- Why InsiderList?
  Automate all your MAR compliance requirements with our secure online platform.
  Learn more about why companies choose InsiderList
- Our story
  Discover how we built InsiderList's platform for effortless workflow automation.
  Explore our story
- More about us
- Read our latest Press
- Meet our Partners
- View our open Careers
- Discover
- Learn how we can help automate your compliance requirements.
- Explore the platform
- e-Learning suite
- Workflow automation
- Project insider lists
- Permanent insider lists
- Confidential lists
- PDMR / PCA lists
- Public companies
  We work with over 100 issuers across 12 exchanges and 28 different countries.
  Learn more about solutions for public companies
- Advisers
  We support banks, lawyers, accountants, and PR teams subject to MAR.
  Learn more about solutions for advisers
- Corporate services providers
  Our platform powers compliance teams for the world's largest corporate services providers.
  Learn more about solutions for CSPs
New
LSE RNS integration
Submit notices directly from your dashboard, prepopulated from the approved deal.
Learn more
360° dashboard
Digital signatures
Compliance wizards
Intelligent data capture
Smart contact database
Automated rules and validation
Reporting and analytics
Advanced security
Team collaboration
Detailed audit logs
International languages
User portals
- Articles and resources
- Read our latest articles, guides, and faqs, and access our free MAR insider list templates.
- Learn more about our resource database
- Case studies
  Learn how our clients automate their compliance with InsiderList.
  Learn more about our case studies
- Regulatory database
  Search and query our regulatory database for the latest in compliance.
  Learn more about compliance updates

Key documents

Key documents that together make up our Subscription Agreement.

Standard terms and conditions Data Processing Addendum Acceptable Use Policy Confidential Information Policy Voluntary Modern Slavery and Human Trafficking Statement

Data Processing Addendum

Version 1.5

Introduction
1. This Data Processing Addendum ('DPA') is incorporated into and forms part of the Subscription Agreement entered into between the Supplier and the Client.
2. This DPA governs the collection and processing of any Client Personal Data collected, shared and/or otherwise processed as part of the Services.
Interpretation
1. Any terms used but not defined in this DPA shall be as defined in the Standard Terms and Conditions, and the same rules of interpretation shall apply.
2. In addition, the following definitions in this clause apply to this DPA:
  1. Applicable Laws:
    1. to the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom;
    2. to the extent EU GDPR applies, the law of the European Union or any member state of the European Union to which the Supplier is subject; or
    3. to the extent Jersey Data Protection Law applies, the law of Jersey.
  2. Applicable Data Protection Laws:
    1. to the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom, which relates to the protection of Personal Data;
    2. to the extent EU GDPR applies, the law of the European Union or any member state of the European Union to which the Supplier is subject, which relates to the protection of Personal Data; or
    3. to the extent Jersey Data Protection Law applies, the law of Jersey which relates to the protection of Personal Data.
  3. Client Personal Data: any Personal Data which the Supplier processes in connection with this Subscription Agreement, in the capacity of a Processor on behalf of the Client.
  4. Controller, Processor, Data Subject, Personal Data, Personal Data Breach, Special Categories of Personal Data, processing, and appropriate technical and organisational measures: as defined in the Applicable Data Protection Laws.
  5. EU GDPR: the General Data Protection Regulation ((EU) 2016/679).
  6. Jersey Data Protection Law: the Data Protection (Jersey) Law 2018.
  7. Processing Purpose: the purpose for which the Client Personal Data is processed, as set out in Appendix 1.
  8. Sensitive Data: any sensitive data or Special Categories of Personal Data.
  9. Subcontracted Processors: Amazon Web Services Inc, Amazon Web Services EMEA SARL, Cloudflare Inc, Cloudflare Ltd, Functional Software Inc, Google LLC, GB Group plc, Heroku Inc, Loqate Inc, Mailgun Technologies Inc, Microsoft Corporation, Postcode Anywhere Holdings Limited, PCA Predict Inc, MemCachier Inc, Mixpanel Inc, New Relic Inc, SalesForce UK Limited, SalesForce.com Inc, Slack Technologies LLC, Slack Technologies Limited, SolarWinds Worldwide LLC, Twilio Inc, Zendesk Inc.
  10. UK GDPR: has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018.
Data Protection
1. Both Parties will comply with all applicable requirements of the Applicable Data Protection Laws. This clause 3 is in addition to, and does not relieve, remove or replace, a Party's obligations or rights under the Applicable Data Protection Laws.
2. The Client and the Supplier agree and acknowledge that for the purpose of the Applicable Data Protection Laws:
  1. the Client is the Controller and the Supplier is the Processor of the Client Personal Data; and
  2. the Client retains control of the Personal Data and remains responsible for its compliance obligations under the Applicable Data Protection Laws; and
  3. Appendix 1 sets out the scope, nature and purpose of processing by the Supplier, the duration of the processing and the types of Personal Data and categories of Data Subject.
3. Without prejudice to the generality of clause 3.1, the Client will ensure that it has all necessary and appropriate consents and notices in place to enable lawful transfer of the Client Personal Data to the Supplier and/or lawful collection of the Client Personal Data by the Supplier on behalf of the Client for the duration and purposes of the Subscription Agreement.
4. Without prejudice to the generality of clause 3.1, the Supplier shall, in relation to any Client Personal Data processed in connection with the performance by the Supplier of its obligations under the Subscription Agreement:
  1. process that Client Personal Data only on the documented written instructions of the Client unless the Supplier is required by Applicable Laws to otherwise process that Client Personal Data. Where the Supplier is relying on Applicable Laws as the basis for processing Client Personal Data, the Supplier shall notify the Client of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Client;
  2. ensure that it has in place appropriate technical and organisational measures, to protect against unauthorised or unlawful processing of Client Personal Data and against accidental loss or destruction of, or damage to, Client Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures;
  3. ensure that all personnel who have access to and/or process Client Personal Data are obliged to keep the Client Personal Data confidential;
  4. assist the Client insofar as this is possible (taking into account the nature of the processing and the information available to the Supplier), at the Clien's cost and written request, in responding to any request from a Data Subject and in ensuring the Client's compliance with its obligations under the Applicable Data Protection Laws with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
  5. notify the Client without undue delay on becoming aware of a Personal Data Breach;
  6. at the written direction of the Client, delete Client Personal Data and copies thereof on termination of the Subscription Agreement unless required by Applicable Laws to store the Client Personal Data. For the purposes of this clause (f) Client Personal Data shall be considered deleted where it is put beyond further use by the Supplier; and
  7. maintain records to demonstrate its compliance with this clause 3.
5. The Client hereby instructs the Supplier to process Personal Data as required for the provision of the Services.
6. The Client hereby provides its prior, general consent for the Supplier to:
  1. appoint the Subcontracted Processors as third-party sub-processors of Client Personal Data under this DPA on each of the Subcontracted Processor's standard terms of business, which the Supplier confirms reflect and will continue to reflect the requirements of Applicable Data Protection Laws. As between the Client and the Supplier, the Supplier shall remain fully liable for all acts or omissions of any Subcontracted Processors;
  2. appoint additional sub-processors (other than the Subcontracted Processors) to process the Client Personal Data, provided that the Supplier:
    1. shall ensure that the terms on which it appoints such sub-processors comply with Applicable Data Protection Laws, and are consistent with the obligations imposed on the Supplier in this clause 3;
    2. shall remain responsible for the acts and omission of any such sub-processor as if they were the acts and omissions of the Supplier; and
    3. shall inform the Client of any intended changes concerning the addition or replacement of the sub-processors, thereby giving the Client the opportunity to object to such changes provided that if the Client objects to the changes and cannot demonstrate, to the Supplier's reasonable satisfaction, that the objection is due to an actual or likely breach of Applicable Data Protection Law, the Client shall indemnify the Supplier for any losses, damages, costs (including legal fees) and expenses suffered by the Supplier in accommodating the objection;
  3. transfer Client Personal Data outside of Jersey, the UK and/or the European Economic Area as required for the Processing Purpose, provided that the Supplier shall ensure that all such transfers are effected in accordance with Applicable Data Protection Laws. For these purposes, the Client shall promptly comply with any reasonable request of the Supplier, including any request to enter into standard data protection clauses adopted by the EU Commission from time to time (where the EU GDPR applies to the transfer) or adopted by the UK Information Commissioner from time to time (where the UK GDPR applies to the transfer).
7. The Client will not submit, store, or send any Sensitive Data to the Supplier for processing, and it shall not permit nor authorise any employees, agents, contractors, data subjects or any other person to send any Sensitive Data to the Supplier for processing.
8. The Client acknowledges that the Supplier does not request or require Sensitive Data as part of providing the Service, that it does not wish to receive or store Sensitive Data, and that its obligations in this Data Processing Addendum will not apply with respect to Sensitive Data.
9. The Supplier's total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of this DPA shall be subject to the limitations of liability set out in clause 17 of the Standard Terms and Conditions.

LSE RNS integration

Key documents

Data Processing Addendum

We use cookies!