This Data Processing Agreement (“Agreement”) is entered into as of [September 01, 2020] between:

– Controller
– Processor: JB Media Group Ltd
– Business address: Bushfield Road, Scunthorpe, North Lincolnshire, DN16 1NA
– Contact details: info@jbmediagroup.co.uk
– Representative: Jon Robert Bulmer, Director

Each a “Party” and together the “Parties”.

1. Purpose and Scope

This Agreement governs the processing of personal data by JB Media Group Ltd on behalf of the Controller in connection with the provision of web design, development, and related services.

The Agreement ensures compliance with:
– The UK GDPR and the Data Protection Act 2018
– Where applicable, the EU GDPR
– Relevant international data protection laws for global data transfers

2. Duration

This Agreement remains in effect for as long as JB Media Group Ltd processes personal data on behalf of the Controller.

3. Nature of Processing

JB Media Group Ltd processes personal data only as necessary for:
– Website design, development, and maintenance
– WooCommerce setup and online shop functionality
– Hosting, backups, and technical support (if provided)
– Email delivery and management via Post SMTP
– Analytics, reporting, and website optimisation

4. Categories of Data Subjects

– Website visitors
– Registered users
– Customers purchasing goods/services
– Newsletter subscribers (if applicable)

5. Categories of Personal Data

– Identification data: name, username, customer ID
– Contact details: email address, phone number, billing/delivery address
– Transaction data: order history, invoices, payment status (Stripe or other gateways; no card data stored)
– Technical data: IP address, browser type, cookies, device identifiers
– Communication data: email correspondence via Post SMTP

Special Category Data: None collected intentionally.

6. Processor Obligations

– Act only on documented instructions from the Controller
– Ensure confidentiality and limit access to authorised personnel
– Implement appropriate technical and organisational measures (see Annex II)
– Assist the Controller in responding to data subject rights requests
– Notify the Controller without undue delay of any personal data breach
– Delete or return personal data at the end of service provision, unless retention is legally required
– Allow audits or inspections by the Controller

7. Sub-Processing

Approved sub-processors (see Annex III) may be used, provided they are bound by equivalent data protection obligations.

8. International Transfers

Personal data may be transferred outside the UK/EU only where:
– The recipient country has an adequacy decision; or
– The transfer is subject to UK Addendum to EU SCCs, IDTA, or EU SCCs; or
– Other legally valid transfer mechanisms are in place

9. Controller Obligations

– Provide lawful instructions to the Processor
– Ensure its collection of data on the website complies with GDPR (lawful basis, consent, transparency)

10. Liability

Each Party is liable for breaches of its own obligations under this Agreement and applicable data protection law.

11. Governing Law

This Agreement is governed by the laws of England and Wales, with disputes subject to the exclusive jurisdiction of its courts.

Annex I – Details of Processing

– Purpose: Running client’s website, handling orders, customer communication, and website functionality
– Data Subjects: Client’s website visitors, customers, subscribers
– Data Types: Names, emails, addresses, phone numbers, IP addresses, order history, transaction data
– Special Category Data: None
– Duration: As required for service provision and legal retention requirements

Annex II – Technical and Organisational Measures

– SSL encryption on websites and admin panel
– Strong password policies and role-based access controls
– Regular WordPress/plugin updates and security monitoring
– Daily backups and disaster recovery plan
– Post SMTP secured with authentication and TLS encryption
– Monitoring for unauthorised access and brute-force attempts

Annex III – Authorised Sub-Processors

– Hosting provider (if JB Media Group manages or resells hosting)
– Post SMTP & linked email provider (e.g., Gmail, Outlook, SendGrid)
– Analytics providers (e.g., Google Analytics, Matomo)
– CDN/caching services (e.g., Cloudflare, if used)

Signed by the Parties

Controller (Client): ______________________ Date: ___________
Name & Title: ____________________________

Processor: Jon Bulmer Date: 01/09/2020
Jon Robert Bulmer, Director, JB Media Group Ltd

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Data Processing Agreement (Client-Facing – JB Media Group Ltd)