Customer: means any individual, firm, partnership, company or organisation or any other undertaking, which orders or receives from the Supplier any goods or services pursuant to the Main Agreement.
Customer Data: means any information or data, in whatever form, which is held on, entered into, processed by, or retrievable from computer, communication or other systems or equipment of the Customer including Customer Personal Data and data processed by the Customer in providing goods or services to its clients and customers.
Customer Personal Data: means any Personal Data of which the Customer is the Data Controller or which the Customer is processing on behalf of another Data Controller (such as another company in the Customer’s group or a customer of the Customer, or any of their customers or group companies) and which is processed by the Supplier as Data Processor on behalf of the Customer under or in connection with the Main Agreement, including the information more particularly described in the Schedule.
Data Protection Legislation: means (i) until the GDPR is directly applicable in the United Kingdom, the Data Protection Act 1998; (ii) once the GDPR is directly applicable in the United Kingdom and unless and until the GDPR is no longer directly applicable in the United Kingdom, the GDPR and any national implementing laws, regulations and secondary legislation in the United Kingdom relating to the processing of personal data and the privacy of electronic communications, as amended, replaced or updated from time to time; and then (iii) any successor legislation to the GDPR or the Data Protection Act 1998.
GDPR: means the General Data Protection Regulation ((EU) 2016/679).
Main Agreement: means the one or more agreements which the Supplier has entered into with the Customer to provide goods and/or services to the Customer as is agreed in that agreement or those agreements, as the case may be.
Supplier: means BCQ Group Limited (company registration number 06039730).
1.1 Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 1.1 is in addition to, and does not relieve, remove or replace, a party's obligations under the Data Protection Legislation.
1.2 The parties acknowledge that for the purposes of the Data Protection Legislation, to the extent the Supplier is processing Customer Personal Data, the Customer is the Data Controller (or is processing on behalf of the Data Controller), the Supplier is a Data Processor (for the Customer or, through the Customer, for another Data Controller) (where Data Controller and Data Processor have the meanings as defined in the Data Protection Legislation) and the Customer appoints the Supplier to process the Customer Personal Data. The Schedule sets out the scope, nature and purpose of processing by the Supplier, the duration of the processing and the types of Personal Data (as defined in the Data Protection Legislation, Personal Data) and categories of data subject (as defined in the Data Protection Legislation, Data Subject).
1.3 Without prejudice to the generality of clause 1.1, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Customer Personal Data and Customer Data to the Supplier for the duration and purposes of the Main Agreement and the supplementary agreement between the parties pursuant to these data processing terms (this Processing Agreement). As such, the Customer confirms that it is entitled to transfer the Customer Personal Data and Customer Data to the Supplier so that the Supplier may lawfully use, process and transfer the Customer Personal Data and Customer Data on the Customer’s behalf in accordance with this Processing Agreement.
1.4 Without prejudice to the generality of clause 1.1, the Customer shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of all Customer Personal Data and Customer Data provided for processing.
1.5 Without prejudice to the generality of clause 1.1, the Supplier shall, in relation to any Customer Personal Data processed in connection with the performance by the Supplier of its obligations under the Main Agreement and this Processing Agreement:
1.6 The Customer does not consent to the Supplier appointing any third party processor of the Customer Personal Data or the Customer Data under this Processing Agreement. If the Customer does in the future consent to the Supplier appointing a third-party processor of the Customer Personal Data or the Customer Data under this Processing Agreement, the Supplier confirms that it will enter into a written agreement with the third-party processor incorporating terms which are substantially similar to those set out in this Processing Agreement. As between the Customer and the Supplier, the Supplier shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this clause 1.6.
1.7 In the event of any loss or damage to any Customer Personal Data and Customer Data, the Customer’s sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Personal Data and Customer Data from the latest back-up of such Customer Personal Data and Customer Data maintained by the Supplier.
1.8 If an amendment is required to this Processing Agreement in order to comply with the Data Protection Legislation, Applicable Laws or requirements set out by the Customer, the Customer will provide an amendment with the required changes to the Supplier. Both parties will work together in good faith to promptly execute a mutually agreeable amendment to this Processing Agreement reflecting the required amendment. In case the Supplier is not able to accommodate the requested changes, the Customer may terminate this Processing Agreement and the Main Agreement with fifteen days’ written notice.
1.9 No failure, delay or omission by either party in exercising any right, power or remedy provided by law or under this Processing Agreement shall operate as a waiver of that right, power or remedy, nor shall it preclude or restrict any future exercise of that or any other right or remedy. No single or partial exercise of any right, power or remedy provided by law or under this Processing Agreement shall prevent any future exercise of it or the exercise of any other right, power or remedy.
1.10 In case of conflict, the terms of this Processing Agreement shall prevail over the terms of the Main Agreement.
1.11 This Processing Agreement and any dispute or claim arising out of, or in connection with it, its subject matter or formation (including non-contractual disputes or claims) shall be governed by, and construed in accordance with, the laws of England and Wales.
1.12 The parties irrevocably agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of, or in connection with, this Processing Agreement, its subject matter or formation (including non-contractual disputes or claims).
1.1 Scope, nature and purpose of processing
The scope, nature and purpose of the processing is the provision of goods and/or services by the Supplier to the Customer under the Main Agreement.
1.2 Duration of the processing
The duration of the processing corresponds to the duration of the Main Agreement.
See our data protection policy here.