Joint Controllers Arrangement

Introduction

This agreement describes the Joint Controllers relationship and responsibilities of Free Ice Cream (FIC) and Funder/Resourcer <Org Name> (F/R) for processing of personal data necessary to build and deliver the relational mapping interface. 

Relational mapping enables the funder/resourcer organisation to track and evaluate impact and distribution of the funding or resources it provides to small businesses, community enterprises and professional networks.

The purpose of relational mapping is to provide the funder/resourcer organisation with a useful set of data that shows connections, influences and impacts; visualised in an intuitive way. With this facility, the effects of funding or resources can be observed; to identify gaps and hot-spots, evaluate inclusivity and impact of funding or resources allocation, track shifts in network shape and density over time, allowing this information to be used for alignment of management planning with organisational strategy and values.

Terms:

Funder/Resourcer (F/R) – an organisation which allocates or oversees funding or resources for professional endeavours within geographical or interest-based communities.

Processing: doing anything at all with personal data

‘personal data’: as defined in Article 4 of the GDPR

Contributor: an individual associated with a business, community or charitable organisation, who provides input to the mapping process with information about their organisation’s activities and impact.

Invitee: an individual associated with a business, community or charitable organisation which has been referenced by map contributors but has not yet joined as a contributor to the map.

Named Person: an individual (associated with an organisation) who is represented on the map, but does not have access to view, manipulate or make changes to the map.


Processing activities and purposes

Purpose: Arranging and conducting mapping workshops

Processing:

<F/R> invites participants from professional community (choosing names, making contact, administration for attendance)

FIC provides digital environment and interface for participants to add data and see map results (creating accounts, accepting inputs)

Personal data:

Participants: names, role title, employer/association with organisation, professional area, contact information (email, phone)

Named persons: names, employer/associated organisation, connections with other individuals and organisations on the map.

Lawful basis: Legitimate interests

Obligations:

F/R: ensure that contact info for mapping workshop participants and details of Named Persons are obtained and used lawfully, fairly and transparently, in particular ensuring that Named Persons are provided with privacy information within 30 days of their inclusion in the map.

FIC: carry out and consult on Legitimate Interests Assessment, create and distribute privacy info

Purpose: Map and analyse connections between funding or resourcing recipients, partner organisations and other community members

Processing:

F/R: acquire data through workshops and communications with beneficiary organisations. Review and reference map for tracking and evaluation of funding or resources impact. Issue invitations for Contributors to forward on to Invitees.

FIC: mapping of relationships using proprietary algorithmic logic, and outputs results to visual interface for F/R analysis. Create accounts and manage access to map for incoming Invitees.

Personal data:

Contributors: names, contact info, organisation name, content of communications with F/R about mapping, account credentials, activity logs

Invitees: names, contact info, organisation name

Lawful basis: Legitimate interests

Obligations:

F/R: track and maintain access to map invitations, update data when notified of changes to people’s positions and organisations, use map for the benefit of professional communities. 

Provide privacy information to contributors

FIC: Keep personal data in web server, database and map application secure from unauthorised or accidental intrusion, exposure, damage/corruption. 



Purpose: Comply with data protection law, make ethical uses of professional community data

Processing:

Extract and export data in response to subject access requests

Update map data when notified of changes to people’s names or positions

Pseudonymise data subject on map if objection to processing is upheld

Delete data subject from map and prevent re-addition if rights to erasure or restriction are exercised

Signpost to privacy information 

Personal data:

Individuals’ names, organisations, nature of rights request, correspondence

Lawful basis: Legal obligation

Obligations:

Both: put suitable training and processes in place to recognise and respond to rights requests. Make privacy info visible and accessible.    

F/R: promptly forward on rights requests which require action from FIC (subject access, erasure, restriction) 

FIC: action and document responses to rights requests 

Data protection principles

Lawful processing and purpose limitation:

FIC has established the parameters for lawful processing of mapping data as described in the section above.

F/R will not exceed these parameters by using personal data acquired for the mapping process in ways which are not compatible with the purpose of the map. If there is doubt about the compatibility of re-using map inputs or outputs, the F/R is required to consult with FIC before going ahead.

Fair processing:

Neither organisation shall use mapping data in any way which is unlawfully discriminatory, harms the rights, welfare or legitimate interests of any individual, or is incompatible with the legitimate purposes of the mapping exercise.

Transparent processing:

Privacy information specific to the mapping process and purposes is provided by FIC, for F/Rs to distribute, highlight and explain to data subjects.

Any further use of mapping data by F/Rs for other purposes must be brought to the attention of data subjects by privacy information which meets the requirements of Articles 12-14 of the GDPR.

Data quality (accuracy, currency and minimisation)

FIC has incorporated data minimisation requirements into the mapping tool’s design and operations. 

F/Rs will keep their map data updated according to their preferred schedule and provide information to data subjects on how they can request updates or corrections. F/Rs will action changes to map data either by implementing the requested update, or providing instructions on how the requestor can make the change themselves.

Storage limitation:

Map data will be retained for the duration of the contract between FIC and F/R, and preserved by FIC for 3 years following the last engagement, to allow for returning F/Rs to update data, analyse changes and identify trends over time. When map data is preserved for future use, it shall be archived so that it is no longer available on the mapping server. 

F/Rs shall ensure that records relating to data protection and other compliance obligations are preserved; while redundant, irrelevant or outdated personal data is promptly removed from live maps.

Security:

FIC is responsible for the security of web server hosting, server configuration, database functions and mapping process. 

F/Rs are responsible for adhering to the mapping tool’s terms of use and data policies, and for bringing these to the attention of contributors when issuing invitations to join the map.

FIC, F/Rs and all contributors undertake to comply with data and security policies relating to the map, and to report security concerns, risks and incidents to FIC without delay.

Accountability:

The FIC and F/R shall manage their own data protection compliance documentation, but shall agree to make relevant documentation available to each other as needed to ascertain and demonstrate that this agreement is being upheld.

This includes:

  • Legitimate interests assessments

  • Risk and action logs

  • Internal policies and procedures

  • Records of rights requests

-to the extent that these documents relate to and are largely concerned with use of the mapping tool. 

FIC shall publish on the map website:

  • A master copy of this agreement

  • Privacy information 

  • Data policies

Data subject rights

To be informed:

FIC shall publish privacy information for Contributors, Invitees and Named Persons.

The F/R shall distribute the privacy information to Contributors and Invitees; and remind Contributors to notify the Named Persons they have added to the map.

Data subject access

FIC shall provide access to the personal data of Contributors, Invitees and Named Persons provided that the authenticity of request and requestor can be verified. 

Assessment of fairness and lawfulness relating to disclosure of third parties who are identified as connections to the data subject will be carried out by FIC on a case-by-case basis. 

The F/R shall pass data subject access requests on to FIC, along with any supporting evidence for verification of authenticity; without delay. 

Rectification

The F/R shall encourage Contributors to provide relevant updates for map data.

Erasure

FIC shall action applicable requests for erasure. Where the requestor is a Contributor, their name and contact details may be erased from the map, but some personal data will be retained in server access logs and correspondence to preserve audit logs for security and compliance.

The F/R shall pass erasure requests on to FIC, along with any supporting evidence for verification of authenticity, without delay. Where a valid erasure request also applies to the F/R’s own internal processing of personal data, it shall be the sole responsibility of that organisation to comply.

Restriction

FIC shall action data restriction orders by preserving a snapshot of the relevant data, then deleting that data subject’s personal data from the map. 

The F/R shall pass restriction requests on to FIC, along with any supporting evidence for verification of authenticity; without delay. Where a valid instruction for restriction also applies to the F/R’s own internal processing of personal data, it shall be the sole responsibility of that organisation to comply 

Portability

N/A, neither consent nor contract is basis for processing

Objection

Objections to processing under legitimate interests shall be made to the F/R, and passed to FIC if upheld.

The F/R shall enquire whether pseudonymisation will be satisfactory, being open about the potential for re-identification by other map users.

If pseudonymisation is sufficient, the F/R will replace the data subject’s name on the map with a reference value. 

Onward processing for marketing purposes of data that was originally acquired for mapping purposes, is incompatible with the purposes described in the Processing activities and purposes section. If F/Rs wish to use map data for other purposes, they shall a) conduct a purpose compatibility assessment and b) assume all responsibility and liability for doing so in compliance with data protection and e-privacy laws. FIC shall not be held liable for costs or work arising from processing of map data carried out by F/Rs for any other purpose than to create, maintain and administer the map itself.

Automated decision-making

N/A: no decision/judgement output, no legal effect

Controller obligations

Except as described within this agreement, both FIC and F/R are separately responsible and liable for their own discrete processing operations.