1.
For the purposes of this clause, “Data Protection Legislation” means: the General Data Protection Regulation ((EU) 2016/679) (GDPR) unless and until GDPR is no longer directly applicable in the UK, together with any national implementing laws, regulations and secondary legislation as amended or updated from time to time in the UK, including the Data Protection Act 2018 (DPA), and any successor legislation to the GDPR and the DPA.
2.
Each party shall comply with applicable requirements of the Data Protection Legislation. This clause is in addition to and does not replace a party's obligations under the Data Protection Legislation. The terms "Data Controller", "Data Processor", “Data Subject”, "Personal Data", "Process" and "Processing" have the meanings set out in the Data Protection Legislation.
3.
With the exception of Personal Data processes in the circumstances described in 4, the Parties acknowledge and agree that with regard to the Processing of Personal Data, the Customer is the Data Controller, Virtual College is the Data Processor and that Virtual College will engage sub-processors pursuant to the requirements set forth in section 5(a) below.
4.
Where Virtual College Content forms part of the services, Virtual College will be joint Data Controller with the Customer in order for Us to determine training outcomes and retain records of Virtual College certifications.
5.
We shall:
6.
We shall immediately inform you if, in our opinion, an instruction from you infringes the Data Protection Legislation.
7.
If we wish to appoint a third-party processor, we shall seek your prior written consent.
Version 1. Issued 28th August 2020
TOP