Data Protection Addendum

Last updated Jun 04, 2018

This Data Protection Addendum is incorporated into our Standard Terms and forms part of the contract between Merchants and Urb-it. By agreeing to our Standard Terms, Merchants also agree to the terms of this Data Protection Addendum.

Capitalized terms not defined below, have the same meaning as that given to them in the Standard Terms. Urb-it may vary this Data Protection Addendum or the Standard Terms from time to time, for example where necessary to comply with applicable Data Regulation, in which case Urb-it will notify you by updating this page and, where appropriate, by email or other communication.

If you object, let us know before that variation is due to become effective, so we might either bring our contract with you to an end, or disapply the variation. Otherwise, continuing to use our services shall constitute acceptance of that variation.
  1. DATA PROTECTION
    1. “Data Regulation” means the Personal Data Act (1998:204) (Swedish: “Personuppgiftslagen”), the Data Protection Act 1998 (the “Act”), the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, and the European General Data Protection Regulation (2016/679) of 27 April 2016 (“GDPR”) and any data protection, privacy or similar laws that apply regarding personal data processed in connection with the agreement entered into separately (the Standard Terms), in each case as amended or replaced from time to time.
    2. The terms “controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processing”, “processor”, and “Supervisory Authority” shall have the meanings given to them in the Data Regulation. For the purposes of these terms, Personal Data refers to Personal Data in respect of which the Merchant is the data controller and Urb-it is a data processor, Processing such Personal Data on behalf of the Merchant. “Subprocessor” means any person appointed by or on behalf of Urb-it to Process Personal Data on behalf of Merchant or otherwise in connection with the agreement entered into separately (the Standard Terms).
  2. Urb-it and the Merchant will comply with their respective obligations under the Regulations. Each party will provide the other party any co-operation reasonably requested to enable the other party’s compliance with these terms.
    1. The Merchant will not do or omit to do any act which may cause Urb-it to be in breach of any of its obligations under the Data Regulations.
    2. The Merchant will ensure it has all necessary and appropriate consents and notices in place to enable lawful (i) transfer of Personal Data to Urb-it and to Urbers, and (ii) Processing by Urb-it and Urbers of the Personal Data, for the purposes of the agreement entered into separately (the Standard Terms).

      Subject matter and duration of the Processing of Personal Data: Personal Data of the customers of the Merchant and the personnel of the Merchant will be processed throughout the Term.
      The nature and purpose of the Processing of Personal Data: This Personal Data will be processed for the purpose of and to the extent necessary for Urb-it to provide the Services requested by the Merchant.
      The types of Personal Data to be Processed: The name, location and contact details of customers. The name of Merchant personnel.
      The obligations and rights of data controller: The obligations and rights of data controller (Merchant) are set out in these terms.
    3. The Merchant will ensure it has all necessary and appropriate consents and notices in place to enable lawful (i) transfer of Personal Data to Urb-it and to Urbers, and (ii) Processing by Urb-it and Urbers of the Personal Data, for the purposes of the agreement entered into separately (the Standard Terms).
    4. In relation to any Personal Data Processed in connection with the performance by Urb-it of the Services, Urb-it shall:
      1. only Process Personal Data on the Merchant’s documented instructions, including in respect of transfers of Personal Data to a country outside of the European Economic Area (EEA), unless Processing is required by applicable law in which case Urb-it shall, to the extent permitted by applicable law, inform Merchant of that legal requirement prior to the relevant Processing of the Customer Personal Data;
      2. take reasonable steps to ensure the reliability of its staff who have access to Personal Data, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality;
      3. taking into account the nature, scope, context and purpose of the Processing, implement appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR in order to protect against unauthorised or unlawful Processing of any Personal Data, or any accidental loss, destruction or damage of such data;
      4. taking into account the nature of the Processing and the information available to Urb-it, Urb-it shall, to a reasonable extent, assist the Merchant (i) by implementing appropriate technical and organisational measures for the fulfilment of the Merchant’s obligations to respond to requests to exercise Data Subject rights under the Data Regulation, and in particular Chapter III of GDPR, and (ii) in ensuring compliance with the Merchant’s obligations pursuant to Articles 32 to 36 of GDPR;
      5. (to the extent permitted by law) notify the Merchant without undue delay on becoming aware of a Personal Data Breach relating to the Personal Data.
    5. Urb-it shall make available to the Merchant information necessary to demonstrate compliance with the obligations laid down in these terms and allow for and contribute to audits (at the Merchant’s cost), conducted by the Merchant or an auditor designated by the Merchant. Urb-it will maintain a record of any Processing of Personal Data pursuant to Article 30(2) of GDPR.
    6. Merchant hereby grants a general authorisation to Urb-it to engage Subprocessors, as specified on Urb-it’s website (https://urb-it.com/privacy-policy). Urb-it shall inform the Merchant of any intended changes concerning the addition or replacement of Subprocessors. With respect to each proposed Subprocessor, Urb-it shall ensure the arrangement between Urb-it and Subprocessor is governed by a written agreement, including terms which offer at least the same level of protection for Customer Personal Data as those set out in these terms; and which meet the requirements of Article 28(3) of the GDPR.
    7. Urb-it shall notify the Merchant within 3 (three) business days if Urb-it receives a request from a Data Subject under in respect of Personal Data unless the Data Subject has forbid the notification of the Merchant in which case Urb-it shall inform the Data Subject that Urb-it is only able to respond to such request on the Merchant’s instruction.
    8. Urb-it shall inform the Merchant if it believes the instructions of the Merchant infringe the Data Regulation.

We use cookies to analyse our traffic. We also share information about your use of our website with our analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. You consent to our cookies if you continue to use this website.