You are probably now aware of the new compliance regulation General Data Protection Regulation (GDPR) We are writing to update and inform you of some important aspects for us to comply and help ensure future compliance with the GDPR.
As you are probably aware GDPR became legally binding from 25th May 2018 and dictates we must make significant changes to the way we must look at personal data relating to customers/Suppliers, employees and individuals, including the risk of significant fines for non-compliance.
Our working programme to protect the data we hold:
As a company, we have updated our terms and conditions with an amendment to represent the following:
You may be able to block cookies via your browser settings but this may prevent you from access to certain features of the website.
GDPR means Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;
Personal Data means any information relating to an identified or identifiable natural person (Data Subject); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; and
Processor has the meaning given to “processor” in the GDPR.
Data Protection Law
Data Protection Law means all applicable laws, regulations, and requirements of regulatory guidance, in any jurisdiction, relating to data protection, privacy, and confidentiality of Personal Data, including the GDPR and any implementing, derivative or related legislation, rule, regulation, and regulatory guidance, as amended, extended and re-enacted from time to time, applicable to either party;
The parties acknowledge and agree that for the purposes of this Supplier Code of Conduct Agreement Quick Reach Powered Access Ltd is the Controller and the Supplier is a Processor in respect of all Personal Data processed pursuant to this Supplier Code of Conduct Agreement. Both parties shall at all times comply with their respective obligations under Data Protection Law.
Quick Reach shall obtain all relevant consents from and/or provide such fair processing notices as applicable to Data Subjects to enable the provision of products and services by the Supplier in compliance with the Data Protection Laws.
To the extent that the Supplier is Processing Personal Data on behalf of Quick Reach in connection with the provision of the products and services, the Supplier shall:
(a) only Process such Personal Data solely for the purpose of providing the products and services and in accordance with the table below and Quick Reach documented instructions and not for any other purpose, unless required to do so by applicable law to which the Supplier is subject, in which case the Supplier shall inform Quick Reach of that legal requirement before commencing Processing unless that law prohibits such notification;
(b) inform Quick Reach as soon as possible if the Supplier is of the opinion that an instruction of Speedy regarding the Supplier’s Processing of Personal Data infringes Data Protection Law;
(c) ensure that all agents, employees and subcontractors of the Supplier that Process Personal Data pursuant to the Agreement are subject to suitable confidentiality and data processing obligations;
(d) implement appropriate technical and organisational measures in accordance with Articles 5 and 32 of the GDPR to ensure a level of security appropriate to the risks presented by Processing;
(e) not transfer Personal Data to, or permit the processing of Personal Data by, any third party other than its subcontractors except with Quick Reach prior written consent and once the Supplier has entered into a written contract containing obligations that are equivalent to those set out in this data protection clause;
(f) maintain a record of all its processing activities under or in connection with this Supplier Code of Conduct Agreement and of the measures implemented under this data protection clause in accordance with Article 30 of the GDPR;
(h) provide such assistance to Quick Reach as may be reasonably requested, at Quick Reach expense, in undertaking a data protection impact assessment and in consulting with competent authorities;
(i) notify Quick Reach, without undue delay, of:
i) any breach of the security measures required to be put in place pursuant to this data protection clause, including providing the information set out in Article 33 of the GDPR;
ii) any request for information from or complaint by a data protection authority in relation to Personal Data that the Supplier Processes for the purpose of providing the products and services; and
iii) any request to the Supplier by a Data Subject to exercise its rights under Data Protection Law such as to access, rectify, amend, correct, share, delete or cease Processing of his or her Personal Data;
(j) provide Quick Reach with all information necessary to demonstrate the Supplier’s compliance with Data Protection Law;
(k) following expiration or termination of this Supplier Code of Conduct Agreement, return or safely destroy all Personal Data that the Supplier obtained in connection with providing the products and services and the Supplier shall promptly notify Quick Reach in writing once all such information has been returned or destroyed (as applicable in accordance with Quick Reach direction) provided that where continued storage is required by applicable law, the Supplier shall inform Quick Reach of those requirements (for clarity, the provisions of this data protection clause shall continue to apply to the Personal Data concerned, and the Supplier shall only Process this Personal Data to meet its legal obligations);
(l) not cause or allow Personal Data to be transferred to and/or otherwise processed outside the European Economic Area without Quick Reach prior written approval. Types of Personal Data to be Processed – Name, business address, telephone number(s), and email address Categories of Data Subjects – Quick reach personnel/representatives, Quick Reach customers, Quick Reach suppliers Whilst continuing to provide goods/or services to Quick Reach and accepting payment or by receiving payment by Quick Reach following receipt of this correspondence we are we both adhere to and be bound by the terms set out in the updated terms and conditions above.
The above amendment can be obtained from Stephan.firstname.lastname@example.org.
We would naturally like to communicate with you via email and would ask you to opt in and allows us to provide you with current information by doing so will prevent delay. Once we have received your email address we will update your records accordingly.
Thank you in anticipation of your support.
Join The Team
Interested in working for an expanding and exciting new business? We are looking for dedicated individuals who want to proactively develop and make an impression within our company.