The provisions within this DPA are severable. Should any section or provision be invalid or become invalid, such invalidity shall only affect that section or provision.
Additional access for Website Design Services:
Freeola staff will have access to all files and data intended for use on the designed website. Any included Personal Data may be accessible to the designer for as long as necessary to complete the Agreement.
Freeola staff have received training on compliance with current Data Privacy legislation and will not process the data further than is required in order to set-up the website and any associated hosting service.
Appendix B: Technical and Organisational Measures
Freeola Limited use third-party data centres located in the UK to host data, all of which maintain current ISO 27001 certification. Freeola will not use any data centre that does not maintain this certification.
Entry control is secure and all centres conform to the ISO 27001 certification. The locations are secured, monitored and locked with constant supervision. There are strict checks and protocol before entry to the centre is granted.
Systems Access Control:
The Processor uses role-based authentication; with strong passwords that only a select number of key personnel know. If a staff member should leave, they are removed from the system and passwords are changed.
Data Access Control:
Role-based authentication is used, with encrypted passwords.
Update logs are kept, so any amendments and entries can be monitored or reviewed.
The Processor completes regular backups throughout the day, so that data can be restored in a timely manner in the event of a physical or technical incident.
Data is stored in a manner that logically separates customer (Controller) data. Users will only have access to data that they are authorised to access.
The Processor will regularly test and review these measures, to ensure that the level of security is appropriate to the level of the risk.