Commercial: Data Processing

UK GDPR requires that the scope, nature and purpose of processing by the Processor, the duration of the processing and the types of Personal Data and categories of Data Subject are detailed before any processing can commence.

Unless agreed in writing elsewhere between the Processor and Controller, the below table sets out these details:

Purpose / Activity
Lawful basis for processing including basis legitimate interest

Subject matter and nature of the Processing

The subject matter of the Processing is communications with the Controller’s customers, suppliers, staff, etc in the support of business operations.

The nature of the Processing is sending letters, electronic communications or any other service described within the service agreement between the Parties to the Controller’s customers, suppliers, staff, etc as required by the Controller.

Purpose of Processing

The purpose of the Processing is to provide the agreed/contracted service to the Controller.

Duration of the Processing

For so long as is required to deliver the agreed/contracted service and a valid Data Processing Agreement remains in effect.

Categories of Data Subjects

The Personal Data to be processed concern the following data subjects:

Employees of the Controller

Customers of the Controller

Parent, carer and advocates of customer of the Controller

Suppliers of the Controller

Type of Personal Data

The Personal Data to be processed include some or all of the following types of data:



Date of Birth

Identification numbers

Email Address

Phone numbers (mobile or other)

Bank Details

Vehicle Registration Numbers


Taxation documents

Financial status

Special categories of data

The personal data to be processed concern the following special categories of personal data:



Controller, Processor, Data Subject, Personal Data, Personal Data Breach and Processing, all have the meanings given to them in the Data Protection Legislation.

Confidential Information any information or combination of information that contains details about an organisation or an individual person that was provided in an expectation of confidence. This includes for example, non-personal corporate or technical information that is commercially sensitive, drafts of documents that are not ready for publication, restricted information and documents, etc. as well as personal data.

Customer Data any Personal Data (including special category Personal Data) and Confidential Information processed by the Processor on behalf of the Controller or in connection with, the provision of the contracted service. This includes all information supplied to the Processor by the Controller and any additional information that the

Processor obtains during the term of the contract and shall apply equally to original Customer Data and all back-up and/or copies printed out but excludes any Personal Data to the extent that a specific contracted service requires the Processor to process such Personal Data as a controller.

Data Protection Legislation all applicable data protection and privacy legislation in force from time to time in the UK including the UK GDPR; the Data Protection Act 2018 (DPA 2018) (and regulations made thereunder) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including, without limitation, the privacy of electronic communications).

UK GDPR has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the DPA 2018.

Get in touch

Whatever your interest is, make it ours

Call 01823 652360 or message us

and see how Synertec delivers Complete Document Control

Scroll to Top