Thank you for engaging Affinity Connect Limited (“Affinity”) to provide services to you (the “Client”, “you” or “your”), together the “parties” and each a “party”. As part of the provision of the services to you, Affinity may process personal data on your behalf where you have requested Affinity to provide its online booking system for the purpose of financial wellbeing and or retirement courses.
The parties therefore agree that they will comply with all applicable data protection and privacy legislation in force from time to time including the UK GDPR, the Data Protection Act 2018 (and regulations made thereunder) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended (the “Data Protection Legislation”).
The parties further agree and acknowledge that for the purposes of the Data Protection Legislation, the Client is the data controller and Affinity is the data processor. The particulars of the processing are as follows:
- Subject matter of processing: Provision of financial wellbeing and or retirement courses.
- Duration of the processing: Affinity will process any personal data received from or on your behalf in connection with the provision of the services for the duration of the services or as otherwise instructed by you.
- Nature of the processing: Collecting, recording, organising, structuring, storing, using, disclosing by transmission, or otherwise making available, erasing or destroying personal data.
- Purpose of the processing: personal data may be processed for the purpose of course registrations and/or attendance.
- Type of personal data: Basic personal identifiers, e.g. name, email address (telephone number if an SMS reminder is applicable).
- Categories of data subjects: Employees.
Affinity shall, in relation to any personal data processed by it in connection with the services:
a) process the personal data only on your documented written instructions unless it is required by law to otherwise process that personal data;
b) ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
c) not transfer any personal data outside of the UK (with the exception of the EEA) unless your prior written consent has been obtained;
d) implement and maintain appropriate technical and organisational measures, insofar as this is possible, to protect the personal data against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access;
e) assist you, at your cost, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
f) notify you without undue delay on becoming aware of a personal data breach;
g) delete, after the end of the provision of services relating to processing and delete existing copies unless domestic law requires storage of the personal data. Alternatively, if you instruct Affinity to do so prior to deletion, Affinity will return all the personal data to you;
h) make available to you all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the UK GDPR and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you, and Affinity shall immediately inform you if, in its opinion, an instruction infringes Article 28 of the UK GDPR or other domestic law relating to data protection;
Where you have requested Affinity to provide its online booking system for the purpose of course registrations and/or attendance, Affinity may appoint a third-party processor to provide and/or host such online booking system. You consent to Affinity appointing Wealth at Work Limited (a group company) as a third-party processor in this respect. Affinity shall remain fully liable for all acts or omissions of any third-party processor appointed by it.
The above provisions are in addition to, and do not relieve, remove or replace, Affinity’s or your obligations or rights under the Data Protection Legislation.