YMP

Legal

Data Protection Addendum

Last Updated: 21st March 2026

1. PARTIES

This Data Processing Addendum ("Addendum") is entered into between:

Processor:BR Media LTD, trading as Your Marketing Partners ("we", "us", "our")

and

Controller:The Customer (including clients, affiliates, or users of our services) ("you", "your")

This Addendum forms part of the agreement between the parties (the "Agreement").

2. PURPOSE

This Addendum governs the processing of Personal Data by BR Media LTD on behalf of the Customer in connection with the provision of services.

It ensures compliance with:

  • UK GDPR
  • Data Protection Act 2018
  • Applicable international data protection laws

3. DEFINITIONS

For the purposes of this Addendum:

Personal Data: Any information relating to an identifiable individual
Processing: Any operation performed on Personal Data (collection, storage, use, etc.)
Controller: The party determining purposes and means of processing (Customer)
Processor: The party processing data on behalf of the Controller (BR Media LTD)
Subprocessor: Any third party engaged by the Processor to process data
Data Subject: The individual whose data is processed
Security Incident: Any unauthorised access, disclosure, loss, or breach of Personal Data

4. ROLE OF THE PARTIES

Data Controller: The Customer

Data Processor: BR Media LTD

We will only process Personal Data:

  • On documented instructions from the Customer
  • As required to deliver services under the Agreement
  • As required by applicable law

5. NATURE OF PROCESSING

Subject Matter

Provision of marketing, advertising, consulting, and related services.

Duration

For the term of the Agreement and until data is deleted or returned.

Types of Personal Data

May include:

  • Names, emails, phone numbers
  • Business and billing information
  • Marketing and behavioural data
  • CRM and funnel data
  • Technical and device data

Categories of Data Subjects

  • Customers and leads
  • Employees or representatives of Customer
  • Website visitors and users

6. PROCESSOR OBLIGATIONS

BR Media LTD shall:

  • Process data only on documented instructions
  • Ensure confidentiality of personnel
  • Implement appropriate security measures
  • Assist the Customer in meeting legal obligations
  • Not sell or misuse Customer data
  • Notify Customer of any Security Incident

7. SUBPROCESSORS

The Customer authorises BR Media LTD to use Subprocessors, including but not limited to:

  • Cloud hosting providers
  • CRM systems (e.g. Pipedrive)
  • Communication tools (e.g. Slack)
  • Payment processors (e.g. Stripe)
  • Advertising platforms (Meta, Google, etc.)
  • Analytics and attribution tools

We will:

  • Ensure Subprocessors are contractually bound to data protection obligations
  • Remain fully liable for their actions
  • Update Subprocessors as required

8. INTERNATIONAL DATA TRANSFERS

Personal Data may be processed outside the UK.

Where this occurs, BR Media LTD ensures appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs)
  • Transfers to countries with adequacy decisions
  • Equivalent legal transfer mechanisms

9. SECURITY MEASURES

We implement appropriate technical and organisational measures, including:

  • Access controls and permissions
  • Secure cloud infrastructure
  • Encryption where appropriate
  • Monitoring and system controls

We may update security measures over time, provided protection is not materially reduced.

10. DATA SUBJECT RIGHTS

BR Media LTD shall assist the Customer in responding to requests from Data Subjects, including:

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Portability
  • Objection

Where requests are received directly, we will:

  • Forward them to the Customer
  • Not respond without authorisation (unless legally required)

11. DATA BREACHES

In the event of a Security Incident, we will:

  • Notify the Customer without undue delay
  • Provide relevant details, including: nature of the breach, data affected, likely consequences, and actions taken

We will take all reasonable steps to mitigate and prevent recurrence.

12. AUDITS & COMPLIANCE

Upon reasonable request, we will:

  • Provide information demonstrating compliance
  • Respond to reasonable security or compliance questionnaires

Audit conditions:

  • Maximum once per year
  • Conducted during business hours
  • At Customer's expense
  • Subject to confidentiality restrictions

13. DATA RETENTION & DELETION

Upon termination of the Agreement, BR Media LTD will:

  • Delete or return Personal Data upon request
  • Complete this within a reasonable timeframe (typically within 90 days)

We may retain data where legally required.

14. CONFIDENTIALITY

All Personal Data is treated as confidential.

Personnel and Subprocessors are subject to:

  • Contractual confidentiality obligations
  • Access restrictions

15. LIABILITY

This Addendum is subject to the limitations of liability set out in the Agreement.

16. GOVERNING LAW

This Addendum is governed by the laws of England and Wales, unless otherwise required by applicable data protection laws.

17. CHANGES

We may update this Addendum from time to time.

Where changes are material, we will provide notice via:

  • Website
  • Email
  • Platform notification

Continued use of services constitutes acceptance of the updated Addendum.