Customer Contract Addendum
Our Customer Contract Addendum template:
- drafted by a GDPR-specialist solicitor
- provides data protection warranties from your customer to you
- supplement your terms and conditions
- very quick and easy to use
How Does It Work?
-
1. Download
-
2. Edit
-
3. Print
-
4. Sign
You can use our Customer Contract Addendum template when you are contracting with a customer who supplies you with personal data for you to process on their behalf and on their instructions as part of your work for them, but where they otherwise have no contract in place with you that deals with the data. This is for use where your customer is another organisation or business of some sort. For example, they are a sole trader, partnership or company.
You need “data collection warranties” to be in place. These are their promises to you that:
- they have collected the data properly, and
- have permission from the data subjects to hold and use it as necessary for the services you will be performing.
This then covers your use of it. If your customer did not collect it properly, your processing and use of it would be illegal. This customer contract addendum template provides you with the wording for those essential warranties.
You can then get on and process the data in accordance with your customer’s instructions. You will rely on the promise that your customer has gained the necessary consent for the work you are doing.
When to use a Customer Contract Addendum
There are various situations where you might need to use such a template, for example:
- you are running a marketing campaign on your customer’s behalf directly to its customers;
- you are providing a service directly to their staff, as part of which you will need to handle staff personal data; or
- you are fulfilling (in whole or in part) or delivering orders on their behalf for their customers, as part of which service you will need to receive personal data on their customers.
In each situation, you can see the need for this addendum if you do not otherwise cover it in a written contract. You will receive personal data (and therefore process it). Otherwise you would not know if the person collecting the personal data had done this properly. Your contract with them (based, for example, on your standard terms and conditions of trade) might already include terms that state that you will process the personal data in accordance with the law. However, you might not have warranties from them in that contract that they have permission to hand over any data to you.
Guide to Customer Contract Addendum – Data Warranties
This guide is an abbreviated preview of the full guide you receive when you buy our template. It will give you a good idea of the areas covered by this template.
Clauses in this Customer Contract Addendum – Numbered clauses
There is very little that you need to edit in this template. This is because the clauses in the template are largely based on the standard-format data processing warranties set out in GDPR.
Purpose of the customer contract addendum
You need to add in a brief description of the service that you provide to your customers. Then delete the square brackets.
1. Data Protection
1.1 This clause confirms that both parties will comply with the requirements of GDPR.
1.2 This clause confirms that:
- you as the service provider are the data processor, and
- that your customer is the data controller.
The latter is the party responsible for the data. At clause 1.2 you need to add the name of your business.
1.3 This clause covers the fact that the client needs to ensure that they have:
- the required notices, and
- where relevant, consents,
to transfer any personal data required by you to provide your services to them.
1.4 This clause in the customer contract addendum confirms that the client has a GDPR compliant privacy notice added to their website. This is important. If the client does not have a GDPR compliant privacy notice, then they will not have complied with GDPR. Passing data to your business, and the subsequent processing of that data by your business will breach GDPR.
1.5 In this clause you are confirming to the client that all staff that work for your business will treat any personal data that they process in a manner that protects the confidentiality and security of the data.
1.6 This clause sets out a broad confirmation of the fact that your business will ensure that all data that is passed to it by the customer will be processed in accordance with the data subject’s permission.
1.7 This clause confirms to the customer that if they are required to provide any details of the services that you provide to them then your business will assist with that.
2. Indemnity
2.1 This clause in the customer contract addendum, and the sub-clauses of the clause, confirm that each party shall be liable to the other for all of the costs and losses associated with a breach of any of the warranties that are set out in clause 1.
2.2 This clause sets out what each party must do in order to be able to claim on the other party in the event of a breach of warranty.