LESTER ALDRIDGE LLP AND EXTERNAL SERVICE PROVIDER
DATA SHARING TERMS AND CONDITIONS
These terms shall apply to any agreement between LA and a Provider that involves the sharing of Personal Data
| (1) | LA | : | LESTER ALDRIDGE LLP, a limited liability partnership incorporated in England and Wales under registration number OC321318, whose registered office is at Russell House, Oxford Road, Bournemouth BH8 8EX; and |
| (2) | PROVIDER | : | The expert or service provider to whom the Instructions from LA is addressed. |
AGREED TERMS
1. DEFINITIONS
1.1 The following definitions and rules of interpretation apply in this agreement
| Agreed Purposes | : | the provision of the report, advice or other services requested in the Instructions; |
| Controller, processor, data subject, personal data, personal data breach, processing and appropriate technical and organisational measures | : | as defined in the Data Protection Legislation; |
| Client | : | the client of LA identified in the Instructions who has instructed LA to provide the Legal Services; |
| Data Discloser | a party that discloses Shared Personal Data to the other party; | |
| Data Protection Legislation | : | all applicable data protection and privacy legislation in force from time to time in the UK including the UK GDPR; the Data Protection Act 2018; (DPA 2018) (and regulations made thereunder) the Privacy and Electronic Communications Regulations 2003 (SI 2003 No. 2426) as amended; and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of Personal Data (including, without limitation, the privacy of electronic communications); and the guidance and codes of practice issued by the Information Commissioner or other relevant regulatory authority and applicable to a party; |
| Instructions | : | the letter, email, instructions to counsel or other communication from LA to the Provider for the Agreed Purposes; |
| Permitted Recipients | : | the parties to this agreement, the employees of each party, and any third parties engaged to perform obligations in connection with this agreement; |
| Shared Personal Data
UK GDPR
| : | the personal data to be shared between the parties under clause 3.1 of this agreement. Shared Personal Data shall be confined to the categories of information relevant to the categories of data subject as identified in the Instructions, but they could include: a. contact details and personal identifiable data of the Client or third parties connected to the client’s legal services; b. images or description of appearance; c. financial information; d. special category data as identified in the Instructions; or e. any other relevant personal data for the Agreed Purposes; has the meaning given to it in section 3(10) (as supplemented bu section 205(4)) of the Data Protection Act 2018. |
1.2 Clause headings shall not affect the interpretation of this agreement.
1.3 A person includes a natural person , corporate or unincorporated body (whether or not having separate legal personality).
1.4 Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular.
1.5 This agreement shall be binging on, and endure to the benefit of, the parties to this agreement and their respective personal representatives, successors and permitted assigns, and references to any party shall include that party’s personal representatives, successors and permitted assigns.
1.6 A reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time.
1.7 A reference to statute or statutory provision shall include all subordinate legislation made from time to time.
1.8 A reference to writing or written includes fax and email.
1.9 Any obligation on a party not to do something includes an obligation not to allow that thing to be done.
1.10 A reference to this agreement or to any other agreement or document referred to in this agreement is a reference of this agreement or such other agreement or document as varied or novated (in each case, other than in breach of the provisions of this agreement) from time to time.
1.11 Any words following the terms including, include, in particular, for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.
2. INSTRUCTIONS
2.1 This agreement is supplemental to the Instructions and shall apply to all Instructions from LA to the Provider.
2.2 If there is any conflict between the Instructions and this agreement, the terms of the Instructions will take precedence.
2.3 By proceeding with an Instruction or providing any services under an Instruction, the Provider confirms its full acceptance of the terms of this agreement.
3. DATA PROTECTION
3.1 Shared Personal Data. This clause sets out the framework for the sharing of personal data between the parties as controllers. Each party acknowledges that one party (referred to in this clause as the Data Discloser) will regularly disclose to the other party Shared Personal Data collected by the Data Discloser for the Agreed Purposes.
3.2 Effect of non-compliance with Data Protection Legislation. Each party shall comply with all the obligations imposed on a controller under the Data Protection Legislation, and any material breach of the Data Protection Legislation by one party shall, if not remedied within 14 days of written notice from the other party, give grounds to the other party to terminate this agreement with immediate effect.
3.3 Particular obligations relating to data sharing. Each party:
(a) shall ensure that it has all necessary notices and consents and lawful bases in place to enable lawful transfer of the Shared Personal Data to the Permitted Recipients for the Agreed Purposes;
(b) acknowledges that the Shared Personal Data may be subject to one or more of the exemptions set out in Paragraph 5 of Part 1 of Schedule 2 to the Data Protection Act 2018 and that the listed GDPR provisions, as defined in Paragraph 1 of Part 1 of Schedule 2 and the relative principles set out in Article 5 do not apply to it.
The parties agree that they will not waive the exemptions referred to in clause 3.3(b) unless:
(i) the other party agrees in writing;
(ii) a client of LA instructs LA to waive the exemption.
(c) shall process the Shared Personal Data only for the Agreed Purposes;
(d) shall not disclose or allow access to the Shared Personal Data to anyone other than the Permitted Recipients;
(e) shall ensure that all Permitted Recipients are subject to written contractual obligations concerning the Shared Personal Data (including obligations of confidentiality) which are no less onerous than those imposed by this agreement;
(f) shall ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the other party, to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data; and
(g) shall not transfer any personal data received from the Data Discloser outside the UK unless the transferor ensures that (i) the transfer is to a country approved under the applicable Data Protection Legislation as providing adequate protection; or (ii) there are appropriate safeguards or binding corporate rules in place pursuant to the applicable Data Protection Legislation; or (iii) the transferor otherwise complies with its obligations under the applicable Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; or (iv) one of the derogations for specific situations in the applicable Data Protection Legislation applies to the transfer.
3.4 Mutual assistance. Each party shall assist the other in complying with all applicable requirements of the Data Protection Legislation. In particular:
(a) promptly inform LA about the receipt of any data subject rights request;
(b) each party provide reasonable assistance in complying with any data subject rights request;
(c) not disclose, release, amend, delete or block any Shared Personal Data in response to a data subject rights request without first consulting the other party wherever possible;
(d) assist the other party, at the cost of the other party, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, personal data breach notifications, data protection impact assessments and consultations with the Information Commissioner or other regulators;
(e) notify LA without undue delay on becoming aware of any breach of the Data Protection Legislation which might affect the other party;
(f) at the written direction of LA, delete (unless technically impossible to do so, because the data is stored in a backup, put beyond use, and only to be used for restoration purposes) or return Shared Personal Data and copies thereof to the Data Discloser to store the Shared Personal Data;
(g) use compatible technology for the processing of Shared Personal Data to ensure that there is no lack of accuracy resulting from personal data transfers;
(h) maintain complete and accurate records and information to demonstrate its compliance with this clause 3.4 and allow for audits by the other party or the other party’s designated auditor; and
(i) provide the other party with contact details of at least one employee as point of contact and responsible manager for all issues arising out of the Data Protection Legislation, including the joint training of relevant staff, the procedures to be followed in the event of a data security breach, and the regular review of the parties’ compliance with the Data Protection Legislation.
4. NOTICES
4.1 Any notice of other communication given to a party under or in connection with this agreement shall be in writing, and shall be:
(a) delivered by hand or by pre-paid first-class post or other next working day delivery service at its registered office (if a company) or its principle place of business (in any other case); or
(b) sent by fax to its main fax number or sent by mail.
4.,2 Any notice or communication shall be deemed to have been received:
(a) if delivered by hand, on signature of a delivery receipt or at the time the notice is left at the proper address;
(b) if sent by pre-paid first-class post or other next working day delivery service, at 9.00 am on the second Business Day after posting or at the time recorded by the delivery service; and
(c) if sent by fax or email, at the time of transmission, or if this time falls outside of business hours in the place of receipt, when business hours resume. In this clause 4.3(c), business hours means 9.00 am to 5.00 pm Monday to Friday on a day that is not a public holiday in the place of receipt.
4.3 This clause does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.
5. VARIATION
5.1 No variation of this agreement shall be effective unless it is in writing and signed by the parties (or their authorised representatives).
6. SEVERANCE
6.1 If any provision or part-provision of this agreement is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of this agreement.
6.2 If any provision or part-provision of this agreement is deemed deleted under clause 6.1, the parties shall negotiate in good faith to agree a replacement provision that, the the greatest extent possible, achieves the intended commercial result of the original provision.
7. GOVERNING LAW AND JURISDICTION
7.1 This Agreement and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the law of England and Wales.
7.2 Each party irrevocably agrees that the courts of England and Wales shall have jurisdiction to settle any dispute or claim (including non-contractual disputes or claims), arising out of or in connection with these Agreed Terms or its subject matter or formation