This Data Processing Addendum (“DPA”) is in addition to, and forms part of, the Terms of Service and Privacy Policy between You, as a user of the ServiceM8 service, and ServiceM8.
The terms “You”, “Your”, “ServiceM8”, “we”, “us”, “our” & “Service” are defined in our Privacy Policy. The terms “data controller”, “data processor”, “personal data” and “processing” shall be interpreted in accordance with the definition of these terms in the General Data Protection Regulation.
The purpose of this Data Processing Addendum (“DPA”) is to define the agreement between You and ServiceM8 regarding the processing of personal and account data on Your behalf, and in connection with provision of the Service to You, in accordance with the requirements of the General Data Protection Regulation (“GDPR”). If you are not a ServiceM8 user, or if the data being processed is not subject to the GDPR, this Data Processing Addendum is not applicable.
As part of providing the Service to You in accordance with our Privacy Policy and Terms of Service, ServiceM8 may process personal and other data on Your behalf. The subject matter, duration, nature and purpose of this processing, as well as the types and categories of personal data, and many of Your rights and responsibilities, are described in our Privacy Policy.
In Your business’s relationship with ServiceM8, You are the data controller for personal data entered into Your ServiceM8 account, and ServiceM8 is the data processor. You determine and control the collection, entry, use and retention of any personal and other data within your account. ServiceM8 processes this data on Your behalf and as part of providing the Service, in accordance with Your instructions and ServiceM8’s Privacy Policy and Terms of Service.
You acknowledge that You have direct responsibilities under the GDPR regarding how You use ServiceM8 with Your customers' and others’ personal data, and warrant to us that You will comply with Your obligations under the GDPR.
With regard to the processing of personal data submitted by You, Your employees or Your customers, for processing by ServiceM8, as part of Your use or interaction with the Service, You and ServiceM8 agree that:
- ServiceM8 will process the personal data only in accordance with Your instructions and in accordance with our Privacy Policy and Terms of Service. You acknowledge that Your normal use of the Service may involve the transfer of personal and account data outside of the European Economic Area, as described in our Privacy Policy.
- ServiceM8 is committed to the confidentiality of Your information and account data, and will only process and disclose Your personal and other information to third parties for limited purposes (as described in our Privacy Policy). ServiceM8 will ensure any personnel who access personal data as part of our processing services are aware and committed to the confidentiality of Your account data.
- ServiceM8 implements and maintains appropriate technical and organisational measures designed to protect processed personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access.
- ServiceM8 engages sub-processors, as described in our Privacy Policy, as part of processing data on Your behalf and providing You with the Service, and You acknowledge that ServiceM8 may engage new sub-processors for these purposes in future. ServiceM8 takes measures to ensure such arrangements with sub-processors, and all processing activities, protect Your personal and account data to the standard required by this DPA and the GDPR.
In the event that ServiceM8 engages other sub-processors for the above mentioned purposes, ServiceM8 will notify You. You may object in writing to such an appointment of a new sub-processor within five (5) calendar days of such notice, provided that the objection is based on reasonable grounds relating to data protection. In the event of an objection, we will discuss Your concerns with You in good faith with a view to achieving resolution. If a resolution is not possible, You may terminate Your use of the Service, subject to relevant provisions in our Terms of Service.
- ServiceM8 will assist You (insofar as is possible and reasonable) to action requests from data subjects in exercising their data access and portability rights, and support Your compliance with Your own obligations as a data controller. ServiceM8 reserves the right to reimbursement from You for the reasonable cost of any time, expenditure or fees incurred as part of providing such assistance.
- You may close Your ServiceM8 account at any time. This will terminate Your access to the Service and result in the immediate deletion or anonymization of Your account data, including historic backups, being the primary data processed on Your behalf as part of the ServiceM8 Service. However, note that ServiceM8 may have a variety of obligations to retain some or all of Your personal data & other information for certain periods.
- Should ServiceM8 become aware of any accidental, unauthorised or unlawful destruction, loss, alteration, disclosure, or breach of the personal data processed by ServiceM8 on your behalf, if such a breach represents a risk to the rights and freedoms of natural persons, ServiceM8 will notify You of the breach as soon as practicably possible.
- Should ServiceM8 become aware that, in our opinion, an aspect of Your processing instructions or use of the Service represents an infringement of the principles or requirements of the GDPR, ServiceM8 will inform You accordingly.