Data Sharing Agreement

R.O.EYE (as defined below) is an operator of tracking tags and adtech (the “Plugin”) which are made available to you (“you”) through your use of the tracking tag management software provided by AWIN Limited or its group companies. Through your use of the Plugin, you agree to these terms, and may share personal data with us.

This agreement (the “Agreement”) sets out the terms on which you can share personal data with R.O.EYE, and contains R.O.EYE’s commitment to using the information you provide to it fairly, lawfully, transparently, and securely.

DEFINITIONS

“controller”, “processor”, “data subject”, “personal data”, “personal data breach”, “processing” and “appropriate technical and organisational measures”: as defined in the Data Protection Legislation.

“Data Protection Legislation”: all applicable data protection and privacy legislation in force from time to time in the UK including the General Data Protection Regulation ((EU) 2016/679) (the (“GDPR”)); the Data Protection Act 2018; the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended; any other European Union legislation relating to personal data and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including, without limitation, the privacy of electronic communications); and the guidance and codes of practice issued by the relevant data protection or supervisory authority and applicable to a party.

“R.O.EYE”: R.O.EYE Limited, incorporated and registered in England and Wales with company number 05202230 whose registered office is at 3rd Floor 54 Princess Street, Manchester, England, M1 6HS.

“Shared Personal Data”: any personal data shared by you with us through your use of the Plugin.

1. Shared Personal Data

  • 1.1 This Agreement sets out the framework for you to share the Shared Personal Data with R.O.EYE.
  • 1.2 The parties will be joint data controllers in respect of the Shared Personal Data.
  • 1.3 Special categories of personal data will not be shared between the parties.

2. Compliance with Data Protection Legislation

  • Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 2 is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under the Data Protection Legislation.

3. Lawful, fair and transparent processing

  • 3.1 Each party shall ensure that it processes the Shared Personal Data fairly and lawfully during the term of this Agreement.
  • 3.2 Each party shall ensure that it has legitimate grounds under the Data Protection Legislation for the processing of Shared Personal Data.
  • 3.3 Each party shall, in respect of the Shared Personal Data, ensure that it provides clear and sufficient information to the data subjects, in accordance with the Data Protection Legislation, of the purposes for which it will process their personal data, the legal basis for such purposes and such other information as is required by Article 13 of the GDPR.
  • 3.4 You confirm that you are entitled to provide the Shared Personal Data to R.O.EYE and have legitimate grounds under the Data Protection Legislation in order to do so.

4. Data subjects’ rights

  • The parties each agree to provide such assistance as is reasonably required to enable the other party to comply with requests from data subjects to exercise their rights under the Data Protection Legislation within the time limits imposed by the Data Protection Legislation.

5. Data retention and deletion

  • Neither party shall retain or process Shared Personal Data for longer than is necessary to carry out the purposes for which they were collected and always in accordance with any statutory or professional retention periods that may apply.

6. Data transfers

  • 6.1 For the purposes of this clause, transfers of personal data shall mean any sharing of personal data by either party with a third-party, and shall include, but not be limited to, the following:
    • 6.1.1. subcontracting the processing of Shared Personal Data;
    • 6.1.2. granting a third-party controller access to the Shared Personal Data.
  • 6.2 If either party appoints a third-party processor to process the Shared Personal Data it shall comply with Article 28 and Article 30 of the GDPR.
  • 6.3 Neither party shall disclose or transfer Shared Personal Data outside the EEA unless it can comply with Articles 44 to 50 of the GDPR.

7. Security

  • 7.1 Each party shall have in place throughout the term of the Agreement appropriate technical and organisational security measures to:
    • 7.1.1. prevent unauthorised or unlawful processing of the Shared Personal Data and the accidental loss or destruction of, or damage to, the Shared Personal Data; and
    • 7.1.2. ensure a level of security appropriate to the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the Shared Personal Data to be protected.
  • 7.2 The parties shall keep such security measures under review and shall carry out such updates as are appropriate throughout the term of this Agreement.
  • 7.3 Each party will ensure that its staff members: are appropriately trained to handle and process the Shared Personal Data in accordance with the technical and organisational security measures it has implemented in accordance with clause 7.1 together with any other applicable national data protection laws and guidance; and, have entered into confidentiality agreements relating to the processing of Shared Personal Data.
  • 7.4 The level, content and regularity of training referred to in clause 7.3 shall be proportionate to the staff members' role, responsibility and frequency with respect to their handling and processing of the Shared Personal Data.

8. Assistance

  • Each party shall:
  • 8.1 notify the other without undue delay after becoming aware of a personal data breach affecting the Shared Personal Data, in which case the affected party shall provide reasonable assistance to the other in relation to remediating the personal data breach and complying with any related obligations under Data Protection Legislation;
  • 8.2 provide reasonable assistance to the other in the event of any complaint, request or communication from a supervisory authority or data subject alleging non-compliance with Data Protection Legislation as a result of the sharing carried out under this Agreement;
  • 8.3 provide reasonable assistance requested by the other party in relation to compliance with any obligations under Data Protection Legislation in respect of personal data shared under this Agreement; and
  • 8.4 provide reasonable assistance to the other party on request in relation to any requests received from data subjects to exercise their rights under Data Protection Legislation.

9. Duration

  • This Agreement will remain in full force and effect until the earlier of: (a) your use of the Plugin ceasing; or (b) you becoming a direct customer of R.O.EYE and entering into R.O.EYE’s standard terms and conditions.

10. Governing Law and Jurisdiction

  • 10.1 This Agreement and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the law of England and Wales.
  • 10.2 Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims), arising out of or in connection with this Agreement or its subject matter or formation.