Email Marketing Summit Australia Virtual Event
EMSA Virtual Event
6th November Save Your Seat
This Data Processing Schedule (“Schedule” ) forms part of the terms and conditions available at https://www.vision6.com.au/terms-and-conditions/ (“Agreement” ) between Vision6 Pty Ltd ABN 23 099 766 499 (“Vision6” ) acting on its own behalf and as agent for each Affiliate and (ii) you, the person, entity or other organisation engaging Vision6 to perform its services (“Customer” ) acting on its own behalf and as agent for each Customer Affiliate. The Customer and Vision6 acknowledge that for the purposes of this Schedule, Vision6 acts as a processor and the Customer is the controller in relation to Customer Personal Data.
The terms used in this Schedule shall have the meanings set forth in this Schedule. Capitalised terms not defined in this Schedule shall have the meaning given to them in the Agreement. Except as modified below, the terms of the Agreement shall remain in full force and effect.
In consideration of the mutual obligations set out herein, the parties hereby agree that the terms and conditions set out below shall be added as a Schedule to the Agreement. Except where the context requires otherwise, references in this Schedule to the Agreement are to the Agreement as amended by, and including, this Schedule.
in each case, where such transfer would be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws) in the absence of the Standard Contractual Clauses to be established under section 6.4.3 or 12 below.
For the avoidance of doubt: (a) without limitation to the generality of the foregoing, the parties to this Schedule intend that transfers of Personal Data from the UK to the EEA or from the EEA to the UK, following any exit by the UK from the European Union shall be Restricted Transfers for such time and to such extent that such transfers would be prohibited by Data Protection Laws of the UK or EU Data Protection Laws (as the case may be) in the absence of the Standard Contractual Clauses to be established under section 6.4.3 or 12; and (b) where a transfer of Personal Data is of a type authorised by Data Protection Laws in the exporting country, for example in the case of transfers from within the European Union to a country (such as Switzerland) or scheme (such as the US Privacy Shield) which is approved by the Commission as ensuring an adequate level of protection or any transfer which falls within a permitted derogation, such transfer shall not be a Restricted Transfer;
Vision6 warrants and represents that, before any Vision6 Affiliate Processes any Customer Personal Data on behalf of any Customer Group Member, Vision6’s entry into this Schedule as agent for and on behalf of that Vision6 Affiliate will have been duly and effectively authorised (or subsequently ratified) by that Vision6 Affiliate.
as reasonably necessary for the provision of the Services and consistent with the Agreement; and
Vision6 and each Vision6 Affiliate shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Contracted Processor who may have access to the Customer Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Customer Personal Data, as strictly necessary for the purposes of the Agreement, and to comply with Applicable Laws in the context of that individual’s duties to the Contracted Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
Vision6 and each Vision6 Affiliate shall provide reasonable assistance to each Customer Group Member with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Customer reasonably considers to be required of any Customer Group Member by Article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Customer Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.
where Customer or the relevant Customer Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Vision6 or the relevant Vision6 Affiliate of the audit or inspection.
Governing law and jurisdiction
Order of precedence
Changes in Data Protection Laws, etc.
This Schedule is entered into and becomes a binding part of the Agreement from the date the Customer and Vision6 execute the Agreement.
This Annex 1 includes certain details of the Processing of Customer Personal Data as required by Article 28(3) GDPR.
Subject matter and duration of the Processing of Customer Personal Data
The subject matter and duration of the Processing of the Customer Personal Data are set out in the Agreement and this Schedule.
The nature and purpose of the Processing of Customer Personal Data
The types of Customer Personal Data to be Processed
The categories of Data Subject to whom the Customer Personal Data relates and the types of Customer Personal Data to be Processed
The obligations and rights of Customer and Customer Affiliates
The obligations and rights of Customer and Customer Affiliates are set out in the Agreement and this Schedule.
These Clauses are deemed to be amended from time to time, to the extent that they relate to a Restricted Transfer which is subject to the Data Protection Laws of a given country or territory, to reflect (to the extent possible without material uncertainty as to the result) any change (including any replacement) made in accordance with those Data Protection Laws (i) by the Commission to or of the equivalent contractual clauses approved by the Commission under EU Directive 95/46/EC or the GDPR (in the case of the Data Protection Laws of the European Union or a Member State); or (ii) by an equivalent competent authority to or of any equivalent contractual clauses approved by it or by another competent authority under another Data Protection Law (otherwise).
Standard Contractual Clauses (processors)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection Data Exporter and Data Importer HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
The data exporter has entered into a data processing schedule (“DPS”) with the data importer. Pursuant to the terms of the DPS, it is contemplated that services provided by the data importer will involve the transfer of personal data to data importer. Data importer is located in a country not ensuring an adequate level of data protection. To ensure compliance with Directive 95/46/EC and applicable data protection law, the controller agrees to the provision of such Services, including the processing of personal data incidental thereto, subject to the data importer’s execution of, and compliance with, the terms of these Clauses.
For the purposes of the Clauses:
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Third-party beneficiary clause
Obligations of the data exporter
The data exporter agrees and warrants:
Obligations of the data importer
The data importer agrees and warrants:
Mediation and jurisdiction
Cooperation with supervisory authorities
The Clauses shall be governed by the law of jurisdiction in which the data exporter is established.
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business-related issues where required as long as they do not contradict the Clause.
Obligation after the termination of personal data processing services
This Appendix forms part of the Clauses.
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix
The personal data transferred concern the following categories of data subjects:
Any individual accessing and/or using Vision6’s through the Customer’s account (“Contacts“); and any individual: (i) whose email address is included in the Customer’s distribution list (if any); (ii) whose information is stored on or collected via Vision6’s services, or (iii) to whom Contracts send emails or otherwise engage or communicate with via Vision6’s services (collectively, “Subscribers“).
Categories of data
The personal data transferred concern the following categories of data:
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data: not applicable.
The personal data transferred will be subject to the following basic processing activities: Vision6 provides an email service, automation and marketing platform and other related services. The personal data transferred to Vision6 will be subject to data processing activities associated with Vision6’s email service, automation and marketing platform.
Please refer to our Security Policy for further information.
Drop us your address, and we’ll send you monthly news and occasional resources to take your marketing to the next level.