
Data Processing Agreement
Omniplex Learning – Data Processing Agreement
This Data Processing Agreement (the “DPA”) applies where Omniplex Learning processes Personal Data on behalf of the Customer in connection with the Services and forms part of each Agreement under which Omniplex Learning provides Services to the Customer. The Customer enters into this DPA on behalf of itself and any of its Affiliates that it permits to use the Services pursuant to the Agreement.
Some of the defined terms used in this DPA are set out below. Any defined terms used but not set out in this DPA are as set out in the Agreement.
“Agreement”
means the contract between Omniplex Learning and the Customer for the provision of the Services, comprising the Order Form, Terms and Conditions, any Additional Product Terms relevant to the specific Services which the Customer is purchasing, any other appendix and (if applicable) any Statement of Work;
“Controller”
has the meaning given in the UK GDPR;
“Data Protection Laws”
means the Data Protection Act 2018, the UK GDPR, GDPR and any relevant law implemented as a result of GDPR;
“Data Subject”
has the meaning given in the UK GDPR;
“GDPR”
means Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;
“Personal Data”
has the meaning given in the UK GDPR;
“Personal Data Breach”
has the meaning given in the UK GDPR;
“Processor”
has the meaning given in the UK GDPR;
“UK GDPR”
means the GDPR as it forms part of domestic law in the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018 (including as further amended or modified by the laws of the United Kingdom or a part of the United Kingdom from time to time);
- The Customer is the Controller and Omniplex Learning is the Processor in respect of Customer Personal Data processed under the Agreement.
- Omniplex Learning shall process Customer Personal Data only for the purpose of providing the Services and pursuant to the Customer’s instructions.
- The categories of Personal Data, Data Subjects, nature of processing and duration of processing are determined by the Services, Additional Product Terms and/or Statements of Work.
- Customer Personal Data shall be processed for the duration of the Agreement and, following termination or expiry, for such period as is reasonably necessary in accordance with Omniplex
Omniplex Learning DPA v1.0 – 02042026 2 Confidential
Learning’s standard data retention and deletion practices, unless retention is required by applicable law.
5. Customer instructs Omniplex Learning to process the Customer Personal Data in accordance with this DPA and the Agreement, and is responsible for providing all notices and obtaining all consents, licences and legal bases required to allow Omniplex Learning to process the Customer Personal Data.
6. The Customer acknowledges that Omniplex Learning is not responsible for determining the requirements of all laws applicable to the Customer’s business or that Omniplex Learning’s provision of the Services will meet the requirements of such laws. The Customer will ensure that Omniplex Learning’s processing of Customer Personal Data, when done in accordance with the Customer’s instructions, will not cause Omniplex Learning to violate any applicable law, regulation, or rule, including without limitation Data Protection Laws.
7. Omniplex Learning shall implement appropriate technical and organisational security measures in accordance with Article 32 of the UK GDPR, having regard to the nature of the Personal Data and the scope, context and purposes of the processing and the likelihood and severity of the risks to Data Subjects that are presented by the processing of such Personal Data, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed; and the state of technological development and the cost of implementing such measures.
8. The Customer authorises Omniplex Learning to appoint sub-processors subject to Omniplex Learning having entered into and maintaining a written agreement with each of its sub-processors containing data protection obligations not less protective than those in this DPA with respect to the protection of Customer Personal Data to the extent applicable to the nature of the services provided by such sub-processor. Omniplex Learning shall be liable for all acts and omissions of such sub-processors.
9. Transfers of Personal Data outside the UK and EEA shall comply with Data Protection Laws.
10. Omniplex Learning shall provide reasonable assistance to enable the Customer to comply with Data Subject rights.
11. Omniplex Learning shall notify the Customer without undue delay of any Personal Data Breach.
12. Omniplex Learning may take any steps that it (acting reasonably and in good faith) determines are necessary in order for it to comply with Data Protection Laws. This shall include notifying the ICO and any relevant supervisory authority of any circumstance that has arisen in relation to the processing of Personal Data under this DPA to the extent that Omniplex Learning (acting reasonably and in good faith) believes that this is necessary in order to comply with Data Protection Laws.
13. Omniplex Learning shall maintain records of processing and provide information reasonably requested by the Customer.
14. Upon termination or expiry of the Agreement, Omniplex Learning shall, at the Customer’s option, delete or return the Personal Data within a reasonable period following termination, in accordance with its standard data retention and deletion practices, unless retention is required by applicable law.
15. Personnel authorised to process Personal Data shall be subject to appropriate confidentiality obligations.
16. Where the parties act as independent Controllers, each shall comply with its own obligations under Data Protection Laws.
17. Each party shall provide the other with such information as such other party reasonably requests from time to time to enable such other party to satisfy itself that the party providing the information is complying with its obligations under this DPA.
18. Each party’s total aggregate liability arising out of or in connection with the Agreement and this DPA (taken together) shall not exceed the liability caps set out in the Agreement.
19. This DPA and any dispute or claim (including non‑contractual disputes or claims) arising out of or in connection with it shall be governed by and construed in accordance with the laws of England and Wales, and the courts of England and Wales shall have exclusive jurisdiction.