Effective starting: 30 September, 2022
We Are The City LIMITED, “us”, “we”, or “our” refers to WeAreTheCity, WeAreTechWomen and any of our corporate affiliates.
BACKGROUND
Whereas:
NOW THEREFORE BOTH PARTIES AGREE AS FOLLOWS:
Category of Data | Category of Data Subjects | Purpose |
Contact data including but not limited to contact names, work addresses, phone numbers, email addresses, credit card details and billing details. | Data Controller’s employees, advisors and contractors | To administer Data Processor’s relationship with the Data Controller in the provision of the Services including administrative, financial, licensing, billing, consulting, communicating, marketing, prospecting, training and events including sign-up registration in pursuit of its contractual obligations in respect of its Legitimate Business Interests. |
Name, email address, mobile phone number and device identifying data. | Data Controller’s program participants (“Users”) | To facilitate registration, log in and identification of, and communication with, Users participating in the Data Controller’s program. |
Personal Data, including Sensitive Personal Data as per Instruction of the Data Controller. | Data Controller’s program participants (“Users”) | Through the Services the Data Controller has the facility in respect of its Legitimate Business Interests to process any type of data such as (but not limited to) Users’: identification documents; date of birth; social security number; imagery; etc. |
Category of Data | Retention Policy |
Personal Data of the Data Controller’s employees, advisors and contractors. | Data is retained for the lifetime of the Data Processor’s relationship (where there is an ongoing Legitimate Business Interest) with the Data Controller. |
Personal Data of Users. | Data is retained until:
1. The User issues an Instruction to have their data permanently removed, or 2. The Data Controller issues an Instruction to permanently remove data. Once data deletion is actioned per an Instruction, data is fully deleted including from all backup records, in 28 days. |
Log files which may include device identifying data of Users. | Retained for 12 months from time of log record creation. |
Schedule A
Type of processing
The table below defines a list of types of processing related to Personal Data, and the storage location for that processing.
Type of processing | Location of storage and processing |
Application hosting and data storage | Per Data Controller’s Instruction upon account creation, may be located in:
|
Email sending | Europe – (Ireland) |
SMS sending | United Kingdom |
Image processing | United States (rendering)
|
Capture screenshots from URLs | United States |
Push notifications | United Kingdom |
Application monitoring | United Kingdom |
Support infrastructure | United Kingdom and United States |
Schedule B
Technical & organisational measures
Following are technical and organisational measures the Data Processor has implemented and will maintain for the processing of Personal Data.
Permanent and secure deletion of all online and network accessible instances of Data within 28 days of Client’s Instruction.