PRIVACY POLICY
Interpretation
Definitions:
Automated Decision-Making (ADM): when a decision is made which is based solely on Automated Processing (including profiling) which produces legal effects or significantly affects an individual. The GDPR prohibits Automated Decision-Making (unless certain conditions are met) but not Automated Processing.
Automated Processing: any form of automated processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. Profiling is an example of Automated Processing.
Company name: Renoba Limited.
Company Personnel: all employees, workers contractors, agency workers, consultants, directors, members and others.
Consent: agreement which must be freely given, specific, informed and be an unambiguous indication of the Data Subject’s wishes by which they, by a statement or by a clear positive action, signifies agreement to the Processing of Personal Data relating to them.
Data Controller: the person or organisation that determines when, why and how to process Personal Data. It is responsible for establishing practices and policies in line with the GDPR. We are the Data Controller of all Personal Data relating to our Company Personnel and Personal Data used in our business for our own commercial purposes.
Data Subject: a living, identified or identifiable individual about whom we hold Personal Data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data.
Data Privacy Impact Assessment (DPIA): tools and assessments used to identify and reduce risks of a data processing activity. DPIA can be carried out as part of Privacy by Design and should be conducted for all major system or business change programs involving the Processing of Personal Data.
Data Protection Officer (DPO): the person required to be appointed in specific circumstances under the GDPR. Where a mandatory DPO has not been appointed, this term means a data protection manager or other voluntary appointment of a DPO or refers to the Company data privacy team with responsibility for data protection compliance.
EEA: the 28 countries in the EU, and Iceland, Liechtenstein and Norway.
Explicit Consent: consent which requires a very clear and specific statement (that is, not just action).
General Data Protection Regulation (GDPR): the General Data Protection Regulation ((EU) 2016/679). Personal Data is subject to the legal safeguards specified in the GDPR.
Personal Data: any information identifying a Data Subject or information relating to a Data Subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data includes Sensitive Personal Data and Pseudonymised Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour.
Personal Data Breach: any act or omission that compromises the security, confidentiality, integrity or availability of Personal Data or the physical, technical, administrative or organisational safeguards that we or our third-party service providers put in place to protect it. The loss, or unauthorised access, disclosure or acquisition, of Personal Data is a Personal Data Breach.
Privacy by Design: implementing appropriate technical and organisational measures in an effective manner to ensure compliance with the GDPR.
Privacy Notices (also referred to as Fair Processing Notices) or Privacy Policies: separate notices setting out information that may be provided to Data Subjects when the Company collects information about them. These notices may take the form of general privacy statements applicable to a specific group of individuals (for example, employee privacy notices or the website privacy policy) or they may be stand-alone, one time privacy statements covering Processing related to a specific purpose.
Processing or Process: any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.
Pseudonymisation or Pseudonymised: replacing information that directly or indirectly identifies an individual with one or more artificial identifiers or pseudonyms so that the person, to whom the data relates, cannot be identified without the use of additional information which is meant to be kept separately and secure.
Related Policies: the Company’s policies, operating procedures or processes related to this Privacy Standard and designed to protect Personal Data set out in this staff handbook.
Sensitive Personal Data: information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data, and Personal Data relating to criminal offences and convictions.
1. Introduction
1.1 This Privacy Standard sets out how Renoba Limited (“we”, “our”, “us”, “the Company”) handle the Personal Data of our customers, suppliers, employees, workers and other third parties.
1.2 This Privacy Standard applies to all Personal Data we Process regardless of the media on which that data is stored or whether it relates to past or present employees, workers, customers, clients or supplier contacts, shareholders, website users or any other Data Subject.
1.3 This Privacy Standard applies to all Company Personnel (“you”, “your”). You must read, understand and comply with this Privacy Standard when Processing Personal Data on our behalf and attend training on its requirements. This Privacy Standard sets out what we expect from you in order for the Company to comply with applicable law. Your compliance with this Privacy Standard is mandatory. Related Policies and Privacy Guidelines are available to help you interpret and act in accordance with this Privacy Standard. You must also comply with all such Related Policies and Privacy Guidelines. Any breach of this Privacy Standard may result in disciplinary action.
1.4 This Privacy Standard (together with Related Policies and Privacy Guidelines) is an internal document and cannot be shared with third parties, clients or regulators without prior authorisation from the DPO.
2. Scope
2.1 We recognise that the correct and lawful treatment of Personal Data will maintain confidence in the organisation and will provide for successful business operations. Protecting the confidentiality and integrity of Personal Data is a critical responsibility that we take seriously at all times. The Company is exposed to potential fines of up to EUR20 million (approximately £18 million) or 4% of total worldwide annual turnover, whichever is higher and depending on the breach, for failure to comply with the provisions of the GDPR.
2.2 All partners, managers and heads of departments are responsible for ensuring all Company Personnel comply with this Privacy Standard and need to implement appropriate practices, processes, controls and training to ensure such compliance.
2.3 The DPO is responsible for overseeing this Privacy Standard and, as applicable, developing Related Policies and Privacy Guidelines. That post is held by Peter Johnston.
2.4 Please contact the DPO with any questions about the operation of this Privacy Standard or the GDPR or if you have any concerns that this Privacy Standard is not being or has not been followed. In particular, you must always contact the DPO in the following circumstances:
(a) if you are unsure of the lawful basis which you are relying on to process Personal Data (including the legitimate interests used by the Company);
(b) if you need to rely on Consent and/or need to capture Explicit Consent;
(c) if you need to draft Privacy Notices or Fair Processing Notices;
(d) if you are unsure about the retention period for the Personal Data being Processed
(e) if you are unsure about what security or other measures you need to implement to protect Personal Data;
(f) if there has been a Personal Data Breach;
(g) if you are unsure on what basis to transfer Personal Data outside the EEA;
(h) if you need any assistance dealing with any rights invoked by a Data Subject;
(i) whenever you are engaging in a significant new, or change in, Processing activity which is likely to require a DPIA or plan to use Personal Data for purposes others than what it was collected for;
(j) if you plan to undertake any activities involving Automated Processing including profiling or Automated Decision-Making;
(k) if you need help complying with applicable law when carrying out direct marketing activities; or
(l) if you need help with any contracts or other areas in relation to sharing Personal Data with third parties (including our vendors).
3. Personal Data Protection Principles
3.1 We adhere to the principles relating to Processing of Personal Data set out in the GDPR which require Personal Data to be:
(a) processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency).
(b) collected only for specified, explicit and legitimate purposes (Purpose Limitation).
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed (Data Minimisation).
(d) accurate and where necessary kept up to date (Accuracy).
(e) not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is Processed (Storage Limitation).
(f) processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful Processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality).
(g) not transferred to another country without appropriate safeguards being in place (Transfer Limitation).
(h) made available to Data Subjects and Data Subjects allowed to exercise certain rights in relation to their Personal Data (Data Subject’s Rights and Requests).
3.2 We are responsible for and must be able to demonstrate compliance with the data protection principles listed above (Accountability).
4. Lawfulness, fairness + transparency
4.1 Lawfulness and fairness
4.1.2 Personal data must be Processed lawfully, fairly and in a transparent manner in relation to the Data Subject.
4.1.3 You may only collect, Process and share Personal Data fairly and lawfully and for specified purposes. The GDPR restricts our actions regarding Personal Data to specified lawful purposes. These restrictions are not intended to prevent Processing, but ensure that we Process Personal Data fairly and without adversely affecting the Data Subject.
4.1.4 The GDPR allows Processing for specific purposes, some of which are set out below:
(a) the Data Subject has given his or her Consent;
(b) the Processing is necessary for the performance of a contract with the Data Subject;
(c) to meet our legal compliance obligations;
(d) to protect the Data Subject’s vital interests; or
(e) to pursue our legitimate interests for purposes where they are not overridden because the Processing prejudices the interests or fundamental rights and freedoms of Data Subjects. The purposes for which we process Personal Data for legitimate interests need to be set out in applicable Privacy Notices.
4.1.5 You must identify and document the legal ground being relied on for each Processing activity.
4.2 Consent
4.2.1 A Data Controller must only process Personal Data on the basis of one or more of the lawful bases set out in the GDPR, which include Consent.
4.2.2 A Data Subject consents to Processing of their Personal Data if they indicate agreement clearly either by a statement or positive action to the Processing. Consent requires affirmative action so silence, pre-ticked boxes or inactivity are unlikely to be sufficient. If Consent is given in a document which deals with other matters, then the Consent must be kept separate from those other matters.
4.2.3 Data Subjects must be easily able to withdraw Consent to Processing at any time and withdrawal must be promptly honoured. Consent may need to be refreshed if you intend to Process Personal Data for a different and incompatible purpose which was not disclosed when the Data Subject first consented.
4.2.4 Unless we can rely on another legal basis of Processing, Explicit Consent is usually required for Processing Special Categories of Personal Data and Criminal Convictions Data, for Automated Decision-Making and for cross border data transfers. Usually we will be relying on another legal basis (and not require Explicit Consent) to Process most types of Special Categories of Personal Data and Criminal Convictions Data. Where Explicit Consent is required, you must issue a Privacy Notice to the Data Subject to capture Explicit Consent.
4.2.5 You will need to evidence Consent captured and keep records of all Consents in accordance with Related Policies and Privacy Guidelines so that the Company can demonstrate compliance with Consent requirements.
4.3 Transparency (notifying data subjects)
4.3.1 The GDPR requires Data Controllers to provide detailed, specific information to Data Subjects depending on whether the information was collected directly from Data Subjects or from elsewhere. Such information must be provided through appropriate Privacy Notices which must be concise, transparent, intelligible, easily accessible, and in clear and plain language so that a Data Subject can easily understand them.
4.3.2 Whenever we collect Personal Data directly from Data Subjects, including for human resources or employment purposes, we must provide the Data Subject with all the information required by the GDPR including the identity of the Controller and DPO, how and why we will use, Process, disclose, protect and retain that Personal Data through a Privacy Notice which must be presented when the Data Subject first provides the Personal Data.
4.3.3 When Personal Data is collected indirectly (for example, from a third party or publicly available source), you must provide the Data Subject with all the information required by the GDPR as soon as possible after collecting/receiving the data. You must also check that the Personal Data was collected by the third party in accordance with the GDPR and on a basis which contemplates our proposed Processing of that Personal Data.
5. Purpose Limitation
5.1 Personal Data must be collected only for specified, explicit and legitimate purposes. It must not be further Processed in any manner incompatible with those purposes.
5.2 You cannot use Personal Data for new, different or incompatible purposes from that disclosed when it was first obtained unless you have informed the Data Subject of the new purposes and they have Consented where necessary.
6. Data Minimisation
6.1 Personal Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed.
6.2 You may only Process Personal Data when performing your job duties requires it. You cannot Process Personal Data for any reason unrelated to your job duties.
6.3 You may only collect Personal Data that you require for your job duties: do not collect excessive data. Ensure any Personal Data collected is adequate and relevant for the intended purposes.
6.4 You must ensure that when Personal Data is no longer needed for specified purposes, it is deleted or anonymised in accordance with the Company’s data retention guidelines.
7. Accuracy
7.1 Personal Data must be accurate and, where necessary, kept up to date. It must be corrected or deleted without delay when inaccurate.
7.2 You will ensure that the Personal Data we use and hold is accurate, complete, kept up to date and relevant to the purpose for which we collected it. You must check the accuracy of any Personal Data at the point of collection and at regular intervals afterwards. You must take all reasonable steps to destroy or amend inaccurate or out-of-date Personal Data.
8. Storage Limitation
8.1 Personal Data must not be kept in an identifiable form for longer than is necessary for the purposes for which the data is processed.
8.2 You must not keep Personal Data in a form which permits the identification of the Data Subject for longer than needed for the legitimate business purpose or purposes for which we originally collected it including for the purpose of satisfying any legal, accounting or reporting requirements.
8.3 The Company will maintain retention policies and procedures to ensure Personal Data is deleted after a reasonable time for the purposes for which it was being held, unless a law requires such data to be kept for a minimum time.
8.4 You will take all reasonable steps to destroy or erase from our systems all Personal Data that we no longer require in accordance with all the Company’s applicable records retention schedules and policies. This includes requiring third parties to delete such data where applicable.
8.5 You will ensure Data Subjects are informed of the period for which data is stored and how that period is determined in any applicable Privacy Notice.
9. Security integrity + confidentiality
9.1 Protecting Personal Data
9.1.1 Personal Data must be secured by appropriate technical and organisational measures against unauthorised or unlawful Processing, and against accidental loss, destruction or damage.
9.1.2 Providers who agree to comply with the required policies and procedures and who agree to put adequate measures in place, as requested.
9.1.4 You must maintain data security by protecting the confidentiality, integrity and availability of the Personal Data, defined as follows:
(a) confidentiality means that only people who have a need to know and are authorised to use the Personal Data can access it.
(b) integrity means that Personal Data is accurate and suitable for the purpose for which it is processed.
(c) availability means that authorised users are able to access the Personal Data when they need it for authorised purposes.
9.1.5 You must comply with and not attempt to circumvent the administrative, physical and technical safeguards we implement and maintain in accordance with the GDPR and relevant standards to protect Personal Data.
9.2 Reporting a Personal Data Breach
9.2.1 The GDPR requires Controllers to notify any Personal Data Breach to the applicable regulator and, in certain instances, the Data Subject.
9.2.2 We have put in place procedures to deal with any suspected Personal Data Breach and will notify Data Subjects or any applicable regulator where we are legally required to do so.
9.2.3 If you know or suspect that a Personal Data Breach has occurred, do not attempt to investigate the matter yourself. Immediately contact the person or team designated as the key point of contact the data protection manager. You should preserve all evidence relating to the potential Personal Data Breach.
10. Transfer Limitation
10.1 The GDPR restricts data transfers to countries outside the EEA in order to ensure that the level of data protection afforded to individuals by the GDPR is not undermined. You transfer Personal Data originating in one country across borders when you transmit, send, view or access that data in or to a different country.
10.2 You may only transfer Personal Data outside the EEA if one of the following conditions applies:
(a) the European Commission has issued a decision confirming that the country to which we transfer the Personal Data ensures an adequate level of protection for the Data Subjects’ rights and freedoms;
(b) appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism, a copy of which can be obtained from the DPO;
(c) the Data Subject has provided Explicit Consent to the proposed transfer after being informed of any potential risks; or
(d) the transfer is necessary for one of the other reasons set out in the GDPR including the performance of a contract between us and the Data Subject, reasons of public interest, to establish, exercise or defend legal claims or to protect the vital interests of the Data Subject where the Data Subject is physically or legally incapable of giving Consent and, in some limited cases, for our legitimate interest.
11. Data subject’s rights + requests
11.1 Data Subjects have rights when it comes to how we handle their Personal Data. These include rights to:
(a) withdraw Consent to Processing at any time;
(b) receive certain information about the Data Controller’s Processing activities;
(c) request access to their Personal Data that we hold;
(d) prevent our use of their Personal Data for direct marketing purposes;
(e) ask us to erase Personal Data if it is no longer necessary in relation to the purposes for which it was collected or Processed or to rectify inaccurate data or to complete incomplete data;
(f) restrict Processing in specific circumstances;
(g) challenge Processing which has been justified on the basis of our legitimate interests or in the public interest;
(h) request a copy of an agreement under which Personal Data is transferred outside of the EEA;
(i) object to decisions based solely on Automated Processing, including profiling (ADM);
(j) prevent Processing that is likely to cause damage or distress to the Data Subject or anyone else;
(k) be notified of a Personal Data Breach which is likely to result in high risk to their rights and freedoms;
(l) make a complaint to the supervisory authority; and
(m) in limited circumstances, receive or ask for their Personal Data to be transferred to a third party in a structured, commonly used and machine readable format.
11.2 You must verify the identity of an individual requesting data under any of the rights listed above (do not allow third parties to persuade you into disclosing Personal Data without proper authorisation).
11.3 You must immediately forward any Data Subject request you receive to your supervisor.
12. Accountability
12.1 The Data Controller must implement appropriate technical and organisational measures in an effective manner, to ensure compliance with data protection principles. The Data Controller is responsible for, and must be able to demonstrate, compliance with the data protection principles.
12.2 The Company must have adequate resources and controls in place to ensure and to document GDPR compliance including:
(a) appointing a suitably qualified DPO (where necessary) and an executive accountable for data privacy;
(b) implementing Privacy by Design when Processing Personal Data and completing DPIAs where Processing presents a high risk to rights and freedoms of Data Subjects;
(c) integrating data protection into internal documents including this Privacy Standard, Related Policies, Privacy Guidelines or Privacy Notices;
(d) regularly training Company Personnel on the GDPR, this Privacy Standard, Related Policies and Privacy Guidelines and data protection matters including, for example, Data Subject’s rights, Consent, legal basis, DPIA and Personal Data Breaches. The Company must maintain a record of training attendance by Company Personnel; and
(e) regularly testing the privacy measures implemented and conducting periodic reviews and audits to assess compliance, including using results of testing to demonstrate compliance improvement effort.
12.3 Record keeping
12.3.1 The GDPR requires us to keep full and accurate records of all our data Processing activities.
12.3.2 You must keep and maintain accurate corporate records reflecting our Processing including records of Data Subjects’ Consents and procedures for obtaining Consents.
12.3.3 These records should include, at a minimum, the name and contact details of the Controller and the DPO, clear descriptions of the Personal Data types, Data Subject types, Processing activities, Processing purposes, third-party recipients of the Personal Data, Personal Data storage locations, Personal Data transfers, the Personal Data’s retention period and a description of the security measures in place. In order to create such records, data maps should be created which should include the detail set out above together with appropriate data flows.
12.4 Training and audit
12.4.1 We are required to ensure all Company Personnel have undergone adequate training to enable them to comply with data privacy laws. We must also regularly test our systems and processes to assess compliance.
12.4.2 You must undergo all mandatory data privacy related training and ensure your team undergo similar mandatory training.
12.4.3 You must regularly review all the systems and processes under your control to ensure they comply with this Privacy Standard and check that adequate governance controls and resources are in place to ensure proper use and protection of Personal Data.
12.5 Privacy By Design and Data Protection Impact Assessment (DPIA)
12.5.1 We are required to implement Privacy by Design measures when Processing Personal Data by implementing appropriate technical and organisational measures (like Pseudonymisation) in an effective manner, to ensure compliance with data privacy principles.
12.5.2 You must assess what Privacy by Design measures can be implemented on all programs/systems/processes that Process Personal Data by taking into account the following:
(a) the state of the art;
(b) the cost of implementation;
(c) the nature, scope, context and purposes of Processing; and
(d) the risks of varying likelihood and severity for rights and freedoms of Data Subjects posed by the Processing.
(e) Data controllers must also conduct DPIAs in respect to high risk Processing.
(f) You should conduct a DPIA (and discuss your findings with the DPO) when implementing major system or business change programs involving the Processing of Personal Data including:
(g) use of new technologies (programs, systems or processes), or changing technologies (programs, systems or processes);
(h) (Automated Processing including profiling and ADM;
(i) large scale Processing of Special Categories of Personal Data or Criminal Convictions Data Data; and
(j) large scale, systematic monitoring of a publicly accessible area.
(k) A DPIA must include:
(l) a description of the Processing, its purposes and the Data Controller’s legitimate interests if appropriate;
(m) an assessment of the necessity and proportionality of the Processing in relation to its purpose;
(n) an assessment of the risk to individuals; and
(o) the risk mitigation measures in place and demonstration of compliance.12.6 Automated Processing (including profiling) and Automated Decision-Making
12.6.1 If your organisation does not carry out ADM or automated processing (including profiling), this section can be removed. If it carries out any of these activities, more detail will need to be inserted in this section.
12.6.2 Generally, ADM is prohibited when a decision has a legal or similar significant effect on an individual unless:
(a) a Data Subject has Explicitly Consented;
(b) the Processing is authorised by law; or
(c) the Processing is necessary for the performance of or entering into a contract.
12.6.3 If certain types of Special Categories of Personal Data or Criminal Convictions Data are being processed, then grounds (b) or (c) will not be allowed but such Special Categories of Personal Data and Criminal Convictions Data can be Processed where it is necessary (unless less intrusive means can be used) for substantial public interest like fraud prevention.
12.6.4 If a decision is to be based solely on Automated Processing (including profiling), then Data Subjects must be informed when you first communicate with them of their right to object. This right must be explicitly brought to their attention and presented clearly and separately from other information. Further, suitable measures must be put in place to safeguard the Data Subject’s rights and freedoms and legitimate interests.
12.6.5 We must also inform the Data Subject of the logic involved in the decision making or profiling, the significance and envisaged consequences and give the Data Subject the right to request human intervention, express their point of view or challenge the decision.
12.6.6 A DPIA must be carried out before any Automated Processing (including profiling) or ADM activities are undertaken.
12.7 Direct marketing
12.7.1 We are subject to certain rules and privacy laws when marketing to our customers.
12.7.2 For example, a Data Subject’s prior consent is required for electronic direct marketing (for example, by email, text or automated calls). The limited exception for existing customers known as “soft opt in” allows organisations to send marketing texts or emails if they have obtained contact details in the course of a sale to that person, they are marketing similar products or services, and they gave the person an opportunity to opt out of marketing when first collecting the details and in every subsequent message.
12.7.3 The right to object to direct marketing must be explicitly offered to the Data Subject in an intelligible manner so that it is clearly distinguishable from other information.
12.7.4 A Data Subject’s objection to direct marketing must be promptly honoured. If a customer opts out at any time, their details should be suppressed as soon as possible. Suppression involves retaining just enough information to ensure that marketing preferences are respected in the future.
12.8 Sharing Personal Data
12.8.1 Generally we are not allowed to share Personal Data with third parties unless certain safeguards and contractual arrangements have been put in place.
12.8.2 You may only share the Personal Data we hold with another employee, agent or representative of our group (which includes our subsidiaries and our ultimate holding company along with its subsidiaries) if the recipient has a job-related need to know the information and the transfer complies with any applicable cross-border transfer restrictions.
12.8.3 You may only share the Personal Data we hold with third parties, such as our service providers if:
(a) they have a need to know the information for the purposes of providing the contracted services;
(b) sharing the Personal Data complies with the Privacy Notice provided to the Data Subject and, if required, the Data Subject’s Consent has been obtained;
(c) the third party has agreed to comply with the required data security standards, policies and procedures and put adequate security measures in place;
(d) the transfer complies with any applicable cross border transfer restrictions; and
(e) a fully executed written contract that contains GDPR approved third party clauses has been obtained.
13. Changes to this privacy standard
13.1 We reserve the right to change this Privacy Standard at any time so please check back regularly to obtain the latest copy of this Privacy Standard.
13.2 This Privacy Standard does not override any applicable national data privacy laws and regulations in countries where the Company operates.
ENVIRONMENTAL POLICY
It is the Policy of Renoba Limited to plan and execute operations in an environmentally sensitive manner so as to minimise consequential environmental impacts. Every partner is committed to fulfilling Renoba Limited legal obligations and other requirements to which the company subscribes, to ensuring the conservation of natural resources, to the prevention of pollution and the elimination of environmental hazards which may be associated with Renoba Limited operations.
To ensure achievement of this policy an Integrated Management System is established to meet, and to continue to meet, the requirements of BS EN ISO14001:2015.
Renoba Limited Environmental Objectives are:
- To maintain awareness of and to comply with appropriate environmental legislation, regulations and accepted standards and codes of practice.
- To fully meet customer and interested parties stated and/or perceived environmental expectations by the prevention of pollution and the provision of Reprocessing and Recycling Services
- To minimise the environmental impact of operations through reinvestment of new techniques, adoption of the most environmentally friendly way of undertaking our works and employee training in best practices.
- To continually review and monitor all aspects of the company’s activities to identify opportunities for implementing environmental performance improvement.
- To ensure that this policy and supporting processes are understood by and communicated within the organisation and that this policy is available to the public.
Environmental Management implementation is through the IMS which is mandatory in its application. However, its success can only be achieved by the participation and commitment at everyone at Renoba Limited. All persons working with and for Renoba Limited will receive full support to ensure the IMS is understood, implemented and maintained throughout.
It is Renoba Limited responsibility to ensure IMS functions correctly and its effectiveness is maintained through monitoring, control, audit and review.
TERMS AND CONDITIONS
Terms and Conditions
These Standard Terms and Conditions are the Renoba Limited Terms and Conditions of Purchase which apply in circumstances where Renoba Limited purchases goods and/or services from third party manufacturers, suppliers or service suppliers.
1. Interpretation
The following definitions and rules of interpretation apply in this Contract.
1.1 Definitions:
Business Day: a day other than a Saturday, Sunday or public holiday in England, when banks in London are open for business.
Commencement Date: has the meaning given in Clause 2.2.
Conditions: these terms and conditions as amended from time to time in accordance with Clause 19.9. Contract: the contract between the Customer and the Supplier for the supply of Goods and/or Services in accordance with these Conditions.
Control: shall be defined as in section 1124 of the Corporation Tax Act 2010, and the expression change of Control shall be construed accordingly.
Customer: the name of the GSF Company specified as the customer on the Supplier Application Form or specified in any Order. If there is a conflict between the Supplier Application Form and the Order the Order shall take precedence.
Customer Materials: has the meaning set out in Clause 5.3 (k).
Deliverables: all documents, products and materials developed by the Supplier or its agents, contractors and employees as part of or in relation to the Services in any form or media, including drawings, maps, plans, diagrams, designs, pictures, computer programs, data, specifications and reports (including drafts).
Goods: the goods (or any part of them) set out in the Order.
Goods Specification: any specification for the Goods, including any related plans and drawings, that is agreed in writing by the Customer and the Supplier.
Renoba Limited Company: Renoba Limited company number 15408602 with the registered office at 79 Fillingham Close, Birmingham, West Midlands, B37 7TE.
Intellectual Property Rights: <patents, rights to inventions, copyright and neighbouring and related rights, moral rights, trademarks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, rights in computer software, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets), and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.
Mandatory Policies: The Customer’s business policies and codes listed in the Schedule (to the extent that they exist) copies of which can be obtained from the Customer on request and which are deemed to have been received by the Supplier unless otherwise confirmed.
Order: The Customer’s order for the supply of Goods and/or Services, as set out in the Customer’s purchase order form or in the Customer’s written acceptance of the Supplier’s quotation or overleaf as the case may be.
Purchase Order Number: the reference number allocated to an Order by the Customer.
Services: the services, including any Deliverables, to be provided by the Supplier under the Contract as set out in the Service Specification.
Service Specification: the description or specification for Services agreed in writing by the Customer and the Supplier.
Supplier: the person or firm from whom the Customer purchases the Goods and/or Services as specified on the Supplier Application Form or in the Order. If there is a conflict between the Supplier Application Form and the Order the Order shall take precedence.
Supplier Application Form: the form that all prospective suppliers must complete prior to being confirmed as an approved supplier to the Customer.
1.2 Interpretation:
(a) A person includes a natural person, corporate or unincorporated body (whether or not having separate legal personality).
(b) A reference to a party includes its successors and permitted assignees.
(c) A reference to a statute or statutory provision is a reference to it as amended or re-enacted. A reference to a statute or statutory provision includes all subordinate legislation made under that statute or statutory provision.
(d) Any words following the terms including, include, in particular, for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.
(e) A reference to writing or written includes fax and email.
2. Basis of contract
2.1 The Order constitutes an offer by the Customer to purchase Goods and/or Services from the Supplier in accordance with these Conditions. The Supplier shall supply the Goods and/or Services in accordance with the Customer’s Order.
2.2 Subject to Clause 2.5, the Order shall be deemed to be accepted on the earlier of:
(a) the Supplier issuing written acceptance of the Order; or
(b) any act by the Supplier consistent with fulfilling the Order, at which point and on which date the Contract shall come into existence (“Commencement Date”).
2.3 An Order may be withdrawn or amended by the Customer at any time before acceptance by the Supplier.
2.4 Each Order shall specify the Purchase Order Number, the type and quantity of the Goods and/or Services to be supplied, the date by which the Order is to be delivered and the delivery location (unless the parties agree that the date and location of delivery are to be specified after the Order is placed) and the applicable payment terms. Each party shall use the relevant Purchase Order Number in all subsequent correspondence, documentation and packaging relating to the Order.
2.5 The Customer may at any time prior to despatch of the Goods and/or Services amend or cancel an Order by written notice to the Supplier.
2.6 These Conditions apply to the Contract to the exclusion of any other terms that the Supplier seeks to impose or incorporate, or which are implied by trade, custom, practice or course of dealing.
2.7 All of these Conditions shall apply to the supply of both Goods and Services except where the application to one or the other is specified.
3. Supply of goods
3.1 The Supplier shall ensure that the Goods shall:
(a) correspond with their description and any applicable Goods Specification;
(b) be of satisfactory quality (within the meaning of the Sale of Goods Act 1979) and fit for any purpose held out by the Supplier or made known to the Supplier by the Customer, expressly or by implication, and in this respect the Customer relies on the Supplier’s skill and judgement;
(c) where they are manufactured products, be free from defects in design, materials and workmanship and remain so for 12 months after delivery; and
(d) comply with all generally accepted industry standards and applicable statutory and regulatory requirements relating to the manufacture, labelling, packaging, storage, handling and delivery of the Goods;
(e) not infringe the Intellectual Property Rights of any third party; and
(f) not constitute counterfeit or ‘grey goods’ (or ‘parallel imports’).
3.2 The Supplier shall ensure that at all times it has and maintains all the licences, permissions, authorisations, consents and permits that it needs to carry out its obligations under the Contract in respect of the Goods including in relation to the manufacture and supply of the Goods.
3.3 The Customer shall have the right to enter the Supplier’s premises to inspect the Suppliers manufacturing facilities and test the Goods (or any samples or packaging) at any time before delivery. The Supplier shall remain fully responsible for the Goods despite any such inspection or testing and any such inspection or testing shall not reduce or otherwise affect the Supplier’s obligations under the Contract. Inspections shall be carried out during business hours on reasonable notice to the Supplier, provided that, in the event of an emergency, the Supplier shall grant the Customer immediate access to its premises.
3.4 If following such inspection or testing the Customer considers that the Goods do not comply or are unlikely to comply with the Supplier’s undertakings at Clause 3.1, the Customer shall inform the Supplier and the Supplier shall immediately take such remedial action as is necessary to ensure compliance.
3.5 The Customer may conduct further inspections and tests after the Supplier has carried out its remedial actions.
4. Delivery of goods
4.1 The Supplier shall ensure that:
(a) the Goods are properly packed and secured in such manner as to enable them to reach their destination in good condition;
(b) each delivery of the Goods is accompanied by a delivery note which shows the date of the Order, the Purchase Order Number, the type and quantity of the Goods (including the code number of the Goods (where applicable)), special storage instructions (if any) and, if the Goods are being delivered by instalments (for which prior Customer consent must be obtained), the outstanding balance of Goods remaining to be delivered; and
(c) it states clearly on the delivery note any requirement for the Customer to return any packaging material for the Goods to the Supplier. Any such packaging material shall only be returned to the Supplier at the cost of the Supplier.
4.2 The Supplier shall deliver the Goods:
(a) on the date specified in the Order or, if no such date is specified, then within 7 days of the date of the Order but in no event shall the Supplier deliver Goods more than 5 Business Days in advance of the delivery date without the Customers consent;
(b) to the Customer’s premises at 10 Silverglade Business Park, Leatherhead Road, Chessington, KT9 2QL or such other location as is set out in the Order or as instructed by the Customer before delivery (“Delivery Location”); and
(c) during the Customer’s normal hours of business, or as instructed by the Customer.
4.3 Delivery of the Goods shall be completed on the completion of unloading of the Goods at the Delivery Location.
4.4 If the Supplier:
(a) delivers less than 95% of the quantity of Goods ordered, the Customer may reject the Goods; or
(b) delivers more than 105% of the quantity of Goods ordered, the Customer may at its sole discretion reject the Goods or the excess Goods and any rejected Goods shall be returnable at the Supplier’s risk and expense. If the Supplier delivers more or less than the quantity of Goods ordered, and the Customer accepts the delivery, the Supplier shall make a pro rata adjustment to the invoice for the Goods.
4.5 The Supplier shall not deliver the Goods in instalments without the Customer’s prior written consent. Where it is agreed that the Goods are delivered by instalments, they may be invoiced and paid for separately. However, failure by the Supplier to deliver any one instalment on time or at all or any defect in an instalment shall entitle the Customer to the remedies set out in Clause 6.1.
4.6 Title and risk in the Goods shall pass to the Customer on completion of delivery, although where payment is made by the Customer prior to delivery title to the Goods will pass to the Customer upon payment.
4.7 Notwithstanding the passing of title, the Customer shall not be deemed to have accepted any Goods until it has had a reasonable time to inspect them following Delivery, or, in the case of a latent defect in the Goods, until a reasonable time after the latent defect has become apparent.
4.8 The Supplier warrants and represents to the Customer that it:
4.8.1 has, at the time the Contract is made, full, clear and unencumbered title to the Goods, and the full, clear and unencumbered right to sell and deliver them to the Customer; and
4.8.2shall hold such title and right to enable it to ensure that the Customer shall acquire a valid, unqualified title to the Goods and shall enjoy quiet possession of them.
5. Supply of services and forecasting
5.1 The Supplier shall from the Commencement Date or the date set out in the Order and for the duration of the Contract supply the Services to the Customer in accordance with the terms of the Contract.
5.2 The Supplier shall meet any performance dates for the Services specified in the Order or that the Customer notifies to the Supplier and time is of the essence in relation to any of those performance dates.
5.3 In providing the Services, the Supplier shall:
(a) co-operate with the Customer in all matters relating to the Services, and comply with all instructions of the Customer;
(b) perform the Services with the best care, skill and diligence in accordance with best practice in the Supplier’s industry, profession or trade;
(c) fulfil any specific objectives of the Services set out in the Order;
(d) use personnel who are suitably skilled and experienced to perform tasks assigned to them, and in sufficient number to ensure that the Supplier’s obligations are fulfilled in accordance with the Contract;
(e) ensure that the Services and Deliverables will conform with all descriptions and specifications set out in the Service Specification, and that the Deliverables shall be fit for any purpose that the Customer expressly or impliedly makes known to the Supplier;
(f) provide all equipment, tools and vehicles and such other items as are required to provide the Services;
(g) use the best quality goods, materials, standards and techniques, and ensure that the Deliverables, and all goods and materials supplied and used in the Services or transferred to the Customer, will be free from defects in workmanship, installation and design;
(h) obtain, and at all times, maintain all licences and consents which may be required for the provision of the Services;
(i) comply with all applicable laws, regulations, regulatory policies, guidelines or industry codes which may apply to the provision of the Services, and with the Mandatory Policies;
(j) observe all health and safety rules and regulations and any other security requirements that apply at any of the Customer’s premises;
(k) hold all materials, equipment and tools, drawings, specifications and data supplied by the Customer to the Supplier (“Customer Materials”) in safe custody at its own risk, maintain the Customer Materials in good condition until returned to the Customer, and not dispose or use the Customer Materials other than in accordance with the Customer’s written instructions or authorisation;
(l) not do or omit to do anything which may cause the Customer to lose any licence, authority, consent or permission upon which it relies for the purposes of conducting its business, and the Supplier acknowledges that the Customer may rely or act on the Services; and
(m) comply with any additional obligations as set out in the Service Specification.
5.4 The Customer may provide the Supplier with forecasts to assist the Supplier in planning production to meet the expected needs of the Customer (“Forecasts”). Any Forecasts provided by the Customer are, at all times, subject to revision and amendment by the Customer, and are not intended to be legally binding. Accordingly, the Customer shall not be liable to the Supplier for any issues relating to, or losses suffered resulting from, any reliance placed on Forecasts.
6. Customer remedies
6.1 If the Supplier fails to deliver the Goods and/or perform the Services by the applicable date, the Customer shall, without limiting or affecting other rights or remedies available to it, have all of the following rights:
(a) to terminate the Contract and/or any and all other Contracts then in force with the Supplier with immediate effect and without liability by giving written notice to the Supplier;
(b) to refuse to accept any subsequent performance of the Services and/or delivery of the Goods which the Supplier attempts to make;
(c) to recover from the Supplier any costs incurred by the Customer in obtaining substitute goods and/or services from a third party;
(d) to require a refund from the Supplier of sums paid in advance for Services that the Supplier has not provided and/or Goods that it has not delivered; and
(e) to claim damages for any additional costs, loss or expenses incurred by the Customer which are in any way attributable to the Supplier’s failure to meet such dates.
Provided that the Supplier shall have no liability for any failure or delay in delivering an Order to the extent that such failure or delay is caused by the Customer’s failure to comply with its obligations under this Contract.
6.2 If the Goods are not delivered by the applicable date, the Customer may, at its option, claim or deduct 5% of the price of the Goods for each week’s delay in delivery by way of liquidated damages, up to a maximum of 25% of the total price of the Goods. If the Customer exercises its rights under this Clause 6.2 it shall not be entitled to any of the remedies set out in Clause 6.1 in respect of the Goods’ late delivery.
6.3 If the Supplier has delivered Goods that do not comply with the undertakings set out in Clause 3.1, then, without limiting or affecting other rights or remedies available to it, the Customer shall have all of the following rights, whether or not it has accepted the Goods:
(a) to terminate the Contract and/or any and all other Contracts then in force with the Supplier with immediate effect and without liability by giving written notice to the Supplier;
(b) to reject the Goods, (in whole or in part) whether or not, title has passed and to return them to the Supplier at the Supplier’s own risk and expense;
(c) to require the Supplier to repair or replace the rejected Goods, or to provide a full refund of the price of the rejected Goods (if paid);
(d) to refuse to accept any subsequent delivery of the Goods which the Supplier attempts to make;
(e) to recover from the Supplier any expenditure incurred by the Customer in obtaining substitute goods from a third party; and
(f) to claim damages for any additional costs, loss or expenses incurred by the Customer arising from the Supplier’s failure to supply Goods in accordance with Clause 3.1.
6.4 These Conditions shall extend to any substituted or remedial services and/or repaired or replacement goods supplied by the Supplier.
6.5 The Customer’s rights under the Contract are in addition to its rights and remedies implied by statute and common law.
7. Customer’s obligation
7.1 The Customer shall:
(a) provide the Supplier with reasonable access at reasonable times to the Customer’s premises for the purpose of providing the Services (and the Supplier undertakes to comply with, and to procure that its employees and agents comply with, any health and safety rules imposed on visitors to the Customer’s premises); and.
(b) provide such necessary information for the provision of the Services as the Supplier may reasonably request.
8. Charges and payment
8.1 The price for the Goods:
(a) shall be the price set out in the Order, or if no price is quoted, the price set out in the Supplier’s published price list in force at the Commencement Date; and
(b) shall be inclusive of the costs of packaging, insurance and carriage of the Goods. No extra charges shall be effective unless agreed in writing and signed by the Customer.
8.2 The charges for the Services shall be set out in the Order and shall be the full and exclusive remuneration of the Supplier in respect of the performance of the Services. Unless otherwise agreed in writing by the Customer, the charges shall include every cost and expense of the Supplier directly or indirectly incurred in connection with the performance of the Services.
8.3 In respect of the Goods, the Supplier shall invoice the Customer on or at any time within three months after completion of delivery. In respect of Services, the Supplier shall invoice the Customer on or at any time within three months after completion of the Services. Each invoice shall include such supporting information required by the Customer to verify the accuracy of the invoice, including but not limited to the relevant Purchase Order Number.
8.4 In consideration of the supply of Goods and/or Services by the Supplier, the Customer shall pay the invoiced amounts within 30 days of the end of the month of the date of a correctly rendered invoice or within 30 days of the end of the month of the date a correctly rendered invoice is received, whichever is the later or as set out in the Order, to a bank account nominated in writing by the Supplier.
8.5 All amounts payable by the Customer under the Contract are exclusive of amounts in respect of valued added tax chargeable from time to time (“VAT”). Where any taxable supply for VAT purposes is made under the Contract by the Supplier to the Customer, the Customer shall, on receipt of a valid VAT invoice from the Supplier, pay to the Supplier such additional amounts in respect of VAT as are chargeable on the supply of the Goods and/or Services at the same time as payment is due for the supply of the Goods and/or Services.
8.6 In circumstances where the payment terms are those set out at Clause 8.4 (and not if the payment terms are otherwise negotiated or agreed between the Customer and the Supplier) where the Customer fails to make a payment due to the Supplier under the Contract by the due date, then the Customer shall pay interest on the overdue sum from the due date until payment of the overdue sum, whether before or after judgment. Interest under this Clause 8.6 will accrue each day at 2% a year above the Bank of England’s base rate from time to time, but at 2% a year for any period when that base rate is below 0%. No interest shall accrue on payments which the Customer disputes in good faith. If the Customer disputes any invoice or other statement of monies due, the Customer shall notify the Supplier in writing within a reasonable time period. The parties shall negotiate in good faith to attempt to resolve the dispute promptly. The Supplier shall provide all such evidence as may be reasonably necessary to verify the disputed invoice or request for payment.
8.7 The Supplier shall maintain complete and accurate records of the time spent and materials used by the Supplier in providing the Services, and the Supplier shall allow the Customer to inspect such records at all reasonable times on request.
8.8 The Customer may at any time, without notice to the Supplier, set off any liability of the Supplier to the Customer against any liability of the Customer to the Supplier, whether either liability is present or future, liquidated or unliquidated, and whether or not either liability arises under the Contract. If the liabilities to be set off are expressed in different currencies, the Customer may convert either liability at a market rate of exchange for the purpose of set-off. Any exercise by the Customer of its rights under this clause shall not limit or affect any other rights or remedies available to it under the Contract or otherwise.
9. Intellectual property rights
9.1 All Intellectual Property Rights in or arising out of or in connection with the Services (other than Intellectual Property Rights in any Customer Materials) shall be owned by the Supplier.
9.2 The Supplier grants to the Customer, or shall procure the direct grant to the Customer of, a fully paid-up, worldwide, non-exclusive, royalty-free, perpetual and irrevocable licence to copy and modify the Deliverables (excluding Customer Materials) for the purpose of receiving and using the Services and the Deliverables for the purposes of the Customers business.
9.3 The Customer may assign or otherwise transfer the rights granted by Clause 9.2 to any GSF Company, and may sub-license such rights to any person to the extent necessary for that person to benefit from GSF Companies’ products and services.
9.4 The Customer grants the Supplier a fully paid-up, non-exclusive, royalty-free non-transferable licence to copy any materials provided by the Customer to the Supplier for the term of the Contract for the purpose of providing the Services to the Customer.
9.5 All Customer Materials are the exclusive property of the Customer.
10. Indemnity
10.1 The Supplier shall indemnify the Customer against all liabilities, costs, expenses, damages and losses (including but not limited to any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal costs (calculated on a full indemnity basis) and all other reasonable professional costs and expenses) (as well as any costs incurred by the Customer in respect of the allocation of management time by the Customer in dealing with any claim referred to in this Clause 10 at the rate of £80 per hour) suffered or incurred by the Customer arising out of or in connection with:
(a) any claim made against the Customer for actual or alleged infringement of a third party’s Intellectual Property Rights arising out of, or in connection with, the manufacture, supply or use of the Goods, or receipt, use or supply of the Services (excluding the Customer Materials) in which case the provisions of Clause 10.2 will also apply;
(b) any claim made against the Customer by a third party for death, personal injury or damage to property arising out of, or in connection with, defects in the Goods, as delivered, the Services, or the Deliverables;
(c) any claim made against the Customer by a third party arising out of or in connection with the supply of the Goods, as delivered, or the Services; and
(d) a breach by the Supplier of its obligations under Clause 13.
10.2 Where a claim is made against the Customer for actual or alleged infringement of a third party’s Intellectual Property Rights arising out of, or in connection with, the supply or use of the Goods and/ or the Services, the Customer shall have the right to require the Supplier to disclose, in writing, full and accurate details of the supplier or source from which it acquired the Goods or any materials relating to the Services or in the event that the individual supplier cannot be identified as having supplied the Goods or the materials relating to the Services to the Supplier, full and accurate details of all suppliers who have supplied these type of Goods or materials relating to the Services to the Supplier within the 12 months preceding the date of the request made pursuant to this clause. In these circumstances the Supplier shall be required to acknowledge receipt of the request within two Business Days and provide the information requested as soon as possible but no later than 14 Business Days following the request.
This Clause 10 shall survive termination of the Contract.
11. Insurance
11.1 During the term of the Contract and for a period of 6 years thereafter, the Supplier shall maintain in force, with a reputable insurance company, professional indemnity insurance, product liability insurance and public liability insurance to the levels referred to in Clause 11.2 below to cover the liabilities that may arise under or in connection with the Contract, and shall, on the Customer’s request, produce both the insurance certificate giving details of cover and the receipt for the current year’s premium in respect of each insurance.
11.2 Professional indemnity insurance and public liability insurance each for not less than £5 million per claim; and product liability insurance for not less than £5 million for claims arising from any single event and not less than £10 million in aggregate for all claims arising in any year. The Supplier shall do nothing to invalidate any insurance policy and shall notify the Customer if any policy is (or will be) cancelled or its terms are (or will be) subject to any material change.
11.3 The Supplier’s liabilities under this Contract shall not be deemed to be released or limited by the Supplier taking out the insurance policies referred to in this Clause 11.
12. Confidentiality and announcements
12.1 Each party undertakes that it shall not at any time, disclose to any person any confidential information concerning the business, affairs, customers, clients or suppliers of the other party, except as permitted by Clause 12.2.
12.2 Each party may disclose the other party’s confidential information:
(a) to its employees, officers, representatives, subcontractors or advisers who need to know such information for the purposes of carrying out the party’s obligations under, or enforcing, the Contract. Each party shall ensure that its employees, officers, representatives, subcontractors or advisers to whom it discloses the other party’s confidential information must comply with this Clause 12; and
(b) as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority.
12.3 Neither party shall use the other party’s confidential information for any purpose other than to perform its obligations under the Contract.
12.4 Neither party shall not make any public announcement or disclose any information regarding the Contract without the prior written permission of the other party, except to the extent required by law or regulatory authority.
13. Data protection
Definitions:
Controller, Processor, Data Subject, Personal Data, Personal Data Breach, processing and appropriate technical and organisational measures: as defined in the Data Protection Legislation.
Data Protection Legislation: the UK Data Protection Legislation and any other European Union legislation relating to personal data and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of Personal Data (including, without limitation, the privacy of electronic communications);
UK Data Protection Legislation: all applicable data protection and privacy legislation in force from time to time in the UK including the General Data Protection Regulation ((EU) 2016/679); the Data Protection Act 2018; the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended.
13.1 The parties acknowledge that for the purpose of the Data Protection Legislation, the Customer is the Controller and the Supplier is the Processor.
13.2 Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 13 is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under the Data Protection Legislation. In this clause 13, Applicable Laws means (for so long as and to the extent that they apply to the Supplier) the law of the European Union, the law of any member state of the European Union and/or Domestic UK Law; and Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK.
13.3 Without prejudice to the generality of clause 13.1, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Supplier for the duration and purposes of this agreement.
13.4 Without prejudice to the generality of clause 13.1, the Supplier shall, in relation to any Personal Data processed in connection with the performance by the Supplier of its obligations under this agreement:
13.4.1 process that Personal Data only on the documented written instructions of the Customer unless the Supplier is required by Applicable Laws to otherwise process that Personal Data. Where the Supplier is relying on Applicable Laws as the basis for processing Personal Data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer;
13.4.2 ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, which comply with the requirements of the Data Protection Legislation and are appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures;
13.4.3 ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and
13.4.4 not transfer any Personal Data outside of the European Economic Area unless the prior written consent of the Customer has been obtained and the following conditions are fulfilled:
(a) the Customer or the Supplier has provided appropriate safeguards in relation to the transfer in compliance with the Data Protection Legislation;
(b) the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and
(c) the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data.
13.4.5 assist the Customer, at the Customer’s cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
13.4.6 notify the Customer without undue delay on becoming aware of a Personal Data Breach and, at the Supplier’s cost, provide reasonable assistance to the Customer in remedying and (where applicable) reporting such Personal Data Breach;
13.4.7 at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the agreement or as otherwise instructed in writing by the Customer, unless required by Applicable Law to store the Personal Data; and
13.4.8 maintain complete and accurate records and information to demonstrate its compliance with this clause 13 and allow for audits by the Customer or the Customer’s designated auditor and immediately inform the Customer if, in the opinion of the Supplier, an instruction infringes the Data Protection Legislation.
13.5 The Supplier shall not appoint any third-party processor of Personal Data under this agreement without the Customer’s prior written consent. In the event that the Customer consents to the appointment of such third-party processor, the Supplier confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement incorporating terms which are substantially similar to those set out in this clause 13, and in either case which the Supplier undertakes reflect and will continue to reflect the requirements of the Data Protection Legislation. As between the Customer and the Supplier, the Supplier shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this clause 13.
13.6 Either party may, at any time on not less than 30 days’ notice, revise this clause 13 by replacing it with any applicable controller to processor standard clauses or similar terms forming part of an applicable certification scheme (which shall apply when replaced by attachment to this agreement).
14. Termination
14.1 Without affecting any other right or remedy available to it, the Customer may terminate the Contract:
(a) with immediate effect by giving written notice to the Supplier if:
(i) there is a change of Control of the Supplier; or
(ii) the Supplier’s financial position deteriorates to such an extent that in the Customer’s opinion the Supplier’s capability to adequately fulfil its obligations under the Contract has been placed in jeopardy; or
(iii) the Supplier commits a breach of Clause 5.3 (h).
(b) for convenience by giving the Supplier one month’s written notice.
14.2 Without affecting any other right or remedy available to it, either party may terminate the Contract with immediate effect by giving written notice to the other party if:
(a) the other party commits a material breach of any term of the Contract which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 7 days after being notified in writing to do so;
(b) the other party takes any step or action in connection with its entering administration, provisional liquidation or any composition or arrangement with its creditors (other than in relation to a solvent restructuring), being wound up (whether voluntarily or by order of the court, unless for the purpose of a solvent restructuring), having a receiver appointed to any of its assets or ceasing to carry on business or, if the step or action is taken in another jurisdiction, in connection with any analogous procedure in the relevant jurisdiction; or
(c) the other party suspends, or threatens to suspend, or ceases or threatens to cease to carry on all or a substantial part of its business.
15. Consequences of termination
15.1 On termination of the Contract, the licence of rights provided under Clause 9.4 shall terminate with immediate effect, and the Supplier shall immediately deliver to the Customer all Deliverables then complete, and return all Customer Materials. If the Supplier fails to do so, then the Customer may enter the Supplier’s premises and take possession of them. Until they have been returned or delivered, the Supplier shall be solely responsible for their safe keeping and will not use them for any purpose not connected with the Contract.
15.2 Termination of the Contract shall not affect the parties’ rights and remedies that have accrued as at termination including the right to claim damages in respect of any breach of the Contract which existed at or before the date of termination or expiry.
15.3 Any provision of the Contract that expressly or by implication is intended to come into or continue in force on or after termination of the Contract shall remain in full force and effect. In particular the following Clauses shall survive and continue in full force and effect following termination of the Contract: (a) Clause 10, (b) Clause 11, (c) Clause 15, and (d) Clauses 19.10 and 19.11.
16. Force majeure
The Customer shall not be in breach of the Contract nor liable for delay in performing, or failure to perform, any of its obligations under it if such delay or failure results from events, circumstances or causes beyond the Customer’s reasonable control. If it becomes necessary for the Customer to claim the benefit of this provision, the Customer shall, as soon as reasonably practicable after the occurrence of a Force Majeure Event, notify the Supplier of the nature and extent of such Force Majeure Event and use all reasonable endeavours to remove any such causes and resume performance under this agreement as soon as feasible.
17. Dispute resolutions
17.1 If any dispute arises in connection with these Terms and Conditions, the parties agree to enter into mediation in good faith to settle such a dispute. Unless otherwise agreed between the parties within 14 days of notice of the dispute, a mediator will be nominated by the Customer. This clause does not apply to any disputes in relation to which an application is or will be made for urgent injunctive relief.
18. Further assurance
18.1 The Supplier shall at the request of the Customer, and at the Supplier’s own cost, do all acts and execute all documents which are necessary to give full effect to the Contract.
19. General
19.1 Assignment and other dealings.
(a) The Customer may at any time assign, mortgage, charge, subcontract, delegate, declare a trust over or deal in any other manner with all or any of its rights and obligations under the Contract.
(b) The Supplier shall not assign, transfer, mortgage, charge, subcontract, declare a trust over or deal in any other manner with any of its rights and obligations under the Contract without the prior written consent of the Customer.
19.2 Notices.
(a) Any notice or other communication given to a party under or in connection with the Contract shall be in writing and shall be delivered by hand or by pre-paid first-class post or other next working day delivery service at its registered office (if a company) or its principal place of business (in any other case); or sent by fax to its main fax number or sent by email to the address specified in the Order or the Supplier Application Form.
(b) A notice or other communication shall be deemed to have been received: if delivered by hand, on signature of a delivery receipt or at the time the notice is left at the proper address; if sent by pre-paid first- class post or other next working day delivery service, at 9.00 am on the second Business Day after posting; if sent by fax or email, at 9.00 am on the next Business Day after transmission.
(c) This clause does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any other method of dispute resolution.
19.3< Nothing in these Conditions purports to limit or exclude any liability for fraud.
19.4 Severance. If any provision or part-provision of the Contract is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of the Contract.
19.5 Waiver. A waiver of any right or remedy under the Contract or by law is only effective if given in writing and shall not be deemed a waiver of any subsequent breach or default. A failure or delay by a party to exercise any right or remedy provided under the Contract or by law shall not constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict any further exercise of that or any other right or remedy. No single or partial exercise of any right or remedy provided under the Contract or by law shall prevent or restrict the further exercise of that or any other right or remedy.
19.6 No partnership or agency. Nothing in the Contract is intended to, or shall be deemed to, establish any partnership or joint venture between the parties, constitute either party the agent of the other, or authorise either party to make or enter into any commitments for or on behalf of the other party.
19.7 Entire agreement. The Contract constitutes the entire agreement between the parties and supersedes and extinguishes all previously issued terms and conditions, together with all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter.
19.8 Third party rights.
(a) Unless it expressly states otherwise, the Contract does not give rise to any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of the Contract.
(b) The rights of the parties to rescind or vary the Contract are not subject to the consent of any other person.
Variation. Except as set out in these Conditions, no variation of the Contract, including the introduction of any additional terms and conditions, shall be effective unless it is agreed in writing and signed by the parties or their authorised representatives.
19.10 Governing law. The Contract, and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the law of England and Wales.
19.11 Jurisdiction. Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with the Contract or its subject matter or formation.
The schedule mandatory policies
The Mandatory Policies are:
Modern Slavery and Human Trafficking Policy. Corporate and Social Responsibility Policy.
Anti-Bribery and Anti-Corruption Policy. Ethics Policy.
Data and Privacy Policy.