Last updated: 8 December 2025

MUMly DATA PROCESSING AGREEMENT (DPA) TEMPLATE
Last Updated: 8 December 2025

Registered office: 124 City Road, London EC1V 2NX
Company No: 15322962

Parties: Mumly Careers Ltd (Controller) and Vendor/Employer/Service Provider (Processor).

Purpose: fulfil bookings, deliver services, recruitment activities, tech services, payments, admin.

Subjects: parents, children, vendors, candidates, employers.

Data: name, email, phone, child’s first name/age, booking data, address, employment data, CV, billing, special category (only with explicit consent).

Processor Obligations: process only on instructions; security; confidentiality; training; breach notice within 24h; deletion/return; no marketing without consent; assist with rights; logs; UK GDPR compliance.

Sub-processors: require written permission and flow-down of obligations.

Transfers: UK safeguards (SCCs/adequacy) with approval.

Breaches: notify within 24h with details and mitigation.

Security: encryption, access control, audits, transmission security, physical controls, training, incident response.

Rights: assist with access/rectify/erase/restrict/port/objection within 48h.

Deletion: delete/return data at end; confirm within 7 days; retain only if law requires.

Audit: 7 days’ notice; provide records and proof.

Liability/Indemnity: processor liable and indemnifies Mumly for non-compliance.

Duration: runs with principal agreement; obligations survive termination.

Law: England & Wales.

Contact: support@mumly.co.uk | www.mumly.co.uk

© 2025 Mumly Group Ltd | Registered office: 124 City Road, London EC1V 2NX | support@mumly.co.uk