credit control and debt collection enquiry
CreditXS commercial debt collection service

Personal Data Processing Agreement

1. This document ("the Agreement") forms the terms and conditions governing the processing of personal data by My Credit Controllers Ltd (‘We’, ‘Us’, ‘The Processor’) provided by You, (‘the client’, ‘the Controller’). Please read this Agreement carefully and make sure that you understand the content, before ordering any services from us.

2. The Controller wishes to engage the services of the Processor to process personal data on its behalf for the purposes of debt collection and credit control and/or bookkeeping services.

3. In consideration of the Controller engaging the services of the Processor the Processor shall comply with the security, confidentiality and other obligations imposed on it under this Agreement.

4. Nothing within this agreement relieves the Processor of its own direct responsibilities and liabilities under the GDPR


5. The Processor will assist the Controller in providing subject access and allowing data subjects to exercise their rights under the GDPR.

6. The Processor will assist the Controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments.

7. The Processor agrees to provide the Controller with information needed to ensure that they are both meeting their obligations under GDPR.

8. The Processor shall only carry out those actions in respect of the personal data processed on behalf of the Controller as are expressly authorised by the Controller, (unless required by law to act without such instructions).

9. The Processor shall take reasonable technical and organisational measures against unauthorised or unlawful processing of such data and information and against accidental loss or destruction of, or damage to, such data and information as are reasonably appropriate.


10. The Processor agrees that it shall maintain the personal data processed by the Processor on behalf of the Controller in confidence.

11. The Processor agrees that, save with the prior consent of the Controller, it shall not disclose any personal data supplied to the Processor by, for, or on behalf of, the Controller to any third party.

12. Where the service is delivered via an online platform, the Controller grants the Processor consent to disclose personal data to its appointed third party software development subcontractor for the maintenance and improvement of the online system provided that such subcontract is subject to a written agreement which imposes the same obligations in relation to the security of the processing on the sub-contractor as are imposed on the Processor under this Agreement.

13. The Processor will ensure that employees processing the data are subject to a duty of confidence.

14. The Processor shall not make any use of any personal data supplied to it by the Controller other than in connection with the provision of services to the Controller.


15. The Processor shall not sub-contract any of its rights or obligations under this Agreement without the prior written consent of the Controller.

16. Where the Processor, with the consent of the Controller, sub-contracts its obligations under this agreement it shall do so only by way of a written agreement with the Sub-Contractor which imposes the same obligations in relation to the security of the processing on the Sub-Contractor as are imposed on the Processor under this Agreement.

17. For the avoidance of doubt, where the Sub-Contractor fails to fulfil its obligations under any subprocessing agreement, the Processor shall remain fully liable to the Controller for the fulfilment of its obligations under this Agreement.


18. This Agreement shall continue in full force and effect for so long as the Processor is processing personal data on behalf of the Controller.

19. The Processor will delete all personal data as requested by the Controller at the end of the contract.


20. This Agreement shall be governed by English law and the parties submit to the exclusive jurisdiction of the English courts.

21. Nothing in this agreement shall prevent either party from complying with any legal obligation imposed by a regulator or court.

Version 1.0
Updated 03.06.2018