These terms apply when Cherry Legal Marketing Ltd acts as a processor for client-supplied data.
1. Subject matter & duration: Processing for purposes in the Statement of Work during the service term.
2. Nature & purpose: Data cleansing, enrichment, deduplication, matching, hosting, and delivery.
3. Types of data: Business contact data relating to prospects and customers.
4. Client instructions: Processing only on documented client instructions.
5. Confidentiality: All staff are bound by confidentiality and trained on data protection.
6. Security: Appropriate technical and organisational measures (TOMs) applied.
7. Sub‑processors: Only vetted sub‑processors are used, under equivalent protection.
8. Data subject rights: We assist clients with handling data subject requests.
9. Breaches: We notify clients without undue delay after a personal data breach.
10. Audits: We allow audits subject to confidentiality and notice.
11. Return/Deletion: We delete or return data at contract end unless legally required to retain.
12. International transfers: Appropriate safeguards (IDTA/SCCs) used for transfers outside the UK/EEA.
A signed Data Processing Agreement (DPA) can be provided on request.