Keep information about your client’s changing care needs at your care team’s fingertips.
View the Vlog and see how Carer Connected works.
Experience the difference for FREE with your first 100 clients.
Open your Daily Care Records account today. Sign Up
Email: support@dailycarerecords.com
Carers can enter care delivery notes on their smartphone and the office staff will have instant access to the records in the web platform.
View the Vlog and see how Client Connected works.
Experience the difference for FREE with your first 5 clients.
Open your Daily Care Records account today. Sign Up
Email: support@dailycarerecords.com
Carers can administer medication on their smartphone and the office staff will have instant access to the records in the web platform.
View the Vlog and see how Medicine Connected works.
Experience the difference for FREE with your first 5 clients.
Open your Daily Care Records account today. Sign Up
Email: support@dailycarerecords.com
We only use essential cookies for session loggin and security purposes.
Effective date: Jan 1, 2019
Zonati Developments Limited ("us", "we", or "our") operates the dailycarerecords.com website and the dailycarerecords.com mobile application (the "Service").
This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.
We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.
Definitions
Service
Service means the dailycarerecords.com website and the dailycarerecords.com mobile application operated by zonati developments limited.
Personal Data
Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
Usage Data
Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Cookies
Cookies are small pieces of data stored on your device (computer or mobile device).
Data Controller
Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. For the purpose of this privacy policy you the membership owner are the data controller.
Data Processors (or Service Providers)
Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
Data Subject (or User)
Data Subject is any living individual who is using our Service and is the subject of Personal Data.
Use of Your Information
We use the information that we collect from you to provide our services to you. We may use the information for one or more of the following purposes:
If you have previously purchased, or expressed interest in our products or services, we may provide to you details of similar products or services, or other goods and services, that you may be interested in.
Storing Your Personal Data
In operating our website it may become necessary to transfer data that we collect from you to locations outside of the European Union for processing and storing. By providing your personal data to us, you agree to this transfer, storing or processing. We do our utmost to ensure that all reasonable steps are taken to make sure that your data is treated and stored securely.
Unfortunately the sending of information via the internet is not totally secure however commercially acceptable methods of data transfer are used to protect your information.
Disclosing Your Information
We will not disclose your personal information to any other party other than in accordance with this Privacy Policy and in the circumstances detailed below:
Your Data Protection Rights Under General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Zonati Developments Limited aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
You can edit your dailycarerecords.com account information at any time. In certain circumstances, you have the following data protection rights:
Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
Service Providers
We may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in performing tasks related to processing a membership contract and other administrative tasks.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Adobe sign
https://www.adobe.com/uk/privacy/policy.html
Payments
We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).
We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
The payment processors we work with are:
PayPal
Their Privacy Policy can be viewed at https://www.paypal.com/webapps/mpp/ua/privacy-full
Links To Other Sites
Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Changes To This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Contact Us
If you have any questions about this Privacy Policy, please contact us:
SOFTWARE AS A SERVICE (SAAS) SUBSCRIPTION AGREEMENT
between
ZONATI DEVELOPMENTS LIMITED
and
CUSTOMER
THIS AGREEMENT is dated 25/08/2019
PARTIES
(1) Zonati Developments Limited incorporated and registered in England and Wales with company number 10428915 whose registered office is at International House 142 Cromwell Road,London, SW7 4EF,United Kingdom ,Supplier.
(2) [FULL COMPANY NAME] incorporated and registered in England and Wales with company number [NUMBER] whose registered office is at [REGISTERED OFFICE ADDRESS], Customer.
BACKGROUND
(A) The Supplier has developed certain software applications and platforms which it makes available to subscribers via the internet on a pay-per-use basis for the purpose of document creation,management, storage and retrieval.
(B) The Customer wishes to use the Supplier's service in its business operations.
(C) The Supplier has agreed to provide and the Customer has agreed to take and pay for the Supplier's service subject to the terms and conditions of this agreement.
Introduction:
These Terms and Conditions are related to the provision of the Daily Care Records service to Social Care Providers; the legal terms of the Agreement; and the requirements of Zonati Developments Limited that provide The Service and the customer (Account Holder).
Your access to and use of The Service is conditioned on your acceptance of and compliance with these Terms and Conditions. These Terms apply to all visitors, users and others who access or use The Service. By accessing or using The Service, you agree to be bound by these Terms and Conditions.
Zonati Development Limited, as the provider of the Daily Care Records Service, is a Data Processor on behalf of Social Care Providers who are themselves the Data Controllers. 1and1 ionos is a sub-processor in that they provide the dedicated server hosting infrastructure that the Daily Care Records service operates on. In the event of any catastrophic failure in the 1and1 ionos Hosting platform or if it is in the best interest of improving the service then Zonati Developments Limited may need to change this sub-processor, in which case this change will be communicated to the Account Holder in writing.
Free Trial Period:
The Service is effective upon your acceptance of this agreement (the “effective date” or login to the system), and will terminate 15 days from the effective date unless ended earlier in accordance with this agreement (the “Free Trial Period”).
Subscription fee: A service fee will be charged at a monthly rate from the date of implementation for the Daily Care Records Service. This will be the agreed charges to the Account Holder after the quote has been accepted.
What some words or phrases mean:
So that we can be completely clear, here are some words we use which have specific meanings:
“Account Holder” means a company which has agreed to pay for The Service (generally this will be the company you work for or your business, who will also be the Data Controller);
"Associated Company" means a company which is in the same group as a party where "group" means, in relation to a company, that company and its direct and indirect holding
companies and subsidiaries, and any of their direct and indirect subsidiaries, (and if the service user is registered in England or Wales, then those terms shall be as defined in Section 736 of the Companies Act 1985);
"Confidential Information" means trade secrets and non-public information including (but not limited to) financial, technical, operational, commercial, staff, management and other information, data, experience and know-how, customer and supplier information and databases, business strategies, business plans, internal systems, concepts and test results, software etc. However, Confidential Information shall not include any information (i) which is public knowledge
or which subsequently becomes public knowledge other than by any act or failure to act by either party; (ii) which is already known to the recipient party (as evidenced by its written records) at the time the Agreement is entered into and was not acquired directly or indirectly from the other party or is not otherwise subject to an obligation of confidentiality; or (iii) which is acquired by the relevant party from any third party who did not acquire such information directly or indirectly from the providing party in breach of any obligation of confidence.
“Data Controller” means a company that uses the Daily Care Records service; “Data Processor” means Zonati Developments Limited;
“Disclosing Party” means the party disclosing Confidential Information;
"Documentation" means the related documentation, instructions and reference materials supplied with The Service;
“GDPR” means the General Data Protection Regulation (GDPR) (EU) 2016/679 and for the purposes of these Terms and Conditions, the terms “controller”, “data subject”,
“personal data”, “processing”, “processor” and “supervisory authority” shall have the meaning given to those terms in Regulation (EU) 2016/679;
"The Service" means during the term of this Agreement, we will provide Account Holder with access to the Daily Care Records Service;
"Permitted Users" means any individual deemed appropriate by the Account Holder, provided that such use of the system remains within the confines of this agreement;
“Recipient” means the party receiving Confidential Information;
“The Service” means the infrastructure, and software forming the Daily Care Records Service which is accessed and used via our password protected websites and mobile phone apps;
“Subscription Fee” means the cost to use The Service as defined in these Terms and Conditions; “us” “we” and “our”, “Zonati Developments” refers to Zonati Developments Limited, a company registered in England and Wales with registered number 10428915 and having its registered office at International House 142 Cromwell Road, London, SW7 4EF, United Kingdom;
"Supplemental Agreements" means an agreement entered into between Zonati Development Limited to amend or supplement the terms and conditions detailed in this document;
"Update" means a new release of any aspect of The Service and generally containing corrected errors, fixed bugs, improvements, architectural changes or new features and/or functionality;
“User” means any person that is given permission to use The Service by the Account Holder, or given permission by any User of the Account Holder;
“you” “your” means the Account Holder;
“your Data” means any data entered or uploaded by any User
Formation of subscription agreement:
If a new customer, then: By accepting and paying the Subscription Fee quotation, these Terms and Conditions will become legally binding between the Account Holder and us. If an existing customer, then: These Terms and Conditions will become a legally binding agreement between the Account Holder and us. The Agreement will be concluded in the English language and these Terms and Conditions shall govern the agreement between the Account Holder and us.We reserve the right, at our discretion, not to accept an application to create a Daily Care Records account. This may be due to technical constraints, because you or an Associated Company have been barred by us from using The Service or for any other reason. No charge will be made by us for declined applications. You will not be able to access and use The Service without an email address and password for a Daily Care Records User. There are two ways you can obtain these:
The Account Holders use of The Service is governed by these Terms and Conditions and any Supplemental Agreements with Zonati Developments.
Service restrictions
Unless otherwise agreed in writing by Zonati Developments, the Account Holder may not:
Control of personal data
For the purposes of these Terms and Conditions, the terms “controller”, “data subject”, “personal data”, “processing”, “processor” and “supervisory authority” shall have the meaning given to those terms in Regulation (EU) 2016/679 (“GDPR”). In respect of personal data we process on behalf of the Account Holder, the parties agree that the Account Holder is a controller of the personal data, and we shall be the processor. We, to the extent we are acting as processor in respect of such personal data, agree to:
The Account Holder consents to us engaging additional processors to process the personal data, and consents to the engagement of those third parties that are processors engaged by us as at the date of the Agreement.
We will inform the Account Holder of any intended changes concerning the addition or replacement of such processors thereby giving the Account Holder the opportunity to reasonably object to such addition or replacement (grounds for objection being non-compliance of the GDPR).
We will ensure that the arrangement between us and each processor contemplated by the immediately preceding two paragraphs is governed by a written contract including the same data protection obligations as those set out in these terms and conditions which are required by Article 28(3) of the GDPR.
The Account Holder shall (at its own cost) provide assistance requested by us in relation to the fulfilment of our obligation to cooperate with the relevant supervisory authority under Article 31 GDPR. The Account Holder warrants, represents and undertakes to us that:
The Account Holder acknowledges and agrees that we have the right to use anonymised, aggregated data with the aim of benefiting social care, health care, or all providers generally.
The Account Holder shall ensure that people processing the personal data are subject to a duty of confidence.
Service and support:
Zonati Developments will provide a service infrastructure that targets at least 99.5% uptime, and is monitored 24 hours a day, seven days a week.
Zonati Developments will provide email support between the hours of 9:00 and 17:00 Monday to Friday excluding English Bank Holidays, with a break of 1 hour from 12:30 to 13:30.
Customer support will respond to different requests are as follows:
Zonati Developments will provide updates to the Service from time to time and the Service user accepts that there are no rights to additional features or commitment for the product to continue with specific features.
Payment Terms and Termination:
Prepaid monthly subscriptions are made in accordance with the accepted quote given to the Account Holder. Additional services will be billed prepaid and the monthly subscription updated to reflect the change.
Prepaid annual subscriptions are made in accordance with the accepted quote given to the Account Holder. Additional services will be billed prepaid pro rata to the end of the subscription.
Refunds:
Annual subscription (prepaid)
If you cancel within 14 days of your order, you will receive a full refund. If you cancel after 14 days, your payment is non-refundable and your service will continue until the end of your contracted term.
Month-to-month subscription (prepaid)
If you cancel within 14 days of your order, you will receive a full refund. If you cancel after 14 days, your payment is non-refundable and your service will continue until the end of that month’s billing period.
NOTE: The refund only applies for 14 days after the original purchase, not for subsequent renewals.
The Agreement will commence on the date that The Service is delivered to the Account Holder and shall continue in perpetuity unless terminated by one of the following:
Data Removal:
Once a subscription is terminated the removal of data will begin and be completed within 40 days.
Zonati Developments reserves the right to increase prices at any time after the anniversary of commencement of service with 30 days notice.
If any location ceases to operate then the Subscription Fee for this location will be removed from the monthly subscription at the next billing cycle following the date we are informed of the location ceasing to operate, or the next billing cycle following the date the location ceases to operate, whichever is the later.
Your obligations
You must:
You must not:
Who owns what:
The Account Holder has sole responsibility for the accuracy and reliability of your Data. The Account Holder retains ownership of any copyright, trade marks, database rights and any other intellectual property rights it has in your Data (such as rights in its logo, for example.) Intellectual property rights in your Data will not be transferred to us. We reserve the right to disclose your Data to law enforcement officials in the investigation of fraud or other alleged unlawful activities but otherwise we will only use your Data to provide The Service and provide information to you that may help improve The Service. All copyright, database rights, trademarks and other intellectual property rights in The Service (including any such rights in our website) are either owned by or licensed to us and nothing in the Agreement shall transfer any ownership rights to you.
Confidentiality:
Each party agrees both during the period of supply of The Service and for a period of 5 years after the date of termination that it will not knowingly or willfully use or disclose to any third party any Confidential Information of the other except as permitted by the Agreement or as authorised by the other party in writing. Any personal information as defined by GDPR will be subject to the terms in the section “Control of personal data”. The confidentiality obligations in the Agreement shall not apply to any Confidential Information which is required to be disclosed by applicable law or order of a Court of competent jurisdiction or recognised stock exchange or government department or agency or other competent authority provided that prior to such disclosure the recipient party consults with the other party as to the proposed form, nature and purpose of the disclosure. The Recipient shall at all times keep such Confidential Information secret and confidential and will not disclose any part of it to a third party. The Recipient shall only divulge such Confidential Information to the Recipient's Employees or subcontractors (if any) who require access to it for the purpose of their duties in relation to work commissioned by or on behalf of the Disclosing Party. The Recipient shall not use any Confidential Information for any commercial purpose.
The Recipient shall not copy or reproduce any of the Confidential Information in any manner or form without the prior written consent of the Disclosing Party; and with the exception of copy or reproduction by the Recipient required in the provision of services to the Disclosing Party. For the purposes of the Agreement, copying shall not include forwarding an email between either party, or printing an email in order for it to be more manageable. The Recipient shall return all Confidential Information which may be in their possession to the Disclosing Party if requested to do so as soon as reasonably practicable and, in any event, within 7 days of the request.
The Recipient shall not be liable for any disclosure of the Confidential Information which:
If disclosure is required by law, pursuant to a subpoena or order or a requirement or an official request issued by a court of competent jurisdiction or by a judicial, administrative, legislative, regulatory or self-regulating authority or body PROVIDED THAT in the event that the Recipient receive a subpoena, order, requirement or official request to disclose any
Confidential Information, the Recipient will, if permitted to do so, (a) promptly notify the Disclosing Party thereof, (b) consult with the Disclosing party on the advisability of taking steps to resist or narrow such request, and (c) if disclosure is required or deemed advisable, cooperate with the Disclosing Party in any attempt that it may make to obtain an order or other reliable assurance that confidential treatment will be accorded to designated portions of the Confidential Information. The Recipient agrees to ensure that all of its employees and subcontractors shall maintain confidentiality in terms of the Agreement and the Recipient shall be responsible for any disclosure of the Confidential Information by such party. The Recipient acknowledges that the Confidential Information shall at all times remain the property of the Disclosing Party. Nothing in the Agreement will be construed as granting any rights to the Recipient and the Recipient acknowledges that neither the recipients nor the Disclosing Party shall be under any obligation by the disclosure of the Confidential Information to enter into a contract or Agreement. In particular, no licenses to patent, inventions, know-how, trade marks or copyright are implied or granted under this Contract. The Recipient agrees that all “Inventions” (which means all inventions, whether patentable or not, including without being limited to designs, ideas, discoveries, improvements and copyright) which are embodied in the Confidential Information disclosed to the Recipient in terms of this Letter shall belong to and remain the absolute property of the Disclosing Party or any third party where appropriate.
The Recipient agrees that the obligations under the Agreement shall continue indefinitely.
What is the lawful basis for processing? Zonati Developments will only process personal data when it is legally justifiable to do so. The lawful grounds for processing personal data can be found under Articles 6 and 9 of GDPR. The conditions that enable us to legally process your personal data as our customers include;
Sharing your information
We only share your personal data with third parties when one of the lawful grounds (above) is met, and then only with the organisation to which the data refers. We do not share data from one Care Provider to another. Zonati Developments utilizes experts from inside and outside to EEA to ensure a good service and the personal data processed for the above purposes may be transferred outside the EEA (European Economic Area) both internally on Zonati Development servers and externally with providers who assist Zonati in conducting our business. Whenever personal data is transferred outside the EEA, it is also processed in compliance with GDPR and under the safeguard of appropriate confidentiality clauses where that party agrees to comply with our data protection procedures and policies or has put in place similar adequate measures.
We believe in protecting your privacy and therefore do not under any circumstances provide your personal information to third parties for marketing purposes.
Limitation of liability
IMPORTANT: This section restricts the extent to which we are liable for any losses which may be suffered in connection with your use of The Service. It also requires the Account Holder to compensate us for any loss we suffer as a result of your failure to comply with the Agreement.
The Account Holder accepts that The Service cannot be tested in every possible combination or operating environment. In particular and for the avoidance of doubt Daily Care Records does not warrant:
The Account Holder uses The Service entirely at its own risk.
We do not limit our liability for personal injury or death resulting from our negligence, for fraud committed by us or for any other liability that it would be illegal to limit. Save in respect of the liability referred to in the foregoing sentence, but notwithstanding any other provision of these terms and conditions or any Agreement:
Any express or implied warranties herein shall not apply if:
Except as provided above, The Service is provided "as is" and Zonati Development Limited expressly disclaims and excludes, to the maximum permitted by law, all other representations, warranties, conditions or other terms, express or implied, including without limitations the implied warranties of non-infringement, satisfactory quality, merchantability and fitness for a particular purpose.
Zonati Development Limited total liability and the Account Holder’s exclusive remedy for breach of the limited warranties given above shall be limited to Zonati Development Limited, at its option, either refunding the price paid by the Account Holder for The Service over 30 days service.
In no event shall Zonati Development Limited be liable for any indirect, special, incidental or consequential damages (including loss of profits of data) arising out of the use or inability to use The Service, whether based on a claim under contract, tort or other legal theory, even if Zonati Development Limited was advised of the possibility of such damages. Because some jurisdictions do not permit the exclusion or limitation of liability for consequential or incidental damages the above limitation relating to liability for consequential damages may not apply to the Account Holder.
Zonati Development Limited does not seek to limit or exclude liability for death or personal injury arising from using the Daily Care Records’ service. Zonati Development Limited entire liability in contract, tort, negligence or otherwise for damages or other liability in respect of any one incident or a series of connected incidents shall not exceed the amount of the fees paid to Zonati Development Limited under the Agreement.
General provisions
The Terms and Conditions and our Privacy describe the entire agreement between you, the Account Holder and us regarding The Service, and supersede any prior understandings or agreements. The headings are for convenience only and shall not affect the construction or interpretation of these Terms and Conditions. If either you or we ignore any breach of the Agreement, it doesn’t mean that any further breach cannot be enforced. Similarly, if any part of the Agreement turns out to be invalid or unenforceable for some reason, then it will be replaced with a provision which, as far as possible, achieves the same purpose as the original, and the remainder of the Agreement will still be binding.
The Agreement may not be amended, varied, supplemented or otherwise modified except by an instrument in writing agreed by all the parties.
Neither you nor the Account Holder may transfer any of your rights or obligations under these Terms and Conditions without our written consent.
The benefits and obligations of each party under the Agreement are personal and no party may assign, charge, delegate or transfer all or any part of its benefits or obligations hereunder without the prior written consent of the other parties hereto save that Zonati Developments Limited may freely assign its rights and obligations hereunder to any Associated Company of Zonati Developments Limited.
Each party hereto represents and warrants to the other party that the signatories hereto for and on behalf of that party (and, in the case of the service user, the representative of the service user accepting the terms of the Agreement) have been fully empowered to execute the Agreement on its behalf and that all necessary action has been taken and all requisite approvals have been obtained to authorise such execution.
Any notice given by either party hereunder shall be in writing.
Neither party shall be liable to the other for any failure to perform or delay in performance of its obligations hereunder caused by any circumstances beyond its reasonable control including without limitation inaccessibility of the Internet, government action, war, act of terrorism or civil insurgency or disturbance, act of God, all types of industrial disputes, lockouts and strikes whether of their own employees or those of any third party. The Agreement shall be governed by and interpreted in accordance with English law. If any party wants to take court proceedings in relation to The Service, it must do so in England. You are responsible for compliance with any applicable laws of the country from which you use or otherwise access The Service.
Schedule 1 Subscription Fees
1. SUBSCRIPTION FEES
In witness whereof the parties have caused this Agreement to be executed by their duly authorised representative:
ZONATI DEVELOPMENTS LIMITED
SIGNED: ____________________________
NAME: ____________________________
TITLE: ____________________________
DATE: ____________________________
THE ACCOUNT HOLDER: ____________________________
SIGNED: ____________________________
NAME: ____________________________
TITLE: ____________________________
DATE: ____________________________
Data Processing Agreement — Zonati Developments Limited trading as Daily Care Records
This Data Processing Agreement ("Agreement") forms part of the Contract for
Services ("Principal Agreement") between
__________________________________________
__________________________________________
__________________________________________
(the “Company”)
and
__________________________________________
__________________________________________
__________________________________________
(the “Data Processor”)
(together as the “Parties”)
WHEREAS
(A) The Company acts as a Data Controller.
(B) The Company wishes to subcontract certain Services, which imply the processing of personal data, to the Data Processor.
(C) The Parties seek to implement a data processing agreement that complies with the requirements of the current legal framework in relation to data processing and with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
(D) The Parties wish to lay down their rights and obligations.
IT IS AGREED AS FOLLOWS:
1. Definitions and Interpretation
1.1 Unless otherwise defined herein, capitalized terms and expressions used
in this Agreement shall have the following meaning:
1.1.1 "Agreement" means this Data Processing Agreement and all
Schedules;
1.1.2 "Company Personal Data" means any Personal Data
Processed by a Contracted Processor on behalf of Company
pursuant to or in connection with the Principal Agreement;
1.1.3 "Contracted Processor" means a Subprocessor;
1.1.4 "Data Protection Laws" means EU Data Protection Laws and,
to the extent applicable, the data protection or privacy laws of
any other country;
1.1.5 "EEA" means the European Economic Area;
1.1.6 "EU Data Protection Laws" means EU Directive 95/46/EC, as
transposed into domestic legislation of each Member State and
as amended, replaced or superseded from time to time,
including by the GDPR and laws implementing or supplementing
the GDPR;
1.1.7 "GDPR" means EU General Data Protection Regulation
2016/679;
1.1.8 "Data Transfer" means:
1.1.8.1 a transfer of Company Personal Data from the
Company to a Contracted Processor; or
1.1.8.2 an onward transfer of Company Personal Data from a
Contracted Processor to a Subcontracted Processor, or
between two establishments of a Contracted
Processor,
in each case, where such transfer would be prohibited by Data
Protection Laws (or by the terms of data transfer agreements
put in place to address the data transfer restrictions of Data
Protection Laws);
1.1.9 "Services" means the Data Management services the
Company provides.
1.1.10 "Subprocessor" means any person appointed by or on behalf of
Processor to process Personal Data on behalf of the Company in
connection with the Agreement.
1.2 The terms, "Commission", "Controller", "Data Subject", "Member
State", "Personal Data", "Personal Data Breach", "Processing" and
"Supervisory Authority" shall have the same meaning as in the GDPR,
and their cognate terms shall be construed accordingly.
2. Processing of Company Personal Data
2.1 Processor shall:
2.1.1 comply with all applicable Data Protection Laws in the Processing
of Company Personal Data; and
2.1.2 not Process Company Personal Data other than on the relevant
Company’s documented instructions.
2.2 The Company instructs Processor to process Company Personal Data.
3. Processor Personnel
Processor shall take reasonable steps to ensure the reliability of any
employee, agent or contractor of any Contracted Processor who may have
access to the Company Personal Data, ensuring in each case that access
is strictly limited to those individuals who need to know / access the
relevant Company Personal Data, as strictly necessary for the purposes of
the Principal Agreement, and to comply with Applicable Laws in the
context of that individual's duties to the Contracted Processor, ensuring
that all such individuals are subject to confidentiality undertakings or
professional or statutory obligations of confidentiality.
4. Security
4.1 Taking into account the state of the art, the costs of implementation and
the nature, scope, context and purposes of Processing as well as the risk
of varying likelihood and severity for the rights and freedoms of natural
persons, Processor shall in relation to the Company Personal Data
implement appropriate technical and organizational measures to ensure a
level of security appropriate to that risk, including, as appropriate, the
measures referred to in Article 32(1) of the GDPR.
4.2 In assessing the appropriate level of security, Processor shall take account
in particular of the risks that are presented by Processing, in particular
from a Personal Data Breach.
5. Subprocessing
Appointment of new Sub-processors and List of current Sub-processors.
Customer acknowledges and agrees that Zonati Developments Limited may engage Sub-processors in connection with the provision of the Daily Care Records Service. Zonati Developments Limited shall make available to Customer the current list of Sub-processors upon request.
Notification of New Sub-processors and Objection Right for new Sub-processors.
The Account holder may request Copies of Sub-processor Agreements
6. Data Subject Rights
6.1 Taking into account the nature of the Processing, Processor shall assist
the Company by implementing appropriate technical and organisational
measures, insofar as this is possible, for the fulfilment of the Company
obligations, as reasonably understood by Company, to respond to
requests to exercise Data Subject's rights under the Data Protection Laws.
6.2 Processor shall:
6.2.1 promptly notify Company if it receives a request from a Data
Subject under any Data Protection Law in respect of Company
Personal Data; and
6.2.2 ensure that it does not respond to that request except on the
documented instructions of Company or as required by
Applicable Laws to which the Processor is subject, in which case
Processor shall to the extent permitted by Applicable Laws
inform Company of that legal requirement before the Contracted
Processor responds to the request.
7. Personal Data Breach
7.1 Processor shall notify Company without undue delay upon Processor
becoming aware of a Personal Data Breach affecting Company Personal
Data, providing Company with sufficient information to allow the Company
to meet any obligations to report or inform Data Subjects of the Personal
Data Breach under the Data Protection Laws.
7.2 Processor shall cooperate with the Company and take reasonable
commercial steps as are directed by Company to assist in the
investigation, mitigation and remediation of each such Personal Data
Breach.
8. Data Protection Impact Assessment and Prior Consultation
Processor shall provide reasonable assistance to the Company with any
data protection impact assessments, and prior consultations with
Supervising Authorities or other competent data privacy authorities, which
Company reasonably considers to be required by article 35 or 36 of the
GDPR or equivalent provisions of any other Data Protection Law, in each
case solely in relation to Processing of Company Personal Data by, and
taking into account the nature of the Processing and information available
to, the Contracted Processors.
9. Deletion or return of Company Personal Data
9.1 Subject to this section 9 Processor shall promptly and in any event within
40 business days of the date of cessation of any Services involving the
Processing of Company Personal Data (the "Cessation Date"), delete and
procure the deletion of all copies of those Company Personal Data.
9.2 Processor shall provide written certification to Company that it has fully
complied with this section 9 within 40 business days of the Cessation Date.
10. Audit rights
10.1 Subject to this section 10, Processor shall make available to the Company
on request all information necessary to demonstrate compliance with this
Agreement, and shall allow for and contribute to audits, including
inspections, by the Company or an auditor mandated by the Company in
relation to the Processing of the Company Personal Data by the
Contracted Processors.
10.2 Information and audit rights of the Company only arise under section 10.1
to the extent that the Agreement does not otherwise give them
information and audit rights meeting the relevant requirements of Data
Protection Law.
11. Data Transfer
11.1 The Processor may not transfer or authorize the transfer of Data to
countries outside the EU and/or the European Economic Area (EEA)
without the prior written consent of the Company. If personal data
processed under this Agreement is transferred from a country within the
European Economic Area to a country outside the European Economic
Area, the Parties shall ensure that the personal data are adequately
protected. To achieve this, the Parties shall, unless agreed otherwise, rely
on EU approved standard contractual clauses for the transfer of personal
Data.
11.2 The controller authorises the Processor to send data outside the European Economic Area (EEA)
for processing by sub-processors bound under data protection contracts similar to the European Economic
Area.
12. General Terms
12.1 Confidentiality. Each Party must keep this Agreement and information it
receives about the other Party and its business in connection with this
Agreement (“Confidential Information”) confidential and must not use
or disclose that Confidential Information without the prior written consent
of the other Party except to the extent that:
(a) disclosure is required by law;
(b) the relevant information is already in the public domain.
12.2 Notices. All notices and communications given under this Agreement
must be in writing and will be delivered personally, sent by post or sent by
email to the address or email address set out in the heading of this
Agreement at such other address as notified from time to time by the
Parties changing address.
13. Governing Law and Jurisdiction
13.1 This Agreement is governed by the laws of _England
13.2 Any dispute arising in connection with this Agreement, which the Parties
will not be able to resolve amicably, will be submitted to the exclusive
jurisdiction of the courts of England.
IN WITNESS WHEREOF, this Agreement is entered into with effect from the date
first set out below.
Controller Company ______________________________
Signature ______________________________
Name: ________________________________
Title: _________________________________
Date Signed: ___________________________
Processor Company ______________________________
Signature ______________________________
Name _________________________________
Title __________________________________
Date Signed ____________________________