2. The use of this system is for providing an organisation with basic cleansing and analysis of communications data that has been obtained by the organisation to support them with their business requirements.
  3. The use of this system requires your acceptance that the acquisition of any communications data has been obtained with the relevant authority and justified under Chapter 2, Part 1 of the Regulation of Investigatory Powers Act 2000 and pursuant to Section 71 in accordance with necessity, proportionality and collateral intrusion and has been duly authorised.
  4. By using this Blue Lights Decypher platform you agree to the processing of the Personal Data supplied by you the Data Controller.
    1. By using this system, you also agree that the data being processed is justifiable with the interference with an individual’s human rights under Article 8 of the European Convention on Human Rights only if the conduct being authorised or required to take place is necessary for one or more purposes as set out in section 22 (2) of the Act and is proportionate and in accordance with law.
    2. Data uploaded to this system may constitute personal data as defined under the Data Protection Act 1998, as it may be one step away from identifying an individual. As such, the data protection principles listed under Schedule 1 of the act will be adhered to. The use of this system requires your acceptance of these terms and conditions.
    3. The Company shall not retain any personal data for any longer than is necessary in light of the purpose(s) for which that data is collected, held, and processed as set out in the Blue Lights Decypher Data Retention Policy.
    4. All personal data held by the Blue Lights Decypher platform is held in accordance with the requirements of the GDPR and data subjects’ rights thereunder, as set out in the Blue Lights Decypher Data Retention Policy for this product.
  5. Provision of the Services and Processing Personal Data
    1. The Decypher Platform is acting as the Data Processor to carry out the Services, and only to process the Personal Data received from the Data Controller for the purposes of those Services and not for any other purpose; to the extent and in such a manner as is necessary for those purposes; and strictly in accordance with the express authorisation and instructions of the Data Controller which may be specific instructions or instructions of a general nature or as otherwise notified by the Data Controller to the Data Processor through the acceptance of these terms.
    2. All instructions given by the Data Controller to the Data Processor shall at all times be in compliance with the GDPR and other applicable laws. The Data Processor shall act only on such instructions from the Data Controller unless the Data Processor is required by law to do otherwise (as per Article 29 of the GDPR).
    3. Both Parties shall comply at all times with the GDPR and other applicable laws and shall not perform their obligations under this Agreement or any other agreement or arrangement between themselves in such way as to cause either Party to breach any of its applicable obligations under the GDPR.
    4. The Data Processor shall notify the Data Controller immediately if it becomes aware of any form of Personal Data breach, including any unauthorised or unlawful processing, loss of, damage to, or destruction of any of the Personal Data.
    5. The Data Controller shall be liable for, and shall indemnify (and keep indemnified) the Data Processor in respect of any and all action, proceeding, liability, cost, claim, loss, expense including reasonable legal fees and payments, or demand suffered or incurred by, awarded against, or agreed to be paid by, the Data Processor and any Sub-Processor arising directly or in connection with:
    6. Any non-compliance by the Data Controller with the GDPR or other applicable legislation; any Personal Data processing carried out by the Data Processor or Sub-Processor in accordance with instructions given by the Data Controller that infringe the GDPR or other applicable legislation; or any breach by the Data Controller of its obligations under the acceptance for these terms and conditions of use.
    7. All copyright, database rights, and other intellectual property rights subsisting in the Personal Data including but not limited to any updates, amendments, or adaptations to the Personal Data made by either the Data Controller or the Data Processor shall belong to the Data Controller or to any other applicable third party from whom the Data Controller has obtained the Personal Data including, but not limited to, data subjects, where applicable. The Data Processor is licensed to use such Personal Data under such rights only for the term of Decypher platform processing agreement of no longer than 4 hours for the purposes of the Services, and in accordance with the acceptance of these terms and conditions.
    8. The Data Processor shall maintain the Personal Data in confidence, and in particular, unless the Data Controller has given written consent for the Data Processor to do so, the Data Processor shall not disclose any Personal Data supplied to the Data Processor by, for, or on behalf of, the Data Controller to any third party. The Data Processor shall not process or make any use of any Personal Data supplied to it by the Data Controller otherwise than in connection with the provision of the Services to the Data Controller.
    9. The Data Processor shall delete all Personal Data within a reasonable time after the end of the provision of the processing of that Personal Data. The Data Processor is no longer required for the performance of the Data Processor’s obligations under the Service Agreement.
    10. Following the deletion of the Personal Data the Data Processor shall delete all further copies of the Personal Data that it holds.
    11. All Personal Data to be deleted or disposed of under this Agreement shall be deleted within 4 hours of the data processing request.
  6. Your acceptance of this Agreement through the acceptance of the terms and conditions (including any non-contractual matters and obligations arising therefrom or associated therewith) shall be governed by, and construed in accordance with, the laws of England and Wales.
  7. Any dispute, controversy, proceedings or claim between the Parties relating to this Agreement (including any non-contractual matters and obligations arising therefrom or associated therewith) shall fall within the jurisdiction of the courts of England and Wales.
  8. For further information please write to the Data Protection Officer, Blue Lights Digital Ltd, The Officers’ Mess Business Centre, Royston Road, Duxford, Cambridge, CB22 4QH