Terms and Conditions
Terms and Conditions - Evaluation Tools
These Terms and Conditions supersede the previous version dated (May 2019) and shall apply to your use of the Careers and Enterprise Company website /careers-leaders/tools-resources/ (鈥淪ite鈥) and commissioning of any Service with effect from 15th July 2021. Use of the Site includes accessing, browsing, or registering to use the Site.
The Site is operated, and the Applications are provided, by the Careers and Enterprise Company Limited (鈥渨e/our/us/茄子影院鈥). We are registered in England and Wales under company number 09432724 and our registered office is 120 Aldersgate St, Barbican, London, EC1A 4JQ. Any reference to 鈥測ou鈥 or 鈥測our鈥 means the school, college or other such organisation (including a multi-academy trust or local authority) that uses or has used the Site, Application(s) and/or submitted Data to us.
Please read these Terms and Conditions and the Privacy Notice听carefully before you start to use the Site or you request Service from us.
By using and/or uploading Data through the Site and/or accessing it via the Application(s), you are indicating that you accept these Terms and Conditions and that you agree to abide by them. If you do not agree with or accept any of these Terms and Conditions, you must not use our Site or provide any Data to us.
听
1. Definitions
鈥Administrator鈥澨齧eans a user authorised by you to manage Authorised User access to the Service and act as point of contact in relation to compliance of these Terms and Conditions.
鈥Application(s)鈥澨齧eans the Compass, Compass+ and Tracker applications (as applicable).
鈥Authorised User鈥澨齧eans any individual to whom you grant access authorisation to use the Service that is your employee, agent, or contractor.
鈥茄子影院 Research鈥澨齧eans research, analytics and analysis carried out by us using anonymised, pseudonymised or de-identified instances of the Data you submit which may be shared with third party organisations including funders of 茄子影院.
鈥Compass鈥 means the Compass web application accessed via the Site, as further described in the Documentation.
鈥Compass+鈥澨齧eans the Compass+ web application accessed via the Site, as further described in the Documentation.
鈥Data鈥澨齧eans any data received by us from you, including Personal Data (as defined in Schedule 1).
鈥Documentation鈥澨齧eans the description of the Service as further described on the Site.
鈥Pupil Data鈥澨齧eans Personal Data about pupils from your school or college supplied by you in connection with your use of the Service.
鈥Reports鈥澨齧eans the reports or analysis produced from time to time through the Applications.
鈥Service鈥澨齧eans (as appropriate) your access to the Site, the Applications, the Documentation and any additional advice, training or any other services that may be provided by us to you.
鈥Tracker鈥澨齧eans the Tracker web application accessed via the Site, as further described in the Documentation.
听
2.听听听听听听听听听听 Changes to these terms
2.1. We reserve the right to amend these Terms and Conditions at any time without notice to you. The latest version of these Terms and Conditions is published on the Site. If you continue to use the Service after the effective date of each amendment, you will be conclusively deemed to have accepted such amended version of these Terms and Conditions. It is your responsibility to check these Terms and Conditions from time to time to verify such variations.
听
3.听 听 听 听 听 听Reports听and Service
3.1. You agree that by providing Data to us (either by providing us with access to the Data or by using the Service to upload the Data to the Applications) you are permitting us to analyse the Data and to enable you to run Reports. You may request access to the Applications via the Site and we are only obligated to deliver the Service once your request has been accepted.
3.2. We reserve the right to update, vary or amend the format of the Reports and the Service we provide.
3.3. You shall be unable to run Reports (a) if, after making reasonable requests to you, we do not receive all required information from you, or (b) where you have breached these Terms and Conditions or, (c) in our reasonable opinion, you have not acted in good faith at any time
听
4.听听听听听听听听听听 Our Obligations
4.1. We will provide the Service:
4.1.1. in substantial conformance with the Documentation;
4.1.2. in compliance with applicable laws including without limitation as required by the Data Sharing Schedule.
听
5.听听听听听听听听听听 Your Obligations
5.1. You warrant that:
5.1.1. you will comply with all applicable laws including without limitation as required by under the Data Sharing Schedule;
5.1.2. your Administrators have the authority to bind any organisation on whose behalf any of them uses the Site to request access to the Applications;
5.1.3. you have the right to upload the Data and to grant us a right to make an anonymised, pseudonymised or de-identified copy of the same for the purpose of the 茄子影院 Research;
5.1.4. you will obtain and at all times maintain all necessary licences and consents necessary for the provision of the Service; and
5.1.5. you will comply with all our reasonable instructions regarding your use of the Service in order to preserve the security of your Data including the Reports.
5.2. The Reports and other information relating specifically to you and displayed in the Application(s) are reliant on you providing up to date and accurate Data. You are responsible for ensuring the accuracy and completeness of the Data that you provide to us as this will form the basis of the provision of the Service.
5.3. You must not:
5.3.1 make the Service available to anyone other than Authorised Users;
5.3.2 upload any Data or other content which is unsuitable, offensive, defamatory, or breaches any laws or any rights of third parties and we reserve the right to delete any Data or other content determined by us to be so and to suspend or terminate your access to and use of the Service;
5.4 You will be responsible for Authorised Users鈥 compliance with the Terms and Conditions and will use commercially reasonable efforts to prevent unauthorised access to or use of the Service and notify us promptly of any such unauthorised access or use.
5.5 Any use of the Service in breach of these Terms and Conditions by you or Authorised Users that in our judgment threatens the functionality, security, integrity or availability of the Service or any content, data or applications in the Service, may result in our immediate suspension of your use of the Service. We will use reasonable efforts to re-establish the Service promptly after determining that the issue causing the suspension has been resolved.
听
6.听听听听听听听听听听 Intellectual Property Rights
6.1. We (or our licensors) shall at all times retain ownership of all intellectual property rights in and to the Service. Nothing in these Terms and Conditions grants you any legal rights in the Service other than as necessary to enable you to access the Site and use the Applications.
6.2. We shall at all times retain ownership of all copyright and other intellectual property rights in all and any Reports and analysis generated, any deliverables relating to the Service, and any advice or training given as part of the provision of the Service and, subject to paragraph 6.3, nothing shall be deemed as a release, transfer, assignment or other disposal of our rights.
6.3. We grant you a non-exclusive, non-transferable, revocable licence to reproduce extracts of, and otherwise use the Reports (including any hardcopy and/or electronic contents) for the purposes of:
(i) analysing your Data to identify areas of strengths and weaknesses and improving standards, and
(ii) other internal purposes that relate to your use of the Service.
6.4. If you breach any provisions of this paragraph 6, we are entitled to suspend or terminate your access to the Service.
听
7.听听听听听听听听听听 Functionality
7.1. We may update the Service from time to time and may change the content or functionality at any time. However, we give no warranties, express or implied, that the (a) content of any part of the Service is accurate, complete or up to date or (b) that the functionality will remain the same or similar, and, whilst we will use our reasonable efforts to update the information on the Site we are under no obligation to do so.
7.2. We do not guarantee that the Service, any element of it or any content on it, will be free from errors or omissions.
听
8.听听听听听听听听听听 Use and access to the Service
8.1. We shall use reasonable endeavours to make the Service available to you. From time to time, it will be necessary for us to carry out maintenance in respect of the Service which may result in occasional periods of downtime. Although we will use reasonable endeavours to minimise such downtime, we make no representations or warranties to you in respect of the availability of the Service.
8.2. We do not warrant that the Service will meet your requirements or that the operation of the Service will be uninterrupted or error-free or that defects in the Service will be corrected.
听
9.听听听听听听听听听听 Your account and password
9.1. An account on the Site to make use of the Application(s) can be created by your Administrator for any Authorised User forming part of your staff or governing body through input of information including: personal details (first and last name), institution role, and email address. The Authorised User can then set their password. The correct use of accounts details, codes and passwords is an important part of the technical and organisational measures we provide to maintain the security of Data during processing by us.
9.2. You agree to notify us immediately if you have lost or compromised your account details, or if any unauthorised activity has taken place using your account details. If you know or suspect that anyone other than you knows the login or password or has otherwise been given access to the Application(s), you must immediately notify us by email or telephone using the contact details in the 'contact us' section of the Site.
9.3. We reserve the right to monitor usage of the Service by all Authorised Users (by way of audits or otherwise) for the purpose of (among others) ensuring compliance with these Terms and Conditions. We reserve the right to suspend or terminate any User鈥檚 account or your account at any time if, in our reasonable opinion, you or any User have failed to comply with any of the provisions of these Terms and Conditions or for any reason related to breach of security or breach of applicable law.
9.4. If you decide to no longer use the Service, or we choose to suspend or terminate your account in accordance with paragraph 9.3, you will no longer be able to access any part of the Service.
听
10.听听听听听听听听 Use of the Service
10.1. Nothing in these Terms and Conditions grants you any legal rights to the Service other than as necessary for your internal business and educational purposes only.
10.2. You and any Authorised Users are not permitted:
10.2.1. to use the Service on behalf of any other school, educational institution or other organisation without our prior approval;
10.2.2. except as expressly permitted by these Terms and Conditions and save to the extent and in the circumstances expressly permitted by law, to rent, lease, sub-license, loan, copy, modify, adapt, merge, translate, reverse engineer, decompile, disassemble or create derivative works based on the whole or any part of the Service (or any associated documentation of these) or use, reproduce or deal in the Service (or any part thereof of these) in any way;
10.2.3. to transfer the Service (or any associated documentation) or the benefit of these Terms and Conditions to another person unless you have our prior written agreement;
10.2.4. modify, adapt, edit, abstract, create derivative works of, sell or in any way commercially exploit any part of the Service;
10.2.5. to frame or mirror any part of the Service without our express written consent;
10.2.6. use the Service to provide outsourced services to third parties or make it available to any third party or allow or permit a third party to do so; or
10.2.7. combine, merge or otherwise permit the Service to become incorporated in any other program, or arrange or create derivative works based on it.
10.3. We do not warrant that any element of the Service will meet your requirements or that the operation of the Service will be uninterrupted or error-free or that defects in the Service will be corrected. We are not liable for any failure of the Service to provide any functions not specified in its instructions or associated documentation.
听
11. 听听听听听听听 Uploading Data
11.1. Whenever you use the Service to upload Data, you must do so in compliance with these Terms and Conditions. You may not use the Site or Applications in any way which may interfere with or prevent the proper working of the Service.
11.2. Where you upload Data or provide us access to the Data via our own or third-party integrations to your management information systems, you grant us a royalty-free, non-transferable, non-exclusive licence:
(i) for the term of our agreement to use the Data to the extent necessary to perform the Service; and
(ii) to use anonymised, psuedonymised or de-identified information extracted from the Data for 茄子影院 Research.
11.3. You warrant that any Data provided by you complies with these Terms and Conditions and will not infringe any third party鈥檚 intellectual property rights and you will be liable to us and indemnify and keep indemnified and hold us harmless against any claims, losses, costs or expenses incurred by us for any breach of this warranty.
11.4. We shall have the right to disclose your identity to any third party who is claiming that any content posted, or Data uploaded by you, through the use of the Service constitutes a violation of their intellectual property rights, or of their right to privacy.
11.5. We will not be responsible, or liable to any third party, for the content or accuracy of any content posted by you or any other user of the Service.
听
12. 听听听听听听听 Viruses
12.1. We do not guarantee that the Service will be free from errors, interruptions, bugs or viruses.
12.2. You are responsible for configuring your information technology, computer programmes and platform to access the Service. You should use your own virus protection software.
12.3. You must not misuse the Service by introducing any software viruses or other malware (including any bugs, trojans, worms, logic bombs or any other self-propagating or other such program or material which is malicious or technologically harmful) that may infect or cause damage to the Service. You must not attempt to gain unauthorised access to the Service, the server on which the Service is stored, or any server, computer or database connected to the Service. You must not attack the Service via a denial-of-service attack or a distributed denial-of service attack. By breaching this provision, you would commit a criminal offence under the Computer Misuse Act 1990. We will report any such breach to the relevant law enforcement authorities, and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use the Service will cease immediately.
12.4. We will not be liable for any loss or damage caused by a distributed denial-of-service attack, viruses or other technologically harmful material that may infect your computer equipment, computer programs, Data or other proprietary material due to your use of the Service or to your downloading of any material posted on it, or on any website linked to it.
听
13. 听听听听听听听 Linking to the Site
13.1. You may link to our Site, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it.
13.2. You must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part where none exists.
13.3. You must not establish a link to the Site in any website that is not owned by you, nor may you create a link to any part of the Site other than the home page.
13.4. We reserve the right to withdraw linking permission without notice.
听
14.听听听听听听听听 Third Party Links
14.1. Where our Site contains links to other sites and resources provided by third parties, these links are provided for your information only. We have no control over the contents of those sites or resources, and such sites and resources are subject to their own terms and conditions, privacy policies or other terms of use set out on such sites.
听
15.听听听听听听听听 Term
15.1. These Terms and Conditions are effective until:
15.1.1. you notify us in writing that you no longer wish to use the Service;
15.1.2. we terminate your account where you have materially failed to abide by these Terms and Conditions (where such failure is not remediable or has not been remedied within 14 days of written notice from us of such failure); or
15.1.3. we withdraw the Service from use.
15.2. Termination of these Terms and Conditions is without prejudice to any rights and remedies which may have accrued up to the date of termination.
15.3. Upon termination or expiry, your right to access any part of the Service shall terminate immediately. We will delete any Data uploaded via the Service in accordance with Schedule 1. For the avoidance of doubt, anonymized, pseudonymised or de-identified data used in the course of 茄子影院 Research, which does not include any Personal Data, may continue to be used after the date of termination.
听
16.听听听听听听听听 Limitation of Our Liability
16.1. Nothing in these Terms and Conditions excludes or limits our liability for death or personal injury arising from our negligence, or our fraud or fraudulent misrepresentation, or any other liability that cannot be excluded or limited by English law.
16.2. To the extent permitted by law, we exclude all conditions, warranties, representations or other terms which may apply to the Service, whether express or implied.
16.3. We will not be liable for any:
16.3.1 loss of profits, sales, business, or revenue;
16.3.2 loss of business interruption or anticipated savings;
16.3.3 loss of business opportunity, goodwill or reputation;
16.3.4 loss or corruption of data; or
16.3.5 indirect or consequential loss or damage.
16.4 Subject to clauses 16.1 and 16.3 in no event shall our liability exceed 拢50,000 in respect of all claims in any 12 month period.
听
17.听听听听听听听听 Entire Agreement
17.1. These Terms and Conditions (including the Schedule and the documents referred to herein) constitute the entire agreement between you and us in relation to their subject matter. You acknowledge that you have not relied on any statement, representation or promise made or given by or on behalf of us which is not set out in these Terms and Conditions or any document referred to within them.
17.2. These Terms and Conditions apply to the exclusion of any other terms and conditions that you may seek to impose or incorporate, or which are implied by trade, custom, practice or course of dealing.
听
18.听听听听听听听听 Waiver of Remedies
18.1. The failure of either party to insist upon strict performance of any provision of these Terms and Conditions or exercise any right or remedy to which it is entitled under these Terms and Conditions shall not constitute a waiver thereof and will not prejudice or restrict the rights of that party and no waiver of any such rights or of any breach of any contractual terms will be deemed to be a waiver of any other right or of any later breach.
听
19.听听听听听听听听 Applicable Law
19.1. These Terms and Conditions (and any non-contractual obligations arising out of or in connection with them) shall be governed by and construed in accordance with English law and each party agrees to submit to the exclusive jurisdiction of the courts of England and Wales.
听
20.听听听听听听听听 Events Outside Our Control
20.1. We will not be liable or responsible for any failure to perform, or delay in performance of, any of our obligations under these Terms and Conditions that is caused by an Event Outside Our Control. An 鈥淓vent Outside Our Control鈥 is defined below in clause 20.2.
20.2. An 鈥淓vent Outside Our Control鈥 means any act or event beyond our reasonable control, including without limitation strikes, lock-outs or other industrial action by third parties, civil commotion, riot, invasion, terrorist attack or threat of terrorist attack, war (whether declared or not) or threat or preparation for war, fire, explosion, storm, flood, earthquake, subsidence, epidemic or other natural disaster, or failure of public or private telecommunications networks.
20.3. If an Event Outside Our Control takes place that affects the performance of our obligations under these Terms and Conditions:
20.3.1 we will contact you as soon as reasonably possible to notify you; and
20.3.2 our obligations under these Terms and Conditions will be suspended and the time for performance of our obligations will be extended for the duration of the Event Outside Our Control. Where the Event Outside Our Control affects our delivery of Service to you, we will arrange a new delivery date with you after the Event Outside Our Control is over.
听
21.听听听听听听听听 Rights of Third Parties
21.1. Except where specifically provided for, a person who is not a party to these Terms and Conditions has no right under the Contracts (Rights of Third Parties) Act 1999 to enforce any of the Terms and Conditions, but this does not affect any right or remedy of a third party which exists or is available otherwise than pursuant to that Act.
听
22.听听听听听听听听 Anti-bribery
22.1. For the purposes of this clause 22 the expressions 鈥渁dequate procedures鈥 and 鈥渁ssociated with鈥 shall be construed in accordance with the Bribery Laws. 鈥淏ribery Laws鈥 means the Bribery Act 2010 and associated guidance published by the Secretary of State for Justice under the Bribery Act 2010.
22.2. Each of us and you shall comply with applicable Bribery Laws including ensuring that each party has in place adequate procedures to prevent bribery and use all reasonable endeavours to ensure that:
22.2.1 all of that party鈥檚 personnel;
22.2.2 all others associated with that party; and
22.2.3 all of that party鈥檚 subcontractors; involved in the performance of these Terms and Conditions so comply.
22.3. Without limitation to clause 22.2, neither we nor you shall make or receive any bribe (as defined in the Bribery Act 2010) or other improper payment or allow any such to be made or received on our or your behalf, either in the United Kingdom or elsewhere, and shall implement and maintain adequate procedures to ensure that such bribes or payments are not made or received directly or indirectly on our or your behalf.
22.4. We or you shall immediately notify the other party upon becoming aware of a breach of any of the requirements in this clause 22.
听
23.听听听听听听听听 Freedom of Information
23.1. We agree to provide you all necessary assistance as reasonably requested by you to enable you to respond to a request for information under the Freedom of Information Act 2000 (鈥淔OIA鈥).
23.2. You shall, before responding to any request for information pursuant to FOIA, notify us, and we shall both agree whether any information designated by us as commercially sensitive information and/or any other information is exempt from disclosure in accordance with the provisions of FOIA and act accordingly.
听
24.听听听听听听听听 General
24.1. We may transfer our rights and obligations under these Terms and Conditions to another organisation, but this will not affect your rights or our obligations under these Terms and Conditions. We will always notify you in writing or by posting on the Site if this happens.
24.2. You may only transfer your rights or your obligations under these Terms and Conditions to another person if we agree in writing.
24.3. Each of the clauses of these Terms and Conditions operates separately. If any court or relevant authority decides that any of them are unlawful or unenforceable, the remaining clauses will remain in full force and effect.
Updated July 2021
听
Schedule 1 - Data Sharing Schedule
1.听听听听听听听听听听Definitions
In this Schedule the following terms shall have the meanings set out below:
1.1听鈥Contact Point鈥澨齧eans the person designated as the first contact points for third parties in relation to Data Subject Access Requests and Communications and any other matter relating to the Shared Personal Data. Each party鈥檚 respective Contact Point shall have overall internal responsibility within their respective party for appropriately addressing and responding to Data Subject Requests and Communications within the scope of that party鈥檚 obligations under this Schedule.
1.2听鈥Communications鈥澨齧eans a complaint, enquiry, notice, request or other communication (but excluding any Data Subject Access Requests) relating to either party鈥檚 obligations under any Data Protection Laws in connection with this Schedule and/or the Processing of any of the Shared Personal Data, including any compensation claim from a Data Subject or any notice, investigation or other action from a Data Protection Supervisory Authority relating to any of the foregoing.
1.3听鈥Data Protection Laws鈥澨齭hall mean:
1.3.1听the Data Protection Act 2018;
1.3.2听the General Data Protection Regulation ((EU) 2016/679) (GDPR), as it forms part of domestic law in the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018 (including as further amended or modified by the laws of the United Kingdom or of a part of the United Kingdom from time to time);
1.3.3听the Privacy and Electronic Communications (EC Directive) Regulations 2003; and
1.3.4 all applicable laws and regulations relating to processing of Personal Data and privacy, including where applicable the guidance and codes of practice issued by the Data Protection Supervisory Authority including any amending or replacement legislation in force from time to time.
1.4听Data Controller, Data Processor, Data Subject, Data Subject Access Request, Data Protection Impact Assessment (or DPIA), Data Protection Supervisory Authority, Personal Data, Sensitive or Special Category Data, Personal Data Breach, Profiling, Processor or processing听and听appropriate technical and organisational measures听shall have the meanings given to them in the Data Protection Laws.
1.5听鈥Disclosing Party鈥澨齧eans each party听to the extent it (or any person acting on its behalf) discloses or otherwise makes accessible any Shared Personal Data听to the other party听(or any person acting on the other party鈥檚 behalf);
1.6听鈥Lawful Safeguard鈥澨齧eans such legally enforceable mechanism(s) for transfers of Personal Data听as may be permitted under Data听Protection Laws from time to time;
1.7听鈥Permitted Lawful Basis鈥澨齧eans the permitted lawful basis described in the DPIA developed in accordance with paragraph 11 below;
1.8听鈥Permitted Purpose鈥澨齧eans the purposes of using Personal Data to enable:
1.8.1 茄子影院 to provide the Service and to Process Personal Data as a joint controller;
1.8.2 For the school to use the Service and Process Data also as a joint controller;
1.8.3 for the purpose of helping the school and its careers leaders to improve careers support provision to the school and its individual students, including to:
produce Reports in accordance with these Terms and Conditions;
organise, facilitate or request provision of careers services by or on behalf third parties;
produce anonymised, pseudonymised or de-identified information for the purposes of carrying out 茄子影院 Research; and
help schools鈥 careers leaders to plan, review, and improve careers provision at school and student levels.
1.9听鈥Permitted Recipients鈥澨齧eans the following who need access to the Received Personal Data for the Permitted Purpose:
1.9.1 the relevant Receiving Party鈥檚 employees; and
1.9.2 the relevant Receiving Party鈥檚 contractors and sub-contractors鈥 (together with their employees);
1.10听鈥Received Personal Data鈥澨齧eans Shared Personal Data in respect of which the relevant party is the Receiving Party;
1.11听鈥Receiving Party鈥澨齧eans each party听to the extent it (or any person acting on its behalf) receives or accesses any Shared Personal Data听disclosed or made available by the other party听(or any person acting on the other party鈥檚 behalf);
1.12听鈥Shared Personal Data鈥澨齧eans Personal Data received by or on behalf of one party from or on behalf of the other party, or otherwise made available by one party to the other for the Permitted Purpose;
1.13 鈥Sub Processor鈥 means a Processor engaged by one party or by any other Sub-Processor for carrying out processing activities in respect of the Personal Data on behalf of that party; and
1.14听鈥UK Law鈥澨齧eans applicable law of the United Kingdom or of a part of the United Kingdom.鈥
2.听听听听听听听听听听Status of this Schedule
2.1 Each party shall be a Joint Controller of the Shared Personal Data. If the parties share the Shared Personal Data, it shall be shared and managed in accordance with the terms of this Schedule.
2.2 For the purposes of this Schedule, we both acknowledge and agree that in any, and all circumstances, and in respect of all Pupil Data only, you shall be the Disclosing Party and we shall be the Receiving Party.
3.听听听听听听听听听听Compliance with Data Protection Laws
3.1 This Schedule allocates certain rights and responsibilities among the parties听as enforceable contractual obligations between themselves, however nothing in this Schedule is intended to limit or exclude either party鈥檚 responsibilities or liabilities under Data Protection Laws.
3.2 We each agree to comply with the Data Protection Laws in connection with the exercise and performance of our respective rights and obligations under these Terms and Conditions.
4.听听听听听听听听听听Agreed basis for sharing
4.1 We each have determined that it is necessary to share the Shared Personal Data in order to achieve the Permitted Purpose.
4.2 You听agree to share with us in the format instructed by us from time to time (acting reasonably) the Shared Personal Data.
5.听听听听听听听听听听General Obligations
5.1 We each agree that in respect of the Shared Personal Data, the Disclosing Party:
5.1.1 warrants that the Shared Personal Data is Processed on the basis of one or more of the legal grounds set out in Article 6 and where applicable Article 9 of the GDPR or as otherwise provided for in the Data Protection Laws;
5.1.2 warrants that it has provided all necessary fair processing notices to all Data Subjects as legally required that are clear and that comply with the Data Protection Laws, in relation to the Processing for the Permitted Purpose and to enable the sharing of the Shared Personal Data, including with the third parties listed in the Terms and Conditions;
5.1.3 shall ensure that the Shared Personal Data听has been collected, Processed听and transferred in accordance with the Data Protection Laws听as applicable to that data at all times prior to the receipt of that data by the Receiving Party听(or any person acting on its behalf);
5.1.4 is, as between the parties and subject to paragraphs 5.2 and 8.1, the primary point of contact for Data Subjects;
5.1.5 subject to paragraphs 5.2 and 8.1, shall direct Data Subjects to its Contact Point in connection with the exercise of their rights as Data Subjects and for any enquiries concerning the Shared Personal Data and identify its Contact Point in all information referred to in paragraphs 5.1.10 and 5.1.11 as the Contact Point for all Data Subject Requests or other Communications from Data Subjects regarding the sharing or other Processing of such Shared Personal Data;
5.1.6 shall ensure that the Shared Personal Data has been collected, Processed and transferred in accordance with the Data Protection Laws as applicable to that data at all times prior to the receipt of that data by the Receiving Party (or any person acting on its behalf);
5.1.7 shall ensure the Shared Personal Data is accurate and up-to-date when disclosed or made accessible to the relevant Receiving Party and shall promptly notify the Receiving Party if such Shared Personal Data becomes inaccurate or out of date;
5.1.8 is solely responsible for both parties鈥 compliance with all duties to provide information to Data Subjects under Articles 5(1)(a), 13 and 14 of the GDPR or any similar Data Protection Laws, including as required for all Processing of Shared Personal Data by or on behalf of the Receiving Party for the Permitted Purpose on the Permitted Lawful Basis in accordance with these Terms and Conditions;
5.1.9 without prejudice to its other obligations, shall ensure that it is entitled to transfer the Shared Personal Data to the Receiving Party and that the Receiving Party (and each of the Receiving Party鈥檚 Permitted Recipients) is entitled under all applicable laws and legal theories to Process the Shared Personal Data for the Permitted Purpose in accordance with these Terms and Conditions;
5.1.10 is solely responsible for ensuring that where the Shared Personal Data was received by the Disclosing Party from a third party, or has been Processed by a third party on behalf of the Disclosing Party, it has in place arrangements with those third parties:
as required by all Data Protection Laws (including, where applicable, Articles 26, 28 and 32 of the GDPR);
which are adequate to permit the Disclosing Party to share the Shared Personal Data with the Receiving Party (and its Permitted Recipients) under all Data Protection Laws; and
as required for the Receiving Party (and its Permitted Recipients) to Process such data in accordance with these Terms and Conditions.
5.1.11 shall make available to Data Subjects the essence of this Schedule (and notify them of any changes to it).
5.2 Notwithstanding the terms of this Schedule, the parties acknowledge that a Data Subject has the right to exercise their legal rights under the Data Protection Laws against any relevant party as Controller.
5.3听Each party shall use its reasonable endeavours to assist the other to comply with any obligations under all Data Protection Laws in connection with these Terms and Conditions and shall not perform its obligations under this Schedule in such a way as to cause the other party to breach any of the other party鈥檚 obligations under applicable Data Protection Laws to the extent it is aware, or ought reasonably to have been aware, that the same would be a breach of such obligations.
6.听 听 听 听 听 Technical and organisation measures
6.1 Both parties shall at all times:
6.1.1 put in place and maintain appropriate technical and organisational measures as required by Data Protection Laws;
6.1.2 implement and maintain appropriate technical and organisational measures to protect the Shared Personal Data in its possession or control against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access, taking into account:
the nature of the data to be protected;
the harm that might result from any failure to so protect the Received Personal Data;
the state of technological development; and
the cost of implementing any measures;
and will take such technical and organisational measures as may be appropriate (including using modern and best practice encryption technologies such as Secure Socket Layers 听(SSL/TLS) for encrypted data transfer and encryption of all data at rest), and promptly provide such information to Receiving Party as it may reasonably require, to enable both parties to protect the Received Personal Data in its possession or control against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access.
7.听 听 听 听 听 International Transfers
7.1 Subject to paragraph 7.2, the Receiving Party will not transfer Received Personal Data to any country or territory outside the United Kingdom or to any international organisation (as defined in the GDPR), except to the extent required by UK Law听or with the Disclosing Party鈥檚 express prior written consent. For the purposes of this paragraph 7 鈥榯ransfer鈥 bears the same meaning as the word 鈥榯ransfer鈥 in Article 44 of the GDPR.
7.2 You hereby authorise us (or any Sub-Processor) to transfer Shared Personal Data, provided all transfers of Shared Personal Data by us shall be affected by way of the Lawful Safeguards.
8.听听听听听听听听听听Data Subject Access requests
8.1听Except for any Shared Personal Data identified in a relevant DPIA as being Shared Personal Data that we are responsible for collecting, processing, sharing and storing, you shall be responsible for Communication or complying with all Data Subject Requests.
8.2 If either party听receives a Communication听relating to the Shared Personal Data听Processed听by (or on behalf of) the other party,听it shall to the extent lawful under UK Law:
8.2.1 promptly (and in any event within two听days of receipt) notify the Contact Point at听the other party; and
8.2.2 consult with the other party听in advance of giving any response, to the extent reasonably practicable.
8.3 Without prejudice to paragraph 8.1, if a party receives a Data Subject Request it believes relates to Processing of Shared Personal Data, it shall promptly (and in any event within two days of receipt) notify the other party鈥檚 Contact Point and provide them with full details (to the extent lawful under UK Law).
8.4 Each party听shall use all reasonable endeavours to provide the other party听with full and prompt co-operation and assistance in relation to any Data Subject Request听or Communication听made to enable the other party听to comply with the relevant timescales set out in Data Protection Laws听and to find an efficient, timely and amicable solution to any issues arising out of any Data Subject Request听or Communication. Without prejudice to the generality of the foregoing, the other party听shall respond to any request for co-operation or assistance under this paragraph 8.4 within five days.
9.听听听听听听听听听听Third party Processing
9.1 Each party undertakes not to disclose or transfer Received Personal Data in respect of which it is the Receiving Party to any third party other than to a Permitted Recipient where necessary for the Permitted Purpose. Each party transferring or disclosing Received Personal Data in respect of which it is the Receiving Party shall ensure it is transferred and disclosed subject to equivalent and legally binding obligations which are no less onerous than those applicable to the Receiving Party under this Schedule. This paragraph 9.1 is without prejudice to any disclosure or transfer required by UK Law.
9.2 In respect of any Processing of Received Personal Data performed by a Processor on behalf of a Receiving Party, that Receiving Party shall:
9.2.1 carry out adequate due diligence on such Processor to ensure that it is capable of providing the level of protection for the Received Personal Data as is required by these Terms and Conditions and Data Protection Laws; and
9.2.2 ensure that suitable written agreements are at all times in place with each Processor as required under all Data Protection Laws (including Articles 28 and 32 of the GDPR).
9.3 The relevant Receiving Party shall be liable to the Disclosing Party for all acts and omissions of each of its Permitted Recipients in connection with Received Personal Data. Each obligation in this Schedule on a party to do, or refrain from doing, anything shall include an obligation on that party to ensure all its Permitted Recipients do, or refrain from doing, such thing
10.听听听听听听听听听听Personal Data Breaches
10.1 Each party听shall promptly (and in any event within听24听hours) notify the Disclosing Party听if it suspects or becomes aware of any actual or threatened occurrence of any Personal Data Breach听in respect of any Received Personal Data听which it (or any person acting on its behalf) Processes听as Receiving Party. In such circumstances, the relevant Receiving Party听shall promptly provide (to the extent permitted by UK Law):
10.1.1 sufficient information as the Disclosing Party听(or its advisors) reasonably require to meet any obligations to report a Personal Data Breach听under Data Protection Laws听(in a timescale which facilitates such compliance);
10.1.2 the Data Protection Supervisory Authorities听investigating the Personal Data Breach听with complete information as requested by those Data Protection Supervisory Authorities听from time to time;
10.1.3 all reasonable assistance the Disclosing Party听(or its advisors) requires, including:
11.听听听听听听听听听听Data protection impact assessments
11.1 The parties have completed a Data Protection Impact Assessment in respect of the planned sharing of the Shared Personal Data under these Terms and Conditions which identifies the:
11.1.1 subject matter of the Shared Personal Data;
11.1.2 type of Personal Data to be shared;
11.1.3 categories of Data Subjects;
11.1.4 the retention period to be applied to the Personal Data; and
11.1.5 the Permitted Lawful Basis.
and have agreed that this Schedule will assist with mitigating certain risks that have been identified.
11.2 Where a party听considers that:
11.2.1 a Data Protection Impact Assessment is necessary for compliance with Data Protection Law; or
11.2.2 the risks identified by a previous Data Protection Impact Assessment may have changed in respect of the sharing or other Processing听activities conducted under or in connection with these Terms and Conditions,听the other party听shall provide such reasonable assistance as that party听may听reasonably听require.
11.3 The assistance referred to in paragraph 11.2 may include:
11.3.1 a systematic description of the envisaged Processing听operations and Permitted Purpose听of the Processing听of the Shared Personal Data;
11.3.2 an assessment of the necessity and proportionality of the Processing听operations;
11.3.3 an assessment of the risks to the rights and freedoms of Data Subjects;
11.3.4 the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of the Shared Personal Data; and
11.3.5 any prior consultation with the relevant Data Protection Supervisory Authority听which may be necessary.
12.听听听听听听听听听听Records
Each party听shall maintain complete, accurate and up to date written records of all of its Processing听of the Shared Personal Data听and as necessary to demonstrate its compliance with this Schedule and all Data Protection Laws.
13.听听听听听听听听听听Audits
13.1 Each party听shall (and shall ensure all its Permitted Recipients听shall)听promptly:
13.1.1 make available to the other party听such information as is听reasonably听required to demonstrate that party鈥檚 compliance with its obligations under this Schedule;听and
13.1.2 not more than once in any 12 month period,听upon reasonable prior听notice allow for, permit and contribute to audits, including inspections, by the other party听(or another auditor mandated by the other party) during normal business hours to the extent necessary to verify the audited party鈥檚 compliance with its obligations under this Schedule.
13.2 Each party听shall allow the other to exercise its rights at paragraph 13.1 in the period up to three years after the termination or expiry of these Terms and Conditions.
13.3 When conducting audits and inspections, the relevant party conducting the audit or inspection shall comply with the other party鈥檚 reasonable directions in order to minimise disruption to the other party鈥檚 business and to safeguard the confidentiality of the other party鈥檚 Confidential Information. The party subject to the audit or inspection may require any third parties conducting such audit or inspection to enter into direct confidentiality undertakings with it.
14.听 听 听 听 听 Retention
14.1 Subject to paragraph 14.2 and except as required by UK Law, each party听shall retain the Received Personal Data听in accordance with the retention periods identified for the specific element of the Shared Personal Data听in accordance with paragraph 11.1 (DPIA) of this Schedule.
14.2 Except as required by UK Law, the parties听shall, to the extent they are Receiving Party:
14.2.1 subject to paragraphs 14.2.2 to 14.2.3听(inclusive), Process听all Received Personal Data听for no longer than such Processing听is necessary for the Permitted Purpose听and compliant with this Schedule and all Data Protection Laws;
14.2.2 cease to Process听all Received Personal Data听on the earlier of termination or expiry of this Agreement; and
14.2.3 immediately, confidentially and securely destroy or dispose of all Received Personal Data (and all copies) in its possession or control that can no longer be Processed in accordance with this Schedule.