This Data Processing Addendum forms part of the Agreement between InforUMobile (“Processor”) and the company or entity who opened an account on the InforUMobile website (“Customer”)(collectively, the “Parties”).
Annex A: Details of Processing
Processing of the Protected Data by us under this DPA and the Agreement shall be for the subject-matter, duration, nature and purposes and involve the types of Personal Data and categories of Data Subjects set out in this Annex A based on the expected use of the Services by Customers. You may use some of the functionality we provide to make it easier for you to ensure your use of the Services complies with DP Law and that you respect your Contact’s choices. See our Support Centre https://inforumobile.co.uk/support-center/ for details.
We provide a self-serve, cloud-based platform and Services that you may customise according to your needs. You (and your Authorised Users) are the Controller and therefore decide which Services to use, how to configure them, what Personal Data to process and why. The Details of Processing will vary according to your Processing Instructions but are generally described below based on possible use of the Service.
|Brief description of processing||Customers can use the self-serve platform to send marketing messages by SMS, create landing or registration pages, create surveys, manage Contact communication preferences, track and tag campaigns for internal metrics, generate other reports to gauge the effectiveness of their campaigns, and embed code permitting them to track where inbound traffic originates and generate analytics (e.g. Google Analytics).|
|What processing is being done?||The processing activities will be performed by you in your capacity as Controller. Any processing InforUMobile performs as a Controller e.g. for billing purposes is described in our Data Privacy Notice https://inforumobile.co.uk/ufaqs/inforumobile-privacy-policy/.|
|Duration of processing||You determine the duration and frequency of Contact Communications using the Service’s various settings and features. Contact Data and Communications you input or generate will remain in your account until you delete or destroy it or upon termination as provided in clause 13 of the DPA.|
|How is the processing being done?||Contact Data and Contact Communications Data are processed using various self-serve options initiated by you or your Authorised Users.|
|Why is the processing being done?||Customer may use the Service to generate leads, manage Contact relationships, conduct market research, or generate sales. The aim of Contact Communications will generally be to direct Contacts to Customers’ own websites / digital properties or make purchases.|
|What types of data are being processed on behalf of Customer?||Contact Data and Communications Data: derived data from usage (IP address to track unsubscribes; aggregated metrics for reporting, cookie and analytics data embedded by Customer (only available to Customer), metadata confirming a Contact Communication was sent or open, contents of Contact Communications (but see Security Measures https://inforumobile.co.uk/ufaqs/security-measures/, Contact preferences, suppression lists, etc.|
|Sensitive data||The Services are not designed to be used to process sensitive data, including Special Category data whose processing is restricted under Art. 9, GDPR and related DP Law, such as health, ethnicity, political opinion; Criminal Records data, which is restricted under Art. 10, GDPR; Financial data; Location data. If you or an Authorised User uses the Services to process such data you Acknowledge and mitigate the potential risk of harm to the individuals concerned; you will fulfil any additional requirements (e.g. obtain explicit consent to process health data)]. Assume full liability for such use and indemnify us against any resulting Data Protection Losses.|
|Who is the data about?||Contacts, Authorised Users, Customer who are natural persons. Note: The Services are designed for use with adults, not for children under 16 years of age or vulnerable people. If your Contacts include or may include children or vulnerable people, you are solely responsible for ensuring you meet the additional requirements under DP Law. See e.g. ICO guidance.|
|What risks does the data processing pose to data subjects (if any)?||Any type of Personal Data Breach, including use of Protected Data beyond the original purpose or a compatible purpose, e.g.: Marketing under the guise of market research (for the survey functionality) (“sugging”) without fulfilling marketing rulesAccess by unauthorised individuals to Protected DataRetaining Protected Data longer than necessary Processing children’s Personal Data or communicating with children or vulnerable people without appropriate protections.|
|What mitigating measures are being taken to address those risks?||Customer is responsible for ensuring use of the Services complies with DP Law.InforUMobile has implemented various controls and security measures (see Security Measures https://inforumobile.co.uk/ufaqs/security-measures/)The Services include functionality that Customer may use to address these risks, as well as pop-up reminders, training videos, materials and manuals, and technical Support.|