Data Processing Addendum

Last updated: 8 October 2019

Zero Technology LTD (“Zero Technology”, “we”, “us”, “our”) has contracted to provide you (“you”, “your(s)”, “user”) with our cloud-based people management software as a service called Humaans through the website (“Services”).

Zero Technology has agreed to provide Services to you in accordance with the terms of the Terms of Service. In providing these Services, we shall process Personal Data on your behalf. From the date that you agree to the Terms of Service, we will process and protect such Personal Data in accordance with the terms of this Data Protection Addendum for the terms of the Agreement.

You acknowledge that we may process personal data provided by you to provide the Services. Information regarding our obligations as a “Data Controller” and your rights as a data subject are set out in our Privacy Policy. For personal data that we process under your instructions, we are a “Data Processor”, and you hereby confirm that you have all necessary appropriate consents and notices in place to enable lawful transfer of such personal data to us. We will not access or use such personal data except as necessary to maintain or provide the Services, or as necessary to comply with the law or a binding governmental order. We will, at your cost, assist you in responding to any request from one of your data subjects and help you comply with your obligations under Applicable Data Protection Law with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators.

Data Protection Terms to be added to Terms of Service:

  1. For the purposes of these terms, “Personal Data” means data about an individual who can be identified either from that data or by combining the data with other information which we have access to.
  2. Both of us must comply with all Applicable Data Protection Laws relating to the protection of Personal Data which apply to our respective businesses.
  3. You warrant that you have the right to transfer your Personal Data to us so that we may lawfully use, process and transfer it in accordance with the Terms of Service on your behalf.
  4. To the extent you upload any content onto our Services containing Personal Data and we are deemed to be a processor of such Personal Data, we will:
    1. Process such Personal Data to the extent necessary in order to provide our Services to you and in accordance with your instructions;
    2. Take reasonable appropriate technical and organisational measures against unauthorised or unlawful processing of the Personal Data or its accidental loss, destruction or damage as is appropriate to the harm that might result;
    3. Ensure that anyone who has access to and/or processes Personal Data is obliged to keep it confidential;
    4. Not transfer the Personal Data outside of the European Economic Area without ensuring adequate measures are in place to protect the Personal Data as required by applicable data protection laws;
    5. Notify you promptly and without undue delay if we become aware of a breach of security which has resulted in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to Personal Data;
    6. If you ask us to and in any event on termination of the Terms of Service, delete all copies of the Personal Data;
    7. Provide you with reasonable assistance and information to allow you to comply with your obligations under Applicable Data Protection Law;
    8. Maintain complete and accurate records and information to show we have complied with these terms; and
    9. Permit you (or your third party auditor) to audit our compliance with these terms on giving reasonable notice to us, provided that any third party auditor mandated by you to conduct such audit has entered into confidentiality undertakings which are satisfactory to us, the audit is at your expense, and you use reasonable endeavours to ensure that any such audit is designed to minimise disruption to our business.