Superthread IO Ltd, the provider of the Superthread service, uses certain third-party processors in order to provide the services set forth in our Terms. This document is a continuation of our Terms outlining how and we process your data.
These Data Processing Terms form part of our agreement. In these Data Processing Terms:
(a) references to any applicable laws (including to the Data Protection Laws and each of them) and to terms defined in such applicable laws shall be replaced with or incorporate (as the case may be) references to any applicable laws replacing, amending, extending, re-enacting or consolidating such applicable law (including the GDPR and any new Data Protection Laws from time to time) and the equivalent terms defined in such applicable laws, once in force and applicable;
(b) a reference to a law includes all subordinate legislation made under that law; and
(c) references to paragraph numbers are to paragraphs of these Data Processing Terms.
The parties agree that, for the Protected Data, you shall be the Data Controller and Superthread shall be the Data Processor.
Superthread shall process Protected Data in compliance with:
You shall comply with:
You warrant, represent and undertake, that all instructions given by you to Superthread in respect of Personal Data shall at all times be in accordance with Data Protection Laws; and
You shall not withhold, delay or condition your agreement to any change to our agreement, the Platform or the Services requested by Superthread in order to promote compliance with Data Protection Laws by the Services, the Platform, Superthread and any Sub-Processor.
Insofar as Superthread processes Protected Data on behalf of you, Superthread:
The processing of Protected Data to be carried out by Superthread under our agreement shall comprise the processing set out in the Data Processing Details below, as may be updated from time to time by agreement between the parties.
Superthread shall implement and maintain, at its cost and expense, the technical and organisational measures:
Any additional technical and organisational measures shall be at your cost and expense.
You provide general written authorisation to Superthread to engage Sub-Processors to perform the Services, including Amazon Web Services. The full list of sub-processors can be found at the end of this document. You shall be given the opportunity to object to any new Sub-Processor and state its grounds for doing so. You acknowledge that Sub-Processors are essential in order for Superthread to provide the Services and that objecting to the use of a Sub-Processor may prevent Superthread from continuing to provide the Services to you. In the event that Superthread is unable to adequately address those objections, either party may terminate our agreement upon notice without liability to the other. For the avoidance of doubt, in such circumstances Superthread shall not be obliged to refund any subscription charges paid by you.
Superthread shall ensure that all persons authorised by it to process Protected Data are subject to an obligation to keep the Protected Data confidential (except where disclosure is required in accordance with applicable law).
Superthread shall refer all Data Subject Requests it receives to you, provided that if the number of Data Subject Requests exceeds 5 per calendar month, you shall pay Superthread’s charges calculated on a time and materials basis at Superthread’s then current rates for recording and referring the Data Subject Requests in accordance with this paragraph.
From the GDPR Date, Superthread shall provide such reasonable assistance as you reasonably requires (taking into account the nature of processing and the information available to Superthread) to you in ensuring compliance with your obligations under Data Protection Laws with respect to:
provided you shall pay Superthread’s charges for providing the assistance described in this section, such charges to be calculated on a time and materials basis at Superthread’s then-current rates for professional services.
AWS Regions. The following applies in respect of processing by Amazon Web Services as a sub-processor of Superthread: you may specify the location(s) where User Data will be processed within the AWS Network, including the EU (Dublin) Region, the EU (Frankfurt) Region, the EU (London) Region and the EU (Paris) Region (each a “Region”). Once you have made your choice, AWS will not transfer User Data from the selected Region(s) except as necessary to provide the Services initiated by you, or as necessary to comply with the law or binding order of a governmental body. If the Standard Contractual Clauses apply, nothing in this Section varies or modifies the Standard Contractual Clauses.
Subject to the above paragraph, you agree that Superthread may transfer Protected Data to countries outside the United Kingdom or to any International Organisation(s) (an “International Recipient”), provided all transfers by Superthread of Protected Data to an International Recipient shall (to the extent required under Data Protection Laws) be effected by way of Appropriate Safeguards and in accordance with Data Protection Laws. The provisions of our agreement shall constitute your instructions with respect to transfers in accordance with section 2.
Superthread shall maintain, in accordance with Data Protection Laws binding on Superthread, written records of all categories of processing activities carried out on behalf of you.
Superthread shall, in accordance with Data Protection Laws, contribute and allow for audits either by (at its option): (i) making available to you upon reasonable request interviews with Superthread personnel and documents, which you must treat confidentially under the confidentiality provisions of our agreement or under a non-disclosure agreement concluded between the Parties; or (ii) responding to a written security questionnaire submitted to it by you provided that you will not exercise this right more than once per year and will hold Superthread’s responses in confidence under the confidentiality provisions of our agreement.
In respect of any Personal Data Breach involving Protected Data, Superthread shall, without undue delay:
Superthread shall, at your written request, either delete or return all the Protected Data to you in such form as you reasonably request within a reasonable time after the earlier of:
and delete existing copies (unless storage of any data is required by applicable law and, if so, Superthread shall inform you of any such requirement).
The name, sub-processing activity, and country of each of these sub-processors is set out below: