Customer Sign Up

RISC IT SOLUTIONS LTD STANDARD SERVICE TERMS OF BUSINESS

BACKGROUND:

Risc IT Solutions Ltd (the “Service Provider”) provides IT solutions and services to business clients. The Service Provider has reasonable skill, knowledge and experience in that field. These Terms and Conditions shall apply to the provision of services by the Service Provider to its clients.

1. Definitions and Interpretation
1.1 In these Terms and Conditions, unless the context otherwise requires, the following expressions have the following meanings:

“Agreement” means the agreement entered into by the Service Provider and the Client incorporating these Terms and Conditions (or variation thereof agreed upon by both Parties) which shall govern provision of the Services;
“Business Day” means, any day (other than Saturday or Sunday) on which ordinary banks are open for their full range of normal business in United Kingdom;
“Client” means the party procuring the Services from the Service Provider who shall be identified in the Agreement;
“Commencement Date” means the date on which provision of the Services will commence, as defined in the Agreement;
“Confidential Information” means, in relation to either Party, information which is disclosed to that Party by the other Party pursuant to or in connection with the Agreement (whether orally or in writing or any other medium, and whether or not the information is expressly stated to be confidential or marked as such);
“Data Protection Legislation” means 1) unless and until EU Regulation 2016/679 General Data Protection Regulation (“GDPR”) is no longer directly applicable in the UK, the GDPR and any national implementing laws, regulations, and secondary legislation (as amended from time to time), in the UK and subsequently 2) any legislation which succeeds the GDPR;
“Fees” means any and all sums due under the Agreement from the Client to the Service Provider, as specified in the Agreement;
“Services” means the services to be provided by the Service Provider to the Client in accordance with Clause 2 of the Agreement, as fully defined in the Agreement, and subject to the terms and conditions of the Agreement; and
“Term” means the term of the Agreement as defined therein.

1.2 Unless the context otherwise requires, each reference in these Terms and Conditions to:
1.2.1 “writing”, and any cognate expression, includes a reference to any communication effected by electronic or facsimile transmission or similar means;
1.2.2 a statute or a provision of a statute is a reference to that statute or provision as amended or re-enacted at the relevant time;
1.2.3 “these Terms and Conditions” is a reference to these Terms and Conditions as amended or supplemented at the relevant time;
1.2.4 a Clause or paragraph is a reference to a Clause of these Terms and Conditions or to a Clause of the Agreement, as appropriate; and
1.2.5 a “Party” or the “Parties” refer to the parties to the Agreement.
1.3 The headings used in these Terms and Conditions are for convenience only and shall have no effect upon the interpretation of these Terms and Conditions.
1.4 Words imparting the singular number shall include the plural and vice versa.
1.5 References to any gender shall include the other gender.
1.6 References to persons shall include corporations.

2. Provision of the Services
   2.1 With effect from the Commencement Date, the Service Provider shall, throughout the Term of the Agreement, provide the Services to the Client.
   2.2 The Service Provider shall provide the Services with reasonable skill and care.
   2.3 The Service Provider shall act in accordance with all reasonable instructions given to it by the Client provided such instructions are compatible with the specification of Services provided in the Agreement.
   2.4 The Service Provider shall be responsible for ensuring that it complies with all statutes, regulations, byelaws, standards, codes of conduct and any other rules relevant to the provision of the Services.
   2.5 The Service Provider may, in relation to certain specified matters related to the Services, act on the Client’s behalf. Such matters shall not be set out in the Agreement but shall be agreed between the Parties as they arise from time to time.
   2.6 The Service Provider shall use all reasonable endeavours to accommodate any reasonable changes in the Services that may be requested by the Client, subject to the Client’s acceptance of any related reasonable changes to the Fees that may be due as a result of such changes.
3. Client’s Obligations
   3.1 The Client shall use all reasonable endeavours to provide all pertinent information to the Service Provider that is necessary for the Service Provider’s provision of the Services.
   3.2 The Client may, from time to time, issue reasonable instructions to the Service Provider in relation to the Service Provider’s provision of the Services. Any such instructions should be compatible with the specification of the Services provided in in the Agreement.
   3.3 In the event that the Service Provider requires the decision, approval, consent or any other communication from the Client in order to continue with the provision of the Services or any part thereof at any time, the Client shall provide the same in a reasonable and timely manner.
   3.4 If any consents, licences or other permissions are needed from any third parties such as landlords, planning authorities, local authorities or similar, it shall be the Client’s responsibility to obtain the same in advance of the provision of the Services (or the relevant part thereof).
   3.5 If the nature of the Services requires that the Service Provider has access to the Client’s home or any other location, access to which is lawfully controlled by the Client, the Client shall ensure that the Service Provider has access to the same at the times to be agreed between the Service Provider and the Client as required.
   3.6 Any delay in the provision of the Services resulting from the Client’s failure or delay in complying with any of the provisions of Clause 3 of the Agreement shall not be the responsibility or fault of the Service Provider.
4. Fees, Payment and Records
   4.1 The Client shall pay the Fees to the Service Provider in accordance with the provisions of the Agreement.
   4.2 The Service Provider shall invoice the Client for Fees due in accordance with the provisions of the Agreement.
   4.3 All payments required to be made pursuant to the Agreement by either Party shall be made by Direct Debit, or if a Direct Debit mandate is not in place, then payment must be made by Bank Transfer within agreed terms of receipt by that Party of the relevant invoice. Payments made where a Direct Debit mandate is not in place will be subject to an administration charge of £10 unless otherwise agreed in writing. Should a Direct Debit payment fail it will be retried and be subject to an administration charge of £10. This charge will be applied on each failure.
   4.4 All payments required to be made pursuant to the Agreement by either Party shall be made in GBP in cleared funds to such bank in United Kingdom as the receiving Party may from time to time nominate, without any set-off, withholding or deduction except such amount (if any) of tax as that Party is required to deduct or withhold by law.
   4.5 Where any payment pursuant to the Agreement is required to be made on a day that is not a Business Day, it may be made on the next following Business Day.
   4.6 Without prejudice to sub-Clause 9.4.1 of the Agreement, any sums which remain unpaid following the expiry of the period set out in sub-Clause 4.3 of the Agreement shall incur late payment charges as follows:

£40 per invoice of values of or below £999.99
£70 per invoice of values between £1,000 – £9,999.99
£100 per invoice of values over £10,000
Interest charged daily at 8% above Base Rate

All charges become actionable on credit terms +1 (e.g 31 days) and delinquent accounts may result in service suspension until payment is made in full of any such outstanding sums.
4.7 Each Party shall:
4.7.1 keep, or procure that there are kept, such records and books of account as are necessary to enable the amount of any sums payable pursuant to the Agreement to be accurately calculated;
4.7.2 at the reasonable request of the other Party, allow that Party or its agent to inspect those records and books of account and, to the extent that they relate to the calculation of those sums, to take copies of them.

5. Liability, Indemnity and Insurance
   5.1 The Service Provider shall ensure that it has in place at all times suitable and valid insurance that shall include public liability insurance.
   5.2 In the event that the Service Provider fails to perform the Services with reasonable care and skill it shall carry out any and all necessary remedial action at no additional cost to the Client.
   5.3 The Service Provider’s total liability for any loss or damage caused as a result of its negligence or breach of the Agreement shall be limited to £1,000,000.
   5.4 The Service Provider shall not be liable for any loss or damage suffered by the Client that results from the Client’s failure to follow any instructions given by the Service Provider.
   5.5 Nothing in these Terms and Conditions nor in the Agreement shall limit or exclude the Service Provider’s liability for death or personal injury.
   5.6 Subject to sub-Clause 5.3 of the Agreement the Service Provider shall indemnify the Client against any costs, liability, damages, loss, claims or proceedings arising out of the Service Provider’s breach of the Agreement.
   5.7 The Client shall indemnify the Service Provider against any costs, liability, damages, loss, claims or proceedings arising from loss or damage to any equipment (including that belonging to any third parties appointed by the Service Provider) caused by the Client or its agents or employees.
   5.8 Neither Party shall be liable to the other or be deemed to be in breach of the Agreement by reason of any delay in performing, or any failure to perform, any of that Party’s obligations if the delay or failure is due to any cause beyond that Party’s reasonable control.
6. Guarantee
   6.1 The Service Provider shall guarantee that the product of all Services provided will be free from any and all defects for a period that shall be defined in the Agreement.
   6.2 If any defects in the product of the Services appear during the guarantee period set out in the Agreement the Service Provider shall rectify any and all such defects at no cost to the Client.
7. Confidentiality
   7.1 Each Party undertakes that, except as provided by sub-Clause 7.2 of the Agreement or as authorised in writing by the other Party, it shall, at all times during the continuance of the Agreement:
   7.1.1 keep confidential all Confidential Information;
   7.1.2 not disclose any Confidential Information to any other party;
   7.1.3 not use any Confidential Information for any purpose other than as contemplated by and subject to the terms of the Agreement;
   7.1.4 not make any copies of, record in any way or part with possession of any Confidential Information; and
   7.1.5 ensure that none of its directors, officers, employees, agents, sub-contractors or advisers does any act which, if done by that Party, would be a breach of the provisions of sub-Clauses 7.1.1 to 7.1.4 of the Agreement.
   7.2 Either Party may:
   7.2.1 disclose any Confidential Information to:
   7.2.1.1 any sub-contractor or supplier of that Party;
   7.2.1.2 any governmental or other authority or regulatory body; or
   7.2.1.3 any employee or officer of that Party or of any of the aforementioned persons, parties or bodies;
   to such extent only as is necessary for the purposes contemplated by the Agreement (including, but not limited to, the provision of the Services), or as required by law. In each case that Party shall first inform the person, party or body in question that the Confidential Information is confidential and (except where the disclosure is to any such body under sub-Clause 7.2.1.2 or any employee or officer of any such body) obtaining and submitting to the other Party a written confidentiality undertaking from the party in question. Such undertaking should be as nearly as practicable in the terms of Clause 7 of the Agreement, to keep the Confidential Information confidential and to use it only for the purposes for which the disclosure is made; and
   7.2.2 use any Confidential Information for any purpose, or disclose it to any other person, to the extent only that it is at the date of the Agreement, or at any time after that date becomes, public knowledge through no fault of that Party. In making such use or disclosure, that Party must not disclose any part of the Confidential Information that is not public knowledge.
   7.3 The provisions of Clause 7 of the Agreement shall continue in force in accordance with their terms, notwithstanding the termination of the Agreement for any reason.
8. Force Majeure
   8.1 No Party to the Agreement shall be liable for any failure or delay in performing their obligations where such failure or delay results from any cause that is beyond the reasonable control of that Party. Such causes include, but are not limited to: power failure, internet service provider failure, industrial action, civil unrest, fire, flood, storms, earthquakes, acts of terrorism, acts of war, governmental action or any other event that is beyond the control of the Party in question.
9. Term and Termination
   9.1 The Agreement shall come into force on the agreed Commencement Date and shall continue for a defined Term from that date, subject to the provisions of Clause 9 of the Agreement.
   9.2 Either Party may terminate the Agreement by giving to the other not less than 3 months written notice, to expire on or at any time after the current minimum period of the Agreement (which shall be defined in the Agreement).
   9.3 Either Party may immediately terminate the Agreement by giving written notice to the other Party if:
   9.3.1 any sum owing to that Party by the other Party under any of the provisions of the Agreement is not paid within 30 days of the due date for payment;
   9.3.2 the other Party commits any other breach of any of the provisions of the Agreement and, if the breach is capable of remedy, fails to remedy it within 30 days after being given written notice giving full particulars of the breach and requiring it to be remedied;
   9.3.3 an encumbrancer takes possession, or where the other Party is a company, a receiver is appointed, of any of the property or assets of that other Party;
   9.3.4 the other Party makes any voluntary arrangement with its creditors or, being a company, becomes subject to an administration order (within the meaning of the Insolvency Act 1986);
   9.3.5 the other Party, being an individual or firm, has a bankruptcy order made against it or, being a company, goes into liquidation (except for the purposes of bona fide amalgamation or re-construction and in such a manner that the company resulting therefrom effectively agrees to be bound by or assume the obligations imposed on that other Party under the Agreement);
   9.3.6 anything analogous to any of the foregoing under the law of any jurisdiction occurs in relation to the other Party;
   9.3.7 the other Party ceases, or threatens to cease, to carry on business.
   9.4 Notwithstanding clause 9.3 above, the Service Provider may terminate the Agreement with immediate effect by giving notice to the Client if there is a change of control of the Client.
   9.5 For the purpose of this Clause 9:
   9.5.1 “control” has the meaning given in Section 1124 of the Corporation Tax Act 2010, and the expression “change of control” shall be construed accordingly; and
   9.5.2 “connected persons” has the meaning given in Section 1122 of the Corporation Tax Act 2010.
   9.6 For the purposes of sub-Clause 9.3.2, a breach shall be considered capable of remedy if the Party in breach can comply with the provision in question in all respects.
   9.7 The rights to terminate the Agreement given by this Clause 9 shall not prejudice any other right or remedy of either Party in respect of the breach concerned (if any) or any other breach.

10. Effects of Termination
    Upon the termination of the Agreement for any reason:
    10.1 any sum owing by either Party to the other under any of the provisions of the Agreement shall become immediately due and payable;
    10.2 all Clauses which, either expressly or by their nature, relate to the period after the expiry or termination of the Agreement shall remain in full force and effect;
    10.3 termination shall not affect or prejudice any right to damages or other remedy which the terminating Party may have in respect of the event giving rise to the termination or any other right to damages or other remedy which any Party may have in respect of any breach of the Agreement which existed at or before the date of termination;
    10.4 subject as provided in Clause 10 of the Agreement and except in respect of any accrued rights neither Party shall be under any further obligation to the other; and
    10.5 each Party shall (except to the extent referred to in Clause 7 of the Agreement) immediately cease to use, either directly or indirectly, any Confidential Information, and shall immediately return to the other Party any documents in its possession or control which contain or record any Confidential Information.
11. Data Protection
    11.1 All personal information that the Service Provider may use will be collected, processed, and held in accordance with the provisions of EU Regulation 2016/679 General Data Protection Regulation (“GDPR”) and the Client’s rights under the GDPR.
    11.2 For complete details of the Service Provider’s collection, processing, storage, and retention of personal data including, but not limited to, the purpose(s) for which personal data is used, the legal basis or bases for using it, details of the Client’s rights and how to exercise them, and personal data sharing (where applicable), please refer to the Service Provider’s Privacy Notice.
12. Data Processing
    12.1 In this Clause 12, “personal data”, “data subject”, “data controller”, “data processor”, and “personal data breach” shall have the meaning defined in Article 4, EU Regulation 2016/679 General Data Protection Regulation (“GDPR”).
    12.2 The Parties hereby agree that they shall both comply with all applicable data protection requirements set out in the Data Protection Legislation. This Clause 12 shall not relieve either Party of any obligations set out in the Data Protection Legislation and does not remove or replace any of those obligations.
    12.3 For the purposes of the Data Protection Legislation and for this Clause 12, the Service Provider is the “Data Processor” and the Client is the “Data Controller”.
    12.4 The type(s) of personal data, the scope, nature and purpose of the processing, and the duration of the processing are set out in Schedule 1.
    12.5 The Data Controller shall ensure that it has in place all necessary consents and notices required to enable the lawful transfer of personal data to the Data Processor for the purposes described in this Agreement.
    12.6 The Data Processor shall, with respect to any personal data processed by it in relation to its performance of any of its obligations under this Agreement:
    12.6.1 Process the personal data only on the written instructions of the Data Controller unless the Data Processor is otherwise required to process such personal data by law. The Data Processor shall promptly notify the Data Controller of such processing unless prohibited from doing so by law.
    12.6.2 Ensure that it has in place suitable technical and organisational measures (as approved by the Data Controller) to protect the personal data from unauthorised or unlawful processing, accidental loss, damage or destruction. Such measures shall be proportionate to the potential harm resulting from such events, taking into account the current state of the art in technology and the cost of implementing those measures. Measures to be taken are set out in Schedule 1.
    12.6.3 Ensure that any and all staff with access to the personal data (whether for processing purposes or otherwise) are contractually obliged to keep that personal data confidential; and
    12.6.4 Not transfer any personal data outside of the European Economic Area without the prior written consent of the Data Controller and only if the following conditions are satisfied:
    12.6.4.1 The Data Controller and/or the Data Processor has/have provided suitable safeguards for the transfer of personal data;
    12.6.4.2 Affected data subjects have enforceable rights and effective legal remedies;
    12.6.4.3 The Data Processor complies with its obligations under the Data Protection Legislation, providing an adequate level of protection to any and all personal data so transferred; and
    12.6.4.4 The Data Processor complies with all reasonable instructions given in advance by the Data Controller with respect to the processing of the personal data.
    12.6.5 Assist the Data Controller at the Data Controller’s cost, in responding to any and all requests from data subjects in ensuring its compliance with the Data Protection Legislation with respect to security, breach notifications, impact assessments, and consultations with supervisory authorities or regulators (including, but not limited to, the Information Commissioner’s Office);
    12.6.6 Notify the Data Controller without undue delay of a personal data breach;
    12.6.7 On the Data Controller’s written instruction, delete (or otherwise dispose of) or return all personal data and any and all copies thereof to the Data Controller on termination of this Agreement unless it is required to retain any of the personal data by law; and
    12.6.8 Maintain complete and accurate records of all processing activities and technical and organisational measures implemented necessary to demonstrate compliance with this Clause 12 and to allow for audits by the Data Controller and/or any party designated by the Data Controller.
    12.7 The Data Processor shall not sub-contract any of its obligations to a sub-processor with respect to the processing of personal data under this Clause 12 without the prior written consent of the Data Controller (such consent not to be unreasonably withheld). In the event that the Data Processor appoints a sub-processor, the Data Processor shall:
    12.7.1 Enter into a written agreement with the sub-processor, which shall impose upon the sub-processor the same obligations as are imposed upon the Data Processor by this Clause 12 and which shall permit both the Data Processor and the Data Controller to enforce those obligations; and
    12.7.2 Ensure that the sub-processor complies fully with its obligations under that agreement and the Data Protection Legislation.
    12.8 Either Party may, at any time, and on at least 30 calendar days’ notice, alter this Clause 12, replacing it with any applicable data processing clauses or similar terms that form part of an applicable certification scheme. Such terms shall apply when replaced by attachment to this Agreement.
13. No Waiver
    No failure or delay by either Party in exercising any of its rights under the Agreement shall be deemed to be a waiver of that right, and no waiver by either Party of a breach of any provision of the Agreement shall be deemed to be a waiver of any subsequent breach of the same or any other provision.
14. Further Assurance
    Each Party shall execute and do all such further deeds, documents and things as may be necessary to carry the provisions of the Agreement into full force and effect.
15. Costs
    Subject to any provisions to the contrary each Party shall pay its own costs of and incidental to the negotiation, preparation, execution and carrying into effect of the Agreement.
16. Set-Off
    Neither Party shall be entitled to set-off any sums in any manner from payments due or sums received in respect of any claim under the Agreement or any other agreement at any time.
17. Assignment and Sub-Contracting
    17.1 The Service Provider may at any time assign, novate, transfer, charge, sub-contract, mortgage, charge or deal in any other manner with all or any of its rights and obligations under the Agreement and, if and when requested by the Service Provider, the Client shall execute such novation agreement in the format required by the Service Provider to effect such novation.

17.2 The Client shall not assign, transfer, mortgage, charge, sub-contract, delegate, declare a trust over or deal in any other manner with any of its rights and obligations under this Agreement.

18. Time
    18.1 All times and dates referred to in the Agreement shall be of the essence of the Agreement.
19. Relationship of the Parties
    Nothing in the Agreement shall constitute or be deemed to constitute a partnership, joint venture, agency or other fiduciary relationship between the Parties other than the contractual relationship expressly provided for in the Agreement.
20. Non-Solicitation
    20.1 Neither Party shall, for the Term of the Agreement and for a defined period (which shall be defined in the Agreement) after its termination or expiry, employ or contract the services of any person who is or was employed or otherwise engaged by the other Party at any time in relation to the Agreement without the express written consent of that Party.
    20.2 Neither Party shall, for the Term of the Agreement and for a defined period (which shall be defined in the Agreement) after its termination or expiry, solicit or entice away from the other Party any customer or client where any such solicitation or enticement would cause damage to the business of that Party without the express written consent of that Party.
21. Third Party Rights
    21.1 No part of the Agreement shall confer rights on any third parties and accordingly the Contracts (Rights of Third Parties) Act 1999 shall not apply to the Agreement.
    21.2 Subject to Clause 21 of the Agreement, the Agreement shall continue and be binding on the transferee, successors and assigns of either Party as required.
22. Notices
    22.1 All notices under the Agreement shall be in writing and be deemed duly given if signed by, or on behalf of, a duly authorised officer of the Party giving the notice.
    22.2 Notices shall be deemed to have been duly given:
    22.2.1 when delivered, if delivered by courier or other messenger (including registered mail) during normal business hours of the recipient; or
    22.2.2 when sent, if transmitted by facsimile or e-mail and a successful transmission report or return receipt is generated; or
    22.2.3 on the fifth business day following mailing, if mailed by national ordinary mail, postage prepaid; or
    22.2.4 on the tenth business day following mailing, if mailed by airmail, postage prepaid.
    In each case notices shall be addressed to the most recent address, e-mail address, or facsimile number notified to the other Party.
23. Entire Agreement
    23.1 The Agreement contains the entire agreement between the Parties with respect to its subject matter and may not be modified except by an instrument in writing signed by the duly authorised representatives of the Parties.
    23.2 Each Party shall acknowledge that, in entering into the Agreement, it does not rely on any representation, warranty or other provision except as expressly provided in the Agreement, and all conditions, warranties or other terms implied by statute or common law are excluded to the fullest extent permitted by law.
24. Counterparts
    The Agreement may be entered into in any number of counterparts and by the Parties to it on separate counterparts each of which when so executed and delivered shall be an original, but all the counterparts together shall constitute one and the same instrument.
25. Severance
    In the event that one or more of the provisions of the Agreement and/or of these Terms and Conditions is found to be unlawful, invalid or otherwise unenforceable, that / those provision(s) shall be deemed severed from the remainder of the Agreement and/or these Terms and Conditions. The remainder of the Agreement and/or these Terms and Conditions shall be valid and enforceable.
26. Dispute Resolution
    26.1 The Parties shall attempt to resolve any dispute arising out of or relating to the Agreement through negotiations between their appointed representatives who have the authority to settle such disputes.
    26.2 Nothing in Clause 26 of the Agreement shall prohibit either Party or its affiliates from applying to a court for interim injunctive relief.
    26.3 The decision and outcome of the final method of dispute resolution under Clause 26 of the Agreement shall be final and binding on both Parties.
27. Law and Jurisdiction
    27.1 The Agreement and these Terms and Conditions (including any non-contractual matters and obligations arising therefrom or associated therewith) shall be governed by, and construed in accordance with, the laws of England and Wales.
    Subject to the provisions of Clause 26 of the Agreement, any dispute, controversy, proceedings or claim between the Parties relating to the Agreement or these Terms and Conditions (including any non-contractual matters and obligations arising therefrom or associated therewith) shall fall within the jurisdiction of the courts of England and Wales.
    
    SCHEDULE 1
28. Data Processing

Scope, Nature and Types of data

Personal data
Name; Customer Record and/or Business Contact
Email address; Customer Record and/or Business Contact
Telephone Number; Customer Record and/or Business Contact
Company data
Address; Customer Record and/or Business Contact
Financial data
Banking Details; Customer Record

2. Purpose

The processing is necessary for the purposes of legitimate interests pursued by the data processor. This will include:
● provisioning of any products/services
● passing to third party service providers in a secure manner
● delivery of those services
● marketing messages for new, complimentary or recommended products/services, including emails, calling or postal messaging for existing and prospective customers
● collection of payments

3. Duration

No personal data is held for any longer than necessary in light of the purpose(s) for which it is required. But in line with any legal requirements following the completion of service delivery.

4. Organisational and Technical Data Protection Measures

As outlined in the “IS-CWL-05 – Data Protection Policy.docx” Section 6. available on request, excerpt below
● Personal data may be transmitted over secure networks only – transmission over unsecured networks is not permitted in any circumstances;
● Personal data may not be transmitted over a wireless network if there is a wired alternative that is reasonably practicable;
● Personal data contained in the body of an email, whether sent or received, should be copied from the body of that email and stored securely. The email itself should be deleted. All temporary files associated therewith should also be deleted;
● Where Personal data is to be transferred in hardcopy form it should be passed directly to the recipient or sent using a trackable postal delivery service which requires a signature;
● No personal data may be shared informally and if an employee, agent, sub-contractor, or other party working on behalf of the Company requires access to any personal data that they do not already have access to, such access should be formally requested from the data controller for that data.
● All hardcopies of personal data, along with any electronic copies stored on physical, removable media should be stored securely in a locked box, drawer, cabinet or similar;
● No personal data may be transferred to any employees, agents, contractors, or other parties, whether such parties are working on behalf of the Company or not, without the authorisation of the Data Protection Officer;
● Personal data must be handled with care at all times and should not be left unattended or on view to unauthorised employees, agents, sub-contractors or other parties at any time;
● If personal data is being viewed on a computer screen and the computer in question is to be left unattended for any period of time, the user must lock the computer and screen before leaving it;
● Any unwanted copies of personal data (i.e. printouts or electronic duplicates) that are no longer needed should be disposed of securely. Hardcopies should be shredded and electronic copies should be deleted securely;
● No personal data should be stored on any mobile device (including, but not limited to, laptops, tablets and smartphones), whether such device belongs to the Company or otherwise without the formal written approval of Data Protection Officer and, in the event of such approval, strictly in accordance with all instructions and limitations described at the time the approval is given, and for no longer than is absolutely necessary.
● No personal data should be transferred to any device personally belonging to an employee and personal data may only be transferred to devices belonging to agents, contractors, or other parties working on behalf of the Company where the party in question has agreed to comply fully with the letter and spirit of this Policy and of the Act (which may include demonstrating to the Company that all suitable technical and organisational measures have been taken);
● All personal data stored electronically should be backed up daily where possible with backups stored onsite AND offsite. All backups should be encrypted [using the highest level of encryption available for the service];
● All electronic copies of personal data should be stored securely using passwords and the highest level of data encryption available for the storage location;
● All passwords used to protect personal data should not use words or phrases that can be easily guessed or otherwise compromised. All passwords must contain a combination of uppercase and lowercase letters, numbers, and symbols;
● Under no circumstances should any user passwords be written down or shared between any employees, agents, contractors, or other parties working on behalf of the Company, irrespective of seniority or department. If a password is forgotten, it must be reset using the applicable method. IT staff do not have access to passwords;
● All personal data held by the Company shall be regularly reviewed for accuracy and completeness. If any personal data is found to be out of date or otherwise inaccurate, it should be updated or corrected immediately where possible. If any personal data is no longer required by the Company, it should be securely deleted and disposed of;
● Where personal data held by the Company is used for marketing purposes, it shall be the responsibility of the Data Protection Officer to ensure that no data subjects have added their details to any marketing preference databases including, but not limited to, the Telephone Preference Service, the Mail Preference Service, the Email Preference Service, and the Fax Preference Service. Such details should be checked at least annually.