Data Processing and Security Terms
1.2. To contact us, please telephone our customer service team at +44 (0)203 056 1169 or e-mail email@example.com.
1.3. If we have to contact you we will do so by telephone or by writing to you at the email address or postal address you provided to us during your registration with us.
1.4. These Data Processing and Security Terms (“Terms”) set out the rights and obligations of Ethical Angel and private sector entities (“Members”) in processing personal data of Members’ employees, agents, independent contractors and other third-party individuals (“Users”) when using the online platform at www.ethicalangel.com (“Platform”) to provide public benefit services to projects, global causes, and charities (“Beneficiaries”) and their users.
1.5. We may amend these Terms at any time by publishing the amendments on our website. Where this is the case, we will notify the amendments by e-mail to the Member at least 14 days before they enter into force. If the Member continues to use the Platform after this date, they will be deemed to have accepted the respective amendments.
1.6. These Terms form a part of the contract between the parties and shall apply for the term of the contract.
2.2. The Member retains control of its Users’ personal data and remains responsible for its compliance obligations under the data protection legislation, including providing any required notices and obtaining any required consents, and for the processing instructions it gives to Ethical Angel.
2.3. In entering into contract with Ethical Angel, the Member instructs Ethical Angel, subject to these Terms:
2.3.1. to process the following types of Users’ personal data: first name, surname, year of birth, email address;
2.3.2. to process Users’ personal data for the term of the contract (thereafter, Ethical Angel shall delete the personal data, but may anonymise copies of the data and use it indefinitely for research or statistical purposes); and
2.3.3. to process personal data for the purpose of allowing Users’ use of the Platform and their provision of services to Beneficiaries, namely for Users’ profile creation, logging in, creating credentials for reporting, and targeted matching.
4.1. The Member warrants and represents that Ethical Angel's use of the personal data for the purposes set out and as instructed by the Member will comply with the data protection legislation.
5.1. Ethical Angel has implemented policies and adopted appropriate technical and organisational measures against unauthorised or unlawful processing, access, disclosure, copying, modification, storage, reproduction, display or distribution of personal data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage of personal data.
5.2. Ethical Angel shall regularly assess and evaluate the effectiveness of its security measures and is in the process of obtaining ISO 27001 certification.
6. Personal data breach
6.1. Ethical Angel will promptly and without undue delay notify the Member if any personal data is lost or destroyed or becomes damaged, corrupted, or unusable. The Member may restore such personal data to the Platform at its own expense.
6.2. Ethical Angel will at its cost within 24 hours and without undue delay notify the Member if it becomes aware of any accidental, unauthorised or unlawful processing of the personal data, or any personal data breach.
6.3. Where Ethical Angel becomes aware of an event specified in Clause 6.2 above, it shall, without undue delay, also provide the Member with the following information:
6.3.1. a description of the nature of the event, including the categories and approximate number of both data subjects and personal data records concerned;
6.3.2. the likely consequences; and
6.3.3. a description of the measures taken or proposed to be taken to address the event, including measures to mitigate its possible adverse effects.
6.4. Promptly following any unauthorised or unlawful personal data processing or personal data breach, the parties will co-ordinate with each other to investigate the matter. Ethical Angel will at its cost reasonably co-operate with the Member in the Member's handling of the matter, including its notification to a supervisory authority.
6.5. Ethical Angel shall not inform any third party of any personal data breach without first obtaining the Member's prior written consent, except when required to do so by law.
7. Transfers of personal data and sub processors
7.1. The Platform uses Microsoft Azure as a third-party infrastructure provider and Ethical Angel has selected the United Kingdom for its data location. Ethical Angel may transfer personal data outside the geographic region in which the data was collected, provided Ethical Angel does so in a manner which:
7.1.1. provides appropriate safeguards in relation to the transfer;
7.1.2. ensures the data subject has enforceable rights and effective legal remedies; and
7.1.3. provides an adequate level of protection to any personal data that is transferred.
7.2. Ethical Angel shall not authorise any other third party or subcontractor to process the personal data without obtaining the Customer's prior written consent.
8. Complaints, data subject requests and third-party rights
8.1. Ethical Angel shall notify the Member immediately if it receives any complaint, notice or communication that relates directly or indirectly to the processing of the personal data or to the Member's compliance with the data protection legislation.
8.2. Ethical Angel shall without delay (but in any event within 24 hours) notify the Member if it receives a request from a User for access to their personal data or to exercise any of their related rights under the data protection legislation.
8.3. The parties shall provide to each other full co-operation and assistance in responding to any complaint, notice, communication or User request.
Last updated: 8th of February 2021