Data Processing Addendum (DPA)
Published on 2 August, 2023 | Terms | 159 views | 5 minutes read
THE RICH CLUB – .COM.RICH
Operated by: Global Digital Identity LTD
Last updated: May 26, 2025
This Data Processing Addendum (DPA) supplements and forms an integral part of the Terms and Conditions of Use and the Privacy Policy of The Rich Club platform, operated by Global Digital Identity LTD (hereinafter "Processor" or "We"). It sets out the terms and conditions under which the Processor will process Personal Data on behalf of Users/Members (hereinafter "Controller" or "You") in the context of the services provided.
1. Definitions
For the purposes of this DPA, capitalized terms shall have the same meaning as attributed to them in the Terms and Conditions of Use and the Privacy Policy, unless otherwise defined below:
- Personal Data: Any information relating to an identified or identifiable natural person ("Data Subject").
- Data Protection Legislation: Refers to the UK GDPR (United Kingdom General Data Protection Regulation) and any other applicable data protection laws and regulations in the United Kingdom.
- Processing: Any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others,1 determines the purposes and means of the Processing of Personal Data.
- Processor: A natural or legal person, public authority, agency, or other body which processes Personal Data on2 behalf of the Controller.
2. Subject Matter of Processing
The Processor will process Personal Data provided by the Controller or collected on their behalf, as detailed in the Privacy Policy, for the provision of The Rich Club services, including, but not limited to: registration and management of .com.rich domains, website functionalities, technical support, user identity verification and authentication, and platform usage analysis.
3. Purposes and Nature of Processing
The Processing of Personal Data by the Processor will be carried out exclusively for the purposes and by the means determined by the Controller, as set forth in the platform's Terms and Conditions and Privacy Policy. The nature of the Processing includes collection, storage, organization, use, deletion, and other operations necessary for the provision of services.
4. Categories of Personal Data and Data Subjects
The categories of Personal Data Processed include, but are not limited to: full name, email address, phone number, postal address, country of residence, login credentials, IP data, browser type, operating system, approximate geolocation, cookies, and identity verification data (facial image, official documents).
The Data Subjects are the Users/Members of The Rich Club platform.
5. Processor's Obligations
The Processor agrees to:
- Process Personal Data only on documented instructions from the Controller, unless required by law. In such a case, the Processor shall inform the Controller of that legal requirement before processing, unless that law3 prohibits such information on important grounds of public interest.
- Ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are4 under an appropriate statutory obligation of confidentiality.
- Implement appropriate technical and5 organizational security measures to ensure a level of security appropriate to the risk, including,6 where appropriate, the pseudonymization and encryption of Personal Data, the ability to ensure the ongoing confidentiality,7 integrity, availability, and resilience of processing systems and services, the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident, and a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing.
- Assist the Controller in responding to requests from Data Subjects to exercise their rights under Data Protection Legislation, taking into account the nature of the Processing and the information available to the Processor.8
- Assist the Controller in9 fulfilling obligations related to the security of Personal Data, notifications of personal data breaches, and data protection impact assessments.
- Delete or return all Personal Data to the Controller upon the completion of the provision of services relating to the Processing, and delete existing copies, unless Data Protection Legislation requires10 storage of those Personal Data.
- Make available to the Controller all information necessary to demonstrate compliance with the obligations laid down11 in this DPA and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated12 by the Controller.
- Immediately inform the Controller if, in its opinion, an instruction infringes13 Data Protection Legislation.
6. Sub-processors
The Controller authorizes the Processor to engage sub-processors for the Processing of Personal Data, provided that:
- The Processor ensures that the sub-processor is subject to data protection obligations substantially similar to those set out in this DPA.
- The Processor maintains an up-to-date list of sub-processors and makes it available to the Controller upon request.
- The Processor remains fully liable to the Controller for the sub-processor's compliance with its obligations.
7. International Data Transfers
The Processor may transfer Personal Data outside the UK for Processing purposes, as detailed in the Privacy Policy. In such cases, the Processor ensures that such transfers will be carried out in compliance with Data Protection Legislation, through the implementation of appropriate transfer mechanisms, such as Standard Contractual Clauses (SCCs) approved by the ICO or other equivalent safeguards.
8. Personal Data Breach
The Processor shall notify the Controller without undue delay and, if possible, within 72 hours of becoming aware of a Personal Data breach. The notification shall include, to the extent reasonably possible, all relevant information about the breach. The Processor shall cooperate with the Controller to mitigate the effects of the breach.
9. Liability
The liability of the parties for any damages arising from or related to this DPA shall be governed by the platform's Terms and Conditions of Use.
10. Duration and Termination
This DPA shall enter into force on the date of its acceptance by the User/Member and shall remain in effect as long as the Processor continues to process Personal Data on behalf of the Controller. In case of termination of the Terms and Conditions, this DPA shall automatically terminate, and Processing obligations shall cease, subject to applicable data retention provisions.
11. Governing Law and Jurisdiction
This DPA shall be governed by and construed in accordance with the laws of England and Wales. The parties agree that the courts of14 London, United Kingdom, shall have exclusive jurisdiction over any disputes arising out of or relating to this DPA.
12. Contact
For any questions or additional information related to this Data Processing Addendum, please contact us:
Global Digital Identity LTD
71–75 Shelton Street, Covent Garden, London, WC2H 9JQ – United Kingdom
Company Registration Number: 16339013