🎉 .: Holidays Signup Bonus Active :. 💸

Data Processing Addendum

Updated 22/12/2019

This Data Processing Addendum(“DPA”) is entered into between Sebenzai (“Company”) and you on behalf ofyourself (“You”, “Yourself” or “Your”) for the processing of Personal Data byYou in connection with the Contract(s).

(1) You have entered into one or more contracts, agreements or other agreements(as may be amended from time to time) with Company (the “Contract(s)”) pursuantto which You have agreed to provide certain labelling and annotation servicesto Company, as more particularly described in the Contract(s) (the “Services”).In providing the Services, You may process data, including Personal Datacontrolled by Company and/or its customers, contacts or partners.
(2) As part of its privacy policy and its contractual arrangements, Company hasprovided certain assurances to its customers, contacts, partners and/orend-users to ensure the appropriate protection of Personal Data when Companyengages third parties such as Yourself.
(3) Accordingly, Company’ engagement of You to provide the Services isconditioned upon Your agreement to this DPA.


  1. Definitions
        “Affiliate” means any entity under the control of a party where “control”     means ownership of or the right to control greater than 50% of the voting     securities of such entity.
        “Applicable Privacy Law(s)” means all worldwide data protection and     privacy laws and regulations applicable to the Personal Data in question,     including, where applicable, EU Data Protection Law.
        “EU Data Protection Law” means (i) Regulation 2016/679 of the European     Parliament and of the Council on the protection of natural persons with     regard to the Processing of Personal Data and on the free movement of such     data (General Data Protection Regulation) (“GDPR”), together with any     national laws implementing the same; and (ii) European Directive     2002/58/EC (the “e-Privacy Directive”) together with any national laws     implementing the same. The terms “Controller”, “Processor,” “processing,”     “Personal Data”, “Data Subject”, “Supervisory Authority,” and “Special     Categories of Data” shall have the meanings given to them in the GDPR.
        “EEA” means, for the purposes of this DPA, the member states of the     European Union and European Economic Area, the United Kingdom and     Switzerland.
        “Effective Date” means the date on which this DPA is executed by both     parties.
        “Model Clauses” means the standard contractual clauses for Processors as     approved by the European Commission and available at http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087 (as amended or updated from time to time).
        “Security Incident” means any unauthorized or unlawful breach of security     leading to, or reasonably believed to have led to, the accidental or     unlawful destruction, loss, or alteration of, or unauthorized disclosure or     access to, data, including Personal Data.
        “Term” means (a) the term of the Contract(s); and (b) any period after the     termination or expiry of the Contract(s) during which You processes     Personal Data, until You have deleted, destroyed or returned such Personal     Data in accordance with the terms of this DPA.
  2. Role and Scope of Processing
        2.1 You shall process Personal Data under the Contract(s) only as a     Processor acting on behalf of Company (itself a Processor acting on behalf     of third party Controllers). You agree that You will comply with the     requirements of this DPA, at no additional cost to Company, at all times     during the Term of the Contract(s) and process Personal Data about members     of the public that may be captured by Company’s customers through cameras,     videos and sensors, such as facial imagery, vehicle information, and     location information. The processing will be carried out by You for the     duration of the Term and will involve the viewing of video recordings to     support the Services in controlled online session supported by Company     software and systems.
        2.2 Each Party shall comply with its obligations under Applicable Privacy     Law(s) in respect of any Personal Data it Processes under this DPA.
        2.3 You shall at all times: (i) process the Personal Data only as     necessary for the purpose of providing the Services to Company under the     Contract(s) and in accordance with Company’ documented instructions; (ii)     not process the Personal Data for its own purposes or those of any third     party.
        2.4 You shall promptly notify Company in writing if You become aware or     believe that any data processing instruction from Company violates     Applicable Privacy Law(s) or You are unable to comply with Company’ data     processing instructions for any reason; or You are unable to comply with     the terms of the Contract(s) or this DPA.
  3. Subprocessing
        3.1 You shall not subcontract any processing of the Personal Data to a     Subcontractor without the prior written consent of Company.
  4. Cooperation
        4.1 You shall, taking into account the nature of the processing,     reasonably cooperate with Company to enable Company (or its third party     Controller) to respond to any requests, complaints or other communications     from Data Subjects and governmental, regulatory or judicial bodies     relating to the processing of Personal Data under the Contract(s),     including requests from Data Subjects seeking to exercise their rights     under Applicable Privacy Laws. In the event that any such request,     complaint or communication is made directly to You, You shall promptly     pass this onto Company and shall not respond to such communication without     Company’s express authorization.
        4.2 You will provide all reasonable assistance required by Company (or its     third party Controller) to conduct a data protection impact assessment     and, where legally required, consult with applicable data protection     authorities in respect of any proposed processing activity that present a     high risk to Data Subjects.
  5. Data Access & Security Measures
        5.1 Only You are authorized to process any Personal Data as part of the     Services. At all times, You shall ensure that you comply with the Company     Security Measures.
        5.2 You will implement and maintain all appropriate technical and     organizational security measures to protect from Security Incidents and to     preserve the security, integrity and confidentiality of Personal Data, in     accordance with the Company’s Acceptable Use Policy (“Company Security     Measures”).
  6. Security Incidents
        6.1 In the event of a Security Incident, You shall immediately inform     Company and provide written details of the Security Incident, as directed     by Company. Furthermore, in the event of a Security Incident, and without     prejudice to any other right or remedy available to Company, You shall:
        (a) provide timely information and cooperation as Company may require to     fulfil Company’ data breach reporting obligations under Applicable Privacy     Laws; and
        (b) promptly take all such measures and actions as directed by Company to     remedy or mitigate the effects of the Security Incident and shall keep     Company up-to-date about all developments in connection with the Security     Incident.
  7. Security Reports & Inspections
        7.1 You shall maintain records sufficient to demonstrate Your compliance     with the obligations set out in this DPA, and retain such records for a     period of one (1) year after the termination of the Contract(s). Company     shall have the right to review, audit and copy such records at Your home     and/or offices during regular business hours.
        7.2 Company (or its appointed representatives) may carry out an inspection     of Your operations and facilities during normal business hours and subject     to reasonable prior notice where Company considers it necessary or     appropriate (for example, without limitation, where Company has reasonable     concerns about Your data protection compliance, following a Security     Incident (for which no prior notice will be required) or following     instruction from a data protection authority or the relevant third party     Controller).
  8. International Transfers
        8.1 You are a recipient of Personal Data under this DPA that originates in     the EEA. Your receipt of that Personal Data shall be conditional on You     complying with the Model Clauses, which are incorporated herein in full by     reference and form an integral part of this DPA. Purely for the purposes     of the descriptions in the Model Clauses and only as between You and     Company, You agree that You are a “data importer” and Company is the “data     exporter” under the Model Clauses (notwithstanding that Company is located     outside the EEA and may itself be a Processor acting on behalf of third     party Controllers). Further, the information contained in Section 2 of the     DPA and the Company Security Measures will take the place of Appendixes 1     and 2 of the Model Clauses respectively.
        8.2 The parties agree that in the event that a supervisory authority     and/or Applicable Privacy Law no longer allows the lawful transfer of     Personal Data to You and/or requires that Company adopt an alternative     transfer solution that complies with Applicable Privacy Law, You will     fully co-operate with Company to discuss and agree an amendment to this     DPA to remedy such non-compliance and/or cease processing of Personal     Data.
        8.3 It is not the intention of either party, nor the effect of this DPA,     to contradict or restrict any of the provisions set forth in the Model     Clauses. Accordingly, if and to the extent the Model Clauses conflict with     any provision of this DPA, the Model Clauses shall prevail. In no event     does this DPA restrict or limit the rights of any Data Subject or of any     competent Supervisory Authority.
  9. Deletion & Return
        9.1 Upon Company’ request, or upon termination or expiration of this DPA     for whatever reason, You shall promptly destroy or return to Company all     Personal Data (including copies) in its possession or control. This requirement     shall not apply to the extent that You are required by any applicable law     to retain some or all of the Personal Data, in which event You shall     isolate and protect the Personal Data from any further processing except     to the extent required by such law.
  10. General
        10.1 This DPA shall take effect on the Effective Date and unless     terminated earlier in accordance with this Clause 10.1, will continue for     the Term. The parties acknowledge and agree that any breach by You of this     DPA shall constitute a material breach of this DPA and the Contract(s), in     which event and without prejudice to any other right or remedy available     to it, Company may elect to immediately terminate the Contract(s) (in     whole or in part) in accordance with the termination provisions in the     Contract(s). If there is any conflict between any provision in this DPA     and any provision in the Contract(s), this DPA controls and takes     precedence, except as expressly set forth herein. The terms and conditions     in this DPA constitute the entire agreement between the parties with     respect to the subject matter hereof and supersedes and extinguishes all     previous agreements, promises, assurances, warranties, representations and     understandings between them, whether written or oral, with respect to its     subject matter. The parties agree that notwithstanding any termination of     the Contract(s) and/or this DPA, the terms of this DPA shall continue in     force until You have deleted, destroyed or returned the Personal Data     processed under this DPA in accordance with the terms of this DPA. This     DPA may not be modified except by a subsequent written instrument issued     by Company. If any part of this DPA is held unenforceable, the validity of     all remaining parts will not be affected.
        10.2 Unless otherwise required by Applicable Laws, this DPA and any     dispute or claim (including non-contractual disputes or claims) arising     under or in connection with it or its subject matter or formation shall be     governed by and construed in accordance with the laws of England and Wales     and each party agrees that the courts of England and Wales shall have     exclusive jurisdiction to settle any dispute or claim (including     non-contractual disputes or claims) arising out of or in connection with     this DPA or its subject matter or formation.
        10.3 The Parties hereby acknowledge and agree that any remedies arising     from any Security Incident or any breach by You of the terms of this DPA     or Applicable Privacy Law are not and shall not be subject to any     exclusion or limitation of liability provision that applies to You under     the Contract(s).
        The parties agree this DPA is effective as of the date You accepted the     Company Terms of Use (“Effective Date”).


Have a question about our Terms? Get in touch