1. Scope
This Addendum applies where Framework Training Ltd processes personal data on the written instructions of a Client (the Controller).
2. Standard Processor Terms (Article 28)
Instructions: We process data only on the Controller’s documented instructions.
Confidentiality: All staff handling data are subject to strict confidentiality obligations.
Sub-Processors: We use specific sub-processors for CRM and hosting. We will notify the Controller of any changes, allowing for a right to object.
Security: We maintain high-standard technical measures, including encryption and multi-factor authentication (MFA).
Audit Rights: We provide necessary information to demonstrate compliance and submit to reasonable audits.
End of Contract: We will delete or return all personal data at the end of the service, unless UK law requires retention.
3. International Transfers
Transfers outside the UK/EEA are only conducted where a "not materially lower" standard of protection exists (the UK Data Protection Test) or using the International Data Transfer Addendum (IDTA).
Trusted by
