Oneshot.ai data platform service to you. The purposes of your use of any Protected Data received from Oneshot.ai is as determined by you.
4 Type of Personal Data:
Such personal data as may be comprised in your CRM Integration, Data Integration, Enrichment Data and New Contacts; including phone, email and geographical business address, job title. Performance data of Authorised Users.
5 Categories of Data Subjects:
Individuals in respect of whom you use the Services as CRM Data Contacts or New Contacts; Authorised Users of the Services.
6 Technical and Organisational Security measures applied to the Protected Data:
As set out in the current version from time to time available at www.oneshot.ai/handlingdata of the Oneshot.ai document “Guide to Handling of Customer Data by Oneshot.ai.”