Customer Contract Addendum
Our Customer Contract Addendum template:
- drafted by a GDPR-specialist solicitor
- provides data protection warranties from your customer to you
- very quick and easy to use
How Does It Work?
You can use our Customer Contract Addendum template when you are contracting with a customer who supplies you with personal data for you to process on their behalf and on their instructions as part of your work for them, but where they otherwise have no contract in place with you that deals with the data. This is for use where your customer is another organisation or business (e.g. a sole trader, partnership or company) of some sort.
You need “data collection warranties” to be in place. These are their promises to you that they have collected the data properly and have permission from the data subjects to hold it and use it in the manner relevant to the services you will be performing for your customer. This then covers your use of it – if it had not been collected properly in the first place, your processing and use of it would be illegal. This template provides you with the wording for those essential warranties.
You can then get on and process the data in accordance with your customer’s instructions, safe in the knowledge that your customer has told you it has gained the necessary consent for the work you are doing on the data.
When to use a Customer Contract Addendum
There are various situations where you might need to use such a template, for example:
- you are running a marketing campaign on the customer’s behalf directly to its customers;
- you are providing a service directly to their staff, as part of which you will need to handle staff personal data; or
- you are fulfilling (in whole or in part) or delivering orders on their behalf for their customers, as part of which service you will need to receive personal data on their customers, e.g. their names and addresses.
In each situation, you can easily see the need for this addendum if it is not otherwise covered in a written contract. You will be receiving personal data (and therefore processing it); and otherwise you would not know if the personal data had been collected properly. Your contract with them (based, for example, on your standard terms and conditions of trade) might already include terms that state that you will process the personal data in accordance with the law, but you might not have included warranties from them that any data they hand over to you has been collected properly.
Guide to Customer Contract Addendum – Data Warranties
This guide is an abbreviated preview of the full guide you receive when you buy our template. It will give you a good idea of the areas covered by this template.
Clauses in this Customer Contract Addendum – Numbered clauses
Since the clauses in the template are largely based on the standard format data processing warranties set out in GDPR, there is very little that you need to edit in this template.
Purpose – You need to add in a brief description of the service that you provide to your customers and then delete the square brackets.
1. Data Protection
1.1 This clause confirms that both parties will comply with the requirements of GDPR.
1.2 This clause confirms that you as the service provider are the data processor and that your customer is the data controller – i.e. the party responsible for the data. At clause 1.2 you need to add the name of your business.
1.3 This clause covers the fact that the client needs to ensure that they have the required notices, and where relevant consents, to transfer any personal data required by you to provide your services to them.
1.4 This clause confirms that the client has a GDPR compliant privacy notice added to their website. This is important as if the client does not have a GDPR compliant privacy notice then they will not have complied with GDPR and passing data to your business, and the subsequent processing of that data by your business will breach GDPR.
1.5 In this clause you are confirming to the client that all staff that work for your business will treat any personal data that they process in a manner that protects the confidentiality and security of the data.
1.6 This clause sets out a broad confirmation of the fact that your business will ensure that all data that is passed to it by the customer will be processed in accordance with the.
1.7 This clause confirms to the customer that if they are required to provide any details of the services that you provide to them then your business will assist with that.
2.1 This clause and the sub clauses of the clause confirm that each party shall be liable to the other for all of the costs and losses associated with a breach of any of the warranties that are set out in clause 1.
2.2 This clause sets out what each party must do in order to be able to claim on the other party in the event of a breach of warranty.
Signed – You need to add in the name of your customer’s business and the name of your business.