Data Processing Addendum
Draft scaffold. This page provides structure only. Review and finalise the wording with legal counsel before publishing or relying on it.
This addendum governs our processing of personal data on behalf of a customer (the “Controller”) when it uses the BUUK platform, and forms part of the agreement between the Controller and 73 Blackridge Ltd(the “Processor”).
1. Roles
The Controller determines the purposes and means of processing its operational data (staff, venues, incidents, exclusions). We process it only on the Controller’s documented instructions, which include this addendum and use of the platform’s features.
2. Subject-matter, nature & purpose
- Subject-matter — provision of the BUUK security-operations platform.
- Data subjects— the Controller’s security staff and, for exclusion registers, barred patrons.
- Categories — identity and contact data, SIA licence data, operational logs, and exclusion records (which may include special-category / criminal-offence data).
3. Sub-processors
- Amazon Web Services — cloud hosting and storage (UK / London region).
- IONOS — outbound transactional email (sign-in codes, notifications).
We will inform the Controller of any intended change of sub-processor and give an opportunity to object.
4. Security measures
Encryption in transit and at rest, role-based and per-organisation access control, tamper-evident reporting, and least-privilege operational access. Full measures: [to be completed].
5. Assistance
Taking account of the nature of processing, we assist the Controller with data-subject requests, security, breach notification, and data-protection impact assessments.
6. Personal-data breaches
We notify the Controller without undue delay after becoming aware of a personal-data breach affecting its data.
7. Return & deletion
On termination, we return or delete the Controller’s personal data at its choice, save where retention is required by law.
8. International transfers
We do not transfer the Controller’s personal data outside the UK without an approved safeguard and (where required) the Controller’s instruction.
9. Audit
We make available information necessary to demonstrate compliance and allow for audits as required by the UK GDPR: [to be completed].
10. Contact
Data-processing enquiries: headoffice@73blackridge.co.uk.