Sellar Market Data Sharing Agreement

Sellar Market Data Sharing Agreement

Last updated: [01 May 2024]

How we and you treat personal data we share with each other

We'll process your personal data in accordance with our data protection policy.

We and you may share with each other the following types of personal data we've collected in connection with this agreement (shared personal data):

  • Names, addresses and contact details of buyers for your products.
  • Information about buyer orders for your products, including any personalisation requests.
  • Information about buyer queries and complaints in relation to orders.
  • Information about buyer searches and activity on the site.
  • Information about our respective employees.
  • Information about individuals working with other organisations that we or you work with.

We and you agree that we shall only process shared personal data which we receive from the other for the following purposes:

  • Fulfilling orders for your products.
  • Dealing with queries and complaints from buyers about your products.
  • Marketing our products and services to buyers, subject to appropriate consents to marketing being in place and in your case subject to the constraints set out in Your communications with buyers.
  • Dealing with each other's employees and individuals working with other organisations for the purposes of operating this agreement.

Both we and you shall comply with all the obligations imposed on a controller under UK data protection law. If either we or you fail to do so, the other can end this agreement, as set out in When we'll suspend your listings or end this agreement and How you can end this agreement.

Both we and you will:

  • Ensure that all necessary notices, consents and lawful bases are in place to enable lawful transfer of the shared personal data to the other as well as to their employees and the entities they use in connection with this agreement (permitted recipients).
  • Give full information to any data subject whose personal data may be processed under this agreement about the nature of such processing. This includes giving notice that, when this agreement ends, personal data relating to them may be retained by or transferred to one or more of the permitted recipients, their successors and assignees.
  • Not disclose or allow access to the shared personal data to anyone other than the permitted recipients.
  • Ensure that all permitted recipients are subject to written contractual obligations concerning the shared personal data (including obligations of confidentiality) which are no less demanding than those imposed by this agreement.
  • Ensure that appropriate technical and organisational measures are in place to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  • Not transfer any shared personal data received outside the UK and EEA without ensuring that
    • the transfer is to a country approved under UK data protection law as providing adequate protection;
    • there are appropriate safeguards or binding corporate rules in place, pursuant to UK data protection law;
    • we or you (as appropriate) otherwise comply with all the obligations imposed under UK data protection law by providing an adequate level of protection to any personal data that is transferred; and
    • one of the derogations for specific situations in UK data protection law applies to the transfer.

Both we and you shall assist the other in complying with UK data protection law. The things we and you will do include but are not limited to:

  • Consulting the other about any notices given to a data subject in relation to the shared personal data.
  • Promptly telling the other about receipt of a data subject rights request in relation to the shared personal data.
  • Providing the other with reasonable help in complying with any data subject rights request in relation to the shared personal data.
  • Not disclosing, releasing, amending, deleting or blocking any shared personal data in response to a data subject rights request without first consulting the other, wherever possible.
  • Helping the other (at the other's cost) to respond to any data subject rights request and to comply with UK data protection law with respect to security, personal data breach notifications, data protection impact assessments and consultations with the Information Commissioner or other regulators.
  • On becoming aware of a breach of UK data protection law (by themselves or the other), notifying the other of it as soon as reasonably possible.
  • When this agreement ends, either deleting or returning shared personal data (and any copies of it) received from the other, unless required by law to store it.
  • Using technology compatible with the other's technology to process shared personal data, to ensure that transfers to or from the other don't result in inaccuracies.
  • Maintaining complete and accurate records and information to demonstrate that it has complied with these provisions.
  • Providing the other with contact details of at least one employee as point of contact and responsible manager for all issues arising out of UK data protection law, including the procedures to be followed in the event of a data security breach, and the regular review of the parties' compliance with UK data protection law.

Definitions

appropriate technical and organisational measures

has the meaning set out in UK data protection law.

controller

has the meaning set out in UK data protection law.

UK data protection law

means all applicable data protection and privacy legislation in force from time to time in the UK including the UK GDPR; the Data Protection Act 2018 (DPA 2018) (and regulations made thereunder); the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended and all other legislation and regulatory requirements in force from time to time which apply to either you or us relating to the use of personal data (including, without limitation, the privacy of electronic communications); and the guidance and codes of practice issued by the Information Commissioner or other relevant regulatory authority and applicable to either you or us.

data subject

has the meaning set out in UK data protection law

permitted recipients

means your and our employees and the entities you and we use in connection with this agreement.

personal data

has the meaning set out in UK data protection law.

personal data breach

has the meaning set out in UK data protection law.

process

has the meaning set out in UK data protection law

processing

has the meaning set out in UK data protection law

processed

has the meaning set out in UK data protection law

shared personal data

the following types of personal data we and you've collected in connection with this agreement:

  • Names, addresses and contact details of buyers for your products.
  • Information about buyer orders for your products, including any personalisation requests.
  • Information about buyer queries and complaints in relation to orders.
  • Information about buyer searches and activity on the site.
  • Information about our respective employees.
  • Information about individuals working with other organisations that we or you work with.