We process the information you provide us on behalf of our company with the purpose of sending you publicity related to our products and services by any means (postal, email or telephone) and inviting you to events organized by our company. The data provided will be kept until you request the cessation of the activity. The data will not be transferred to third parties except in cases where there is a legal obligation. You have the right to obtain confirmation as to whether Peter Quilter SLU is processing your personal data, therefore you have the right to access your personal data, rectify the inaccurate data or request its erasure when the data are no longer necessary for the purposes that were collected.
Vistaprint, is authorized as the data processor on behalf of Peter Quilter SLU, as the data controller to process the necessary personal data to provide the service that is specified below on the basis of the following clauses. The processing will consist of website maintenance. 2. Identification of the concerned information The company Peter Quilter SLU, as the data controller, makes available to the entity Vistaprint, the information available in the IT equipment that support the data processing performed by the controller, for the performance of the service level derived from the fulfilment of this assignment. 3. Duration of the contract This agreement has a duration of (renewable). Once this contract is concluded, data processor must return data to the controller or transmit to another processor appointed by the controller, and erase any copy in its possession. However, the processor may keep the data locked to address possible administrative or jurisdictional responsibilities. 4. Obligations of the data processor Data processor and their personal are obliged to: Use the personal data processed, or those collected to be included, only for the purpose of this contract. Under no circumstances may data processor use the data for his own purposes. Process personal data according to the instructions of data controller. If data processor considers that any of the instructions violate the GDPR or any other data protection regulation, data processor shall immediately inform to data controller. Do not disclose the data to third parties, unless it has the express authorization of data controller, in cases that are legally admissible. Maintain the duty of secrecy with regard to personal data that were accessed under this contract, even after the end of the contract. Ensure that people authorized to process personal data are explicitly provided with the necessary written information required to respect confidentiality and to comply with the security measures, and ensure they are properly informed Keep the supporting documentation to fulfil the obligation established in the previous section available to data controller. Ensure necessary training on data protection of people authorized to process personal data. Notification of personal data breach As soon as data processor becomes aware that a personal data breach has occurred, data processor shall notify the personal data breach to data controller to their email without undue delay, together with all relevant information to document and communicate the incident. At least the following information shall be provided: a) Description of the nature of personal data breach including, where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned. b) The name and contact details of data protection officer or other contact point where more information can be obtained. c) Description of the possible consequences of personal data breach. Description of the measures adopted or proposed to be taken to address personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide the information at the same time, the information will be provided gradually without undue further delay. To make available to data controller all necessary information to demonstrate compliance with their obligations, as well as to accomplish audits, including inspections, conducted by the controller or another auditor authorized by data controller. To assist data controller to implement the necessary security measures to: a) Ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. b) Restore the availability and access to personal data in a timely manner in the event of a physical or technical incident. c) Regularly test, assess and evaluate the effectiveness of technical and organisational measures for ensuring the processing security. Destination of data Data controller will not keep personal data related to the processing of the processor unless it is strictly necessary for the provision of the service, and only for the time strictly necessary for its provision. 5. Obligations of the data controller Data controller is obliged to: a) Deliver the necessary data to the processor to provide the service. b) Ensure, prior and throughout the whole processing, the GDPR compliance by the processor. c) Supervise the processing of personal data.