In the event that Stream processes personal data on behalf of a Client, Stream will act as the Data Processor and the Client shall be the Data Controller for the purposes of GDPR.
The Client instructs Stream to process the Client’s personal data.
The processing of personal data by Stream on behalf of the Client may include name, contact details, employment information, IP address and other personal data. The duration of the processing is ongoing until the Client terminates any agreements with Stream in writing.
The Client generally consents to Stream engaging 3rd Party Developers to act as sub processors in relation to personal data where necessary. All 3rd Parties will be subject to confidentiality agreements.
Stream will help the Client uphold their obligations under the GDPR, particularly concerning data subjects’ rights.
Stream will help the Client maintain GDPR compliance with regard to Article 32 (security of processing) and Article 36 (consulting with the data protection authority before undertaking high-risk processing).
Stream will not transfer any personal data outside the European Economic Area without the prior consent of the Client.
Stream will ensure a level of security appropriate to the risk.
Stream will delete or return all the Client’s personal data on written request of the Client.
Stream will allow the Client to conduct an audit and will provide whatever information necessary to prove compliance.
The Client shall indemnify Stream at all times against all claims, demands, costs (including legal costs on a full indemnity basis), damages, expenses, losses, fines and liabilities incurred by Stream arising out of or in connection with any breach of GDPR due to the acts or omissions of the Client, its affiliates or third-party suppliers.