Privacy Policy, Terms of Use and SUPPLIER DATA PROCESSING TERMS

PRIVACY AND COOKIE POLICY


Last updated: 08 May 2019

Introduction to this Policy

This website www.locksidesoftware.com ("our Site") is brought to you by Lockside Software Limited ("we","us"or "our"), a company registered in England and Wales under company number 03035590. We have our registered office address at 31a Charnham Street, Hungerford, Berkshire, RG17 0EJ and our main trading address atUnit H, Castle Industrial Park, Pear Tree Lane, Newbury RG14 2EZ. 

We take the privacy of our website users and customers ("you", or "your") very seriously. This Privacy and Cookie Policy (the "Policy") explains how we collect, store and use information about you. This Policy also explains how we use cookies.

We ask that you read this Policy carefully as it governs our use of your information and binds both you and us. If you do not agree with or accept this Policy, you should stop using our Site immediately.

We may update this Policy from time to time and post any changes to it to our site in accordance with the "Changes to this Policy"section below.

Data Protection

References in this Policy to:

  • "Data Protection Law"means: the Data Protection Act 1998 (until repealed) ("DPA"), the Data Protection Directive (95/46/EC) (until repealed) and, from 25 May 2018, the General Data Protection Regulation 2016/679 ("GDPR") or any equivalent provision which may replace the GDPR following the formal political separation of the United Kingdom from the European Union; the Regulation of Investigatory Powers Act 2000; the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (SI 2000/2699); the Electronic Communications Data Protection Directive (2002/58/EC); the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003); and all applicable laws and regulations which may be in force from time to time relating to the processing of Personal Data and privacy, including where applicable the guidance and codes of practice issued by the Information Commissioner or any other supervisory authority, and the equivalent of any of the foregoing in any relevant jurisdiction; and
  • "Personal Data", "Data Controller", "Data Processor"and "processing"shall have the meanings given to them in the DPA or, from 25 May 2018, the GDPR.
For the purposes of applicable Data Protection Law, we,Lockside SoftwareLimited, are the Data Controller and therefore we are responsible for, and control the processing of, your Personal Data in accordance with applicable Data Protection Law. "Personal Data"has a legal definition but, in brief, it refers to information from which a living person can be identified. Such information must be protected in accordance with Data Protection Law.  

Information we may collect about you

We will collect information about you when you visit our Site or do business with us (including requesting quotations and ordering products and services from us). This information may include your name, your contact details (including postal address, email address and telephone number), your payment details (i.e. relating to any payment you make to us in connection with our products and services), any other information we request from time to time to enable us to provide our Site to you and to continue to do business with you and any other information you provide to us.

We may occasionally receive information about you from other sources, including:

  • credit reference and fraud prevention agencies;
  • where you have consented for other organisations to lawfully share data with us; or 
  • where we receive data from trusted third parties to assist us in our marketing efforts.
  • We will add this data to any information we already hold about you.

Additional information may be collected through the deployment of cookies on our Site. See the "Cookies"section below for further information on our use of cookies.

Any of the information or data referred to in this paragraph (together, the"Information") may or may not constitute or include Personal Data. 

Safety of Children 

Our services are not intended for and may not permissibly be used by individuals under the age of 16.  We do not knowingly collect Personal Data from persons under 16. If it comes to our attention that we have collected Personal Data from such a person, we may delete this Information without notice. If you have reason to believe that this has occurred, please email Peter Ritchie

How long we keep your Information

We will keep your Information only for as long as we need to hold it for the purposes set out in this Policy.

However, if required we will be entitled to hold your Information for longer periods in order to comply with our legal or regulatory obligations.

Legal basis for processing your Information

From 25 May 2018, under applicable Data Protection Law we may only process your Information if we have a "legal basis"(i.e. a legally permitted reason) for doing so. We will have a legal basis for processing your Information under this Policy if:

  • you have given us your consent to process your Personal Data (see below); or
  • processing is necessary for the performance of a contract you have entered into (i.e. we need to process your Information in order to provide you with products or services), or in order to take any preliminary steps that you consider are required before you can enter into such a contract; or
  • processing is necessary to allow us to comply with our legal obligations; or
  • processing is necessary in order to protect your vital interests; or
  • processing is necessary for us to perform tasks that are of public interest or in the exercise of official authority (where applicable); or
  • processing is necessary for our legitimate interests, provided that these legitimate interests are not overridden by your fundamental rights.

Your consent to processing

If you have previously given your consent to the processing of your Information, you may freely withdraw such consent at any time. You can do this by notifying us in writing using our contact details below.

If you withdraw your consent, and if we do not have another legal basis for processing your Information (see above), then we will stop processing your Information. If we do have another legal basis for processing your Information then we may continue to do so subject to your legal rights (for which see "Your Rights"below).

Where we are unable to rely on consent, we will rely on the performance of a contract with you or compliance with our legal obligations as the basis for processing your Information, unless we consider that processing is necessary for our legitimate interests (e.g. delivery and/or improvement of our services). Marketing is considered separately below.

How we use your Information

We will use your Information for the following purposes:

  • to help us identify you and any customer account you hold with us; 
  • administration of your customer account and any products and services you order from us;
  • to assist us in complying with or enforcing any legal obligations;
  • research, statistical analysis and behavioural analysis;
  • to provide insights based on aggregated, anonymous data collected through the research and analysis referred to above;
  • fraud prevention and detection;
  • billing and order fulfilment;
  • to improve our services; and
  • marketing (see ‘Marketing’below).

Marketing 

If you have not purchased products or services from us or enquired about purchasing any of our products or services and if you have given us prior permission, then we will use the Information we hold about you to contact you by email for the purpose of letting you know about our products and services. If you prefer not to receive these communications from us, or if you no longer wish to receive them, then you can opt out at any time.

If you are an existing customer of ours, or if you have previously purchased products or services from us or enquired about purchasing any of our products or services, we may use the Information we hold about you to contact you by email to provide you with details of similar products or services to those purchased or enquired about by you. If you prefer not to receive these communications from us, or if you no longer wish to receive them, then you can opt out at any time. We have undertaken a legitimate interests assessment of our marketing practices and we have concluded that legitimate interests is an appropriate basis for those practices, as we consider that it is reasonable to assume that you would expect us to promote our products and services to you in this manner and that doing so involves relatively little intrusion into your privacy or any disproportionate impact on your fundamental rights; furthermore, because we utilise an email marketing system  which allows us to exercise a sophisticated degree of control over your marketing preferences, we do not consider that a less invasive form of processing is available to achieve the same ends. 

You have the right at any time to ask us to stop processing your Information for marketing purposes. If you wish to exercise this right, you should contact us by sending an email to Peter Ritchie     giving us enough information to identify you and deal with your request. Alternatively you can follow the unsubscribe instructions in emails you receive from us.

Sharing Information

We may share your Information with:

  • other companies within our group;
  • our suppliers, subcontractors, agents and service providers (including finance providers) who help us to provide our products and services (and we will ensure they have appropriate measures in place to protect your Information);
  • law enforcement agencies in connection with any investigation to help prevent unlawful activity; 
  • regulatory bodies, in response to any official request; and
  • if our business is sold or integrated with another business, your Information may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of the business.

Keeping your Information secure

We will use technical and organisational measures in accordance with good industry practice to safeguard your Information. However, while we will use all reasonable efforts to safeguard your Information, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any Information that is transferred from you or to you via the internet.

Monitoring

We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance, training, fraud prevention and compliance. Any information that we receive through such monitoring and communication will be added to the information we already hold about you and may also be used for any of the purposes listed in this Policy.

Information about other individuals

If you give us information on behalf of a third party, you confirm that the third party has appointed you to act on his/her/their behalf and has agreed that you can:

  • give consent on his/her/their behalf to the processing of his/her/their information;
  • receive on his/her/their behalf any data protection notices; and
  • give consent to the transfer of his/her/their information abroad (if applicable).

Overseas transfers

From time to time we may need to transfer your Information to countries outside the European Economic Area, which comprises the EU member states plus Norway, Iceland and Liechtenstein (‘EEA’). Such countries may not have similar protections in place regarding protection and use of your Information as those set out in this Policy. Therefore, if we do transfer your Information to countries outside the EEA we will take reasonable steps in accordance with applicable Data Protection Law to ensure adequate protections are in place to protect the security of your Information.

By submitting your Information to us in accordance with this Policy you consent to these transfers for the purposes specified in this Policy.

Your rights

This section sets out your legal rights in respect of any of your Personal Data that we are holding and/or processing. If you wish to exercise any of your legal rights you should put your request in writing to us (using our contact details below) giving us enough information to identify you and respond to your request.

  • You have the right (which up until 25 May 2018 may be subject to the payment of a small fee) to request information about Personal Data that we may hold and/or process about you, including: whether or not we are holding and/or processing your Personal Data; the extent of the Personal Data we are holding; and the purposes and extent of the processing.
  • You have the right to have any inaccurate information we hold about you be corrected and/or updated. If any of the Information that you have provided changes, or if you become aware of any inaccuracies in such Information, please let us know in writing giving us enough information deal with the change or correction.
  • You have the right in certain circumstances to request that we delete all Personal Data we hold about you (the 'right of erasure'). Please note that this right of erasure is not available in all circumstances, for example where we need to retain the Personal Data for legal compliance purposes. If this is the case we will let you know.
  • You have the right in certain circumstances to request that we restrict the processing of your Personal Data, for example where the Personal Data is inaccurate or where you have objected to the processing (see below).
  • You have the right to request a copy of the Personal Data we hold about you and to have it provided in a structured format suitable for you to be able to transfer it to a different data controller (the 'right to data portability'). Please note that the right to data portability is only available in some circumstances, for example where the processing is carried out by automated means. If you request the right to data portability and it is not available to you we will let you know.
  • You have the right in certain circumstances to object to processing of your Personal Data. If so, we shall stop processing your Personal Data unless we can demonstrate sufficient and compelling legitimate grounds for continuing the processing which override your own interests.
  • You have the right in certain circumstances not to be subject to a decision based solely on automated processing, for example where a computer algorithm (rather than a person) makes decisions which affect your contractual rights. Please note that this right is not available in all circumstances. If you request this right and it is not available to you we will let you know.

Complaints

If you have any concerns about how we collect or process your Information then you have the right to lodge a complaint with a supervisory authority, which for the UK is the UK Information Commissioner's Office (‘ICO’). Complaints can be submitted to the ICO through the ICO helpline by calling 0303 123 1113. Further information about reporting concerns to the ICO is available at  https://ico.org.uk/concerns/.

Cookies

When you access our Site, cookies will be used to distinguish you from other visitors to our Site. Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. The information is used to track visitor use of our Site and allows us to:

  • provide you with an enjoyable experience when you access our Site;
  • improve our Site; and 
  • compile statistical reports on visitors to our Site and  activity on our Site.  
Our software will issue cookies to your system when you access and use our Site and you will be asked to consent to this at the time (e.g. when you first visit our Site). Cookies do not affect your privacy and security since a cookie cannot read data off your system or read cookie files created by other sites. You can set your system not to accept cookies if you wish (for example by changing your browser settings so cookies are not accepted), however please note that some of the features of our Site may not function if you remove cookies from your system. 

For further general information about cookies please visit http://www.aboutcookies.org or http://www.allaboutcookies.org.

Changes to this Policy

We keep this Policy under regular review and may change it from time to time. If we change this Policy we will post the changes on our Site and place notices on our Site as applicable, so that you may be aware of the Information we collect and how we use it at all times. 

Accessibility

This Policy aims to provide you with all relevant details about how we process your Information in a concise, transparent, intelligible and easily accessible form, using clear and plain language. If you have any difficulty in reading or understanding this Policy, or if you would like this Policy in another format (for example audio, large print or braille), please get in touch with us.

Our contact details

We welcome your feedback and questions. If you wish to contact us, please send an email to Peter Ritchie or you can write to us at Lockside Software Limited, Unit H, Castle Industrial Park, Pear Tree Lane, Newbury RG14 2EZ. 

 



TERMS OF USE 
 
 
AGREED TERMS
1.     DEFINITIONS AND INTERPRETATION
The definitions and rules of interpretation in this clause apply in these Terms of Use.
"our/us/we" meansLockside Software Limited, a company registered in England and Wales under the number 03035590 whose registered office address is located at 31a Charnham Street, Hungerford, Berkshire, RG17 0EJ and whose main trading address is located at Unit H, Castle Industrial Park, Pear Tree Lane, Newbury RG14 2EZ;   
"our site" means the website located at www.locksidesoftware.com or any subsequent URL which may replace it;  
"Terms of Use" means these terms of use of our site; 
"Users" means the users of our site collectively; and
"you/your" means a user of our site.
A reference to a clause is to a clause of these Terms of Use. Clause headings and sub-headings shall not affect the interpretation of these Terms of Use. 
A reference to a particular law is a reference to it as it is in force for the time being taking account of any amendment, extension, application or re-enactment and includes any subordinate legislation for the time being in force made under it. 
Words in the singular shall include the plural and vice versa.
 
2.     INTRODUCTION
These Terms of Use govern your access to and use of our site. By accessing or using our site, you agree to be legally bound by these Terms of Use. If you do not agree to be bound by these Terms of Use, then you may not continue to access or use our site.
We have used our best endeavours to ensure that our site complies with all applicable laws of the United Kingdom. However, we make no representation that our site complies with the laws of any other jurisdiction or that any services, materials or content on our site are appropriate or available for use in any location outside the United Kingdom. If you visit our site from any location outside the United Kingdom you do so at your own risk and you are responsible for ensuring that you are acting in compliance with all applicable laws. If your access to or use of our site and/or your use of any services, materials or content on our site contravenes any applicable law in the jurisdiction from which you are accessing our site, you are not authorised to access or use our site.
 
3.     ACCESS TO OUR SITE
We will provide you with access to our site in accordance with these Terms of Use. We give no authority (whether implied or express) to deep link to or frame any of the content which appears on our site or to use a representation of our trademarks as a link button without our express agreement.
 
4.     COMMUNICATION
We consider that we have appropriate policies, rules and technical measures in place to protect any information transmitted to or from us by electronic means from improper use or disclosure, unauthorised access, unauthorised modification, unlawful destruction or accidental loss. However, we ask that you please read all the sections below to understand the risks involved in communicating and transmitting sensitive information by email.
Please note that email is not a 100% secure communications medium. In the interests of preserving confidentiality in your personal details, we strongly advise that you take this into consideration before you send us any information by email. By proceeding, you agree that you will send us information by email at your own risk.
Messages sent by email may not be secure and may be intercepted by third parties. If you disregard this warning and choose to send us confidential information, you agree that you do so at your own risk and that you will not hold us responsible for any loss that you suffer as a result.
The email address you provide to us is where we will send our response. If you have chosen to discuss your personal account details via email we will try to respond to you in the same manner. 
 
5.     USE OF OUR SITE
Your Obligations
You:
  • agree not to use our site (or any part thereof) for any illegal purpose and agree to use it in accordance with all relevant laws;
  • agree not to upload or transmit through our site without limitation, any computer viruses, macro viruses, trojan horses, worms or anything else designed to interfere with, interrupt or disrupt the normal operating procedures of a computer;
  • agree not to attempt to breach any security or privacy mechanisms associated with our site or attempt to collect information about any other person through our site;
  • will not upload or transmit through our site any material which is defamatory, offensive, or of an obscene or menacing character, or that may cause annoyance, inconvenience or needless anxiety;
  • will not use our site in a way that may cause our site to be interrupted, damaged, rendered less efficient or rendered such that the effectiveness or functionality of our site is in any way impaired;
  • will not use our site in any manner which violates or infringes the rights of any person, firm or company or the rights thereof (including, but not limited to, rights of intellectual property, rights of confidentiality or rights of privacy);
  • will not attempt any unauthorised access to any part or component of our site; and,
  • agree that in the event that you have any right, claim or action against any other User arising out of that User's use of our site, then you will pursue such right, claim or action independently of, and without recourse to us; 
  • will not impersonate any other person or entity or use a false name or a name that you are not authorised to use; and
  • agree that the security of any password issued to you rests with you and that if you know or suspect that someone else knows your password, you will contact us immediately.
 
Indemnity
You agree to be fully responsible for all claims, liability, damages, losses, costs and expenses, including legal fees on a full indemnity cost basis, suffered by us and arising out of any breach of the Terms of Use by you and for any other liabilities arising out of your use of our site, or the use by any other person accessing our site or your personal account details.
 
Our Rights
We reserve the right to:
  • modify or withdraw, temporarily or permanently, our site (or any part thereof) with or without notice to you and you confirm that we shall not be liable to you for any modification to or withdrawal of our site; and/or
  • change these Terms of Use from time to time, and your continued use of our site (or any part thereof) following such change shall be deemed to be your acceptance of such change. It is your responsibility to check regularly to determine whether the Terms of Use have been changed. If you do not agree to any change to the Terms of Use then you must immediately stop using our site. 
We will use our reasonable endeavours to maintain our site. You will not be eligible for any compensation because you cannot use any part of our site or because of a failure, suspension or withdrawal of all or part of our site. 
We reserve the right to withdraw any services from our site at any time and/or remove, screen or edit any materials or content on our site. 
We reserve the right to suspend or terminate your use of our site immediately at our reasonable discretion, or if you breach any of your obligations under these Terms of Use.
 
Third Party Links
In an attempt to provide increased value to our Users, we may provide links to other websites or resources. You acknowledge and agree that we are not responsible for the availability of such external sites or resources, and do not endorse and shall  not be responsible or liable, directly or indirectly, for the content of such websites, including (without limitation) any advertising, goods or other materials or services on or available from such websites or resources, nor for any damage, loss or offence caused or alleged to be caused by, or in connection with, the use of or reliance on any such content, goods or services available on such external sites or resources.
 
Monitoring
We have the right, but not the obligation, to monitor any activity and content associated with our site. We may investigate any reported violation of these Terms of Use or complaints and take any action that we deem appropriate (which may include, but is not limited to, issuing warnings, suspending or terminating service, denying access and/or removing any materials from our site).
 
6.     GENERAL
Intellectual Property and Right to Use
You acknowledge and agree that all copyright, trademarks and all other intellectual property rights in all material or content supplied as part of our site shall remain at all times vested in us, our suppliers or our licensors. You are permitted to use this material only as expressly authorised by us, our suppliers or our licensors.
You acknowledge and agree that the material and content contained within our site is made available for your personal non-commercial use only and that you may download such material and content onto only one computer hard drive for such purpose. Any other use of the material and content on our site is strictly prohibited. You agree not to (and agree not to assist or facilitate any third party to) copy, reproduce, modify, transmit, publish, display, distribute, commercially exploit or create derivative works of such material and content.
 
Limitation of Liability
While we will use reasonable endeavours to verify the accuracy of any information we place on our site, we make no warranties, whether express or implied in relation to its accuracy.
Commentary and other materials posted on our site are not intended to amount to advice on which reliance should be placed. We therefore disclaim all liability and responsibility arising from any reliance placed on such materials by any visitor to our site, or by anyone who may be informed of any of its contents. 
Our site is provided on an "as is" and "as available" basis without any representation or endorsement made. We make no warranties of any kind, whether express or implied, in relation to our site. To the maximum extent permitted by law, we hereby expressly exclude any and all liability arising directly or indirectly from, or in relation to, our site.
We make no warranty that our site will meet your requirements or that your use of our site will be uninterrupted, timely, secure or error-free, that defects will be corrected, or that the site or the server that makes it available are free of viruses or bugs or represents the full functionality, accuracy or reliability of the materials. We will not be responsible or liable to you for (i) any loss of content or material uploaded or transmitted through our site; or (ii) any damage to your computer system or loss of data that results from downloading or using any material or data from our site.
 
Severance
If any part of these Terms of Use shall be deemed unlawful, void or for any reason unenforceable, then that provision shall be deemed to be severable from these Terms of Use and shall not affect the validity and enforceability of any of the remaining provisions of these Terms of Use.
 
Waiver
No waiver by us shall be construed as a waiver of any preceding or succeeding breach of any provision.
 
Entire Agreement
These Terms of Use (as amended from time to time) comprise the entire agreement between you and us relating to the subject matter thereof and supersede any previous agreements, arrangements, undertakings, representations or proposals, written or oral, between you and us in relation to such matters. You confirm that you have read these Terms of Use and, you fully understand them and you also agree that these Terms of Use are the only terms that govern your relationship with us regarding the use of our site.
 
Law
The Terms of Use shall be governed by and construed in accordance with English law and you irrevocably submit to the exclusive jurisdiction of the Courts of England and Wales.
 
Handling Complaints
There may be occasions when you are unhappy with the service that we provided to you. In these cases, we will endeavour to be fair and efficient in handling any complaint you should have and to process your complaint confidentially.
If you have a complaint, please send us a letter to this address: Lockside Software Limited, Unit H, Castle Industrial Park, Pear Tree Lane, Newbury RG14 2EZ or an e-mail to this address: Peter Ritchie.
We will endeavour to provide you with a likely timescale for resolving the dispute. We will keep you informed about the progress of your complaint. We undertake to check our system regularly for handling complaints and we welcome any suggestion you may have in relation to how this system may be improved.
Thank you for visiting our site.


 
SUPPLIER DATA PROCESSING TERMS

 

1.    DEFINITIONS AND INTERPRETATION

1.1  The following terms shall have the following meanings hereunder:
Company: means Lockside SoftwareLimited.

Company Data: means the personal data disclosed to the Supplier by or on behalf of the Company and in this context "disclose" includes directly or indirectly giving the Supplier, or arranging for the Supplier to have, access to personal data in any manner and in any form or format whatsoever, including by instructing the Supplier to collect personal data directly from the Data Subject (or anyone authorised by the Data Subject to provide it). The categories of personal data are more particularly described in the Schedule. 

Controller: has the meaning given to that term in the Data Protection Legislation.

Data Protection Legislation: means (i) until the GDPR is directly applicable in the United Kingdom, the Data Protection Act 1998; (ii) once the GDPR is directly applicable in the United Kingdom, the GDPR and any national implementing laws, regulations and secondary legislation in the United Kingdom relating to the processing of personal data and the privacy of electronic communications, as amended, replaced or updated from time to time; and then (iii) any successor legislation to the GDPR or the Data Protection Act 1998. 

Data Subject: means an individual who is the subject of any of the Company Data.  The categories of Data Subject are more particularly described in the Schedule.  
GDPR: means the General Data Protection Regulation 2016/679. 

Main Agreement: means any contract entered into between the Company and the Supplier for the purchase of goods and/or services.

Processor: has the meaning given to that term in the Data Protection Legislation.

Supervisory Authority: means any relevant supervisory authority under the Data Protection Legislation.

Supplier: means any individual, firm, partnership, company or organisation or any other undertaking, which receives a purchase order from the Company pursuant to the Main Agreement. 

1.2  A reference to a particular law is a reference to it as it is in force for the time being taking account of any amendment, extension, application or re-enactment and includes any subordinate legislation for the time being in force made under it. 

 

1.3  Words in the singular include the plural and in the plural include the singular.

 

1.4  Any reference to partiesshall refer to the Company and the Supplier and party shall be interpreted accordingly.

 

1.5  Any phrase introduced by the terms including, include, in particular or any similar expression shall be construed as illustrative and shall not limit the sense of the words preceding or following those terms.

 

 

2.   PRELIMINARY INFORMATION

 

2.1  The Company and the Supplier acknowledge that, for the purposes of the Data Protection Legislation, the Company is the Controller and the Supplier is the Processor of any Company Data. 

2.2  The GDPR requires that a written agreement be entered into between a Controller and a Processor in order to allow the processing of personal data by the Processor on behalf of the Controller. For this reason, the parties have agreed to enter into a supplementary agreement to the Main Agreement pursuant to these data processing terms (this Processing Agreement). For the avoidance of doubt, this Processing Agreement is expressly incorporated into the Main Agreement.


2.3  The Schedule to this Processing Agreement sets out the scope, nature and purpose of processing by the Supplier, the duration of the processing and the types of Company Data and categories of Data Subject.


2.4  Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 2.4 is in addition to, and does not relieve, remove or replace, a party's obligations under the Data Protection Legislation.


 


 


3.
     OBLIGATIONS OF THE SUPPLIER

3.1  The Supplier shall process the Company Data subject to and in accordance with the Company’s express written instructions from time to time. 

3.2  If the Supplier considers that any instruction from the Company contravenes the Data Protection Legislation, it shall immediately notify the Company, giving reasonable details. 

3.3  In accordance with its obligations under the Data Protection Legislation, the Supplier shall implement appropriate technical and organisational measures against unauthorised or unlawful processing of the Company Data, and against accidental loss or destruction of or damage to the Company Data, to ensure compliance with the Data Protection Legislation. For the avoidance of doubt, said measures shall include, at a minimum and where appropriate, pseudonymising and encrypting the Company Data, ensuring confidentiality, integrity, availability and resilience of the Supplier’s systems and services, ensuring that availability of and access to the Company Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by the Supplier.

3.4  The Supplier shall: 

(a)    comply with its obligations as a Processor under the Data Protection Legislation in relation to the processing of personal data by it under this Processing Agreement; 

(b)    keep such records and information as are necessary to demonstrate compliance with the Data Protection Legislation in relation to the processing of personal data under this Processing Agreement by both the Supplier and the Company (so far as possible) and promptly provide them to the Company on request;  

(c)     permit the Company, any auditor appointed by the Company, or a Supervisory Authority to have access to the Supplier's premises, personnel and records, without notice, to the extent reasonably required for verifying compliance with the Data Protection Legislation and the requirements of this Processing Agreement;  

(d)    promptly take such steps as the Company requests it to take, to ensure that the measures implemented under clause 3.3 above are sufficient to ensure the Company’s compliance with the Data Protection Legislation; and 

(e)    generally assist the Company to ensure compliance with the Company’s obligations under the Data Protection Legislation in relation to the processing of the Company Data under this Processing Agreement.  

3.5  The Supplier shall promptly comply with any request from the Company requiring the Supplier to return, update or otherwise amend, transfer, delete or destroy the Company Data.  


3.6  The Supplier shall not transfer any of the Company Data outside the European Economic Area, except upon and in accordance with the express written instructions or agreement in writing of the Company. Where the Supplier has transferred any of the Company Data outside the European Economic Area on the express written instruction of the Company, the Company may require the Supplier to transfer the Company Data back to within the European Economic Area at any time in the event of a change in law which makes it unlawful for the Company Data to be processed in the jurisdiction outside the European Economic Area where it is being processed.  

3.7  If the Supplier receives any complaint, notice or communication which relates directly or indirectly to the processing of the Company Data or to either party's compliance with the Data Protection Legislation, it will immediately notify the Company and provide the Company with full co-operation and assistance.  

3.8  The Supplier agrees promptly to assist the Company in responding to any request from any Data Subject which is received by the Company or the Supplier.  

3.9  The Supplier will ensure that access to the Company Data is limited to: 

(a)    those personnel of the Supplier and its Company-approved sub-Processors who need access to the Company Data to meet the Supplier's obligations under this Processing Agreement (theSupplier Personnel); and 

(b)   in the case of any access by any Supplier Personnel, such part or parts of the Company Data as is strictly necessary for performance of that member of the Supplier Personnel's duties. 

3.10  The Supplier will ensure that all of the Supplier Personnel: 

(a)    are bound by appropriate obligations of confidentiality in respect of the Company Data; 

(b)   have undertaken training in the laws relating to processing of personal data; and 

(c)    have undergone appropriate vetting and other appropriate security checks to ensure their reliability. 

3.11  Notwithstanding any other provision of this Processing Agreement, the Supplier shall not without the Company’s prior written consent: 

(a)    sub-contract any of its obligations in relation to the processing of the Company Data or otherwise authorise any third party to Process Company Data on its behalf (except to the extent a specific third party has been approved for this purpose in writing by the Company and subject to the Supplier entering into a written agreement with the third-party processor which incorporates terms which are substantially similar to those set out in this Processing Agreement.); or  
 
(b)    assign or otherwise transfer (as applicable) its rights and obligations under this Processing Agreement. 
 
3.12  The Supplier shall promptly notify the Company in writing:

(a)   of any breach or suspected breach of any of the Supplier's obligations under clauses 3.3 to 3.6 and 3.9 to 3.10 inclusive; and

(b)  of any other unauthorised or unlawful processing of any of the Company Data; and 

(c)   of any other loss or destruction of or damage to any of the Company Data; and

(d)  such notification under this clause 3.12 as aforesaid shall contain all such information as is required for the Company to discharge its responsibilities under the Data Protection Legislation in relation to such breach or suspected breach. 

3.13  Following notification as aforesaid under clause 3.12, the Supplier shall promptly, at the Supplier's sole cost and expense: 

(a)    provide the Company with all such information and cooperation as the Company may request in connection with investigating such breach or suspected breach; and 

(b)   take such steps as the Company requires it to take to mitigate the adverse effects of any such breach or suspected breach. 

3.14  The Supplier shall indemnify and hold the Company harmless against any failure by the Supplier to fulfil any obligation of the Supplier under this Processing Agreement and also for the consequences of any such failure as aforesaid.

4.    AMENDMENTS

4.1  Any proposed amendment to this Processing Agreement shall be agreed in good faith in writing by both parties.

4.2  The provisions of clause 4.1 shall apply without limitation whether the amendment is required in order to comply with the Data Protection Legislation, applicable law, or any requirements stipulated by the Company.

 

5.    MISCELLANEOUS

5.1  No failure, delay or omission by either party in exercising any right, power or remedy provided by law or under this Processing Agreement shall operate as a waiver of that right, power or remedy, nor shall it preclude or restrict any future exercise of that or any other right or remedy. No single or partial exercise of any right, power or remedy provided by law or under this Processing Agreement shall prevent any future exercise of it or the exercise of any other right, power or remedy. 

5.2  In the event of any conflict, the terms of this Processing Agreement shall prevail over the terms of the Main Agreement.

5.3  This Processing Agreement and any dispute or claim arising out of or in connection with it, its subject matter or formation (including non-contractual disputes or claims) shall be governed by, and construed in accordance with the laws of England and Wales.

5.4  The parties irrevocably agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of, or in connection with, this Processing Agreement, its subject matter or formation (including non-contractual disputes or claims)
 
 
 
 
 
 

Schedule – Processing, Company Data and Data Subjects

A1. Processing by the Supplier

A1.1 Scope, nature and purpose of processing

The scope, nature and purpose of the processing activities required for the provision of goods and/or services by the Supplier to the Company under the Main Agreement.

A1.2 Duration of the processing

The duration of the processing corresponds to the duration of the Main Agreement.

A2. Types of Company Data

  • Identity Data including first name, last name, username or similar identifier.
  • Contact Data including billing address, delivery address, email address and telephone numbers.
  • Financial Data including bank account and payment card details.
  • Transaction Data including details about payments to and from the Data Subject.
  • Technical Data including internet protocol (IP) address, the Data Subject’s login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform.
  • Profile Data including the Data Subject’s username and password, or orders requested by the Data Subject. 
  • Usage Data including information about how the Data Subject uses the website of the Supplier. 
  • Communications Data including the Data Subject’s communication preferences.
A3. Categories of Data Subject

  • The Company’s employees (including temporary or casual workers).
  • The Company’s group companies’ employees (including temporary or casual workers).
  • The Company’s customers and potential customers.
  • The Company’s business partners.
  • The Company’s suppliers (other than the Supplier) and sub-contractors.
  • The Company’s agents.
  • Individuals identified in documents processed by the Company in providing goods to its customers.