Worka Team Data Transfer Addendum
Last updated : 02/12/2024
Data Transfer Addendum
Worka Team Terms and Conditions: Data Transfer Addendum
This Data Transfer Addendum applies where We transfer personal data to You in circumstances where the GDPR, UK GDPR or Switzerland’s Federal Act on Data Protection apply, and where You are not located in a country or territory that is recognised under applicable Data Protection Legislation as providing adequate protection of personal data.
The terms of this Data Transfer Addendum form part of and are incorporated into the Worka Team Terms and Conditions (Terms). Any defined terms set forth in the Terms shall apply to the interpretation of this Data Transfer Addendum.
1. Incorporation of the Standard Contractual Clauses
Module 4 of the Standard Contractual Clauses is incorporated by reference into the Terms and applies (where applicable) pursuant to Clause 7 of Schedule 3 (Data Protection) of the Terms and as tailored and supplemented by the provisions in this Data Transfer Addendum. The Standard Contractual Clauses apply as follows:
Optional Clause 7 is used. The optional second paragraph of Clause 11(a) is not used.
Clause 14 shall apply because We (as EU processor) combine the personal data which we receive from You (as the third-country controller) with personal data collected by Us.
For Clause 17 Governing Law: The governing law is that of Ireland.
For Clause 18 Choice of forum and jurisdiction: The courts of Ireland shall resolve any disputes arising from these Clauses.
Standard Contractual Clauses
ANNEX I
A. LIST OF PARTIES
Data exporter(s):
Data exporter | |
|---|---|
Name: | Us (as defined in the Terms) |
Address: | Our address (as stated in the Terms) |
Activities relevant to the data transferred under these Clauses: | As described in Annex IB |
By entering into the Terms the data exporter will be deemed to have signed this Annex I thereby agreeing to (i) these Clauses, (ii) the UK Addendum to these Clauses below and (iii) the Switzerland Addendum to these Clauses below from the date the Terms are entered into. | |
Role (controller/processor): | Processor |
Data importer(s):
Data importer | |
|---|---|
Name: | You (as defined in the Terms) |
Address: | Your address, as made available by You to Us from time to time |
Activities relevant to the data transferred under these Clauses: | As described in Annex IB |
By entering into the Terms the data importer will be deemed to have signed this Annex I thereby agreeing to (i) these Clauses, (ii) the UK Addendum to these Clauses below and (iii) the Switzerland Addendum to these Clauses below from the date the Terms are entered into. | |
Role (controller/processor): | Controller |
B. DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred
Customer personnel.
Categories of personal data transferred
Name and username
Office address, work email address and telephone numbers (work landline and mobile)
Workspace bookings made via the Worka Platform
Payment/spend data
Search behaviour, device, location and search filters
Booking behaviour and workspace utilisation
Feedback and reviews
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
N/A.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
Continuous for our provision of the Services.
Nature of the processing
Storage, analysis and use of personal data for the purposes set out in the Terms.
Purpose(s) of the data transfer and further processing
Personal data is provided by the data exporter to the data importer for the purpose set out in Row 1 of the Key Data Protection Terms. in the Terms.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
In accordance with Row 2 of the Key Data Protection Terms in the Terms.
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
N/A.
C. COMPETENT SUPERVISORY AUTHORITY
N/A
ANNEX II: TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
N/A
UK International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (v B1.0)
This Addendum has been issued by the Information Commissioner for Parties making Restricted Transfers. The Information Commissioner considers that it provides Appropriate Safeguards for Restricted Transfers when it is entered into as a legally binding contract.
Part 1: Tables
By entering into the Terms, both parties agree to the format of this Part 1: Tables set out below.
Table 1: Parties
The start date of this Addendum is the same as the start date of the Addendum EU SCCs. The parties’ details are as set out in Annex I.A of the Addendum EU SCCs above.
Table 2: Selected SCCs, Modules and Selected Clauses
The Addendum EU SCCs are the version of the Approved EU SCCs incorporated into the Terms (as tailored and supplemented by the provisions at the start of this Data Transfer Addendum) which this Addendum is appended to, including the Appendix Information (as defined below).
Table 3: Appendix Information
“Appendix Information” means the information which must be provided for the selected modules as set out in the Appendix of the Approved EU SCCs (other than the Parties), and which for this Addendum is set out in Annex I of the Addendum EU SCCs above.
Table 4: Ending this Addendum when the Approved Addendum Changes
Neither party may end this Addendum as set out in Section 19.
Alternative Part 2 Mandatory Clauses
Part 2: Mandatory Clauses of the Approved Addendum, being the template Addendum B.1.0 issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses.
Switzerland Addendum to the EU Commission Standard Contractual Clauses
This Addendum applies to and is a part of the Clauses.
The Parties agree that the following provisions shall apply with respect to data transfers that are governed by Switzerland’s Federal Act on Data Protection (“FADP”), e.g. personal data transferred by a data exporter from Switzerland to a data importer outside of Switzerland (including personal data located in Switzerland that a data exporter makes accessible to the data importer) (the “Swiss Personal Data”):
i. Reference to the competent supervisory authority in Annex I.C under Clause 13 of the Clauses shall, where applicable, be deemed to refer to the Federal Data Protection and Information Commissioner (“FDPIC”);
ii. References to Member State(s), the EU and the EEA shall be deemed to include Switzerland;
iii. The list of data subjects and categories of data indicated in Annex I.B to the Clauses shall not be deemed to restrict the application of the Clauses to the Swiss Personal Data;
iv. References to (articles in) the GDPR shall be deemed to refer to (equivalent articles in) the FADP; and
v. Where the Clauses use terms that are defined in the GDPR, those terms shall be deemed to have the meaning as the equivalent terms are defined in the FADP.