Data Protection Requirements

1. Status
   1. The Property Partner acknowledges that its activities will involve the Processing of Personal Data regarding Clients and/or Guests, and that (regardless of where it is established) the Property Partner shall comply with all requirements of Data Protection Legislation in relation to its Processing of such Personal Data, and be directly liable to Clients and/or Guests in respect of any breach of such requirements.
   2. The Property Partner acknowledges that SilverDoor has no obligations under Data Protection Legislation where the Client or Guest provides Personal Data to the Property Partner directly.
   3. If and to the extent that the Property Partner acts as a Data Processor on behalf of SilverDoor or the Client, it shall comply with the obligations which Data Protection Legislation requires to be set out in contracts between Data Controllers and Data Processors as if they were set out in these Data Protection Requirements in full, and shall enter into any addendum or amendment as required by SilverDoor or the Client to that effect.
2. Processing Obligations
   1. The Property Partner shall only Process the Personal Data in accordance with SilverDoor’s instructions from time to time and as strictly and required for its fulfilment of its obligations under this Agreement and shall not Process the Personal Data for any other purpose unless the Property Partner has another legal basis for such Processing as required by Data Protection Legislation.
   2. The Property Partner acknowledges and agrees that it is not permitted to use any Personal Data relating to the Client or any Guests for marketing purposes. The Property Partner shall only use such Personal Data for the purposes of fulfilling the Reservation and shall delete such data following check-out by the Guests unless required otherwise by Applicable Laws and permitted by Data Protection Legislation. Once the Guests have checked-out of the Accommodation, all further correspondence with the Client and Guests must be via SilverDoor unless SilverDoor expressly agrees otherwise.
   3. The Property Partner shall promptly comply with any request from a Client or Guest to amend, transfer or delete the Personal Data as required by Data Protection Legislation.
   4. If the Property Partner receives any complaint, notice or communication which relates to the Processing of the Personal Data or to either party's compliance with Data Protection Legislation it shall immediately notify SilverDoor and it shall provide SilverDoor with full co-operation and assistance in relation to any such complaint, notice or communication.
   5. At SilverDoor’s request, the Property Partner shall provide to SilverDoor a copy of all Personal Data held by it in the format and on the media reasonably specified by SilverDoor.
   6. The Property Partner shall promptly inform SilverDoor if any Personal Data is lost or destroyed or becomes damaged, corrupted, or unusable. The Property Partner will restore such Personal Data at its own expense.
3. Transfers
   1. Property Partner located within the Permitted Territory
      1. Where the Property Partner is located in the Permitted Territory it shall not transfer the Personal Data which is Processed under this Agreement outside the Permitted Territory to a country which is not classed as having adequate procedures under Data Protection Legislation without SilverDoor’s prior written consent.
      2. Where SilverDoor provides consent under paragraph 3.1.1, the Property Partner covenants for the benefit of SilverDoor and the Clients that it shall implement and enforce the Standard Contractual Clauses at all times in relation to the transfer and Processing of such Personal Data.
   2. Property Partner located outside of the Permitted Territory
      1. Where SilverDoor or a Client or Guest transfers Personal Data to the Property Partner and the Property Partner is located outside of the Permitted Territory, the Property Partner covenants for the benefit of SilverDoor and the Clients that it shall comply with the Standard Contractual Clauses at all times in relation to the transfer and Processing of Personal Data as if they were set out in full in these Data Protection Requirements, and execute all such documents as are required by Silverdoor or the Guest to give effect to the provisions of this clause 3.3.1.
   3. EU-US Privacy Principles
      1. The Property Partner acknowledges that it may receive Personal Data which is subject to the EU-US Privacy Shield. In such circumstances, the Property Partner covenants for the benefit of SilverDoor and the Clients that it will comply with the Privacy Shield Principles when undertaking the Processing of Personal Data.
4. Property Partner's Employees
   1. The Property Partner shall ensure that access to the Personal Data is limited to those employees who need access to the Personal Data to meet the Property Partner's obligations under these Data Protection Requirements.
   2. The Property Partner shall ensure that all employees:
      1. have undertaken training in the laws relating to handling personal data; and
      2. are aware both of the Property Partner's duties and are under contractual or statutory obligations of confidentiality regarding Personal Data.
5. Rights Of The Data Subject
   1. The Property Partner shall comply promptly and in full with any requests from a Data Subject in relation to that person’s Personal Data as required by Data Protection Legislation.
6. Rights Of SilverDoor
   1. SilverDoor is entitled, on giving at least 5 days' notice to the Property Partner, to inspect or appoint representatives to inspect all facilities, equipment, documents and electronic data relating to the processing of Personal Data by the Property Partner.
7. Warranties
   1. The Property Partner warrants that:
      1. it will Process the Personal Data in compliance with Data Protection Legislation; and
      2. it will take appropriate technical and organisational measures against the unauthorised or unlawful processing of personal data and against the accidental loss or destruction of, or damage to, personal data to ensure SilverDoor's compliance with Data Protection Legislation.
   2. The Property Partner shall notify SilverDoor immediately if it becomes aware of any unauthorised or unlawful processing, loss of, damage to or destruction of the Personal Data.
8. Indemnity
   1. The Property Partner agrees to indemnify and keep indemnified and defend at its own expense SilverDoor against all costs, claims, damages or expenses incurred by SilverDoor or for which SilverDoor may become liable due to any failure by the Property Partner or its employees or agents to comply with any of its obligations under these Data Protection Requirements.
9. Definitions
   1. For the purposes of these Data Protection Requirements:
      

      Data Controller, Data Processor, Data Subject, Personal Data and Processing	has the meanings ascribed to them in the Data Protection Legislation;
      Data Protection Legislation	(a) prior to 25 May 2018, all applicable data protection and privacy legislation, regulations and guidance including the Data Protection Act 1998 (and from 25 May 2018, Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”) and the Privacy and Electronic Communications (EC Directive) regulations and any guidance or codes of practice issued by the information commissioner from time to time (all as amended, updated or re-enacted from time to time); and (b) all applicable laws and regulations relating to the processing of personal data and privacy where the Property Partner and the Accommodation are located.
      EU Privacy Shield	the EU-US Privacy Shield Framework adopted between the European Union and the United States of America on July 12, 2016.
      Permitted Territory	the UK and the European Union and any third country which is from time to time the subject of an adequacy decision by the European Commission.
      Privacy Shield Principles	the privacy shield principles established under the EU Privacy Shield regarding the Processing of Personal Data.
      Standard Contractual Clauses	the standard contractual clauses for the transfer of personal data from the European Union to processors or controllers (as applicable) established in third countries as set out in the Annex to Commission Decision 2010/87/EU (controller-to-processor transfers) or Decision 2004/915/EC (controller-to-controller transfers).