Last Updated: 29 September 2023
EU STANDARD CONTRACTUAL CLAUSES
A. LIST OF PARTIES
Name of Data Exporter: As stated out in the Agreement
Address: As stated out in the Agreement
Contact Person’s Name: As stated out in the Agreement
Position: As stated out in the Agreement
Contact details: As stated out in the Agreement
Activities relevant to the data transferred under these Clauses: Controller of Personal Data as needed to effect Superside’s provision of the Services.
Role (controller/processor): Controller
Name of Data Importer: Superside
Address: 1201 N. Market Street, Suite 111, Wilmington, DE, 19801
Contact Person’s Name: Eveny Liu
Position: Legal Counsel
Contact details: email@example.com
Activities relevant to the data transferred under these Clauses: Responsible for overseeing data protection compliance in relation to data.
Role (controller/processor): Processor
B. DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred.
Users, Controller’s employees, suppliers or subcontractors; and any other person who transmits data via the Services, including individuals collaborating and communicating with Users (as those terms are defined in the Master Service Agreement).
Categories of personal data transferred.
Personal Data submitted, stored, sent or received by the Controller or Users via the Services , may include the following categories of data: name, email address, and IP address.
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
Superside’s Services are not designed to process any sensitive data.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
Nature of the processing.
Superside will process personal data submitted, stored, sent or received by the Controller of Users for the purposes of providing the Services and related technical support to Controller in accordance with the Master Service Agreement.
Purpose(s) of the data transfer and further processing.
Superside will transfer and further process such personal data for the purposes of providing the Services to the Data Exporter.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period.
The applicable Contract Term (as defined in the Master Service Agreement) plus the period from expiry of such Contract Term until deletion of all personal data by the Processor in accordance with such Agreement.
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing.
Same as above.
C. COMPETENT SUPERVISORY AUTHORITY
Identify the competent supervisory authority/ies in accordance with Clause 13
The competent supervisory authority shall be that of the Member State in which the data exporter is established.
Superside implements and maintains the security standards set out below. Superside may update or modify such security standards from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services.
Superside’s security and availability architecture is built on top of SOC 2 Focus Points to enable best practice protection controls, implemented based on industry standards.
Assistance to Controller. Per Clause 9 of the SCCs to which this Annex is attached, Superside has entered into written contracts with all of its sub-processors wherein sub-processors agree to provide reasonable assistance to Superside in responding to Controller’s reasonable inquires relating to the Superside Services.
UK ICO Standard Contractual Clauses – Controller to Processor
This International Data Transfer Agreement (IDTA) has been issued by the Information Commissioner for Parties making Restricted Transfers. The Information Commissioner considers that it provides Appropriate Safeguards for Restricted Transfers when it is entered into as a legally binding contract.
Part 1: Tables
TABLE 1: PARTIES AND SIGNATURES
TABLE 2: TRANSFER DETAILS
TABLE 3: TRANSFERRED DATA
TABLE 4: SECURITY REQUIREMENTS
Part 2: Extra Protection Clauses
Part 3: Commercial Clauses
Part 4: Mandatory Clauses
Get a demo and discover how 450+ ambitious companies and 2,500 energized fans use Superside to free themselves from the shackles of limited budgets, broken processes and stretched in-house teams.