Processing Terms

Industries
- - - Check our latest news
      
      The year of smarter Field Services: digital-first customers, AI-augmented technicians, and EV-ready teams
      Read more
      
      The future of retail is personal: 2026 predictions for small businesses
      Read more
Solutions
About
- - - Company
    - Get to know our mission, milestones, and leadership team.
  - - Check our latest news
      
      The year of smarter Field Services: digital-first customers, AI-augmented technicians, and EV-ready teams
      Read more
      
      The future of retail is personal: 2026 predictions for small businesses
      Read more
Payments
M&A
Careers
- - - Check our latest news
      
      The year of smarter Field Services: digital-first customers, AI-augmented technicians, and EV-ready teams
      Read more
      
      The future of retail is personal: 2026 predictions for small businesses
      Read more
News
Contact

1. Defined Terms

1.1 For the purposes of this Schedule:
(i) “Data Controller”, “Data Subject”, “Personal Data”, “Data Processor”, and “Process” shall have the meaning specified in the Data Protection Legislation; and
(ii) “Data Protection Legislation” means the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 and any related act or regulation in the UK, including statutory modification or re-enactment of it.

2. Data Processing Terms

2.1 In relation to the Processing of any User Data which constitutes Personal Data, the parties agree that the Client and/or its user(s) is/are the Data Controller and the Supplier is the Data Processor.
2.2 This Schedule sets out the subject matter, duration, nature and purpose of the processing by the Supplier, as well as the types and categories of Personal Data and the obligations and rights of the Client.
2.3 The Supplier shall in respect of such Personal Data:
(i) process that Personal Data during the term of this Contract only on the documented written instructions of the Client (which include this Contract) unless the Supplier is required by Laws to otherwise process that Personal Data. Where the Supplier is relying on Laws as the basis for processing Personal Data, the Supplier shall promptly notify the Client of this before performing the processing required by the Laws unless those Laws prohibit the Supplier from notifying the Client;
(ii) ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the Personal Data to be protected, having regard to the state of technological development and the cost of implementing any measures;
(iii) ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential;
(iv) not transfer any Personal Data outside of the UK and/or European Economic Area unless the prior written consent of the Client has been obtained and there are appropriate safeguards in relation to the transfer;
(v) assist the Client, at the Client’s cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach, notifications, impact assessments and consultations with supervisory authorities or regulators;
(vi) notify the Client without undue delay on becoming aware of a Personal Data breach;
(vii) ensure that provisions which are equivalent to those set out in this paragraph2.3 are imposed upon any subprocessor engaged by the Supplier (acknowledging that the Supplier shall remain primarily liable to the Client for the subprocessor’s compliance with such provisions);
(viii) inform the Client of any intended additions to or replacements of the Supplier’s subprocessors;
(ix) subject to Clause 9.2(e) of the Contract, at the written direction of the Client, delete or return Personal Data and copies thereof to the Client on termination of the Contract unless required by Laws to store the Personal Data; and
(x) maintain complete and accurate records and information to demonstrate its compliance with this Schedule and allow for audits by the Client on reasonable notice and (but without thereby assuming the primary liability of the Client to only issue lawful instructions) immediately inform the Client if, in the opinion of the Supplier, an instruction infringes the Data Protection Legislation.
2.4 The Supplier shall not give access to or transfer any Personal Data to any third party without the prior written consent of the Client, such consent not to be unreasonably withheld or delayed. The Client consents to the Supplier’s use of the subprocessors identified at www.clearcourse.co.uk/dataprocessing/subprocessors

3. Data

3.1 Subject matter and duration of the processing of Personal Data: set out in this Schedule and is further detailed in the Supplier’s privacy policy (freely available on request).
3.2 The nature and purpose of the processing of Personal Data: such processing, in accordance with the Client’s instructions, as is necessary to provide the services pursuant to the Contract, which may include: the collection of data; recording of data; organisation of data; storage of data; alteration of data; retrieval of data; consultation with regard to data; use of data; disclosure of data to permitted third parties; combining data; and/or erasure of data.
3.3 The types of Client Personal Data to be Processed: the Client may submit Personal Data in the course of using the Services, the extent of which is determined and controlled by the Client in its sole discretion, which may include, but is not limited to Personal Data relating to the following: name; personal contact details; professional contact details; IP addresses; cookie data; login credentials; and traffic data including web logs.
3.4 The categories of Data Subject to whom the Client Personal Data relates: the Client may submit Personal Data to the Supplier, the extent of which is determined and controlled by the Client in its discretion, and which may include, but is not limited to, Personal Data relating to the following categories of data subjects: the Client’s customers, employees, business partners and suppliers.
3.5 The obligations and rights of the Client: set out in this Schedule and is further detailed in the Supplier’s privacy policy (freely available on request).

4. Client Responsibilities

4.1 The Client agrees that, in its role as Data Controller, it:
(i) shall ensure that only lawful instructions are issued to the Supplier in respect of the Processing of the Personal Data;
(ii) shall obtain and maintain throughout the term of the Contract all necessary permissions, consents and authorisations to enable the Supplier to process the Personal Data in accordance with the provisions of the Contract;
(iii) has reviewed and approved the Supplier’s technical and organisational measures as being suitable for the Client’s purposes before entering into the Contract;
(iv) has granted to the Supplier general authorisation to sub-contract its Processing of Personal Data to third parties on the terms set out in paragraph 2.3(vii);
(v) may be considered to have no objections if it has not advised otherwise in writing within ten (10) days of notification under paragraph 2.3(viii); and
(vi) shall promptly issue its instructions in writing to the Supplier, regarding return or deletion of the Personal Data, upon termination or expiry of the Contract (acknowledging the provisions of Clause 9.2(e) of the Contract).

Check our latest news

Check our latest news

Check our latest news

1. Defined Terms

2. Data Processing Terms

3. Data

4. Client Responsibilities