ClarifiedBy International Data Transfer Agreement (IDTA) Framework

PART B - International Data Transfer Agreement (IDTA) Framework

This Part B applies only where the Client is established in a Third Country that does not have a recognised adequacy decision under Data Protection Legislation. It incorporates the ICO-approved International Data Transfer Agreement (IDTA) issued under s.119A(1) Data Protection Act 2018.

The IDTA issued by the Information Commissioner provides Appropriate Safeguards for Restricted Transfers when entered into as a legally binding contract. The parties agree to be bound by the IDTA Mandatory Clauses (Part 4 of the ICO Approved IDTA) as they apply to their respective roles.

IDTA tables (to be completed by the parties where applicable)

The parties shall complete the following tables when the IDTA applies:

• Table 1: Parties and key contacts
• Table 2: Transfer details (including roles as Controller/Processor, applicable law, and review dates)
• Table 3: Transferred data (categories of data subjects, types of personal data, and frequency of transfer)
• Table 4: Security requirements

The parties may also agree Extra Protection Clauses (Part 2) and Commercial Clauses (Part 3) where additional protections are required.

Key IDTA obligations

The following summarises the key obligations under the IDTA Mandatory Clauses. The full Mandatory Clauses apply in their entirety:

Exporter obligations 

The Exporter (Diligencia) must comply with UK Data Protection Laws in transferring data to the Importer, carry out reasonable checks on the Importer's ability to comply, and co-operate with the Importer in passing notices and information to and from Data Subjects.

Importer obligations

The Importer must:

a) only process transferred data for the agreed Permitted Purpose;

b) keep written records of processing activities;

c) comply with key data protection principles (adequacy, accuracy, storage limitation) if acting as Controller;

d) promptly notify the Exporter of any personal data breach and take remedial steps;

e) only transfer data on to third parties in compliance with the IDTA's requirements; and

f) remain fully liable for processing by sub-processors it authorises.

Data subject rights

Data Subjects have rights to: a copy of the IDTA; information about the Importer's processing; access, rectification, erasure and objection rights; and the right to bring claims against either party for IDTA breaches.

Breach and termination

If a breach causes a Significant Harmful Impact, the affected party must act without undue delay to end the impact. If the breach cannot be corrected, the Exporter may terminate the IDTA. On termination, the Importer must delete or return all transferred data unless required by local law to retain it.

Liability

Each party is fully liable to Data Subjects for the entire damage caused by its own breach of the IDTA. If one party has paid compensation, it may seek contribution from the other party in proportion to its responsibility.

 For the avoidance of doubt, Diligencia's liability under this IDTA shall be strictly limited to the aggregate liability cap described in The ClarifiedBy Platform Subscription Terms.  

Governing law and dispute resolution

The IDTA is governed by the law of England and Wales (unless the parties select a different UK country in Table 2). Disputes may be referred to the courts or, at the election of any party or Data Subject, to final arbitration under the Rules of the London Court of International Arbitration. The arbitrator must be a UK-qualified lawyer experienced in UK data protection law. London is the seat of arbitration and the English language applies.

The ICO may request copies of the IDTA, any Transfer Risk Assessment, and Importer Information from either party at any time.

The full ICO Approved IDTA Mandatory Clauses (Part 4) are incorporated into these Data Protection Terms by reference and form a binding part of the agreement between the parties where the IDTA applies. A copy of the Approved IDTA is available from the ICO website at ico.org.uk.

 These IDTA Terms may be updated from time to time in accordance with the ClarifiedBy Platform Subscription Terms.