This Data Protection Addendum (the “Addendum”) is incorporated into and forms part of the SaaS agreement in place between Sense Workplace Limited (“Sense”) and the Customer for the provision of the Services (the “Agreement”).
1.1. The following definitions apply in this Addendum.
Data Protection Laws all UK laws relating to the use, protection and privacy of personal data from time to time applicable to the parties, including the (i) UK GDPR; (ii) Data Protection Act 2018; and (iii) Privacy and Electronic Communication Regulations 2003.List of Sub-Processors the latest version of the list of Sub-Processors used by Sense, available at https://www.sense.hr/security.html
Protected Data personal data received from or on behalf of the Customer in relation to Sense’s performance of the Services under the Agreement.
Sub-Processor another processor engaged by Sense for carrying out processing activities in respect of the Protected Data, on behalf of the Customer.
UK GDPR has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018.
1.2. In this Addendum, the terms controller, data subject, personal data, personal data breach, processor, processing and Commissioner shall have the definitions given to them by the Data Protection Laws.
In the event of any conflict or inconsistency between the provisions of this Addendum and the remaining provisions of the Agreement, the provisions of this Addendum shall prevail solely with respect to the processing of Protected Data.
The parties agree that in respect of the Services, the Customer shall be the controller and Sense shall be the processor.
4.1. Each party shall:
Processing of the Protected Data by Sense under the Agreement shall be for the subject-matter, duration, nature and purposes and involve the types of personal data and categories of data subjects set out in this paragraph 5. Sense will host the Sense Platform used by the Customer to assist with the Customer’s employee management activities for the duration of the Agreement. The purpose of the processing is to allow Customers’ End Users to access the Platform in accordance with the terms of the Agreement. The nature of the processing is the storage of personal data on the Sense Platform and facilitating log-in to the Sense Platform. The types of personal data processed will be (i) user information: name and email address; and (ii) information uploaded by an End User at their sole discretion, which may include: date of birth, national insurance number, residential address, telephone number, bank account details, pension arrangements, historic and current job roles, employment contract information, salary and benefits details, sickness and absence records, grievance information, appraisals and performance reviews, attendance and annual leave information, religion or trade union membership. Such types of personal data may include special category data and relate to the Customer’s End Users and personnel.
6.1. In relation to the Protected Data, to the extent that Sense is the processor of such Protected Data, Sense shall:
7.1. Sense shall inform the Customer without undue delay if Sense believes that a processing instruction infringes Data Protection Laws.
7.2. To the extent permitted under applicable law, Sense shall have no liability howsoever arising (whether in contract, tort (including negligence) or otherwise) for any losses, costs, expenses or liabilities arising from or in connection with any processing in accordance with the Customer's unlawful processing instructions.
8.1. The Customer authorises the appointment of each of the Sub-Processors identified on the List of Sub-Processors at the Commencement Date. Sense shall give the Customer 30 days’ prior written notice of any change to the List of Sub-Processors. In the event the Customer reasonably believes that any such change materially adversely affects it, it may by notice elect to terminate the Agreement in respect of all impacted Services provided it exercises such right within 14 days of receipt of the change notification and notifies Sense in writing at the time of exercising such right of the material adverse effect which has caused it to exercise this right.
8.2. Sense shall:
9.1. The Customer can access information about Sense’s security measures and third party certifications at https://www.sense.hr/security.html.
9.2. In the event that the Customer, acting reasonably, deems the information provided in accordance with paragraph 9.1 insufficient to satisfy its obligations under Data Protection Laws, Sense shall:
9.3. Any information provided to, or obtained by, the Customer under this paragraph 9 shall be Sense’s Confidential Information.
10.1. The Customer warrants, represents and undertakes, that all: