AdScribe
Terms & Policies
At AdScribe, your privacy and trust are our top priorities. This page outlines our terms of service, privacy practices, and data protection policies. We’re committed to transparency and clarity, ensuring you have all the information you need about how we handle your data. Thanks for being with us!
Quick Overview
Purpose of the Agreement: This Data Processing Agreement outlines how AdScribe Ltd (“Processor”) handles personal data on behalf of the Customer (“Controller”) in connection with the provision of services. For full details, see Section 1.
Roles and Responsibilities: AdScribe Ltd acts as the Data Processor, and the Customer is the Data Controller. The Processor follows the Controller’s instructions for handling personal data and ensures compliance with data protection laws. For more, see Section 1.10.
Data Processing Activities: Personal data is processed to personalise services, manage communication, and improve service delivery. AdScribe does not process data beyond the agreed scope. For specifics, see Section 3.
Security Measures: AdScribe implements technical and organisational measures, such as encryption, secure access protocols, and data separation, to protect personal data. Details are available in Section 3.6.
Subcontractors: AdScribe uses reputable subcontractors like Elastic Email, Render, Notion, Mixpanel, Wix, Google, and Stripe to support its services. All subcontractors are contractually required to adhere to strict data protection standards. See Section 6 for a complete list.
Data Retention and Deletion: Personal data is retained during the contractual relationship and deleted within 30 days after the relationship ends, in accordance with legal requirements. For more, see Section 7.
Personal Data Breaches: In the event of a personal data breach, AdScribe will notify the Customer promptly and take immediate action to mitigate the breach. See Section 3.9 for more details.
Compliance and Assistance: Both parties are responsible for complying with applicable data protection laws. AdScribe will assist the Customer in responding to regulatory inquiries and data subject requests. For obligations, see Section 4 and Section 5.
Jurisdiction: This Agreement is governed by the laws of England and Wales, and disputes will be settled exclusively in English courts. See Section 1.4.
Terms & Policies
Data processing Agreement
Version dated 10 February 2023
1. Contractual Interpretation
1.1. This data processing agreement (the “Data Processing Agreement”) specifies the data protection obligations of the Parties which arise in connection with the provision of the Services whilst the Customer is using the Services provided by AdScribe. It applies to all activities performed in connection with the Customer’s use of the Services in which AdScribe and, if permissible, a third party acting on behalf of AdScribe may come into contact with personal data of the Customer (or its representatives).
1.2. This Data Processing Agreement shall remain in force for such time as the Customer is using the Services.
1.3. This Data Processing Agreement is in addition to and complements the Contract between the Parties and does not seek to replace the Contract. If any clause of this Data Processing Agreement conflicts with the Contract, the terms of this Data Processing Agreement shall prevail.
1.4. This Data Processing Agreement shall be construed in accordance with the laws of England and Wales, and the courts of England shall have exclusive jurisdiction to settle all disputes, claims, or proceedings between the Parties.
1.5. Definitions in this Data Processing Agreement apply as per the Contract, unless otherwise specified.
Data Protection Legislation: Refers to the UK GDPR, the Data Protection Act 2018, and other relevant regulations.
Personal Data: Information related to an identifiable individual as defined by the Data Protection Legislation.
Processing: Handling of Personal Data as defined by the Data Protection Legislation.
Instruction: A written directive from the Controller to the Processor specifying actions regarding Personal Data.
1.6. For the purposes of this Data Processing Agreement, the Customer is the Data Controller (“Controller”), and AdScribe Ltd is the Data Processor (“Processor”).
2. General
2.1. The Processor shall process Personal Data on behalf of the Controller and in accordance with the Data Protection Legislation. Processing shall be limited to what is necessary to fulfil the Contract and this Data Processing Agreement.
2.2. Both Parties shall assist each other in complying with applicable obligations under the Data Protection Legislation.
3. Obligations of Processor
3.1. Processor shall process Personal Data only within the scope of the Controller’s Instructions.
3.2. The Controller’s Instructions include:
Personalisation: Personal Data is used to personalise messaging and communicate via social media, email, and mobile notifications.
3.3. The Controller acknowledges the processing specified above as its Instructions to the Processor.
3.4. If required to process Personal Data for other purposes by law, Processor will inform the Controller unless prohibited by law. Processor shall not process Personal Data for its own purposes.
3.5. Processor shall implement appropriate technical and organisational measures to protect Controller’s Personal Data against unauthorised or unlawful processing, loss, destruction, damage, alteration, or disclosure.
3.6. Summary of technical and organisational measures:
Data Security: Passwords are encrypted, backups are offsite, and access is secured via HTTPS.
Authentication: All methods to end channels are implemented via official APIs; Processor does not see user credentials.
3.7. The measures are subject to technological progress and may be updated without prior notification to the Controller, provided the level of security is maintained or enhanced.
3.8. Processor shall inform the Controller of any Personal Data Breach and provide details as soon as possible, including actions taken to mitigate and resolve the breach.
4. Obligations of Controller
4.1. Controller is responsible for ensuring that the processing of Personal Data complies with data subjects’ rights and the Data Protection Legislation.
4.2. Controller warrants that it is entitled to provide the Personal Data to the Processor and that such data is accurate.
5. Enquiries by Data Subjects
5.1. If the Controller is required to provide information to an individual or authority about the Processing of Personal Data, the Processor shall assist promptly, within 10 working days of a written request, subject to reimbursement of costs.
5.2. Requests from Data Subjects will be forwarded to the Controller without delay, within 5 working days.
6. Subcontractors
6.1. Subcontractors used in Processing Personal Data:
Elastic Email (Canada): Email communications.
Render (USA): Data hosting.
Notion (USA): Customer relationship management.
Mixpanel (USA): Analytics.
Wix (Israel): Website hosting and inbound queries.
Google (USA): Email and reporting.
Stripe (USA): Billing and payment processing.
6.2. Processor will ensure subcontractors comply with similar obligations regarding data protection and security.
7. Deletion and/or Return of Data and Data Retention
7.1. Processor will retain Personal Data while the Controller maintains a contractual relationship with the Processor.
7.2. Upon termination, Personal Data will be deleted within 30 days in compliance with the Data Protection Legislation.
8. General
8.1. In the event of legal requirements or authority inquiries, Processor shall immediately notify the Controller and assist in responding.
8.2. Changes to this Data Processing Agreement must be made in writing and expressly reference this Agreement to be valid.
