Scannable
Start free

Legal

UK Data Processing Agreement

This page summarises how IDP Solutions Pty Ltd (trading as Scannable) supports UK business customers who need a contractual transfer mechanism under the UK GDPR. It is not a substitute for a countersigned agreement.

See also the international privacy section and subprocessors list.

Who this is for

UK organisations that use Scannable as a processor for QR content, scan telemetry, and related tenant data, and that need documented safeguards for transfers to Australia (where the UK has not issued an adequacy decision).

What we offer

A Data Processing Agreement (DPA) incorporating the UK International Data Transfer Agreement (IDTA) published by the Information Commissioner's Office. Under that agreement:

  • You (Customer) are the data exporter in the United Kingdom.
  • IDP Solutions Pty Ltd is the data importer in Australia.
  • Processing follows your portal configuration and documented instructions; we do not use Customer scan data for our own marketing.

The DPA includes UK GDPR Article 28 processor terms (security, subprocessors, assistance with data subject requests and breaches, deletion on termination, and reasonable audit cooperation). Subprocessors are listed in our privacy policy.

Data covered

Typical categories transferred under the DPA include:

  • Account users: name, email, role identifiers
  • Scan events: timestamp, IP-derived coarse location, user agent, referrer, QR and tenant identifiers
  • Customer content: destination URLs, labels, uploaded logos (may include personal data if you choose)
  • Support correspondence

Special category or criminal offence data is not intended; customers must not configure such data without written agreement.

Security and hosting

Tenant data and scan logs are stored in Australia (Sydney region). Scan requests may be served from a global edge network for performance; this does not mean data is UK-hosted. We use encryption in transit (TLS), encryption at rest, role-based access, and MFA for production systems.

We maintain a transfer risk assessment for the categories described in the DPA, including onward transfers to US subprocessors disclosed on our subprocessors page.

Request a countersigned copy

Email info@idpsolutions.com.au with your UK legal entity name, signatory details, and billing contact. We will send the current DPA and IDTA schedule for execution. Allow a few business days for review and countersignature.

This overview is general information, not legal advice. Your organisation should obtain independent advice where required.