Embedded Files
This Addendum supplements the confidentiality and security provisions of the Associate Agreement between E Co. and the Consultant. It serves as the formal Data Processing Agreement required under Article 28 of the GDPR.
Role of the Parties: The Consultant acts as a Data Processor for E Co. (the Data Controller).
Compliance: The Consultant shall comply with all applicable Data Protection Legislation, including the UK GDPR and EU GDPR.
Instructions: The Consultant shall process Personal Data only on the documented instructions of E Co. and for the specific purposes of the assigned project.
Security & TOMs: The Consultant shall implement the Technical and Organisational Measures (TOMs) as specified in the E Co. Data Security Standards. This includes maintaining device encryption, access controls, and MFA.
Sub-processing: The Consultant shall not engage any third-party sub-processor (e.g., another freelancer or a specific software tool) without prior written authorisation from E Co.
Cooperation: The Consultant shall assist E Co. in responding to data subject requests (e.g., access or deletion) and notify E Co. at privacy@ecoltdgroup.com within 24 hours of any suspected data breach.
International Transfers: Where the Consultant is located outside the UK/EEA in a country without an Adequacy Decision, the parties hereby incorporate the EU Standard Contractual Clauses (Module 2) and the UK International Data Transfer Addendum into this Agreement by reference.
Deletion or Return: Upon termination of the contract or completion of the project, the Consultant shall, at the choice of E Co., securely delete or return all personal data.
Report abuse