Data Processing Addendum (GDPR)

Effective Date: 14 November 2023

This Data Processing Addendum (“DPA”) forms part of the Terms and Conditions between you (“Controller”) and Training Intelligence (TIQ) Ltd (“Processor”) governing your use of TIQplus (the “Service”). It reflects the parties’ agreement with respect to the collection, use, and protection of personal data processed on your behalf in compliance with the UK GDPR.

1. Definitions

• “Personal Data” means any information relating to an identified or identifiable natural person.
• “Processing” means any operation performed on Personal Data, including collection, storage, retrieval, disclosure, deletion.
• “Sub-processor” means any third party engaged by Processor to Process Personal Data on behalf of Controller.

2. Roles & Responsibilities

• Controller: You determine the purposes and means of Processing.
• Processor: Processes Personal Data on Controller’s behalf, only according to documented instructions.

3. Details of Processing

• Subject-matter: Provision of the TIQplus training management platform.
• Duration: For the term of your subscription and until deletion or return of data.
• Nature & Purpose: Storage, retrieval, display and management of your User Content and related administrative data.
• Categories of Data: Name, email, company, job title, usage logs, support communications.
• Data Subjects: Users you authorize to access TIQplus.

4. Processor Obligations

• Process Personal Data only on Controller’s documented instructions.
• Implement technical and organizational measures to ensure confidentiality, integrity and availability (e.g., encryption at rest and in transit, access controls, regular backups).
• Ensure that personnel with access to Personal Data are bound by confidentiality obligations.
• Assist Controller with data subject rights requests (access, rectification, erasure) without undue delay.
• Notify Controller within 48 hours upon becoming aware of any Personal Data breach.

5. Sub-processors

Controller hereby authorizes Processor to engage the following Sub-processors:

• Amazon Web Services (hosting, backups)
• Stripe Inc. (payment processing)
• SendGrid, Inc. (email delivery)

Processor will remain liable for the acts and omissions of its Sub-processors.

6. International Transfers

Where Personal Data is transferred outside the UK or EEA, Processor will ensure appropriate safeguards are in place (Standard Contractual Clauses or equivalent).

7. Audit & Inspection

Controller or its approved auditor may audit Processor’s compliance with this DPA, once per calendar year, upon reasonable notice and during normal business hours.

8. Data Deletion

Upon termination or expiry of the agreement, Processor will, at Controller’s request, return or securely delete all Personal Data within 30 days, unless retention is required by law.

9. Liability

Each party’s liability under this DPA shall be subject to the limits and exclusions set out in the Terms and Conditions.

10. Governing Law

This DPA is governed by the laws of England and Wales.

11. Contact for Data Protection

For any inquiries relating to this DPA or data protection matters, please contact:
Training Intelligence (TIQ) Ltd
Email: myaccount@tiqplus.com