csg

Privacy Policy

Book a free consultation

Data Protection Clause
[X] DATA PROTECTION

1.1: For the purposes of this clause:

CSG Computer Services Ltd” will mean the CSG Computer Services Ltd entity identified in the agreement with the Customer; 

Customer” shall mean the entity contracting with CSG Computer Services Ltd as identified in the agreement between such customer and CSG Computer Services Ltd; 

Personal Data” shall mean any information relating to an identified or identifiable natural person. 

 
Processing” shall mean any operation or set of operations which is performed on personal data or on sets of personal data. 

 
Authorised Users” shall mean individuals authorised by the Customer to use the services provided by the CSG Computer Services Ltd. 

  1. Data Protection 

The CSG Computer Services Ltd and shall comply with all applicable data protection laws, including but not limited to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, in relation to the processing of personal data under this Agreement. 

  1. Data Processing 
  1. The CSG Computer Services Ltd shall process personal data only on documented instructions from the Customer, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by law. 
  1. The CSG Computer Services Ltd shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. 
  1. The Customer will ensure that it has all necessary appropriate consents and notices in place to enable the lawful transfer of personal data to CSG Computer Services Ltd for the duration and purposes of any agreement between CSG Computer Services and the Customer, so that CSG Computer Services Ltd may lawfully use, process and transfer the personal data in accordance with any agreement, on the Customer’s behalf. 
  1. Security Measures  
  1. The CSG Computer Services Ltd shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including, as appropriate: 
  1. the pseudonymisation and encryption of personal data; 
  1. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; 
  1. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; 
  1. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. 
  1. Data breach notification 
  1. The CSG Computer Services Ltd shall notify the Customer without undue delay after becoming aware of a personal data breach. 
  1. Such notification shall include, at a minimum: 
  1. the nature of the personal data breach including, where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned; 
  1. the likely consequences of the personal data breach; 
  1. the measures taken or proposed to be taken by the CSG Computer Services Ltd to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. 
  1. International data transfers 
  1. The Customer acknowledges that due to the nature of cloud services, personal data may be transferred to recipients or other geographical locations in connection with the use of the Services further to access and/or computerised instructions initiated by Authorised Users. 
  1. The Customer shall ensure that Authorised Users only initiate the transfer of personal data to recipients or other geographical locations if lawful safeguards are in place and such transfer is in compliance with all relevant laws. 
  1. The CSG Computer Services Ltd shall not transfer any personal data outside of the European Economic Area and the United Kingdom unless the following conditions are met:  
  1. The Customer or CSG Computer Services Ltd have provided appropriate safeguards in relation to the transfer; 
  1. The data subject has enforceable and effective legal remedies; 
  1. CSG Computer Services Ltd complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and 
  1. The CSG Computer Services Ltd complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data. 
  1. Sub-processors 
  1. The CSG Computer Services Ltd shall not engage another processor without prior specific or general written authorisation of the Customer. In the case of general written authorisation, the CSG Computer Services Ltd shall inform the Customer of any intended changes concerning the addition or replacement of other processors, thereby giving the Customer the opportunity to object to such changes. 
  1. Data Subject rights 
  1. The CSG Computer Services Ltd shall assist the Customer, by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Customer’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the UK GDPR. 
  1. Deletion or return of Personal Data 
  1. At the choice of the Customer, the CSG Computer Services Ltd shall delete or return all the personal data to the Customer after the end of the provision of services relating to processing, and delete existing copies unless UK law requires storage of the personal data. 
  1. Audit rights 
  1. The CSG Computer Services Ltd shall make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in this clause and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer. 
  1. Data Retention 
  1. The CSG Computer Services Ltd shall retain personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by applicable laws or regulations. 
  1. Security Audits and assessments 
  1. The CSG Computer Services Ltd shall conduct regular security audits and assessments, at least annually, by an independent third party to ensure compliance with this clause and applicable data protection laws. The results of such audits shall be made available to the Customer upon request. 
  1. Data subject access requests 
  1. The CSG Computer Services Ltd shall promptly notify the Customer of any data subject access requests received and shall not respond to such requests except on the documented instructions of the Customer or as required by applicable laws. 
  1. Data subject access requests, can be raised to the following email address; data@csgrp.co.uk . Such requests will be reviewed and responded to as quickly as possible and in accordance with Information Commissioners Office (ICO) guidelines.  
  1. Handling data subject complaints and disputes 
  1. The CSG Computer Services Ltd shall assist the Customer in handling any complaints or disputes raised by data subjects in relation to the processing of their personal data, including providing all necessary information and support.  
  1. Staff training 
  1. The CSG Computer Services Ltd shall provide regular training to its staff on data protection and security measures to ensure compliance with this clause and applicable data protection laws. 

Contact Us