This Appendix 1 to Data Processor Agreement includes certain details of the Processing of Your personal data: as required by Article 28(3) GDPR.
Data Exporter: You
Contact Details: Provided in the Order Confirmation.
Data Exporter Role: you are a controller.
Data Importer: Dext Software Limited.
Contact Details: Data Protection Officer c/o Legal Department, dpo@dext.com cc legal@dext.com
Data Importer Role: We are a processor
The subject matter of the Processing of Your Personal Data is in order to provide the Dext Products under the Agreement including the Order Confirmation.
The subject duration of the Processing of Your Personal Data is for the Licence Term plus the period until We delete Your Personal Data in accordance with our retention policy, which is set out in our privacy policy available on our website.
In order to fulfil Our obligations to You under the Agreement, provide the Dext product(s) as set forth in the Agreement including the Order Confirmation.
The personal data processed relates to the following categories of data subjects:
We operate internationally, and as a result, may transfer the information we collect about you across international borders, including from the EEA or UK to the United States, for processing and storage. To the extent that the information we collect about you is transferred from the EEA or UK to territories/countries for which the EU Commission or UK Secretary of State (as applicable) has not made a finding that the legal framework in that territory/country provides adequate protection for individuals' rights and freedoms for their personal data, we may transfer such data consistent with applicable data protection laws based on prior assessment of the level of data protection afforded in the context of the transfer, including through the use of the EU Commission-approved or UK Secretary of State-approved (as applicable) Standard Contractual Clauses, if necessary in combination with additional safeguards
A list of Sub-processors We use can be found below. This list may be amended from time to time:
Name | Purpose | Jurisdiction | SSCs |
---|---|---|---|
AWS | Cloud services platform that is used for our database storage & to run all of our apps. | EU: AWS Ireland – active location; AWS Germany, Frankfurt – backup location. | N.A. |
Fino | Provides integrated screen-scrapping technology to fetch invoice and bill data from a customer’s account on other platforms. Through Fino, customers can connect to over 2,000 possible providers, such as Amazon, BT, Spotify, Thames Water and EE. | EU (AWS Ireland) | N.A. |
Google Cloud Platform (Cloud Vision) | This is used for our OCR data extraction service. No data is stored because it is a transient service, the data is processed in order to be extracted and then the files are immediately returned to us once processed. Google cloud does not keep copies of this data. | US (Google Cloud) | Yes |
Honeybadger | This is the tool we use to report on errors on our website – e.g. if there is fault when logging in. | US (AWS us-east-1 region) | Yes |
Looker | Business intelligence tool and big data analytics platform that helps with analysing and sharing real-time business analytics using dashboards. | EU | N.A. |
Mailchimp / Mandrill | Allows us to send one-to-one transactional emails triggered by user actions, like requesting a password or placing an order. | EU: AWS Ireland | N.A. |
Netsuite | Cloud based accounting system that helps us manage business finance and operations. | UK (London) | N.A. |
OwnBackup | Backup tool for Salesforce. | UK | N.A. |
Salesforce | Integrated Customer Relationship Management (CRM) platform used to manage interactions with customers and potential customers. | UK (London) | N.A. |
Sentry | Application monitoring and error tracking | US | Yes |
Snowflake | Cloud data warehouse that offers a data storage and analytics service. EU (AWS Ireland) N.A. Storecove Provides e-invoicing capability | EU | N.A. |
Stripe | Processes customer payments | US | Yes |
Twillo | Software that sends SMS on our behalf for features. US YesTwillo Software that sends SMS on our behalf for features. US YesTwillo Software that sends SMS on our behalf for features. US YesTwillo Software that sends SMS on our behalf for features. | US | Yes |
The technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) of the EU SCC's are those established and maintained under clause 4 of this Data Processor Agreement and includes without limitation those found at https://dext.com/uk/security as amended from time to time
Table 1: Parties
Start Date | Data Processing Agreement Effective Date | |
The Parties | Exporter (who sends the Restricted Transfer) | Importer (who receives the Restricted Transfer) |
Parties' details | Full legal name: As listed in the Order Confirmation | Full legal name: Dext Software Limited |
Trading name (if different): n/a | Trading name (if different): | |
Main address (if a company registered address): As listed in the Order Confirmation | Main address (if a company registered address): Unit 1.2, Techspace Shoreditch. 25 Luke Street, London, EC2A 4DS | |
Official registration number (if any) (company number or similar identifier): As listed in the Order Confirmation | Official registration number (if any) (company number or similar identifier): 07361080 | |
Key contacts | Full name (optional): Legal Department | Full name (optional): |
Job title: As listed in the Order Confirmation | Job title: Legal Department | |
Contact details including email: As listed in the Order Confirmation | Contact details including email: dpo@dext.com cc legal@dext.com | |
Signature (if required for the purposes of Section 2) |
Addendum EU SCCs | ☐The version of the Approved EU SCCs, which this Addendum is appended to, detailed below, including the Appendix Information. Date: Reference (if any): Other identifier (if any): OR ☒ The Approved EU SCCs, including the Appendix Information and with only the following modules, clauses or optional provisions of the Approved EU SCCs brought into effect for the purposes of this Addendum. | |||||
Module | Module in operation | Clause 7 (Docking Clause) | Clause 11 (Option) | Clause 9a (Prior Authorisation or General Authorisation) | Clause 9a (Time period) | Is personal data received from the Importer combined with personal data collected by the Exporter? |
1 | - | - | - | |||
2 | x | x | General authorisation | 10 days | - | |
3 | - | |||||
4 | - | - |
"Appendix Information" means the information which must be provided for the selected modules as set out in the Appendix of the Approved EU SCCs (other than the Parties), and which for this Addendum is set out in:
Annex 1A: List of Parties: See Appendix 1 of this Data Processor Agreement |
Annex 1B: Description of Transfer: See Appendix 1 of this Data Processor Agreement |
Annex II: Technical and organisational measures including technical and organisational measures to ensure the security of the data: See Appendix 2 of this Data Processor Agreement |
Ending this Addendum when the Approved Addendum changes | Which Parties may end this Addendum as set out in Section 19: ☐ Importer ☒ Exporter ☐ Neither Party |
Entering into this Addendum
Interpretation of this Addendum
Mandatory Clauses | Part 2: Mandatory Clauses of the Approved Addendum, being the template Addendum B.1.0 issued by the ICO and laid before Parliament in accordance with section 119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses. |