Update to Rainmaker Terms & Conditions - Section 18 - Copyright and data protection
18.1 The Client warrants to Rainmaker that, subject to requirement, it either owns or has a valid licence from the Newspaper Licensing Agency or other body from which a licence may be required from time to time, to use, copy and/or distribute (internally and to third parties) all publicity material or data (including photographs and newspaper and/or periodical cuttings or copies thereof) which Rainmaker may assemble, copy, prepare or distribute on its behalf (or otherwise make use of for the benefit of the Client). The Client undertakes to indemnify Rainmaker (and all of its officers, employees and other representatives) and to keep it (and each of them) indemnified on demand against all loss, damage, costs, expenses, fines or other liability (whether civil or criminal) which Rainmaker (or any of its officers, employees or other representatives) may suffer or incur or have made or brought against it (or any of them) arising out of or as a result of any breach by the Client of such warranty.
18.2 For the purpose of this clause the following definitions apply:
18.2.1 “Applicable Laws” means the laws of England and Wales and the European Union and any other laws or regulations, regulatory policies, guidelines or industry codes which apply to Client or its use of Client Personal Data;
18.2.2 “Data Protection Laws” means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country.
18.2.3 “EU Data Protection Laws” means EU Directive 95/46/EC and EU Directive 2002/58/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the EU General Data Protection Regulation 2016/679 (“GDPR”) and laws implementing or supplementing the GDPR;
18.2.4 "Commission", “controller", "Data Subject", "Member State", "Personal Data", "Personal Data Breach", "Processing", "processor", and "Supervisory Authority" shall have the meanings given to them in the Data Protection Laws.“
18.2.5 “Subprocessor” means any person (including any third party but excluding an employee of Rainmaker) appointed by or on behalf of Rainmaker to process Client Personal Data on behalf of Client or otherwise in connection with the Agreement.
18.3 We or our licensors are the data controller in respect of databases maintained by us or our licensors. However, where You (or any User or third party on Your behalf) request or obtain an extracted copy of Personal Data from us, or ask us to obtain Personal Data for You (including, for example, if you ask us to obtain extracts of information using your subscription to services provided by Pearlfinders) or provide Personal Data through or in connection with Prospect Management (together, “Client Personal Data”) the parties acknowledge that You are acting as sole data controller in respect of Your acquisition, supply and subsequent Processing of that Client Personal Data and We will be acting as data processor in respect of the same.
18.4 The Client instructs Rainmaker to Process Client Personal Data as reasonably necessary for the provision of the Services and consistent with this Agreement. In particular, Client instructs Rainmaker to Process the following data:
18.5 Both parties will comply with all applicable requirements of the Data Protection Laws.
18.6 Without prejudice to the generality of Clause 18.5, the Client will ensure that it has all necessary and appropriate consents and notices in place to enable lawful (i) transfer of the Client Personal Data to or from Rainmaker, and (ii) Processing by Rainmaker of the Client Personal Data, for the purposes of the Agreement.
18.7 In relation to any Client Personal Data Processed in connection with the performance by Rainmaker of the Services, Rainmaker shall:
18.7.1 only Process Client Personal Data on the Client's documented instructions, including in respect to transfers of Client Personal Data to a country outside of the European Economic Area (EEA), unless Processing is required by Applicable Laws in which case Rainmaker shall, to the extent permitted by Applicable Laws, inform Client of that legal requirement prior to the relevant Processing of the Client Personal Data;
18.7.2 take reasonable steps to ensure the reliability of its staff who have access to Client Personal Data, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality;
18.7.3 taking into account the nature, scope, context and purpose of the Processing, implement appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR in order to protect against unauthorised or unlawful Processing of any Client Personal Data, or any accidental loss, destruction or damage of such data;
18.7.4 taking into account the nature of the Processing and the information available to Rainmaker, Rainmaker shall, to a reasonable extent, assist the Client: (i) by implementing appropriate technical and organisational measures for the fulfilment of the Client’s obligations to respond to requests to exercise Data Subject rights under the Data Protection Laws, and in particular Chapter III of GDPR as set out at Clause 18.11 below, and (ii) in ensuring compliance with the Client’s obligations pursuant to Articles 32 to 36 of GDPR;
18.7.5 (to the extent permitted by law) notify the Client without undue delay on becoming aware of a Personal Data Breach relating to the Client Personal Data.
18.8 Rainmaker shall make available to the Client information necessary to demonstrate compliance with the obligations laid down in this Agreement, in particular in this Clause 18, and allow for and contribute to audits (at the Client’s cost), conducted by the Client or an auditor designated by the Client. Rainmaker will maintain a record of any Processing of Client Personal Data pursuant to Article 30(2) of GDPR.
18.9 Client hereby grants a general authorisation to Rainmaker to engage Subprocessors. Rainmaker shall inform Client of any intended changes concerning the addition or replacement of Subprocessors.
18.10 With respect to each proposed Subprocessor, Rainmaker shall ensure that the arrangement between Rainmaker and Subprocessor is governed by a written agreement, including:
18.10.1 terms which offer at least the same level of protection for Client Personal Data as those set out in this Clause 18; and
18.10.2 terms which meet the requirements of Article 28(3) of the GDPR.
18.11 Taking into account the nature of the Processing, Rainmaker shall assist Client by implementing appropriate and commercially reasonable technical and organisational measures for the fulfilment of Client’s obligations to respond to requests to exercise Data Subject rights under the Data Protection Laws.
18.12 Rainmaker’s obligation pursuant to Clause 18.11 above shall include assisting Client, upon Client’s documented instruction, without undue delay to respond to a Data Subject’s request to exercise their:
18.12.1 right of access;
18.12.2 right of rectification;
18.12.3 right of erasure;
18.12.4 right of data portability;
18.12.5 right to object to processing;
18.12.6 right to restriction of processing; and
18.12.7 right not to be subject to automated individual decision making, as set out at Chapter III of the GDPR.
18.13 Rainmaker shall:
18.13.1 notify Client within 3 (three) Business Days if Rainmaker or any Subprocessor receives a request from a Data Subject under any Data Protection Law in respect of Client Personal Data unless the Data Subject has forbid the notification of the Client in which case Rainmaker shall inform the Data Subject that Rainmaker is only able to respond to such request on the Client's instruction; and
18.13.2 ensure that neither Rainmaker nor any Subprocessor responds to that request except on the documented instructions of Client or as required by Applicable Laws.
18.14 You shall indemnify Us and keep us indemnified against all costs, damages, expenses (including reasonable legal expenses) incurred by Us arising out of Your or any User’s breach of this clause 18 or Applicable Laws.