[av_one_full first min_height=\’\’ vertical_alignment=\’av-align-top\’ space=\’\’ row_boxshadow_color=\’\’ row_boxshadow_width=\’10\’ custom_margin=\’aviaTBcustom_margin\’ margin=\’0px\’ margin_sync=\’true\’ mobile_breaking=\’\’ border=\’\’ border_color=\’\’ radius=\’0px\’ radius_sync=\’true\’ padding=\’0px\’ padding_sync=\’true\’ column_boxshadow_color=\’\’ column_boxshadow_width=\’10\’ background=\’bg_color\’ background_color=\’\’ background_gradient_color1=\’\’ background_gradient_color2=\’\’ background_gradient_direction=\’vertical\’ src=\’\’ attachment=\’\’ attachment_size=\’\’ background_position=\’top left\’ background_repeat=\’no-repeat\’ highlight_size=\’1.1\’ animation=\’\’ link=\’\’ linktarget=\’\’ link_hover=\’\’ title_attr=\’\’ alt_attr=\’\’ mobile_display=\’\’ id=\’\’ custom_class=\’\’ aria_label=\’\’ av_uid=\’av-1vrra\’]

[av_heading heading=\’GDPR (General Data Protection Regulation)\’ tag=\’h1\’ style=\’blockquote modern-quote\’ subheading_active=\’\’ show_icon=\’\’ icon=\’ue800\’ font=\’entypo-fontello\’ size=\’\’ av-medium-font-size-title=\’\’ av-small-font-size-title=\’\’ av-mini-font-size-title=\’\’ subheading_size=\’\’ av-medium-font-size=\’\’ av-small-font-size=\’\’ av-mini-font-size=\’\’ icon_size=\’\’ av-medium-font-size-1=\’\’ av-small-font-size-1=\’\’ av-mini-font-size-1=\’\’ color=\’\’ custom_font=\’\’ subheading_color=\’\’ seperator_color=\’\’ icon_color=\’\’ margin=\’5px\’ margin_sync=\’true\’ padding=\’10\’ icon_padding=\’10\’ headline_padding=\’\’ headline_padding_sync=\’true\’ link=\’\’ link_target=\’\’ id=\’\’ custom_class=\’\’ template_class=\’\’ element_template=\’\’ one_element_template=\’\’ av_uid=\’av-ka021q45\’ sc_version=\’1.0\’ admin_preview_bg=\’\’][/av_heading]

[av_hr class=\’custom\’ icon_select=\’no\’ icon=\’ue808\’ font=\’entypo-fontello\’ position=\’center\’ shadow=\’no-shadow\’ height=\’50\’ custom_border=\’av-border-thin\’ custom_width=\’100%\’ custom_margin_top=\’10px\’ custom_margin_bottom=\’10px\’ custom_border_color=\’\’ custom_icon_color=\’\’ id=\’\’ custom_class=\’\’ av_uid=\’av-3fbm\’ admin_preview_bg=\’\’]

[av_textblock size=\’\’ av-medium-font-size=\’\’ av-small-font-size=\’\’ av-mini-font-size=\’\’ font_color=\’\’ color=\’\’ id=\’\’ custom_class=\’\’ template_class=\’\’ av_uid=\’av-ka00b6ed\’ sc_version=\’1.0\’ admin_preview_bg=\’\’]

1. AppCan provides a platform for the capture of data, distribution of documents and associated analytical tools for reporting purposes.  Under the GDPR regulations, we are the ‘Data Processors’ and our clients are the ‘Data Controllers’. It is the responsibility of the client under GDPR for data protection compliance. Our responsibilities as a Data Processor include:

a) Process personal data only for the purpose of performing the Services; and

b) Process personal data only on the instructions of the client which the client may give to the AppCan from time to time concerning such processing.  Such instructions may include;

(i) the instructions relating to processing set out in this Agreement

(ii) the provision of explanatory information on the Service Provider business, processes, systems and/or controls; and

(iii) the delivery up at the Customer’s expense of any relevant personal data in such form as the Company may reasonably request.

2. The Service Provider shall:

a) promptly inform the client if it believes that any instruction provided by the client infringes data protections laws;

b) take measures to ensure the security and integrity of personal data processed under this Agreement ensuring compliance at all times with clauses 10 (Security) and 9; and

c) ensure that it’s personnel, to the extent that they are involved in the processing in connection with this Agreement are: (i) subject to a duty of confidence which covers all personal data processed under this Agreement comprising appropriate binding obligations to protect the confidentiality of such personal data.

1. Co-operation and assistance

a) AppCan shall provide the client with all reasonable assistance requested by the client, at the client\’s expense, from time to time in order to comply with its obligations and fulfil Data Subjects’ rights under Data Protection Laws, including without limitation with regards to meeting the clients’ obligations under Article 32 to 36 (inclusive) of the GDPR (including undertaking any data protection impact assessments and consultation with a Supervisory Authority that the client may decide to undertake).

1. Data Subject Rights
2. The Service Provider shall assist the Company by appropriate technical and organisational measures to comply with its obligations and fulfil data subjects’ rights in respect of, data protection laws.

1. Notifications

a) The Service Provider shall without undue delay notify the Company on becoming aware of:

(i) any request in respect of, or invocation of, any of their rights under data protection laws, or queries from data subjects in respect of the Data
a Security Incident in respect of Data;

1. Security

a) The recipient party of personal data processed under this Agreement shall ensure that it has implemented and shall maintain all appropriate technical and organisational security measures to safeguard personal data processed pursuant to this Agreement against unauthorised or unlawful processing and against accidental loss, disclosure or destruction of, or damage to, personal data processed under this Agreement in such a way as to comply with data protection laws, including (as appropriate):

(i) encryption of the personal data;

(ii) measures which ensure the confidentiality, integrity, availability and resilience of the systems processing;

(iii) limiting disclosure of personal data in the case of AppCan, to the personnel who necessarily require access in order to perform our obligations under the Agreement.

1. Record-keeping and Audit

a) the client may require the Service Provider at any time to return, delete and/or destroy (as applicable) any and all the Data immediately upon the clients’ written request.

b) allow the client, its agents, representatives and external auditors access (on reasonable notice) to any premises where the Data is Processed under this Agreement to allow the client to audit at the clients own expense its compliance with this Agreement and provide reasonable co-operation as requested by the client in the performance of such audit; and

1. Data Transfers and Use of sub-processors

a) AppCan shall not cause the Data to be transferred to and/or otherwise processed in a non-adequate country without the client\’s prior written consent, such consent not to be unreasonably withheld. To the extent that the client consents to any such transfer or other processing in a non-adequate Country, then AppCan shall ensure and procure that such transfer or other processing is undertaken subsequent to ensuring compliance with data protection laws

[/av_textblock]

[/av_one_full]