CUSTOMER DATA PROTECTION
Both parties REIGN AND the CUSTOMER will comply with all applicable requirements of the Data Protection Legislation. This clause in addition to, and does not relieve, remove or replace a party’s obligations under the Data Protection Legislation.
The parties acknowledge that for the purposes of the Data Protection Legislation, the Reign is the data controller, Reign is the data processor, and the Customer is the data subject (where Data Controller, Data Processor and Data Subject have the meanings as defined in the Data Protection Legislation). Below sets out the scope, nature and purpose of processing by Reign, the duration of the processing and the types of Personal Data (as defined in the Data Protection Legislation).
(a) Processing the Personal Data of the Customer to send notifications to the Service Provider(s).
(b) Marketing communications to the Customer to offer them services from the Service Provider(s).
(a) Sending notifications to Service Providers using the legitimate interests of Reign.
(b) Telephone calls and text messaging to Customers to offer them services from the Service Provider(s).
1.3 Purpose of processing:
(a) Sending notifications to Service Providers to ensure relevant Service Providers bills are transferred into the Customer’s name that is responsible for paying for them.
(b) To market to Customers to offer them services from the Service Providers(s).
1.4 Duration of processing:
(a) Notifications to Service Providers are sent around start and end dates of a Customer moving into a property for the duration of the Agreement.
(b) Telephone calls and text messaging are made over a period of 2 weeks before a Customer moves up until 2 weeks after for the duration of the Agreement.
2 Types of Personal Data
Identity – full name
Contact – email, telephone number, address
Financial – bank details, credit card details, direct debit information (to pass to chosen Service Providers)
Property – property type, Service Provider usage
3 Categories of Data Subject
Customers - means a tenant, landlord, home buyer or home occupier.
Without prejudice to the generality above the Reign warrants that:
(a) it has the necessary appropriate consents and notices in place to enable lawful transfer of the Customer’s Personal Data to Reign for the duration and purposes of this Agreement;
(b) Personal Data provided has been Opted-in by the Customer; and
(c) all Opt-in processes carried out by the Reign have been carried out in line with and adhere to the Data Protection Legislation.
Reign Shall, in relation to any Personal Data processed in connection with the performance of its obligations under this Agreement:
(a) process that Personal Data only on the written instructions of the Customer obtained via an Opt-in from the Reign, unless Reign is required by the laws of any member of the European Union or by the laws of the European Union applicable to Reign to process Personal Data (Applicable Data Processing Laws). Where Reign is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, Reign shall promptly notify the Reign (who shall promptly notify the Customer) of this before performing the processing required by the Applicable Data Processing Laws unless those Applicable Data Processing Laws prohibit Reign from so notifying the Customer;
(b) ensure that it has in place appropriate technical and organisational measures, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
(c) ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and
(d) not transfer any Personal Data outside of the European Economic Area unless the prior written consent of the Customer has been obtained from the Reign and the following conditions are fulfilled:
(i) Reign and/or Customer has provided appropriate safeguards in relation to the transfer;
(ii) the Customer has enforceable rights and effective legal remedies;
(iii) Reign complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and
(iv) Reign complies with reasonable instructions notified to it in advance by the Reign with respect to the processing of the Personal Data of the Customer;
(e) respond to any request from the Customer and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators.
(f) at the written direction of the Reign or the Customer delete or return Personal Data and copies thereof to the Customer on termination of this Agreement unless required by Applicable Data Processing Law to store the Personal Data.