The purpose of this Data Processing Addendum (“DPA”) is to define the agreement between You and ServiceM8 regarding the processing of personal and account data on Your behalf, and in connection with provision of the Service to You, in accordance with the requirements of the General Data Protection Regulation (“GDPR”). If you are not a ServiceM8 user, or if the data being processed is not subject to the GDPR, this Data Processing Addendum is not applicable.
You acknowledge that You have direct responsibilities under the GDPR regarding how You use ServiceM8 with Your customers' and others’ personal data, and warrant to us that You will comply with Your obligations under the GDPR.
With regard to the processing of personal data submitted by You, Your employees or Your customers, for processing by ServiceM8, as part of Your use or interaction with the Service, You and ServiceM8 agree that:
- ServiceM8 implements and maintains appropriate technical and organisational measures designed to protect processed personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access.
In the event that ServiceM8 engages other sub-processors for the above mentioned purposes, ServiceM8 will notify You. You may object in writing to such an appointment of a new sub-processor within five (5) calendar days of such notice, provided that the objection is based on reasonable grounds relating to data protection. In the event of an objection, we will discuss Your concerns with You in good faith with a view to achieving resolution. If a resolution is not possible, You may terminate Your use of the Service, subject to relevant provisions in our Terms of Service.
- ServiceM8 will assist You (insofar as is possible and reasonable) to action requests from data subjects in exercising their data access and portability rights, and support Your compliance with Your own obligations as a data controller. ServiceM8 reserves the right to reimbursement from You for the reasonable cost of any time, expenditure or fees incurred as part of providing such assistance.
- You may close Your ServiceM8 account at any time. This will terminate Your access to the Service and result in the immediate deletion or anonymization of Your account data, including historic backups, being the primary data processed on Your behalf as part of the ServiceM8 Service. However, note that ServiceM8 may have a variety of obligations to retain some or all of Your personal data & other information for certain periods.
- Should ServiceM8 become aware of any accidental, unauthorised or unlawful destruction, loss, alteration, disclosure, or breach of the personal data processed by ServiceM8 on your behalf, if such a breach represents a risk to the rights and freedoms of natural persons, ServiceM8 will notify You of the breach as soon as practicably possible.
- Should ServiceM8 become aware that, in our opinion, an aspect of Your processing instructions or use of the Service represents an infringement of the principles or requirements of the GDPR, ServiceM8 will inform You accordingly.