Agreement
Processing Terms
This Data Processing Agreement forms part of the agreement between ZeroPoint Creative Ltd and the client where we process personal data on the clientโs behalf as a processor. It applies where our services involve access to, storage of, transmission of, or other processing of personal data subject to UK GDPR or other applicable data protection law.
For the purposes of this agreement, the client is the data controller and ZeroPoint Creative Ltd is the data processor, except where we determine our own purposes and means of processing, in which case we act as an independent controller. We will only process personal data on documented instructions from the client unless required to do otherwise by law.
We process personal data only to deliver contracted services, maintain secure systems, and support lawful business operations.
ZeroPoint Creative Ltd
Processing may include website hosting, maintenance, backups, contact form handling, analytics configuration, SEO implementation, content updates, AI workflow support, and technical support. Categories of data may include names, email addresses, phone numbers, business details, website usage data, customer-submitted content, and other personal data the client chooses to place within the services.
Core Duties
Our Processor Commitments
ZeroPoint Creative Ltd will implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. Access to personal data is limited to personnel and contractors who need it to deliver the services and who are subject to confidentiality obligations.
We may engage trusted subprocessors such as hosting providers, payment processors, cloud platforms, analytics providers, email providers, and software vendors where needed to provide the services. We will take reasonable steps to ensure such subprocessors are bound by data protection obligations appropriate to the nature of the processing.
Taking into account the nature of the processing and the information available to us, we will assist the client where reasonably possible with data subject requests, security incident response, data protection impact assessments, and regulatory enquiries. The client remains responsible for determining the lawful basis for processing and for providing required notices to data subjects.
Security
International Transfers and Retention
Where personal data is transferred outside the UK, we will use appropriate safeguards where required, such as adequacy regulations, standard contractual clauses, or other lawful transfer mechanisms. We will notify the client if we believe an instruction infringes applicable data protection law, unless prohibited from doing so.
At the end of the services, and subject to legal, regulatory, backup, and accounting retention requirements, we will delete or return personal data on request within a reasonable period. We may retain limited information where required by law or where necessary to establish, exercise, or defend legal claims.
