JOINT PROCESSING ARRANGEMENT
PARENT VERIFICATION SERVICE
1.1 This Joint Processing Arrangement determines and allocates the responsibilities between you and us as required by Article 26 GDPR with regard to the Parent Verification Processing and is incorporated into the KWS Service Specific Terms for Parent Verification.
1.2 Terms defined in this Joint Processing Arrangement have the meanings given to them in the KWS General Terms and the KWS Service Specific Terms (as applicable).
2. SUPERAWESOME RESPONSIBILITIES
Except as specified in clauses 3 and 4 of this Joint Processing Arrangement, as between you and us, SuperAwesome assumes responsibility for compliance with the applicable obligations under the GDPR for the Parent Verification Processing undertaken by it. In particular:
2.1 SuperAwesome shall ensure it has a legal basis for the Parent Verification Processing undertaken by it;
2.2 SuperAwesome shall make the essence of the Joint Processing Arrangement available to data subjects (Article 26(2) GDPR) – we currently do this via our Privacy Notice (as updated from time to time), which we link to in the email we send to parents and guardians (where SuperAwesome sends the email) for the purposes of validating the email address and requesting that the parent or guardian verifies their identity and throughout the verification process;
2.3 SuperAwesome shall act as the primary contact point for data subjects to exercise their rights under Chapter III GDPR (e.g. right to access, delete etc.) for personal data processed by it as part of the Parent Verification Processing; and
2.4 SuperAwesome shall implement appropriate technical and organisational measures designed to ensure the security of our products and services during the Parent Verification Processing in accordance with Articles 5(1)(f) and 32 GDPR.
3. CUSTOMER RESPONSIBILITIES
3.1 You should include in your privacy notice information similar to that set out in our Privacy Notice under the heading ‘Parent Verification’ set out in the ‘What is Kids Web Services?’ section, and make your privacy notice available to your users when collecting personal data to initiate the Parent Verification Processing.
3.2 You must not share with, or transmit to, us personal data collected prior to the Parent Verification Processing without a valid legal basis or if the data subject objects before you do so. You must also ensure you have a legal basis for the Parent Verification Processing undertaken by you.
3.3 If you receive any request from a data subject under Chapter III GDPR with respect to the Parent Verification Processing, you must forward all relevant information to us at email@example.com quickly (no more than 7 calendar days from first receipt) so that we can comply with it (except in the limited cases where you hold the relevant personal data in which case you must comply with it yourself).
3.4 You must forward us any correspondence regarding a dispute or complaint brought by a data subject or you receive from a supervisory authority with regard to the Parent Verification Processing at firstname.lastname@example.org quickly (no more than 7 calendar days from first receipt).
3.5 You must cooperate with, and provide reasonable assistance to, us as we reasonably request in connection with the Parent Verification Processing (e.g. to enable us comply with data subject requests or engage with supervisory authorities).
3.6 You shall implement appropriate technical and organisational measures designed to ensure the security of the processing by you in accordance with Articles 5(1)(f) and 32 GDPR. This includes (i) ensuring appropriate security for activities undertaken by you (for example, if you send an email with a verification link to a parent); (ii) ensuring that our products and services are properly integrated and configured to your systems and you agree, in particular, to follow the available documentation regarding the correct technical implementation of our products and services into your App and their configuration; and (iii) notifying us at email@example.com if you become aware of any vulnerability, defect or failure in the technical and organisational security measures we implement in connection with the Parent Verification Processing.
3.7 You must not, subsequent to the Parent Verification Processing, process personal data transmitted to you as part of the Parent Verification Processing without complying with the GDPR.
4. PERSONAL DATA BREACH
If you or us suffer a personal data breach concerning the Parent Verification Processing:
4.1 we are responsible for compliance with the notification and other obligations under Articles 33 and 34 GDPR insofar as it concerns our processing activities as part of the Parent Verification Processing; and
4.2 you are responsible for compliance with the notification and other obligations under Articles 33 and 34 GDPR insofar as it concerns your processing activities as part of the Parent Verification Processing.
5.1 Each party is individually responsible for all other aspects of compliance with its obligations under the GDPR regarding the Parent Verification Processing which are not specifically allocated above.
5.2 As part of the Parent Verification Processing, we transfer personal data to you at your location so that you can provide your relevant product or services to your users.
5.3 SuperAwesome’s UK establishment is the main establishment of the Parent Verification Processing for the purposes of the UK GDPR.
Last updated: 31 August 2021