Data Processing Agreement

Data Processing Agreement

Data Processing Agreement

BACKGROUND

A. Provider has requested and Pebble has agreed to grant Provider use of the Pebble Services, upon and subject to the terms and conditions in the Pebble Service Agreement.

B. Where Pebble Processes Platform Personal Data (defined below) in relation to the Pebble Service Agreement, the terms of this addendum (the “Pebble DPA”) shall apply.

C. The Pebble Service Agreement, together with the Pebble T&Cs and the Pebble DPA, forms an agreement between Pebble and the Provider (the “Agreement”). 

D. Pebble T&Cs are available here.

1. DEFINITIONS

1.1 Aside from the terms in this Pebble DPA which have been defined in bold, other capitalised terms shall be defined in accordance with the Agreement.

1.2 For the purpose of this Pebble DPA, “Platform Personal Data” shall mean the categories of Personal Data outlined in the Appendix to this Pebble Data.

2. GENERAL

2.1 Where Pebble Processes the Platform Personal Data in order to enable the Provider to use functionalities on the Pebble Platform (the “Provider Purposes”); the Provider’s decision to use such functionalities will constitute an instruction by the Provider to Process Personal Data in a certain way, and the Provider will be a Controller and Pebble will be a Processor. 

2.2 Both Parties will comply with all applicable requirements of Data Protection Laws.

2.3 Pebble shall (taking into account the nature of the applicable Processing activities):

2.3.1 only Process Platform Personal Data on the Provider’s documented instructions (which shall include without limitation the Provider’s decision to use functionalities on the Pebble Platform), unless Processing is required by applicable laws in which case Pebble shall, to the extent permitted by applicable laws, inform the Provider of that legal requirement prior to the relevant Processing of Platform Personal Data;

2.3.2 immediately inform the Provider if, in its opinion, an instruction given by the Provider infringes Data Protection Laws;

2.3.3 ensure that staff who have access to Platform Personal Data are subject to confidentiality undertakings;

2.3.4 implement appropriate technical and organisational measures to ensure a level of security appropriate to that risk;

2.3.5 assist the Provider: (i) by implementing appropriate technical and organisational measures to fulfil the Provider’s obligations to respond to requests to exercise Data Subject rights; and (ii) in ensuring compliance with the Provider’s obligations pursuant to Articles 32 to 36 of the GDPR; 

2.3.6 notify the Provider without undue delay on becoming aware of a Personal Data Breach relating to the Platform Personal Data;

2.3.7 at the choice of the Provider, delete or return all Platform Personal Data to the Provider after the end of the provision of the Pebble Services and delete existing copies of such Platform Personal Data unless required by applicable laws;

2.3.8 make available to the Provider information strictly necessary to demonstrate compliance with the obligations in this clause 2; and

2.3.9 only transfer Platform Personal Data outside of the UK after implementing appropriate safeguards if required under Data Protection Laws.

2.4 The Provider hereby grants a general authorisation to Pebble to engage sub-Processors, and Pebble shall:

2.4.1 inform the Provider of any intended changes concerning the addition or replacement of sub-Processors; 

2.4.2 ensure that the arrangement between Pebble and each sub-Processor is governed by a contract which includes terms which offer at least the same level of protection for Platform Personal Data as those set out in this clause 2; and

2.4.3 where sub-Processors fail to fulfil their data protection obligations, remain fully liable to the Provider for the performance of those obligations.

2.5 The Provider may use any Personal Data accessed and/or extracted via the Pebble Platform for the purpose of marketing, promoting, advertising or undertaking any similar activities, in respect of the Provider’s or a third party’s products and services, provided that it:

2.5.1 independently complies with its obligations under Data Protection Laws when doing so (including, without limitation, procuring any necessary consents and complying with its transparency obligations); and

2.5.2 acknowledges that it is solely responsible for complying with its obligations under Data Protection Laws when doing so, and that Pebble shall not be required to assist with those obligations (unless otherwise required to do so under Data Protection Laws).


APPENDIX

PEBBLE PLATFORM DATA

Basic contact details
Name, email address, phone number and home address of care seekers using the Pebble Platform.

Account information
Email address and password of care seekers using the Pebble Platform. 

Welfare information
Information relating to whether the care seeker using the Pebble Platform is on any welfare plans.

Child information

  • General information relating to the child of care seekers using the Pebble Platform, including their full name (and any preferred name(s), if applicable), date of birth, home address, gender information, ethnicity information and language(s) spoken.

  • The relationship of care seekers using the Pebble Platform to the relevant child.

  • Emergency contacts’ details of children whose care seekers are using the Pebble Platform, including full name, relationship to the child, phone number, email address, work phone number and address of workplace.

  • The GP or doctor details of children whose care seekers are using the Pebble Platform, including full name, surgery name and contact details. 

  • The health and medical preferences, requirements and conditions of children whose care seekers are using the Pebble Platform, including dietary requirements, allergy information, accessibility information, disability information, medical consent restrictions, immunisation information and whether a care seeker has given consent for their child to be administered with certain medication or healthcare (and the nature of such medicine or healthcare, how it should be administered and dosage requirements).

  • [Preferences, requirements and instructions relating to nappy changing (if applicable) of children whose care seekers are using the Pebble Platform]. 

  • The hobbies, interests and favourite toys of children whose care seekers are using the Pebble Platform.

  • Whether a child whose care seekers are using the Pebble Platform has additional needs or special educations needs, including whether they are on an “Education, Health and Care Plan” or an “Individual Education Plan”.


Children’s activity information
Information relating to the children’s activities procured by the care seeker using the Pebble Platform (including without limitation when the activities are undertaken).

Childcare information
For children whose care seekers are using the Pebble Platform, information relating to whether they currently attend nursery or have attended nursery before and, if it currently attends nursery, the details of their nursery.

Premises information
For care seekers using the Pebble Platform, where the care seeker is procuring Children’s Activities from the Provider, to be delivered at a location which is not the Provider’s own residence or premises and has been chosen by the care seeker, the premises’ address and whether there will be any pets present at such premises.