Data Protection

JALTEK SYSTEMS will comply with the Data Protection legislation at all times.

1. All parties to the contract will comply with all applicable requirements of the Data Protection legislation. This clause is in addition to, and does not relieve, remove or replace a party’s obligation under Data Protection legislation.
2. The parties acknowledge that for the purposes of the Data Protection legislation the customer/client is the data controller and JALTEK SYSTEMS is the data processor (where data controller and data processor have the meanings as defined in the Data Protection legislation).
3. Without prejudice to the generality of clause 1.1 above the customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the personal data (as defined in Data Protection legislation) to JALTEK SYSTEMS for the duration and purposes of the contract.
4. Without prejudice to the generality of 1.1, JALTEK SYSTEMS shall, in relation to any personal data processed in connection with the performance by the Company of its applications under the contract: -

1. Process personal data only on the written instruction of the customer, unless JALTEK SYSTEMS is required by the laws or any member of the European Union, or by the laws of the European Union applicable to the supplier to process personal data (applicable data processing laws). Where JALTEK SYSTEMS is relying on laws or a member of the European Union or European Law as the basis of processing personal data, JALTEK SYSTEMS shall promptly notify the customer of this before performing the processing required by the applicable data processing laws, unless those applicable data processing laws prohibit JALTEK SYSTEMS from notifying the customer.
2. Ensure that it has in place, appropriate technical and organisational measures to protect against unauthorised or unlawful processing of personal data, and against accidental loss, destruction or damage to personal data appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage, and the nature of the data to be protected having regard to the state of technological development and the cost of implementing any measures (those measures may include where appropriate, using pseudonyms and encrypting personal data ensuring confidentiality, integrity, availability and resilience of its systems and services) ensuring that availability of any access to personal data can be restored in a timely manner after an incident and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it.
3. Ensure that all personnel who have access to and/or process personal data are obliged to keep the personal data confidential.
4. Only retain your personal data for as long as necessary to fulfil the purposes JALTEK SYSTEMS collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for such data, JALTEK SYSTEMS will consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of the personal data, the purposes for which we process the data and whether we can achieve those purposes through other means.
5. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
6. Not transfer any personal data outside of the European and economic area unless the prior written consent of the customer has been obtained and the following conditions are fulfilled:

1. The customer or JALTEK SYSTEMS has provided appropriate safeguards in relation to the transfer;
2. The data subject (as defined in the Data Protection legislation) has enforceable rights and effective legal remedies;
3. JALTEK SYSTEMS complies with its obligations under the Data Protection legislation by providing an adequate level of protection to any personal data that has been transferred; and
4. JALTEK SYSTEMS complies with reasonable instructions notified to it, in advance, by the customer in respect of the processing of the personal data;
5. Assist the customer (at the customers cost) in responding to any requests from a data subject and in ensuring compliance with its obligations under the Data Protection legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulator;
6. Notify the customer and the ICO without undue delay, on becoming aware of a personal data breach;
7. That at the written direction of the customer to delete or return personal data and copies thereof to the customer on termination of the agreement, unless required by the applicable data processor to lawfully store/retain the personal data; and
8. Contain, complete accurate records and information to demonstrate its compliance with this clause.

1. In order for the Company to fulfil its contract and obligations, JALTEK SYSTEMS may appoint third party processors of personal data under the contract. JALTEK SYSTEMS confirms that it is entered into or (as the case may be) enter with a third-party processor in to a written agreement and substantiate on that third party’s standard terms of business or incorporating terms which are substantially similar to those set out in this document.
2. As between the customer and JALTEK SYSTEMS shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this clause.
3. JALTEK SYSTEMS, may at any time, on not less than 30 days’ notice, revise this document by replacing it with any applicable controller to processor standard clauses or similar terms forming part of an applicable certification scheme (which will apply when replaced by attachments to the contract).