Back to WiseMove Connect
Legal Document

Data Processing Addendum (DPA)

Last Updated: March 2026
Version 1.0

This Data Processing Addendum (“DPA”) forms part of the agreement between WiseMove Connect (“we”, “us”, “our”) and any partner, introducer, or service provider (“you”, “your”) who processes personal data supplied by WiseMove Connect.

This DPA ensures compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Definitions

  • Data Controller — the organisation that determines the purpose and means of processing personal data.
  • Data Processor — the organisation that processes personal data on behalf of the controller.
  • Personal Data — any information relating to an identifiable individual.
  • Processing — any operation performed on personal data (collection, storage, sharing, deletion, etc.).
  • UK GDPR — the UK General Data Protection Regulation.

WiseMove Connect acts as the Data Controller. Partners and service providers act as Data Processors. Introducers act as independent controllers, as they do not process customer data.

2. Subject Matter of Processing

WiseMove Connect shares personal data with partners solely for:

  • Contacting customers
  • Delivering services
  • Providing quotes
  • Managing introductions
  • Updating outcomes (Won / Lost / Not Suitable)
  • Managing invoicing and commissions

Partners must only process data for these purposes and for no other reason.

3. Duration of Processing

Processing continues for as long as:

  • The partner relationship is active, or
  • The data is required for legal or accounting purposes

Customer enquiry data is retained for 12 months unless required longer for legal reasons. Invoice data is retained for 6 years (HMRC requirement).

4. Nature and Purpose of Processing

Partners may process:

  • Customer contact details
  • Enquiry details
  • Postcodes
  • Service category
  • Outcome status

Processing is strictly limited to:

  • Contacting the customer
  • Delivering the requested service
  • Updating WiseMove Connect on outcomes
  • Managing invoicing and payments

Partners must not use the data for marketing unless they obtain their own lawful basis.

5. Types of Personal Data Shared

WiseMove Connect may share:

  • Name
  • Email address
  • Phone number
  • Postcode
  • Service category
  • Enquiry description
  • Any additional information voluntarily provided by the customer

No special category data is intentionally collected.

6. Obligations of the Partner (Data Processor)

Partners must:

  • Process data only on documented instructions from WiseMove Connect
  • Keep data confidential
  • Implement appropriate technical and organisational security measures
  • Notify WiseMove Connect of any data breach within 48 hours
  • Assist with data subject rights requests
  • Delete or return data when no longer required
  • Not subcontract processing without written permission
  • Not transfer data outside the UK without adequate safeguards

Partners must not:

  • Sell data
  • Share data with third parties
  • Use data for unrelated purposes
  • Store data longer than necessary

7. Security Measures

Partners must implement:

  • Secure storage (encrypted devices or secure CRM)
  • Access controls
  • Password protection
  • Antivirus and malware protection
  • Secure communication channels

WiseMove Connect implements:

  • SSL encryption
  • Secure hosting
  • Access controls
  • Audit logs
  • Delivery and routing logs
  • Error monitoring

8. Data Breach Notification

If a partner becomes aware of a personal data breach, they must:

  • Notify WiseMove Connect within 48 hours
  • Provide details of the breach
  • Provide mitigation steps
  • Cooperate with any investigation

WiseMove Connect will handle regulatory notifications if required.

9. Sub Processors

Partners must not appoint subprocessors without written approval from WiseMove Connect. If approved, partners must ensure subprocessors comply with this DPA.

10. International Transfers

Partners must not transfer personal data outside the UK unless:

  • The destination country has an adequacy decision, or
  • Standard Contractual Clauses (SCCs) + UK Addendum are in place

WiseMove Connect uses compliant providers such as Google, Meta, LinkedIn, TikTok, and others.

11. Data Subject Rights

Partners must assist WiseMove Connect in responding to:

  • Access requests
  • Correction requests
  • Deletion requests
  • Objections
  • Restriction requests

Partners must not respond directly unless authorised.

12. Return or Deletion of Data

Upon termination of the relationship, partners must:

  • Delete all customer data, or
  • Return it securely to WiseMove Connect

Invoice data may be retained for legal reasons.

13. Liability

Each party is responsible for its own compliance with UK GDPR. Partners are liable for breaches caused by their own actions or negligence.

14. Governing Law

This DPA is governed by the laws of England and Wales. Any disputes will be handled exclusively by the courts of England and Wales.

15. Contact

For data protection matters:

WiseMove Connect
Stone, Staffordshire, United Kingdom
Email: hello@wisemoveconnect.com

Questions regarding this document should be directed to hello@wisemoveconnect.com