GDPR Commitmentv1.2 last updated 21 February 2023
LoopUp (“LoopUp”, “us”, “we” or “our”) is strongly committed to protecting personal data / personally identifiable information (“personal data”) of your employees, users and such other individuals using our services as well as upholding their rights to privacy.
Notwithstanding our agreed Terms of Service with you, we agree we shall:
- only process personal data on your behalf for the purpose of providing our services to you (or for such other purpose ancillary to the provision of the services) unless required to do so otherwise by law or regulation;
- implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks presented by our processing, including, but not limited to (as appropriate):
- the pseudonymisation and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
- a process for routinely testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing;
- remain fully responsible for all acts or omissions of our employees, agents and subcontractors and when appointing sub-processors (in addition to those notified to or approved by you already) shall notify you of any material change affecting the processing of personal data relevant to the provision of the services provided to you;
- when appointing a sub-processor, enter into a contract or other legal act to provide sufficient guarantees to implement appropriate technical and organizational measures to comply with such applicable data protection laws;
- provide such assistance to you:
- as reasonably necessary for you to meet your obligations in respect of data subject access rights under such applicable data protection laws (or such other rights in accordance with GDPR Chapter III (Articles 12 to 23 inclusive)); and
- as reasonably requested in performing, where required, a data protection impact assessment and in consulting with competent authorities.
- notify you, without undue delay, of:
- discovering a personal data breach which is likely to result in a significant economic or social disadvantage to individuals, in which case LoopUp shall (i) as part of such notification describe the nature of the incident and, where possible, the categories and approximate number of individuals concerned and the categories and approximate number of personal data records concerned, (ii) investigate such breach and take such appropriate corrective action to remedy such breach and prevent a recurrence of such breach; and
- any request for information from or complaint by a data protection authority or an individual specifically in relation to personal data that LoopUp processes for the purpose of providing our services to you;
- except where permitted by any applicable law or regulation or as set out in, or as required pursuant to, the Terms of Service, upon your request, delete or return all personal data to you after the provision of our services and completion of any accounting or administrative requirements relating to the provision of such services;
- for any transfers of personal data to locations and/or geographies outside of the European Economic Area, ensure the transfer is:
- to a jurisdiction deemed by the European Commission to have an adequate level of protection;
- subject to contractual provisions approved by the European Commission such as, by way of example only, the Standard Contractual Clauses issued by Commission Decision C(2010)593; or
- pursuant to a framework deemed adequate and approved by the European Commission.
Please note such references to GDPR shall also extend to the UK Data Protection Act 2018 (in such corresponding manner). The commitment above shall be interpreted and applied in accordance with the Terms of Service as agreed between you and LoopUp and the Terms of Services shall not be amended otherwise.
Our policy is to be as transparent as possible about how and why we process personal data. However, should you have any questions please contact us at either firstname.lastname@example.org or by writing to us at Legal and Compliance, 9 Appold Street, London EC2A 2AP, UK.