suppliers GDPR

General Data Protection Regulation

New Obligations

This Agreement is made between besley & copp ltd (“the Customer”) and you and/or your affiliates, including subsidiaries (“You”) for the services and/or products you supply to the Customer in order to reflect the parties’ obligations in respect of the processing of personal data.

The parties hereby agree that the terms and conditions set out below shall be complied with in respect of the processing of Personal Data.

You and the Customer will be subject to the terms below with effect from the 25th May 2018:

1. You and the Customer will comply with the EU General Data Protection Regulation (GDPR) and any associated national data protection legislation applicable to any personal data processed in connection with the products and/or services we receive from you.
2. Where you process personal data which you have obtained from the Customer in relation to the products and/or services you provide to us, as our Processor:

(I) You will confirm the subject matter, nature, purpose and duration of your personal data processing;

(II) You will take appropriate measures to ensure the security of the processing of personal data.

(III) You will only process the Personal Data which the Customer has supplied to you in the manner in which you were instructed by the Customer as Controller or Processor, unless required by law to act without such instruction.

(IV) You will comply with the requirements of a ‘Processor’ under Article 28 of the GDPR.

(V) You may only appoint a sub-processor with the Customer’s prior written consent and a written contract.

(VI) At any time, you will make available to the Customer, information on your processing of the personal data supplied to you by the Customer.

(VII) You will ensure that the people processing the personal data are subject to a duty of confidence.

(VIII) Where necessary, you will assist the Customer in providing subject access and allowing data subjects to exercise their rights under the GDPR.

(IX) If applicable you will assist the Customer in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments.

(X) You will delete or return all personal data to the Customer, as requested, when the period during which you are a supplier to the Customer comes to an end; and

(XI) You will provide the Customer with whatever information we require to ensure we are both meeting our Article 28 obligations, and you will tell us immediately if you are asked to do something infringing the GDPR or other data protection law of the EU or a member state.

(XII) Nothing within this Agreement relieves you as the processor of your own direct responsibilities and liabilities under the GDPR.

3. Where we process personal data that we have obtained from you in relation to the products and/or services you provide to us, as your Processor:

(I) We will confirm the subject matter, nature, purpose and duration of our personal data processing within our Privacy Notice

(II) We will take appropriate measures to ensure the security of the processing of the personal data.

(III) We will only process the Personal Data which you have supplied to the Customer in the manner in which you instructed, unless we are required by law to act without such instruction.

(IV) We will comply with the requirements of a ‘Processor’ under Article 28 (3)(a) to 28 (3)(h) of the GDPR.

(V) We may only appoint a sub-processor with your prior written consent and a written contract.

(VI) At any time, we will make available to you, information on our processing of personal data you supply to the Customer.

(VII) We will ensure that the people processing the personal data are subject to a duty of confidence.

(VIII) Where necessary, we will assist you in providing subject access and allowing data subjects to exercise their rights under the GDPR.

(IX) If applicable the Customer will assist you in meeting your GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments.

(X) We will delete or return all personal data to you as requested when the period during which you are a supplier to the Customer comes to an end; and

(XI) We will provide you with the information you require to ensure we are both meeting our Article 28 obligations, and will tell you immediately if we are asked to do something infringing the GDPR or other data protection law of the EU or a member state.

(XII) Nothing within this Agreement relieves us as the processor of our own direct responsibilities and liabilities under the GDPR.

By continuing to use the site, you agree to the use of cookies. more information

Like many other websites, besley & copp uses ‘Cookies’. These are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. When you use our websites, you are agreeing to permit cookies. For more information on how to switch off cookies on your computer please refer to the help pages of your preferred web browser. Turning cookies of may result in a loss of functionality when using our website.

Close

besleyandcopp Rated 5 / 5 based on 17 reviews. | Review Me