This Clause 13B sets out certain information regarding our processing of Your Personal Data as required by Article 28(3) of the GDPR (and, possibly, equivalent requirements of other Data Protection Laws).
Governing law and jurisdiction
Order of precedence
Changes in Data Protection Laws
In this Clause 13B, the following terms will have the following meaning:
“Applicable Laws” means: (a) European Union or Member State laws with respect to any of Your Personal Data in respect of which we are subject to EU Data Protection Laws; and (b) any other applicable law with respect to any Your Personal Data in respect of which we are subject to any other Data Protection Laws; together with all guidelines and other codes of practice issued by an applicable data protection regulator or supervisory authority;
“Your Personal Data” means any Personal Data Processed by us or any of our Sub-processors, on behalf of and under your instructions in connection with the provision of the Services;
“Data Protection Laws” means EU Data Protection Laws and, to the extent applicable, the data protection and privacy laws, regulations and secondary legislation of any other country;
“EEA” means the European Economic Area;
“EU Data Protection Laws” means the GDPR and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, and any successor legislation to the GDPR or relevant national implementing laws, regulations and secondary legislation.
“GDPR” means EU General Data Protection Regulation 2016/679;
“Restricted Transfer” means:
in each case, where such transfer would be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws) in the absence of the Standard Contractual Clauses to be established under these Terms.
For the avoidance of doubt, where a transfer of Personal Data is of a type authorised by Data Protection Laws in the exporting country; for example in the case of transfers from within the European Union to the US under a scheme (such as the current US Privacy Shield) which is approved by the EU Commission as ensuring an adequate level of protection, or any other transfer which falls within a permitted derogation under EU Data Protection Laws, such transfer will not be a Restricted Transfer;
“Standard Contractual Clauses” means the EU model /standard contractual clauses for the transfer of personal data to controller and /or processors established in third countries which do not ensure an adequate level of protection, as set out in Commission Decision C(2010) 593, and as approved and adopted by the Commission in accordance with the examination procedure referred to in Article 93, GDPR, the current version of each set of (controller to controller) and (controller to processor) terms as are set out at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en, and as each may be updated, amended or superseded, from time to time;
“Subprocessor” means any person (including any third party and any our affiliates) but excluding any of our employees), appointed by us or on our behalf to process Personal Data on your behalf under these Terms; and
The terms, “Commission“, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processing” and “Supervisory Authority” will have the same meaning as in the GDPR, and their cognate terms will be construed accordingly.
Amazon Web Services
We hold and store our data with Amazon Web Services (AWS) in the US. You can find out more information about AWS, their policies and terms including how they handle your data on here. https://aws.amazon.com/compliance/data-privacy/ and https://aws.amazon.com/legal/
iWeb / Apple Inc.
We also use iWeb’s hosting solutions located in Canada for some of our support services. You can find out more on iWeb services, their policies and how they handle your data here