GDPR Compliance

Data Processor Agreement

  1. DEFINITIONS

“Data Controller” Has the meaning given to ‘controller’ in Art 4 of the GDPR

“Data Breach” Means a breach of security leading to the accidental or unlawful destruction,

loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored

or otherwise processed.

“Data Processor” Has the meaning given to ‘processor’ in Art 4 of the GDPR

“Data Protection Laws” Means any and all laws pertaining to the collection, processing and

storage of data, in particular the GDPR, as amended, and any successor legislation

“GDPR” Means Regulation (EU) 2016/679

“Personal Data” Has the meaning given in Art 4 of the GDPR

“Star VOIP Limited” is the legal name of the company trading as starvoipltd.co.uk and

STAR VOIP

“Customer” Means the legal or natural person directly dealing with Star VOIP Limited

“End User” Means the recipient of the Goods or Services provided by Star VOIP Limited, where

that recipient is different to the Customer

“EEA” means the European Economic Area, specifically as it regards the territorial scope of

the GDPR

“Contact Point” is the authorised place to make requests or issue instructions and

notifications to Star VOIP Limited with regards to the performance of this agreement. These are:

Via email: info@starvoipltd.co.uk

Via post: Star VOIP Limited

31b, Metro Centre

Britannia Way

Park Royal

London, NW10 7PA.

  1. RELATIONSHIPS

2.1 Star VOIP Limited shall be the Data Controller for Personal Data related to the Customer. This

includes, inter alia,

(a) Customer contact data, including phone numbers, email addresses and postal

Addresses;

(b) Website usage data;

(c) Invoicing data;

2.2 Where the Customer provides End User data, the Customer shall be the Data Controller, and

Star VOIP Limited shall be the Data Processor

  1. COMPLIANCE WITH DATA PROTECTION LAWS

3.1 The Parties shall each comply with their respective obligations under the applicable Data

Protection Laws.

3.2 The Customer shall be responsible for complying with Data Protection Laws with regards to

the End User, in particular that the Personal Data:

(a) Is adequate;

(b) Is accurate;

(c) Has the necessary consent or other legal basis to be processed by Star VOIP Limited;

(d) Complies with the principles specified in Art 5 of the GDPR

Star VOIP Limited T/A STAR VOIP

31b, Metro Centre, Britannia Way, Park Royal, London NW10 7PA

Registered in England No. 07800809, VAT No. GB 377 6541 57

Tel: 02035885181

  1. DATA PROCESSING OBLIGATIONS

4.1 In respect of any Personal Data to be processed by Star VOIP Limited acting as Data Processor for

which the Customer is Data Controller, then Star VOIP Limited shall:

(a) Provide appropriate technical and organisational measures in such a manner as is

designed to ensure the protection of the Personal Data, and the rights of the End

User;

(b) Engage sub-processors as required to fulfil our contractual obligations. This includes,

but is not limited to, courier companies and companies that despatch goods on our

behalf;

(c) Ensure that any sub-processors that are engaged are subject to data protection

obligations that are similar to those under this Agreement, and in all cases fully

comply with the Data Protection Laws

(d) Remain liable to the Customer for the performance of any sub-processor appointed

by Star VOIP Limited for the processing Personal Data

(e) Only process that Personal Data pursuant to our contractual obligations to the

Customer, on written instruction from the Customer, or under the authority of a

Government Agency in the course of its lawful duties. Where Star VOIP Limited acts under

the authority of a Government Agency, we shall notify the Customer unless

prohibited from doing so;

(f) Ensure access to Personal Data is bound by confidentiality;

(g) Ensure security of processing in accordance with the Data Protection Laws;

(h) At the cost of the Customer, on request via the Contact Point, provide information

relevant to, or assist compliance with the Customer’s obligations to the End User

through the Data Subjects’ rights enshrined in the Data Protection Laws;

(i) At the cost of the Customer, assist the Customer in complying with the Data

Protection Laws with regard to

  1. Security of Processing;
  2. Notification of a Data Breach to the relevant supervisory authority;

iii. Notification of a Data Breach to the End User;

  1. Data Protection Impact Assessments and consultations, if required;

(j) On termination of this Agreement through notification to the Contact Point, at the

Customer’s option either return or destroy the personal data within 48 hours of the

request, except where retention is required to comply with our legal obligations;

(k) At the cost of the Customer, on request via the Contact Point, make available to the

Customer all information necessary to demonstrate compliance with the obligations

laid out in Article 28 of GDPR;

(l) At the cost of the Customer, and subject to confidentiality and security provisions

determined by Star VOIP Limited, contribute to audits and facilitate inspections conducted

by the Customer or their appointed auditor, at a maximum of one audits or

inspections per calendar year;

(m) Immediately advise the Customer if any instruction infringes or contravenes the Data

Protection Laws or any other applicable law;

(n) Notify the Customer of any Data Breach concerning the End User without undue

delay;

(o) Transfer, or allow a sub-processor to transfer, Personal Data outside the EEA only for

the performance of our contract with the Customer. In particular, deliveries made or

Star VOIP Limited T/A STAR VOIP

31b, Metro Centre, Britannia Way, Park Royal, London NW10 7PA

Registered in England No. 07800809, VAT No. GB 377 6541 57

Tel: 02035885181

 

services provided outside the EEA will necessitate the transfer of such data. This is

consistent with Art 49, Para 1(b) and the second sub-paragraph of Art 49, Para 1 of

the GDPR

Signed

Mrs D Kamalakaran

Managing Director

Star VOIP Limited