Skip to content

Latest commit

 

History

History
719 lines (530 loc) · 33 KB

model-terms.md

File metadata and controls

719 lines (530 loc) · 33 KB
Raw

Secure Web Addressability Network

Secure Web Addressability Network (SWAN) - Model Terms

Version: 1.0

Copyright and disclaimer statement

Copyright © 2021 Shoosmiths LLP

Everyone is permitted to copy or distribute verbatim copies of these terms, but changing these terms is not permitted. All distributed copies of these terms or any thing incorporating them must include this copyright and disclaimer statement.

These terms have been produced by the law firm Shoosmiths LLP. Nothing in these terms shall be construed as legal advice and Shoosmiths LLP disclaims all liability to any person using or relying on all or any part of these terms.

1. DEFINITIONS

Binding Principles” means the principles set out in clause 4.

Breach Notification” means a notice given in accordance with clause 8(2) that a Contracting Party has breached these Model Terms.

Change in Law” means any change to any Data Protection Laws or other applicable laws including any change in the interpretation of those laws by any court of competent jurisdiction or Supervisory Authority.

Contracting Parties” means the Parties to a Main Agreement and “Contracting Party” shall be construed accordingly.

Controller”, “Data Subject”, “Personal Data”, “processing”, “Processor” and “Supervisory Authority” shall each have the meaning given to them (and any expressions used to describe any similar concepts) in Data Protection Laws and cognate terms shall be construed accordingly.

"Controller Processing Description” means the information set out in the Annex.

Data Protection Laws” means any legislation or other laws in any jurisdiction applicable to a Contracting Party that relates to the protection of personal data or privacy of natural persons including the use of cookies or similar technologies.

Device” means any web-enabled device or application accessing the SWAN Network.

Pseudonymous Identifier” means the SWID or, where applicable, hashed Raw SWAN Data.

Main Agreement” means an agreement incorporating these Model Terms, alone or with other terms.

Model Terms” means these terms and conditions.

Non-SWAN Data” means any data other than the SWAN Data which a Party may link to a Pseudonymous Identifier, including the SWAN Audit Log.

OWID Standard” means the technical standard described at https://github.com/swan-community/owid.

Party” means any party bound to an agreement containing these Model Terms and “Parties” shall be construed accordingly.

Preferences” means an indication of a User’s consent or lack thereof (expressed using a User Interface) to the processing of their SWAN Data together with Non-SWAN Data for the purposes notified to the User in that interface, including in relation to specific content.

Privacy Notice” means a notice that contains all the mandatory information that must be provided to a User in relation to the use of their Personal Data or the use of cookies or similar technologies on their Device, in each case, under Data Protection Laws.

Processor Processing Description” means the information set out in the Annex.

Raw SWAN Data” means User-submitted information, such as an email address.

Receiver” means the Contracting Party receiving the SWAN Data from the Sender.

Restricted Data” means any of the following: (i) Personal Data revealing any individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, any genetic data, biometric data used for the purpose of uniquely identifying an individual or Personal Data concerning an individual’s health, sex life or sexual orientation; (ii) Personal Data relating to an individual’s actual or alleged criminal convictions or offences or any other Personal Data relating to an individual’s criminal activity or history; or (iii) Personal Data categorised or defined as sensitive or special category data under Data Protection Laws or for which those laws require specific and explicit consent from a User.

Restricted Profiling” means the collection of data concerning a User’s web activity over time for the purpose of using such data to predict User preferences or interests to deliver content to their Device.

Restricted Transfer” means the transfer of SWAN Data and/or Non-SWAN Data by a Party to another Party where that transfer would breach Data Protection Laws if the Contracting Parties are not bound by the relevant Standard Contractual Clauses.

Root Party” means the Contracting Party initiating the originating Transaction in a particular chain of Transactions.

Security Measures” shall have the meaning given to it in clause 7(7).

Sender” means the Contracting Party sending the SWAN Data to the Receiver.

Sign” means a cryptographic confirmation of sending or receipt of SWAN Data, conforming to the OWID Standard and cognate terms shall be construed accordingly.

Standard Processor Clauses” means the provisions set out in Article 28 of the General Data Protection Regulation (EU 2016/679) or UK GDPR (as applicable) or the then most recent final version of the model contractual terms published by a competent authority or other body under Data Protection Laws to allow Controllers and/or Processors to comply with their obligations under those laws specifically in relation to the contractual terms agreed between them relating to the processing of Personal Data.

Standard Transfer Clauses” means the then most recent final version of the relevant model contractual terms published by a competent authority or other body under Data Protection Laws for the transfer or onward transfer of Personal Data to a country or international organization for the purpose of ensuring an adequate level of protection to the rights and freedoms of Data Subjects to whom that Personal Data relates.

SWAN Audit Log” means a log containing information received by a Party of each Transaction that has been Signed.

SWAN Data” means all Pseudonymous Identifiers and associated Preferences.

SWAN Ecosystem” means each and every Party.

SWAN Network” means each and every SWAN Operator.

SWAN Operator” means the Party or Parties responsible for adding, updating, deleting and controlling access to the SWAN Data;

SWAN Website” means the website located at www.swan.community.

SWID” means a random and unique identifier generated by the SWAN Operator or User Interface Provider.

Transaction” means the sending of SWAN Data from the Sender to the Receiver.

User” means a natural person using a Device.

User Interface” means the interface used by a User to communicate their Raw SWAN Data and Preferences to the SWAN Network.

User Interface Provider” means a Contracting Party providing the User Interface, such as a consent management platform.

2. COMMENCEMENT AND TERM

  1. These Model Terms shall come into force on the effective date specified in the applicable Main Agreement or, if no such date is specified, on the date of last signature (including electronic signature) by both Contracting Parties of that Main Agreement.

  2. These Model Terms shall continue in force for as long as SWAN Data is used by the Receiver, subject to clause 8.

3. USING THESE MODEL TERMS

  1. Each Contracting Party may be a Sender or Receiver and accordingly may send or receive SWAN Data to and from the other Contracting Party subject to these Model Terms provided that both Parties remain in compliance with these Model Terms.

4. THE BINDING PRINCIPLES

  1. The effective operation and use of the SWAN Network involve many bilateral contractual relationships between Senders and Receivers, each subject to these Model Terms, but each Party acknowledges that it shares a collective responsibility to uphold the spirit and reputation of the SWAN Ecosystem as a whole.

  2. Each Party acknowledges and agrees to respect the fundamental rights of Users to express or change their Preferences and shall do nothing to undermine or diminish those rights.

  3. Each Party acknowledges and agrees that, through the SWAN Network (particularly through the use of the Pseudonymous Identifiers) Users have the right to be forgotten by dissociating their Device from any data associated with a Pseudonymous Identifier at any time. Each Party acknowledges and agrees not to attempt to undermine or diminish any User’s right to be forgotten.

  4. Each Party acknowledges and agrees that it may only use SWAN Data for the following purposes:

    1. to plan and deliver content (whether targeted or otherwise) to a Device;

    2. to measure the reach and responsiveness of the content it delivers;

    3. to optimize the content it delivers;

    4. to prevent or detect security incidents or fraudulent or illegal activity or to assist prosecute or apprehend those responsible for any of those incidents or activities; and

    5. to defend, bring or establish legal claims or to comply with applicable law.

  5. Each Party shall act in good faith and reasonably at all times in respect of any activities it undertakes to adhere to the Binding Principles.

5. OBLIGATIONS OF THE PARTIES

    Initiating Transactions between Contracting Parties

  1. The sharing of SWAN Data, whether on its own or in combination with Non-SWAN Data, can only occur between the Contracting Parties through Transactions.

  2. Prior to initiating a Transaction, the Sender shall implement appropriate technical and organisational measures to ensure that the organization receiving the SWAN Data is the other Contracting Party.

    Sending and Receiving SWAN Data

  1. On receipt of the SWAN Data, the Receiver shall Sign the Transaction to confirm receipt of the SWAN Data. The Receiver shall not use any SWAN Data where the data relating to a User’s Preference as required under clause 5(9)(ii) is missing from the SWAN Data or contains a null value.

  2. If the Receiver fails to Sign the Transaction but provides a response to that Transaction, then the Sender must Sign to confirm that it sent the SWAN Data to that Receiver as soon as it becomes aware of the Receiver’s failure.

  3. If the Receiver fails to Sign the Transaction but does not provide a response to that Transaction, then the Sender should Sign to confirm that it sent the SWAN Data to that Receiver as soon as it becomes aware of the Receiver’s failure.

    User Interface Providers

  1. No Contracting Party other than a User Interface Provider shall be permitted to collect or send Raw SWAN Data.

  2. If a Contracting Party is a User Interface Provider, it shall:

    1. ensure that it has entered into a Main Agreement with a SWAN Operator, whose terms may not be modified by a Main Agreement with any other organization;

    2. not send any Raw SWAN Data to a Party in connection with these Model Terms other than a SWAN Operator with whom it has entered into a Main Agreement;

    3. ensure that the functionality allowing Users to provide their Preferences and Raw SWAN Data to the SWAN Network is operating properly at all times; and

    4. include a clear and prominent notice for Users in the User Interface explaining that its functionality may relate to the SWAN Network and other, unrelated consent management or preference functionality.

  3. Each Contracting Party shall ensure that:

    1. any Party that uses the User Interface includes a link or other visible mechanism that permits access and use of the User Interface on every webpage accessible to Users; and

    2. such User Interface is compatible with the standards and requirements notified by the SWAN Network.

  4. The User Interface Provider shall ensure that, at all times, its User Interface:

    1. prominently displays the following text:

      You may change your preferences at any time by toggling the applicable preference options below. Please see further our Privacy Policy [hyperlinked to policy of Party that is the website operator]”

      “These details are shared with the SWAN Network to manage your preferences. See further the SWAN Network Privacy Notice [hyperlinked to joint privacy notice at www.swan.community]”;

    2. includes, as a minimum, the following Preference (including opt-in mechanism and text without amendment) and ensures that any preference option defaults to no/opted-out and permits Users to easily and immediately access and read the text marked with an asterisk below:

      Personalized marketing [opt-in mechanism]*. You may still receive targeted content unrelated to your browsing activity or interactions.

      Your consent will automatically expire 2 years after you provide it. You have a right to be forgotten, which you can exercise at any time by resetting your Secure Web ID. You can also obtain a temporary Secure Web ID by using the incognito/private browsing function of your browser.

      * Select to consent to receive targeted content to a web-enabled device based on your browsing activity and interactions.

    3. prominently displays the following text next to the functionality that permits collection of Raw SWAN Data from the User:

      By providing your email address, you can apply your preferences to your experience when you use other web-enabled devices.

    4. can be configured to provide Users with a link to retrieve the User Interface to view, edit and update their SWAN Data, including their Preferences.

  5. The User Interface Provider shall ensure that no Party, including the User Interface Provider itself, may alter, amend or delete any text or functionality required under clause 5(9), except that the User Interface Provider shall be permitted to create accurate language translations of any such text where appropriate and to provide additional consent management and preference functionality in respect of activities not required under that clause (by way of example only, age verification), subject always to the restrictions in clause 6.

  6. When a User accesses the User Interface to update their Preferences and/or Raw SWAN Data, the User Interface Provider shall share the updated Preferences and/or Raw SWAN Data with the SWAN Operator with whom it has a Main Agreement.

  7. The User Interface Provider shall have access to Raw SWAN Data and, consequently, it warrants that it has implemented and maintains specific technical and organisational measures to safeguard any and all Raw SWAN Data in its possession.

  8. If a Contracting Party is a User Interface Provider for another Party, then it may not use any SWAN Data processed for that other Party for the User Interface Provider’s own purposes unless it independently receives that SWAN Data in its capacity as a Party that is not a User Interface Provider under a separate Main Agreement.

6. RESTRICTED USES

  1. Restricted Data and Restricted Profiling

    1. No Contracting Party shall directly or indirectly use any Restricted Data in connection with the SWAN Data including for any Restricted Profiling, except where this is strictly necessary and permitted by applicable laws.

  2. Reidentification

    1. Subject to clause 6(2)(ii), neither Contracting Party shall identify the offline identity of a User from SWAN Data.

    2. The restriction in clause 6(2)(i) shall not apply in respect of a User who has provided Personal Data from which they can be identified offline directly to a Receiver when engaging with that Receiver’s web property.

7. DATA PROTECTION

  1. Subject to clause 7(2), the Contracting Parties acknowledge and agree that for the purposes of Data Protection Laws each is an independent and separate Controller of its processing of Personal Data in connection with these Model Terms. Each such Contracting Party warrants to the other that it has obtained consent to the extent required by both Contracting Parties to comply with Data Protection Laws in connection with the uses of SWAN Data and Non-SWAN Data contemplated under these Model Terms.

  2. Any Contracting Party that is a User Interface Provider for another Party shall be a Processor in relation to its processing of Personal Data under its Main Agreement with that Party. Accordingly, under its Main Agreement with a SWAN Operator (or any other Party), the User Interface Provider shall be deemed to be acting on behalf (and on the documented instructions) of its contracted Controller relevant to the Transaction being processed by the User Interface Provider.

  3. The Standard Processor Clauses shall apply between each User Interface Provider and the Party that is its Controller in accordance with clause 7.2 and shall be deemed incorporated into these Model Terms. Those Standard Processor Clauses shall be deemed populated with the Processor Processing Description.

  4. To the extent that a Transaction between the Contracting Parties is a Restricted Transfer, the applicable Standard Transfer Clauses shall apply between them and shall be deemed incorporated into these Model Terms. Those Standard Transfer Clauses shall be deemed populated with the Processor Processing Description and the Security Measures (for Restricted Transfers to a Contracting Party that is a Processor) or with the Controller Processing Description (for Restricted Transfers to a Contracting Party that is a Controller).

  5. For the purposes of these Model Terms including the Standard Processor Clauses and Standard Transfer Clauses, the Sender consents to the onward transfer of SWAN Data and Non-SWAN Data and to permit the Receiver to subcontract the processing of that data (as applicable).

  6. If the Receiver or any of its subcontractors (“Receiver Parties”) receives a mandatory request, order, demand, notice or direction from any government agency or other public authority to disclose any SWAN Data or Non-SWAN Data whether or not in writing and whether or not referencing any Data Protection Laws or identifying any specific Users (“Data Production Request”), it shall deal with the Data Production Request in accordance with the following terms in this clause 7(6):

    1. The Receiver Parties shall not disclose any Personal Data to any person in response to a Data Production Request unless either they are under a compelling statutory obligation to make such disclosure, or (having regard to the circumstances and the rights and freedoms of any affected Data Subjects) there is an imminent risk of serious harm that merits disclosure in any event (for example, to protect individuals’ vital interests).

    2. Where, in accordance with this clause 7(6), disclosure of the Personal Data is required in response to a Data Production Request, the Receiver Parties shall notify the Sender in writing in advance (setting out all relevant details) and shall thereafter provide all reasonable cooperation and assistance to the Sender and, if requested by the Sender, assist it with any application, injunction, order or request to prevent (or where that is not possible, to delay) the disclosure of that Personal Data.

    3. Except where the imminent risk of serious harm prohibits prior notification, the applicable Receiver Parties shall notify and consult with the relevant Supervisory Authority in respect of the Data Production Request, and at all times thereafter cooperate with that authority and the Sender to deal with and address the Data Production Request. Each of the Receiver Parties shall, if permitted under applicable laws, suspend (or where not possible, apply to suspend) the Data Production Request so that it can notify and consult with the Sender and the relevant Supervisory Authority.

  7. Each Contracting Party shall implement appropriate technical and organisational measures to protect against accidental unlawful or unauthorised destruction, loss, alteration or disclosure of, or access to, the SWAN Data, and Non-SWAN Data where applicable (together, “Security Measures”) and shall set out or reference a description of all such measures in the Main Agreement.

  8. Each Contracting Party shall ensure that it publishes online a Privacy Notice relating to its processing of SWAN Data. Where it is the Root Party, the Contracting Party shall at all times provide a mechanism that allows the User to inspect the SWAN Audit Log and to access the Privacy Notices of the Parties included in that log.

8. BREACH & TERMINATION

  1. Breach of these Model Terms

    1. In the event a Contracting Party breaches these Model Terms the relevant Contracting Party shall make a Breach Notification in accordance with clause 8(2)

  2. Breach Notification

    1. If a Contracting Party becomes aware of a breach of these Model Terms by a Party:

      1. the defaulting Contracting Party shall without undue delay (and in any event within 72 hours of becoming aware) cure the breach or, where this is not possible within such period, publish a prominent notification on its website, in a language appropriate for the applicable Users, setting out the following (“Breach Notice”):

        1. the identity of the Contracting Party;

        2. the nature of the breach and, in particular, whether the Contracting Party has engaged in any of the restricted activities under clause 6; and

        3. any steps the Contracting Party has taken to cure the breach; or

      2. the innocent Contracting Party shall take the following steps in relation to any defaulting Party:

        1. to the extent known, notify that Party with the information set out in clause 8(2)(i)(a); and

        2. publish the Breach Notice on its website within 72 hours of becoming aware that the defaulting Party has failed to comply with clause 8(2)(i)(a).

  3. Termination

    1. A Contracting Party may terminate the Main Agreement if the other Contracting Party:

      1. fails to comply with its obligations under clause 8(2) (Breach Notifications);

      2. commits an incurable and material breach of these Model Terms in the Main Agreement between the Contracting Parties;

      3. commits a curable breach of these Model Terms in the Main Agreement between the Contracting Parties but fails to cure that breach within 14 days of becoming aware of the breach; or

      4. receives a notice from a Supervisory Authority requiring either Contracting Party to cease processing SWAN Data.

    2. The innocent Contracting Party shall determine in its sole discretion whether or not a breach by the defaulting Contracting Party is a material breach but shall, acting reasonably and in good faith, have regard to the following when exercising that discretion:

      1. whether the breach was deliberate, wilful or resulted from the defaulting Contracting Party’s negligence;

        1. the volume and frequency of the breach and any prior breaches;

        2. whether the breach involved a failure to comply with the restrictions in clause 6;

        3. whether, as a result of the breach, an organization that is not a Party linked any Non-SWAN Data to the SWAN Data; and

        4. whether, as a result of the breach, an organization that is not a Party linked the User’s offline identity to the SWAN Data.

  4. Effect of Termination

    1. If the Main Agreement between the Contracting Parties terminates or expires, the Contracting Parties shall immediately cease sending or receiving SWAN Data and using it for the purposes set out in clause 4(4) (but not clauses 4(4)(v) or 4(4)(v), which shall survive the termination or expiry of that Main Agreement).

9. WARRANTY & LIABILITY

  1. No Warranty

    EXCEPT AS EXPRESSLY SET OUT IN THE MAIN AGREEMENT BETWEEN THE CONTRACTING PARTIES, THE SENDER PROVIDES THE SWAN DATA AND NON-SWAN DATA "AS IS" WITHOUT REPRESENTATION OR WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN PARTICULAR, EACH CONTRACTING PARTY ACKNOWLEDGES AND AGREES THAT ENTRY BY IT INTO ANY MAIN AGREEMENT DOES NOT OF ITSELF GUARANTEE THAT EITHER CONTRACTING PARTY WILL BE COMPLIANT WITH ANY OR ALL DATA PROTECTION LAWS OR OTHER APPLICABLE LAWS.

  2. Liability

    1. SUBJECT TO CLAUSE 9(2)(ii), NOTHING IN ANY MAIN AGREEMENT SHALL LIMIT OR EXCLUDE THE LIABILITY OF A CONTRACTING PARTY TO ANY OTHER PARTY IN CONNECTION WITH THESE MODEL TERMS.

    2. TO THE FULLEST EXTENT PERMITTED UNDER APPLICABLE LAWS, A CONTRACTING PARTY SHALL NOT BE LIABLE TO ANY OTHER PARTY IN CONNECTION WITH ANY BREACH NOTIFICATION IT MAKES UNDER THESE MODEL TERMS PROVIDED THAT THE CONTRACTING PARTY CAN REASONABLY DEMONSTRATE IT MADE THAT NOTIFICATION IN GOOD FAITH AND REMOVES OR CORRECTS (AS APPLICABLE) ANY BREACH NOTIFICATION MADE IN OR CONTAINING AN ERROR IMMEDIATELY AFTER BECOMING AWARE OF THE ERROR.

10. OTHER IMPORTANT TERMS

  1. Intellectual Property

    Nothing in these Model Terms transfers any ownership of any intellectual property rights of a Contracting Party to the other Contracting Party.

  2. Interpretation

    In these Model Terms, headings are used for convenience only and shall not control the meaning or the interpretation of any of the provisions in these Models Terms and words that appear after the expression “include”, “including”, “other” “for example”, “such as” or “in particular” (or any similar expression) in these Model Terms shall not limit the meaning of the words appearing before such expression.

  3. Conflict

    Nothing in the Main Agreement shall be construed as overriding or superseding these Model Terms. If there is any conflict or inconsistency between the provisions of the Main Agreement then the following order of precedence shall apply: first, the Standard Processor Clauses and Standard Transfer Clauses (to the extent each is applicable), second, the remaining Model Terms and third, the remaining provisions of the Main Agreement.

  4. Severability

    If any part of these Model Terms is found to be unenforceable as a matter of law, all other parts of these Model Terms will not be affected and shall remain in force.

  5. Changes to these Model Terms

    1. These Model Terms may be subject to change from time to time. Changes to these Model Terms shall be communicated to Parties by way of publication of the modified terms on the SWAN Website.

    2. Subject to clause 10(5)(iii), any changes to the Model Terms in the Main Agreement between the Contracting Parties shall be effective 30 days after the date of publication except where stated to be effective sooner as a result of a Change in Law.

    3. If any of the changes to the Model Terms published on the SWAN Website modify the definition of SWAN Data or Raw SWAN Data, the purposes set out in clause 4(4) or any other fundamental aspect of the model relating to the SWAN Ecosystem (as notified on the SWAN Website):

      1. clause 10(5)(ii) shall not apply; and

      2. the Main Agreement between the Contracting Parties shall terminate if the Contracting Parties do not enter into a Main Agreement incorporating the modified Model Terms within 30 days of publication.

    4. Any changes made to the Model Terms in accordance with this clause 10(5) shall only apply to SWAN Data sent or received after the modified Model Terms come into force.

11. GOVERNING LAW & JURISDICTION

  1. Subject to the governing law that applies to any Standard Transfer Clauses in accordance with those clauses, these Model Terms shall be governed and interpreted in accordance with the governing law expressly specified elsewhere in the Main Agreement or the following jurisdiction if the Main Agreement does not specify any governing law:

    1. the jurisdiction in which the Contracting Parties are established where they are both established in the same jurisdiction:

    2. England and Wales, where the Contracting Parties are established in different jurisdictions.

  2. If any provision(s) of these Model Terms cannot be given legal effect under the governing law applicable to the Model Terms in accordance with clause 11(1) then the presiding arbitrator shall apply the local law that most closely approximates that particular provision(s).

  3. In the event of any dispute arising out of or in connection with these Model Terms, including in relation to any Breach Notification, the Contracting Parties agree that either Contracting Party may submit the matter, in the first instance, to administered expert proceedings in accordance with the Rules for the Administration of Expert Proceedings of the International Chamber of Commerce (“ICC”).

  4. After the conclusion of the ICC’s administered expert proceedings, the dispute shall be finally settled under the Rules of Arbitration of the ICC (“Rules”) by one arbitrator appointed in accordance with the said rules.

  5. The seat, or legal place, of arbitration shall be London, England and all disputes heard within the Rules shall be heard in English or such other language mutually acceptable to the Contracting Parties.

  6. The forum for all disputes heard within the Rules shall be London, England or such other location as is mutually agreed by the Contracting Parties.

  7. Nothing in this clause 11 or in the Rules shall prevent either Contracting Party from applying to the courts of any jurisdiction for such provisional or protective measures as are available under the laws of that jurisdiction, including seeking interlocutory and/or injunctive relief.

SWAN Model Terms

Annex

  1. Controller Processing Description

    • Data Subjects: Users.

    • Purposes of the transfer: To allow a Sender to make a Transaction to a Receiver in connection with the purposes set out in the Binding Principles.

    • Categories of data: SWAN Data and Non-SWAN Data.

    • Recipients: Further Parties with whom the Receiver will share the SWAN Data and Non-SWAN Data.

    • Sensitive data: None.

    • Data protection registration information of the Sender: As set out on the Sender’s website.

    • Additional useful information: Not applicable.

    • Contact points for data protection enquiries: As set out in the website of the relevant Contracting Party.

    • Clause II(h) option: sub-clause (iii).

  2. Processor Processing Description

    • Subject matter, purpose and nature of processing/processing operations: Processing necessary for the User Interface Provider to collect, record and manage each User’s Preferences and Raw SWAN Data. The processing involves the collection, transmission, writing and retrieval of SWAN Data and Raw SWAN Data in connection with the SWAN Network.

    • Duration of processing: The term of the Main Agreement or such other period as instructed by the Contracting Party that is the User Interface Provider’s Controller.

    • Type of Personal Data processed and categories of Data Subjects: SWAN Data relating to Users and Raw SWAN Data (but, for the avoidance of doubt, no Restricted Data).

    • Rights and obligations of the Controller: The rights and obligations of the Contracting Party that is the User Interface Provider’s Controller shall be as set out in these Model Terms and Data Protection Laws.