Engineroom+
Third party agreement
1. DEFINITIONS
Agreed Purposes –digital marketing: the agreed digital marketing services to be provided by In Control to Company Name for which the personal data is to be held as set out in the main body of this agreement and in the Data Protection Particulars Schedule attached to these Terms and Conditions.
Applicable Laws: for so long as and to the extent that they apply, the law of the European Union, the law of any member state of the European Union and/or Data Protection Legislation and any other law that applies in the UK including The Privacy and Electronic Communications (EC Directive) Regulations 2003 .
Confidential Information: all confidential or proprietary information (however recorded or preserved) relating to the Agreed Purpose that is disclosed or made available directly or indirectly, by the provider to the recipient.
Controller, data controller, processor, data processor, data subject, personal data, processing and appropriate technical and organisational measures: as set out in the Data Protection Legislation in force at the time.
Customer Materials: all documents, information, items and materials in any form, including but not limited to the Customer’s logo and letterhead, which are provided by the Customer to In Control for the Agreed Purposes of the Mailer Provision only.
Data Protection Legislation: (i) the Data Protection Act 1998, until the effective date of its repeal (ii) the General Data Protection Regulation ((EU) 2016/679) (GDPR) and any national implementing laws, regulations and secondary legislation, for so long as the GDPR is effective in the UK, and (iii) any successor legislation to the Data Protection Act 1998 and the GDPR, in particular the Data Protection Bill, once it becomes law.
The Privacy and Electronic Communications (EC Directive) Regulations 2003: as set out in this legislation in force at the time. Nothing in these Regulations shall relieve a person of his obligations under the Data Protection Act 1998 in relation to the processing of personal data.
Intellectual Property Rights: patents, utility models, rights to inventions, copyright and neighbouring and related rights, moral rights, trademarks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, rights in computer software, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.
Permitted Recipients: the parties to this letter agreement, the employees of each party and any third parties engaged to perform obligations in connection with this letter agreement.
Shared Personal Data: the personal data to be shared between the parties under clause 2.1 of these Terms and Conditions, as set out in the Data Protection Particulars Schedule attached to these Terms and Conditions.
2. DATA PROTECTION
2.1 Both parties will comply with all applicable requirements of the Data Protection Legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003. This Section 2 is in addition to, and does not relieve, remove or replace, a party’s obligations under the Data Protection Legislation.
2.2 The parties acknowledge that for the purposes of the Data Protection Legislation, the Customer is the data controller and In Control is the data processor. The Data Protection Particulars Schedule attached to these terms and conditions sets out the scope, nature and purpose of processing by In Control , the duration of the processing and the types of personal data and categories of data subject.
2.3 Without prejudice to the generality of clause 2.1, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the personal data to In Control for the duration and purposes of this letter agreement.
2.4 Without prejudice to the generality of clause 2.1, In Control shall, in relation to any personal data processed in connection with the performance by In Control of its obligations under this agreement:
(a) process that personal data only on the written instructions of the Customer unless In Control is required by Applicable Laws to otherwise process that personal data, in which case In Control shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit In Control from so notifying the Customer;
(b) ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
(c) ensure that all personnel who have access to and/or process personal data are obliged to keep the personal data confidential; and
(d) not transfer any personal data outside of the European Economic Area unless the prior written consent of the Customer has been obtained and the following conditions are fulfilled:
(i) the Customer or In Control has provided appropriate safeguards in relation to the transfer;
(ii) the data subject has enforceable rights and effective legal remedies;
(iii) In Control complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and
(iv) In Control complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data;
(e) assist the Customer in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
(f) notify the Customer without undue delay on becoming aware of a personal data breach;
(g) at the written direction of the Customer, delete or return personal data and copies thereof to the Customer on termination of the letter agreement unless required by Applicable Law to store the personal data; and
(h) maintain complete and accurate records and information to demonstrate its compliance with this paragraph 2.
2.5 The Customer consents to In Control appointing third parties as a third-party processor of personal data under this agreement. In Control confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement incorporating terms which are substantially similar to those set out in this paragraph 2. As between the Customer and In Control, In Control shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this paragraph 2.5.
3. CONFIDENTIALITY
3.1 Each party undertakes that it shall not at any time during this letter agreement, and for a period of three years after termination of this letter agreement, disclose to any person any Confidential Information of the other party or of any member of the group of companies to which the other party belongs, except as permitted by paragraphs 3.2 and 3.
3.2 Each party may disclose the other party's Confidential Information:
3.2.1 to its employees, officers, representatives or advisers who need to know such information for the purposes of exercising the party's rights or carrying out its obligations under or in connection with this letter agreement provided that such party shall procure that its employees, officers, representatives or advisers to whom it discloses the other party's Confidential Information comply with this paragraph 3; and
3.2.2 as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority.
3.3 Each party may disclose the other party’s Confidential Information if, to the extent to which either party can prove to the other’s reasonable satisfaction that the Confidential Information:
3.3.1 is, or has become, generally available to the public other than as a direct or indirect result of the information being disclosed by a party or its representatives in breach of this letter agreement;
3.3.2 was available on a non-confidential basis to a party prior to disclosure to it by the other party;
3.3.3 is developed by or for a party independently of the information disclosed by the other party; or
3.3.4 the parties agree in writing that the information is not confidential.
4. INTELLECTUAL PROPERTY RIGHTS
4.1 The Customer and its licensors shall retain ownership of all Intellectual Property Rights in the Customer Materials and the Customer grants to In Control a fully paid-up, non-exclusive, royalty-free and perpetual licence to copy, modify and use the Customer Materials for the term of this letter agreement for the Agreed Purpose. In Control may sub-license the rights granted in this clause 4.1 to its company affiliates.
4.2 The Customer shall indemnify and hold harmless In Control in full against all costs, expenses, damages and losses, including any interest, fines, legal and other professional fees and expenses awarded against or incurred, paid by, or claimed against In Control as a result of or in connection with any alleged breach of the Customer’s Intellectual Property Rights in the Customer Materials and any claim bought against In Control for actual or alleged infringement of a third party’s Intellectual Property Rights arising out of, or in connection with, the receipt and use of the Customer Materials.
4. TERM AND TERMINATION
If either party decides not to continue to be involved in the Agreed Purpose with the other party, it shall notify that party immediately.
5. THIRD PARTY RIGHTS
A person who is not a party to this letter has no rights under the Contracts (Rights of Third Parties) Act 1999 to enforce or enjoy the benefit of any term of this letter.
4. GOVERNING LAW AND JURISDICTION
4.1 This letter agreement and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the law of England and Wales.
4.2 Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with this letter agreement or its subject matter or formation.
| The subject matter and duration of the Processing | Issuing marketing materials by email to the Customer’s clients or prospective clients. The Customer has provided the names and contact details to In Control and has determined the basis of the processing including obtaining any consent as may be required.
In Controls Processing is for the duration of this letter agreement or for a lesser period to be agreed between the parties. |
| The nature and purpose of the Processing | Only for Issuing marketing materials by email to the Customer’s clients or prospective clients, as set out further in the body of this letter agreement.
Data is not to be used for any other purpose outside of this agreement |
| The type of Personal Data being Processed | Personal Data: Business name Names and addresses of living individuals Email addresses of living individuals Other contact details of living individuals Special Category Data: None Criminal Offence Data: None |
| The categories of Data Subjects | Living individual clients of the Customer Living individual business contacts of the Customer |