Terms of Business
1. DATA PROTECTION. The terms “Data Controller”, “Data Processor”, “Data Subject”, “Personal Data”, “Process”, “Processing”, “Transfer” and “Appropriate technical and organisational measures” shall be interpreted in accordance with the applicable Data Protection Legislation.
1.1 Each of us shall comply with the Data Protection Legislation as it applies to each of us in connection with this Terms of Business.
1.2 Where you transfer or otherwise make available Personal Data to us in relation to this engagement, you shall ensure that (i) you have the necessary rights to transfer or make available such Personal Data to us (including that you have, or have procured, the necessary legal authority, permissions and / or consents for us to process the Personal Data to provide the Services; (ii) your instructions to us comply with (and will not cause us to be in breach of) the Data Protection Legislation; and (iii) that you have taken reasonable steps to ensure that any Data Subjects are aware of the nature of the processing to be undertaken.
1.3 Where we act as Data Controller in respect of any Personal Data, processed in relation to this Terms of Business (including where you are an individual)
1.3.1 We shall process or arrange for processing of the Personal Data only in accordance with the details set out in the Lambert Privacy Notice.
1.3.2 If you provide us with or gave us access to the Personal Data , you shall take reasonable steps to ensure that the relevant Data Subjects are aware of our processing activities and the Lambert Privacy Notice; and
1.3.3 Both of us shall cooperate with the other, and promptly provide such information and reasonable assistance as the other may reasonably require to enable it to comply with its obligations under the Data Protection Legislation in respect of this Terms of Business, and to deal with and respond to all investigations, complaints, and requests for information from any regulator or Data Subject relating to such Personal Data.
1.4 Where we process Personal Data as a Data Processor on your behalf we shall:
1.4.1 Only process such Personal Data in accordance with your written instructions from time to time (including as set out in the Conditions of Sale) or as required for us to provide, manage and facilitate the provision of the Services, and only in respect of the subject matter, duration, nature and purpose of the Services, and the type of Personal Data and categories of Data Subject relevant to the Services.
1.4.2 Ensure that only persons authorised by us process such Personal Data and that such persons are subject to appropriate obligations to maintain the confidentiality of such Personal Data.
1.4.3 Taking into account U1e (i) state of the art, (ii) cost of implementation, (Ill) nature, scope, context and purpose of processing, and (iv) the risk and severity of potential harm, protect such Personal Data by putting in place technical and organisational measures to protect such Personal Data from Data Breach.
1.4.4 Taking into account the nature of our processing, put in place appropriate technical and organisational measures, insofar as possible, to assist you to fulfil at your cost, your obligations to respond to Data Subjects requests to exercise their rights under the Data Protection Legislation over such Personal Data.
1.4.5 Where reasonably requested, and taking into account the nature of our processing and the Services and the information available to us, assist you, at your cost, in complying with your obligations under the Data Protection Legislation in respect of such Personal Data.
1.4.6 Where we cease providing the Services to you and at your choice, either delete or return all such Personal Data to you and delete such copies of such Personal Data, unless applicable law or regulation requires storage of such Personal Data or deletion of Personal Data is not technically possible, using all reasonable efforts.
1.4.7 Subject to reasonable access arrangements being agreed with us and save for disclosure of information which is confidential and/ or privileged (or where access is otherwise restricted by applicable law or regulation) make available to you all relevant information necessary to demonstrate compliance with our obligations under this clause 1.4 and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you at your cost;
1.4.8 Be permitted to appoint other processors to process such Personal Data, provided (i) they process the Personal Data only for the purpose of assisting us with the performance of our obligations under this Terms of Business (ii) we enter into a written agreement with them requiring them to process the Personal Data only in accordance with your or our written instructions, and to comply with obligations equivalent in all material respects to those imposed on us under this clause 1.4; and
1.4.9 Not process or transfer such Personal Data outside the UK or EEA unless (i) an adequacy finding has been made under the Data Protection Legislation that the relevant jurisdiction provides an adequate level of protection; or (ii) we have put in place appropriate safeguards as required under the Data Protection Legislation for such processing or transfers. Where the Terms of Business identifies that processing will take place in specified jurisdictions you acknowledge that Personal Data will be transferred to or from, and I or processes from those jurisdictions.
1.5 Where you instruct us to transfer Personal Data to anyone other than a processor engaged by us, you are responsible for ensuring that adequate arrangements are in place for such transfer as requested by the Data Protection Legislation.
2. FILE RETENTION. You agree that we shall have the right to retain copies of documents relating to the Engagement after the Engagement has ended, subject to our continuing confidentiality obligations. It is our normal practice to retain documents relating to client engagements for 7 years after the end of the relevant engagement. Thereafter, unless separate arrangements have been made, we may destroy or erase the documents or papers without reference to you.
3. DEFINITIONS. The following definitions are used in these Terms of Business.
Active Freight Management Privacy Notice. Means the fair processing information available on www.active-freight. com, as may be updated from time to time.
Data Breach. Means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data.
Data protection Legislation. Means as they apply to each of us: (a) the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003, (b) from and including 25 May 2018 the General Data Protection Regulations (Regulation (EU) 2016/678 (GDPR), until such time as it might cease to apply in the UK; 9c) any legislation ratifying or otherwise adopting, replacing, or supplementing the GDPR in the UK; and (d) in respect to your obligations, any other laws and regulations relating to natural persons relevant to your obligations in any other jurisdictions.
Terms of Business. Means the letter and enclosures (including these terms of business) sent to you which set out the basis of our contract with you.
Engagement. Means the Service which we both provide pursuant to the Terms of Business.
Services. Means the professional services delivered to you or us that are subject to the Terms of Business.