Data Processing Agreement (DPA)

This Data Processing Agreement (“Agreement”) forms part of the contract between Freedom Cloud (“Processor”) and the customer (“Controller”) under which Freedom Cloud provides IT services, including IT support, managed services, installations, and hosting (“Services”).

This Agreement is entered into in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

1. Definitions

For the purposes of this Agreement:

  • Controller, Processor, Personal Data, Processing, and Data Subject shall have the meanings given in UK GDPR.

  • Customer Data means any Personal Data processed by Freedom Cloud on behalf of the Controller in connection with the Services.

  • Sub-processor means any third party engaged by Freedom Cloud to process Customer Data.

2. Scope and Purpose of Processing

Freedom Cloud shall process Customer Data solely for the purpose of providing the Services and in accordance with the documented instructions of the Controller, unless otherwise required by law.

The nature of processing may include hosting, storage, access, transmission, backup, monitoring, and support of IT systems and applications.

3. Controller Responsibilities

The Controller confirms that:

  • It has a lawful basis for processing Customer Data and for instructing Freedom Cloud to process such data

  • It has provided all necessary notices and obtained all required consents from Data Subjects

  • Its instructions to Freedom Cloud comply with applicable data protection laws

4. Processor Obligations

Freedom Cloud shall:

  • Process Customer Data only on documented instructions from the Controller

  • Ensure that personnel authorised to process Customer Data are bound by confidentiality obligations

  • Implement appropriate technical and organisational measures to protect Customer Data against unauthorised or unlawful processing, loss, destruction, or damage

  • Assist the Controller in meeting its obligations in relation to Data Subject rights, security, breach notification, and data protection impact assessments, where applicable

5. Security Measures

Freedom Cloud maintains appropriate security controls, including (but not limited to):

  • Access control and authentication measures

  • Secure data storage and encryption where appropriate

  • Backup and disaster recovery processes

  • Ongoing monitoring and vulnerability management

These measures are designed to ensure a level of security appropriate to the risk.

6. Sub-processing

The Controller authorises Freedom Cloud to engage Sub-processors where necessary to deliver the Services. Freedom Cloud shall:

  • Ensure Sub-processors are subject to equivalent data protection obligations

  • Remain fully liable for the performance of its Sub-processors

  • Provide information about Sub-processors upon reasonable request

7. Data Subject Rights

Taking into account the nature of processing, Freedom Cloud shall assist the Controller by appropriate technical and organisational measures to respond to requests from Data Subjects to exercise their rights under UK GDPR.

8. Personal Data Breaches

Freedom Cloud shall notify the Controller without undue delay after becoming aware of a Personal Data breach affecting Customer Data and shall provide reasonable assistance to support investigation, mitigation, and regulatory reporting.

9. Data Transfers

Customer Data shall not be transferred outside the UK unless appropriate safeguards are in place in accordance with applicable data protection laws.

10. Data Retention and Deletion

Upon termination or expiry of the Services, Freedom Cloud shall, at the Controller’s choice, delete or return all Customer Data, unless retention is required by law. Any retained data shall remain subject to this Agreement.

11. Audits and Compliance

Freedom Cloud shall make available information reasonably necessary to demonstrate compliance with this Agreement and allow for audits, subject to reasonable notice and confidentiality obligations.

12. Liability

Liability arising under this Agreement shall be subject to the limitations and exclusions set out in the main services contract between the parties.

13. Governing Law

This Agreement shall be governed by and construed in accordance with the laws of England and Wales, and the courts of England and Wales shall have exclusive jurisdiction.

Are you a support customer looking for help?

Get in touch

Privacy Policy   |   Cookie Policy   |   Data Processing Agreement

© Copyright - Freedom Cloud