Data protection
1.1 Definitions:
Controller or Data Controller shall have the meaning set out in the Data Protection Legislation. Data Protection Law means the GDPR, the Data Protection Act 2018 and any other UK statute which implements any provisions of the same.
Data Protection Legislation means all applicable data protection and privacy legislation, regulations, guidance and codes of practice, including:
(a) the Data Protection Law and the Privacy and Electronic Communications (EC Directive) Regulations;
(b) any secondary legislation pursuant to the Data Protection Law;
(c) any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK in respect of any of the foregoing; and
(d) any guidance or codes of practice issued by Working Party 29, the European Data Protection Board or the Information Commissioner from time to time (all as amended, updated or reenacted from time to time).
Data Subject shall have the meaning set out in the Data Protection Law.
GDPR means Regulation (EU) 2016/679 (or the "General Data Protection Regulation").
Personal Data shall have the meaning set out in the Data Protection Law.
Processing shall have the meaning set out in the Data Protection Law (and Process and Processed shall be construed accordingly).
Processor or Data Processor shall have the meaning set out in the Data Protection Law.
1.2 Each party shall comply with all applicable requirements of the Data Protection Legislation. This policy is in addition to, and does not relieve, remove or replace, a party’s obligations under the Data Protection Legislation.
1.3 Neither party shall through its acts or omissions place the other party in breach of any Data Protection Legislation.
1.4 For the purposes of providing services to you, I will undertake the following processing:
Scope processing client data, and documents containing the same, for the delivery of the agreed services.
Nature copying documents for the purposes of notarisation, legalisation and translation; storing documents for evidential purposes and/or as otherwise reasonably required by the client relationship.
Purpose of processing of providing the services pursuant to our contract for services.
Duration of the processing as required for the nature of the services provided.
Types of personal data to be processed by me/Phillips Notary (i) names, passport information and/or contact details of employees, officers or other individuals acting on your behalf; (ii) names, passport information and/or contact details of any individuals with whom you might be doing business and therefore whose details are stated in documents we notarise, translate or legalise; (iii) anything else of relevance that might identify an individual.
Types of special categories of personal data (or sensitive personal data) to be processed by me/Phillips Notary including, inter alia, medical information, civil status, details regarding race, beliefs or sexual orientation. Categories of data subject (i) employees, officers or other individuals acting on your behalf; (ii) individuals with whom you might be doing business and therefore whose details are stated in documents I notarise, translate or legalise;
1.5 I shall treat any personal data I collect from you, or anyone acting on your behalf, in accordance with our privacy policy, which is available on request or can be found on our website.
1.6 Without prejudice to the generality of clause 1.2, you will ensure that you have all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to me/Phillips Notary for the duration and purposes of the matter envisaged by the contract for services and, accordingly, you confirm that you are authorised to share Personal Data with me. You shall be solely responsible for bringing our current privacy policy to the attention of anyone whose Personal Data I may process on your behalf.
1.7 Without prejudice to the generality of clause 1.2, I/Phillips Notary shall, in relation to any Personal Data Processed in connection with my performance of my obligations under the contract for services: (a) Process that Personal Data only on your written instructions unless I am required to Process such Personal Data otherwise by the laws of any member of the European Union or by the laws of the European Union applicable to my/Phillips Notary (Applicable Laws). Where I am relying on Applicable Laws as the basis for Processing Personal Data, I shall promptly notify you of this before performing the Processing required by the Applicable Laws unless those Applicable Laws prohibit me from so notifying you; (b) ensure that there are in place appropriate technical and organisational measures to protect against unauthorised or unlawful Processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful Processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by me/Phillips Notary); (c) ensure that all personnel (including, without limitation, employees) who have access to and/or Process Personal Data are legally obliged to keep the Personal Data confidential; (d) not transfer any Personal Data outside of the European Economic Area unless your prior written consent has been obtained and the following conditions are fulfilled: i. you or I have provided appropriate safeguards in relation to the transfer; ii. the Data Subject has enforceable rights and effective legal remedies; iii. I/Phillips Notary comply with my obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and iv. I/Phillips Notary comply with reasonable instructions notified to me in advance by you with respect to the Processing of the Personal Data; (e) assist you, at your cost, in responding to any request from a Data Subject and in ensuring compliance with my obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; and otherwise to comply with your obligations under the Data Protection Legislation to respond to requests from Data Subjects or exercise of the rights of Data Subjects or information mandated to be provided to Data Subjects; (f) notify you without undue delay, and in any event within 48 hours of the point at which I become aware of the same, of any Personal Data breach or other security incident affecting or relating to Personal Data; (g) at your written direction, delete or return Personal Data and all copies thereof to you on termination of the contract or at any other time unless required by Applicable Law and regulations to store the Personal Data; and (h) maintain complete and accurate records and information to demonstrate my compliance with this clause 1.7 and relevant provisions of the Data Protection Legislation and allow for and cooperate with reasonable audits including, without limitation, inspections by you or your designated auditor.
1.8 Unless you notify an objection to me within fourteen (14) days of receipt of notice pursuant to this clause 1.8, you consent to our appointing sub-processors as may be notified to you from time to time as third-party processors of Personal Data under this contract. I confirm that I have entered into or (as the case may be) will enter into a written agreement with the third-party processor, which agreement shall contain provisions which comply with the Data Protection Legislation and which, in any event, are no less onerous than those imposed under clause 1.7. As between you and us, we shall remain fully liable for all acts or omissions of any third-party processor we appointed pursuant to this clause.
1.9 I/Phillips Notary may, at any time on not less than 30 days’ notice in writing, revise this clause 1 by replacing it with any applicable controller to processor standard clauses or similar terms forming part of an applicable certification scheme.
1.10 We shall store copies of your passport and other Personal Data cited in the Notaries Practice Rules 2019 in accordance with all requirements listed therein.