Techbuyer Limited

IT Asset Disposition Service Terms & Conditions

These Terms and Conditions  (“Conditions”) govern the IT Asset Disposition (“ITAD”) scheme which is operated and administered by Techbuyer Limited (a company registered in England and Wales with registration number: 05437347) with its registered office located at Unit C1 Crimple Court, Hornbeam Square North, Harrogate, England, HG2 8PB (herein after referred to as the “Data Processor”) and the person or entity who buys such services (herein after referred to as the “Data Controller”).

1. INTERPRETATION

The following definitions and rules of interpretation apply in these Conditions.

1.1. Definitions

Applicable Law”:

all applicable laws, statutes, regulations and codes from time to time in force.
Assets”: the IT equipment, details of which appear on the ITAD SOW and provided or made available to the Data Processor by whatever means as part of the ITAD Services.

Business Day”:

a day other than a Saturday, Sunday or public holiday in England, when banks in London are open for business.

Business Hours the period from 9.00 am to 6.00 pm on any Business Day.
Collection Date”: means the agreed date for collection of the Assets by the Data Controller as specified in the ITAD SOW.
Commencement Date”:

has the meaning given to it in Clause 2.3.

Confidential Information”: 

means any and all information, whether communicated in writing, orally, electronically, or by any other means, including, but not limited to, trade secrets, business plans, strategies, financial information, technical data, and any other information that has value to the disclosing party and is not generally known by the public. Confidential Information shall also extend to any notes, analyses, compilations, studies, summaries, and other material prepared by or for the receiving party which contain, reflect, or are derived from, in whole or in part, the disclosed Confidential Information.

“Contract” These Conditions together with the ITAD SOW, the Final Asset Register and (where relevant) any other document expressly agreed by the parties in writing to form part of the Contract.
“Data Capability Statement”: means the data capability statement of the Data Controller appended to the ITAD SOW.
Data Controller”, “You”, or “Your”: means the person (or entity) whose details appear on the ITAD SOW.

Data Controller Materials”:

any and all materials owned by the Data Controller and that is required in order for the Data Processor to perform its obligations under a Contract.

Data Processing Terms”:

means the data processing terms appended to the ITAD SOW 

Data Protection Legislation”:

means to the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom which relates to the protection of personal data.

EU GDPR”:

means the General Data Protection Regulation ((EU) 2016/679), as it has effect in EU law.

Fees”:

the Data Processor’s fees for providing the ITAD Services. 

Final Asset Register”:

has the meaning given to it in Clause 5.2.1.

Force Majeure Event”:

has the meaning given to it in Clause 12.2.

“Initial Asset Register”

Means the initial list of the Assets as provided by the Data Controller and which list forms the basis of a Rebate Quotation.

“Initial Asset Valuation”: 

means the initial value of an Asset as specified in the Rebate Quotation.

Intellectual Property Rights”:

means patents, utility models, rights to inventions, copyright and related rights, trade marks and service marks, trade names and rights in domain names, rights in get-up, goodwill and the right to sue for passing off or unfair competition, rights in designs, rights in computer software, database rights, rights to preserve the confidentiality of information (including know-how and trade secrets) and any other intellectual property rights, including all applications for (and rights to apply for and be granted), renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist, now or in the future, in any part of the world.

“Inventory”

the itemised list of Assets supplied to the Data Processor under clause 4.3.1 as amended from time to time in accordance with clause 3.4.

ITAD Services”:

 

the services supplied by the Data Processor to the Data Controller as set out in the ITAD SOW.

“ITAD SOW”

 

“Statement of Works” is the description of the ITAD Services to be provided by the Data Processor [which shall be provided accompanied by an Initial Asset Register and Initial Asset Valuation] as the same may be updated by the Data Processor in accordance with clauses 3.3 and 3.4 (including the Final Asset Register that is the subject of a Contract), as well as any specification of the Assets that are being released to the Data Processor, including any addenda and supplements  or amended versions of any of the same agreed between the parties in accordance with these Conditions.

Location”:

the location for performance of the ITAD Services by the Data Processor as set out in the ITAD SOW. 

Order”:

the Data Controllers order for ITAD Services as set out in the ITAD SOW. 

“Processing”:

means the processing of an Asset by the Data Processor as part of the supply of the ITAD Services.

“Rebate”:

the amount payable by the Data Processor to the Data Controller in respect of an Asset. 

“Rebate Quotation”:

has the meaning given to it in clause 5.3.1

“Site Survey”:

has the meaning set out in clause 4.3.

“Storage Fees”:

means the fees charged by the Data Processor to the Data Controller in relation to any storage of the Assets and which are specified in the ITAD SOW.

“Title”

the right of ownership and control of any Asset within the meaning afforded by the Sale of Goods Act 1979.

“UK GDPR”:

has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018.

1.2. Interpretation:

1.2.1.

A reference to legislation or a legislative provision:

1.2.1.1.

is a reference to it as amended, extended or re-enacted from time to time; and

1.2.1.2.

shall include all subordinate legislation under that legislation or legislative provision.

1.2.2.

Any terms following the terms including, include, in particular, for example, or any similar expression, shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.

1.2.3

A reference to writing or written includes e-mail.

1.2.4

In the case of conflict or ambiguity between any provision contained in the body of these Conditions and any provision contained in the ITAD SOW, the provision in the body of the ITAD SOW shall take precedence.

 2. BASIS OF CONTRACT

 2.1

The ITAD SOW constitutes an offer by the Data Controller to purchase the ITAD Services from the Data Processor and in accordance with the terms and conditions of the Contract an offer made by the Data Processor to the Data Controller to purchase with full legal title each Asset included in the Final Asset Register which is recorded as to be recognised and taken into account in the Rebate arrangement as set out in clause 5.4.1.

 2.2 

Following agreement between the parties as to the content of a ITAD SOW (which for the avoidance of doubt, shall include the Inventory), the Data Processor shall submit a written acceptance to the Data Controller, and thereupon a contract is formed the Data Processor relying in doing so on the detail of the applicable ITAD SOW and these Conditions both of which shall form the contract (“Contract”).

 2.3

The ITAD SOW shall only be deemed to be accepted when the Data Processor issues written acceptance of the Order at which point, and on which date the Contract shall come into existence (“Commencement Date”).

 2.4

These Conditions apply to the Contract to the exclusion of any other terms that the Data Controller seeks to impose, or which are implied by trade, custom, practice or other course of dealing.

2.5

Any quotation of Fees given by the Data Processor to the Data Controller shall not constitute an offer and is only valid for a period of [twenty] [(20)] Business Days from its date of issue.

2.6

These Conditions form part of the Contract to the exclusion of all other terms and conditions, including any terms or conditions which the Data Controller purports to apply under any purchase order, confirmation of order, specification or other document.

3. SUPPLY OF ITAD SERVICES

3.1

the Data Processor shall use reasonable endeavours to supply the ITAD Services to the Data Controller in accordance with a ITAD SOW

3.2

the Data Processor shall use all reasonable endeavours to meet any ITAD Services Requirements specified in a the ITAD SOW, but any such dates shall be estimates only and time shall not be of the essence for performance of the Services.

3.3

the Data Processor reserves the right to amend the ITAD SOW if necessary to comply with any Applicable Law or regulatory requirement, or if the amendment will not materially affect the nature or quality of the ITAD Services, and the Data Processor shall notify the Data Controller in any such event providing the Data Processor with an updated copy of the ITAD SOW.

3.4

Without prejudice to the generality of the foregoing the Data Processor may require an amendment to the Inventory (and performance of the ITAD SOW shall accordingly be modified) in the event that the Assets made available to the Data Processor vary from the Inventory.

3.5

the Data Processor warrants to the Data Controller that the ITAD Services will be provided using reasonable care and skill.

3.6

the Data Processor shall use all reasonable endeavours to observe all health and safety and security requirements that apply at a Location and that have been communicated to it in writing by the Data Controller or when a site visit is required by the Data Processor evident to the Data Processor from its inspection and information provided by the Data Controller whether during the course of the inspection or at any other point in advance of the provision of any ITAD Services including any inspection prior to a Contract coming into effect.

4. CLIENT RESPONSIBILITIES

4.1 General

4.1.1  The Data Controller shall:

4.1.1.1.

provide all necessary co-operation reasonably required by the Data Processor in relation to a Contract;

4.1.1.2.

provide such assistance as may be reasonably requested by the Data Processor from time to time;

4.1.1.3.

ensure that the terms of each Contract (including any specification of the Assets) are complete and accurate;

4.1.1.4.

respond promptly to any request for a decision, guidance, information or instruction which the Data Processor may submit in relation to a Contract from time to time;

4.1.1.5.

not to do or permit anything to be done that will or may damage the business, reputation, image and/or goodwill of the Data Processor;

4.1.1.6.

only require the provision of the ITAD Services for lawful purposes and shall not cause the ITAD Services to result in:

4.1.1.6.1.

any breaches of any Applicable Law;

4.1.1.6.2.

any conduct that is unlawful or fraudulent, or has any unlawful or fraudulent purpose or effect;

4.1.1.6.3.

the harming or attempted harming of minors in any way;

4.1.1.6.4.

through the sending, knowing receipt, uploading, downloading, use or re-use of any material which infringes the copyright, database right or trade mark of any other person, or which promotes violence or discrimination or otherwise advocates, promotes or assists any unlawful act;

4.1.1.6.5.

the transmission directly or indirectly of, any unsolicited or unauthorised advertising or promotional material or any other form of similar solicitation (spam);

4.1.1.6.6.

with knowledge of the same the transmission of any data, sending or uploading of any material that contains harmful code; and

4.1.1.6.7.

through any action taken to (and shall not attempt to) probe, scan, penetrate or test the vulnerability of any systems or networks of the Data Processor or to breach any of the Data Processor’s security or authentication measures, whether by passive or intrusive techniques, without the Data Processor’s prior written consent;

4.1.1.7.

comply with any and all obligations set out in the ITAD SOW in a timely manner;

4.1.1.8.

ensure that there are in place all necessary consents, licences and permissions required to permit the Data Processor to access and use all the Data Controller Materials (where relevant) and any other items as may be appropriate in connection with each and every Contract; and

4.1.1.9.

be solely responsible for procuring and maintaining its network connections and telecommunications links from its systems to the Data Processor’s data centres (or, where appropriate, any third-party portal through which the Data Processor provides ITAD Services to the Data Controller or requires access to for the proper and effective performance of the ITAD SOW for the benefit of the Data Controller).

4.2 Title

4.2.1

Responsibility for the Assets (to the extent provided for by clause 4.2.3) is accepted by the Data Processor on completion of delivery or collection of the Assets from a Collection Location (“Collection Date”).

4.2.2

Title in the Assets (which are not to be returned to the Data Controller in accordance with the Asset Register shall not pass to the Data Processor until offer of a Rebate by the Data Processor to the Data Controller, or in the absence of any agreed Rebate between the parties, in accordance with Clause 5.

4.2.3

Until Title to the Assets has passed to the Data Processor, the Data Processor shall hold the Assets as bailee of the Data Controller and shall use reasonable endeavours to:

4.2.3.1

store the Assets and ensure that the Assets remain readily identifiable as the Data Controller’s property;

4.2.3.2

maintain the Assets in satisfactory condition; and

4.2.3.3

keep the Assets insured against all risks for their full price as identified in the Initial Asset Valuation set out in the ITAD SOW.

4.2.4

The Data Controller shall only provide the Data Processor with devices that the Data Controller has unencumbered Title to. By including Assets in a ITAD SOW, the Data Controller warrants and represents both Title to the asset and to the extent that clause 1.1.1.1 cannot be complied with legal ownership or the irrevocable right to have possession of the data residing on the Assets and that the Data Controller is entitled to release the Assets to the Data Processor for purposes of the Data Processor providing the ITAD Services.

4.2.5

The Data Controller agrees to indemnify (and keep indemnified) the Data Processor against any losses, liabilities and increased administration, professional and legal costs on a full indemnity basis suffered by the Data Processor (without set-off, counterclaim and/or reduction) arising out of or in connection with any claim by a third party relating to title to either Assets or data provided to the Data Processor by the Data Controller whether or not such losses were foreseeable or foreseen at the date of the Contract.

4.3 Collection of Assets

4.3.1

The Data Controller warrants that it shall provide an accurate count of Assets to be collected by the Data Controller (“Inventory”) and which may be detailed in a Collection Note (“Collection Note”). Any additions or alterations to the Inventory and/or Assets in a Site Survey or otherwise must be notified to the Data Processor at least Three (3) Business Day prior to the scheduled collection to allow any proposed transport (or similar arrangements) to be re-arranged by the Data Processor. The Data Processor may make reasonable adjustments to the Fees where: (i) there is a material change to the Collection Note that requires additional services to be provided by the Data Processor, and/or (ii) additions or alterations to the Inventory, Assets and/or Final Asset Register are not made by the Data Controller in accordance the timescales set out in this clause 4.3.1.The Data Controller is recommended to hold photographic evidence of all Assets within the Inventory as provided to the Data Processor.

4.3.2

The Data Controller shall collect and store Assets for collection, in an easily accessible ground floor location that is without any access, parking or loading restrictions. The Data Controller shall also provide the Data Processor with the name and contact details of nominated contact duly authorised to sign the relevant collection documentation upon arrival by the Data Processor at the Location.

4.4 Erasure and removal of content

4.4.1

The Data Controller shall remove (if deployed) any passwords, passcodes, PINS, MDM lock and/or any other security verifier prior to collection or supply of the Assets to the Data Processor in order for the Assets to be accessed for data erasure.

4.4.2

The Data Controller shall ensure that expandable data media including (but not limited to) SIM Cards, SD cards, CDs, USB sticks which it intends to retain are removed from the Assets prior to its collection by, or supply to the Data Processor. the Data Processor will data cleanse or destroy all Assets bearing any such expandable media (without prior notification to the Data Controller); found in the collected or supplied Assets.

4.4.3

The Data Controller shall ensure that any subscription services or contracts such as SIM cards, SaaS, tracking and/or other paid for services relating to the Assets for supply or collection, are terminated before the asset is made available for collection by the Data Processor.

5. CHARGES AND PAYMENT

5.1 the Data Processor’s Fees

5.1.1

In consideration for the ITAD Services provided by the Data Processor, the Data Controller shall pay to the Data Processor the fees specified in the ITAD SOW (“Fees”) in accordance with this Clause 5.

5.1.2

The Fees are calculated based on factors, including the site location, conditions, accessibility, service requirements, quantity of assets, conditions of the assets, and estimated onsite duration. Where there are any disparities between the ITAD Services, the Location (including any onsite conditions), or any change by reference to the Inventory beyond the scope set out in the ITAD SOW, the Data Processor reserves the right to adjust the Fees to account for the change in requirements.

 

5.1.3

Unless otherwise specified to the contrary in the ITAD SOW, the Data Processor will:

5.1.3.1

invoice the Data Controller monthly in arrears for any chargeable ITAD Services; and

5.1.3.2

Shall submit a purchase order to the Data Controller for any Rebates, upon completion of the Processing of the relevant Assets.

5.1.4

The Data Controller shall pay each invoice submitted by the Data Processor within thirty (30) days of the date of the invoice, and in full and in cleared funds to a bank account nominated in writing by the Data Processor

5.1.5

Where no Fees have been quoted for an ITAD Service, it shall be:

5.1.5.1

the price set out in the Data Processor’s published price list as at the Collection Date or the start date of the ITAD Services as specified in the ITAD SOW (“ITAD Services Start Date”); or

5.1.5.2

where applicable in respect of the ITAD Services, on a time and materials basis in accordance with the Data Processor’s standard rates.

5.1.6

All amounts payable by the Data Controller are exclusive of amounts in respect of value added tax chargeable from time to time (“VAT”).

5.1.7

If the Data Controller fails to make any payment due to the Data Processor under these Conditions by the due date for payment, then, without prejudice to any other rights and remedies the Data Processor may have, the Data Controller shall pay interest on the overdue amount at the rate of four percent (4%) per annum above the Bank of England’s base rate from time to time. Such interest shall accrue on a daily basis from the due date until actual payment of the overdue amount, whether before or after judgment. The Data Controller shall pay the interest together with the overdue amount.

5.1.8

Each Party may set off any amount owed by the other Party under these Conditions against any amount payable by them to the other Party under these Conditions.

5.2 Calculation of Rebates

5.2.1

Each Asset that has been assigned by the Data Processor for resale shall be given a financial settlement value (“Rebate”), and which will be documented with the Inventory of assets that shall be provided in writing to the Data Controller (“Final Asset Register”). The Rebate amount of an Asset is based on the Initial Asset Valuation set out in the ITAD SOW, with considerations made for the Rebate prerequisites established in this Contract.

5.2.2

Upon receiving a quote for the Rebate amount (“Rebate Quotation”), the Data Controller shall have [3] Business Days to either accept or contest it. If accepted by the Data Controller, an invoice for the Rebate amount shall be prepared by the Data Controller and sent to the Data Processor. Where the Data Processor’s Fees exceed the Rebate amount, the Data Processor will send an invoice for the difference in the amount payable by the the Data Controller. In case of any dispute, the parties agree to negotiate in good faith a revised Rebate amount for the Assets.

5.2.3

Should no agreement in respect of a Rebate be reached within [3] Business Days of receipt by the Data Controller of the financial settlement, the Data Processor will issue an invoice for the ITAD Services provided.

5.3 Storage Fees

5.3.1

On the 4th Business Day following the issue of Rebate Quotation by the Data Processor to the Data Controller, should the Rebate Quotation not be agreed by that Business Day by the Data Controller the Data Processor reserves the right to impose a daily storage fee per Asset (depending on the size of an Asset) (“Storage Fee”). Storage Fees apply solely to Assets designated for resale by the Data Processor as provided for by clause 4.1.

5.3.2

Subject to clauses 5.3.1 and 5.3.3 and during the [3] working day period after a Rebate Quotation has been issued, the Data Controller may make a written request to the Data Processor to have the Assets returned to the Data Controller within a reasonable period of time (and subject to any reasonable costs incurred by the Data Processor to fulfil such request).

5.3.3

In the absence of the Data Processor receiving any written instruction from the Data Controller in respect of a Rebate Quotation within [3] working days of issuing the Rebate Quotation, the Data Processor will be entitled to dispose of the Asset as it sees fit. The Data Controller’s account will be credited with the original quoted Rebate amount provided by the Data Processor, minus any (i) Fees, (ii) Storage Fees, (iii) restocking fees, (iv) logistics fees and/or (v) difference in the actual valuation of the Assets should the condition of the Assets not in the reasonable opinion of the Data Processor be that as provided for in the Inventory such lesser amount as the Data Processor determines in its sole For the avoidance of doubt, all fees shall be calculated in accordance with the ITAD SOW

5.4 Asset requirements for Rebates

5.4.1

The Data Processor shall determine in its discretion those Assets appearing in the Inventory or otherwise made available to the Data Processor by the Data Controller under the Contract that are to benefit from the Rebate arrangement.

5.4.2

All Rebate Quotations are based on Assets being in good Grade B+ condition as defined in the Data Processor’s grading document (published from time to time) unless stated otherwise.

5.4.3

All Assets will be subject to a functionality testing by the Data Processor to ensure each Asset is in working condition.

5.4.4.

the Data Processor will only offer a Rebate on Assets which can be fully data erased in accordance with the Data Processor’s approved processes. Where an Asset cannot be fully data erased, the Data Processor will notify the Data Controller and any Rebate Quotation will become void.

5.4.5

the Data Processor will not issue Rebates for devices that are remotely managed. For further information on remote management of devices see the documents provided in the ITAD information pack.

5.4.6

Any Rebate amounts quoted by the Data Processor in relation to the Assets will depend on the accuracy of the information provided by the Data Controller.

5.5 Cancellation Fees

5.5.1

Where the Data Controller cancels a collection of the Assets from a Location, the Data Processor, in its sole discretion may charge a logistics cancellation fee (“Cancellation Fee”) calculated in accordance with the ITAD SOW.

6. INTELLECTUAL PROPERTY RIGHTS

6.1

All Intellectual Property Rights in or arising out of or in connection with the ITAD Services (other than Intellectual Property Rights in any the Data Controller Materials) shall be owned by the Data Processor.

6.2

Except as expressly stated herein, these Conditions do not grant the Data Controller any Intellectual Property Rights or any other rights or licences to, or in respect of the Assets, ITAD Services, or any related documentation.

6.3

The Data Controller grants the Data Processor a fully paid-up, non-exclusive, royalty-free, non-transferable licence to copy and modify any materials provided by the Data Controller to the Data Processor for the term of the Contract for the purpose of providing the ITAD Services to the Data Controller.

6.4

Nothing in these Conditions shall be construed so as to prevent the Data Processor from using general ‘know-how’ and/or expertise gained in its performance of a Contract in the furtherance of its own business, provided that any such use does not constitute or result in a disclosure of any Confidential Information that may be deemed a breach of Clause 7 or infringement of the Data Controller’s Intellectual Property Rights.

7. CONFIDENTIALITY

7.1

Each party undertakes that it shall not at any time during the Contract, and for a period of [two] years after termination or expiry of the Contract, disclose to any person any Confidential Information concerning the business, affairs, the Data Controllers, clients or suppliers of the other party, except as permitted by Clause 7.2.

7.2

Each party may disclose the other party's Confidential Information:

7.2.1

to its employees, officers, representatives, contractors, subcontractors or advisers who need to know such information for the purposes of carrying out the party's obligations under the Contract. Each party shall ensure that its employees, officers, representatives, contractors, subcontractors or advisers to whom it discloses the other party's Confidential Information comply with this Clause 7; and

7.2.2

as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority.

7.3

Neither party shall use the other party's Confidential Information for any purpose other than to perform its obligations under the Contract.

8. DATA PROTECTION

8.1

In the event that an Asset is passed into the possession of the Data Processor and that Asset has recorded on it personal data any further action taken by the Data Processor relating to that personal data constitutes by law processing of that data and the following provisions of this clause 8 shall apply to the extent necessary.

8.2

For the purposes of this Clause 8, the terms controller, processor, data subject, personal data, personal data breach and processing shall have the meaning given to them in the UK GDPR.

8.3

Both parties will comply with all applicable requirements of the Data Protection Legislation. This Clause 8 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Data Protection Legislation.

8.4

The parties have determined that for the purposes of the Data Protection Legislation that the Data Processor shall process the personal data as set out in the ITAD SOW as processor on behalf of the Data Controller.

8.5

Should the determination in Clause 8.4 change, the parties shall use all reasonable endeavours to make any changes that are necessary to this Clause 8, the Data Capability Statement and the Data Processing Terms appended to the ITAD SOW.

8.6

Without prejudice to Clause 3, the Data Controller will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of any personal data included within (or otherwise connected to the Assets) to the Data Processor and the lawful collection of the same by the Data Processor for the duration and purposes of the Contract.

8.7

In relation to the types of personal data intended to be processed by the Data Processor, the Data Capability Statement and the Data Processing Terms appended to the ITAD SOW set out the scope, nature and purpose of processing by the Data Processor, the duration of the processing and the types of personal data and categories of data subject.

8.8

Without prejudice to Clause 3 the Data Processor shall, in relation to the personal data:

8.8.1

process that personal data only on the documented instructions of the Data Controller unless the Data Processor is required by Applicable Laws to otherwise process that personal data (“Purpose”). Where the Data Processor is relying on Applicable Laws as the basis for processing personal data, the Data Processor shall notify the Data Controller of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Data Processor from so notifying the Data Controller on important grounds of public interest. the Data Processor shall inform the Data Controller if, in the opinion of the Data Processor, the instructions of the Data Controller infringe Data Protection Legislation;

8.8.2

implement the technical and organisational measures set out in the Data Capability Statement and the Data Processing Terms appended to the ITAD SOW, to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to personal data which the Data Controller has reviewed and confirms are appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures;

8.8.3

ensure that any personnel engaged and authorised by the Data Processor to process personal data have committed themselves to confidentiality or are under an appropriate statutory or common law obligation of confidentiality;

8.8.4

assist the Data Controller insofar as this is possible (taking into account the nature of the processing and the information available to the Data Processor), and at the Data Controller’s sole cost and written request, in responding to any request from a data subject and in ensuring the Data Controller’s compliance with its obligations under Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;

8.8.5

notify the Data Controller without undue delay on becoming aware of a personal data breach involving the personal data;

8.8.6

at the written direction of the Data Controller, delete or return personal data and copies required by Applicable Law to continue to process that personal data. For the purposes of this Clause 8.6, personal data shall be considered deleted where it no longer physically accessible and/or otherwise usable by the Data Processor; and

8.8.7

maintain records to demonstrate its compliance with this Clause 8.

8.9

The Data Controller provides its prior, general authorisation for the Data Processor to:

8.9.1

appoint processors to process personal data, provided that the Data Processor:

8.9.1.1

shall ensure that the terms on which it appoints such processors comply with Data Protection Legislation, and are consistent with the obligations imposed on the Data Processor;

8.9.1.2

shall remain responsible for the acts and omission of any such processor as if they were the acts and omissions of the Data Processor; and

8.9.1.3

shall inform the the Data Controller of any intended changes concerning the addition or replacement of the processors, thereby giving the Data Controller the opportunity to object to such changes provided that if the Data Controller objects to the changes and cannot demonstrate, to the Data Processor’s reasonable satisfaction, that the objection is due to an actual or likely breach of Data Protection Legislation, the Data Controller shall indemnify the Data Processor for any and all losses, damages, costs (including legal fees) and expenses suffered by the Data Processor in accommodating the objection.

8.9.1.4

transfer personal data outside of the UK as required under the ITAD Services, provided that the Data Processor shall ensure that all such transfers are effected in accordance with Data Protection Legislation. For these purposes, the Data Controller shall promptly comply with any reasonable request of the Data Processor, including any request to enter into standard data protection clauses adopted by the EU Commission from time to time (where the EU GDPR applies to the transfer) or adopted by the Commissioner from time to time (where the UK GDPR applies to the transfer).

8.10

Either party may, at any time on not less than [30] days' notice, revise this clause 8 by replacing it with any applicable controller to processor standard clauses or similar terms forming part of an applicable certification scheme (which shall apply when replaced by attachment to these Conditions).

8.11

the Data Processor’s liability for losses arising from breaches of this Clause 8 is as set out in Clause

9. LIMITATION OF LIABILITY

9.1

the Data Processor has obtained insurance cover in respect of its own legal liability for individual claims not exceeding £1,000,000 per claim.

9.2

The limits and exclusions in this clause reflect the insurance cover the Data Processor has been able to arrange, and the Data Controller is responsible for making its own arrangements for the insurance of any excess loss.

9.3

References to liability in this Clause 9 include every kind of liability arising under or in connection with the Contract including liability in contract, tort (including negligence), misrepresentation, restitution or otherwise.

9.4

Nothing in this Clause 9 shall limit the Data Controller's payment obligations under the Contract.

9.5

Nothing in the Contract limits any liability which cannot legally be limited, including but not limited to liability for:

9.5.1

death or personal injury caused by negligence;

9.5.2

fraud or fraudulent misrepresentation; and

9.5.3

breach of the terms implied by section 2 of the Supply of Goods and Services Act 1982 (title and quiet possession).

9.6

Subject to Clause 9.5 (Liabilities which cannot legally be limited), the Data Processor’s total liability to the Data Controller:

9.6.1

for loss arising from the Data Processor’s failure to comply with its data processing obligations under Clause 8 shall not exceed £[10,000]; and

9.6.2

for all other loss or damage shall not exceed £[10,000].

9.7

Subject Clause 4 (No limitation of the Data Controller's payment obligations) and Clause 9.5 (Liabilities which cannot legally be limited), this Clause 9.7 sets out the types of loss that are wholly excluded:

9.7.1

loss of profits.

9.7.2

loss of sales or business.

9.7.3

loss of agreements or contracts.

9.7.4

loss of anticipated savings.

9.7.5

loss of use or corruption of software, data or information.

9.7.6

loss of or damage to goodwill; and

9.7.7

indirect or consequential loss.

9.8

Unless the Data Controller notifies the Data Processor that it intends to make a claim in respect of an event within the notice period, the Data Processor shall have no liability for that event. The notice period for an event shall start on the day on which the Data Controller became, or ought reasonably to have become, aware of the event having occurred and shall expire three([3]) months from that date. The notice must be in writing and must identify the event and the grounds for the claim in reasonable detail.

9.9

This Clause 9 shall survive termination of the Contract.

10. TERM AND TERMINATION

10.1

Each Contract shall commence on the Commencement Date and continue for the duration stated in the relevant ITAD SOW or until performance of the ITAD Services have been completed (“Term”) unless terminated earlier in accordance with this Clause 10.

10.2

Without affecting any other right or remedy available to it, either party may terminate the Contract by giving the other party thirty ([30]) days’ written notice.

10.3

For the avoidance of doubt, the Data Controller shall not be entitled to terminate the Contract under clause 10.2, where the Data Processor has commenced processing of any Assets at the time when the notice of termination is given.

10.4

Without affecting any other right or remedy available to it, either party may terminate the Contract with immediate effect by giving written notice to the other party if:

10.4.1

the other party commits a material breach of any term of the Contract and (if such a breach is remediable) fails to remedy that breach within thirty ([30]) days of that party being notified in writing to do so;

10.4.2

the other party takes any step or action in connection with its entering administration, provisional liquidation or any composition or arrangement with its creditors (other than in relation to a solvent restructuring), applying to court for or obtaining a moratorium under Part A1 of the Insolvency Act 1986, being wound up (whether voluntarily or by order of the court, unless for the purpose of a solvent restructuring), having a receiver appointed to any of its assets or ceasing to carry on business;

10.4.3

the other party suspends, or threatens to suspend, or ceases or threatens to cease to carry on all or a substantial part of its business; or

10.4.4

the other party's financial position deteriorates to such an extent that in the terminating party's opinion the other party's capability to adequately fulfil its obligations under the Contract has been placed in jeopardy.

10.5

Without affecting any other right or remedy available to it, the Data Processor may terminate the Contract with immediate effect by giving written notice to the Data Controller if:

10.5.1

the Data Controller fails to pay any amount due under the Contract on the due date for payment; or

10.5.2

there is a change of control of the Data Controller.

10.6

Without affecting any other right or remedy available to it, the Data Processor may suspend the supply of ITAD Services under the Contract or any other contract between the Data Controller and the Data Processor if:

10.6.1

the Data Controller fails to pay any amount due under the Contract on the due date for payment;

10.6.2

the Data Controller becomes subject to any of the events listed in Clause 10.3.3 or 10.3.4 or the Data Processor reasonably believes that the Data Controller is about to become subject to any of them; and

10.6.3

the Data Processor reasonably believes that the Data Controller is about to become subject to any of the events listed in Clause 10.3.2.

11. CONSEQUENCES OF TERMINATION

11.1

On termination or expiry of the Contract the Data Controller shall immediately pay to the Data Processor all of the Data Processor’s outstanding unpaid invoices and interest and, in respect of ITAD Services supplied but for which no invoice has been submitted, the Data Processor shall submit an invoice, which shall be payable by the Data Controller immediately on receipt;

11.2

Termination or expiry of the Contract shall not affect any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination or expiry, including the right to claim damages in respect of any breach of the Contract which existed at or before the date of termination or expiry.

12. GENERAL

12.1 Use of third-parties.

12.1.1

the Data Processor reserves the right to utilise the services of third-parties when providing the ITAD Services. The operational procedures of any third-parties used by the Data Processor in the supply of the ITAD Services will be rigorously audited by the Data Processor.

12.1.2

Details of the third-parties used by the Data Processor in the supply of the ITAD Services will be provided to the Data Controller upon written request.

12.2 Force Majeure.

Neither party shall be in breach of the Contract nor liable for delay in performing, or failure to perform, any of its obligations under the Contract if such delay or failure result from events, circumstances or causes beyond its reasonable control.

12.3 Assignment and other dealings.

12.3.1

the Data Processor may at any time assign, mortgage, charge, subcontract, delegate, declare a trust over or deal in any other manner with any or all of its rights and obligations under the Contract.

12.3.2

The Data Controller shall not assign, transfer, mortgage, charge, subcontract, delegate, declare a trust over or deal in any other manner with any of its rights and obligations under the Contract without the prior written consent of the Data Processor.

12.4 Variation.

Except as set out in these Conditions, no variation of the Contract shall be effective unless it is in writing and signed by the parties (or their authorised representatives).

12.5 Waiver.

A waiver of any right or remedy under the Contract or by law is only effective if given in writing and shall not be deemed a waiver of any subsequent right or remedy. A failure or delay by a party to exercise any right or remedy provided under the Contract or by law shall not constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict any further exercise of that or any other right or remedy. No single or partial exercise of any right or remedy provided under the Contract or by law shall prevent or restrict the further exercise of that or any other right or remedy.

12.6 Severance.

If any provision or part-provision of the Contract is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of this agreement. If any provision or part-provision of this Contract deleted under this Clause 12.6 the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.

12.7 Notices.

12.7.1

Any notice or other communication given to a party under or in connection with the Contract shall be in writing and shall be delivered by hand or by pre-paid first-class post or other next working day delivery service at its registered office (if a company) or its principal place of business (in any other case); or sent by email to the address specified in the ITAD SOW.

12.7.2

Any notice or communication shall be deemed to have been received:

12.7.2.1

if delivered by hand, at the time the notice is left at the proper address;

12.7.2.2

if sent by pre-paid first-class post or other next working day delivery service, at 9.00 am on the second Business Day after posting; or

12.7.2.3

if sent by email at the time of transmission, or, if this time falls outside business hours in the place of receipt, when Business Hours resume.

12.7.3

This Clause 12.7 does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any other method of dispute resolution.

12.8 Dispute Resolution.

12.8.1

If a dispute arises out of or in connection with these Conditions or the performance, validity or enforceability of a Contract (“Dispute”) then the parties shall follow the procedure set out in this Clause 12.8:

12.8.1.1

either party shall give to the other written notice of the Dispute, setting out its nature and full particulars (“Dispute Notice”), together with relevant supporting documents. On service of the Dispute Notice, the parties shall attempt in good faith to resolve the Dispute; and

12.8.1.2

if the parties are for any reason unable to resolve the Dispute within thirty ([30]) Business Days from service of the Dispute Notice, the parties will attempt to settle it by mediation in accordance with the Centre for Effective Dispute Resolution (“CEDR”) Model Mediation Procedure. Unless otherwise agreed between the parties, the mediator shall be nominated by CEDR. To initiate the mediation, a party must serve notice in writing (“ADR Notice”) to the other party to the Dispute, requesting mediation. A copy of the ADR Notice should be sent to CEDR. The mediation will start not later than fourteen ([14]) Business Days after the date of the ADR Notice.

12.8.2

If the Dispute is not resolved within one ([1]) month of the mediator’s appointment by CEDR, then either party may commence legal proceedings, but provided that nothing in this Clause 12.8 shall prevent either party from either continuing with any means of alternative dispute resolution as may be agreed in writing from time to time.

12.9 Third-party rights.

12.9.1

Unless it expressly states otherwise, the Contract does not give rise to any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of the Contract.

12.9.2

The rights of the parties to rescind or vary the Contract are not subject to the consent of any other person.

12.10 Entire Agreement.

12.10.1

The Contract constitutes the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter.

12.10.2

Each party acknowledges that in entering into the Contract it does not rely on and shall have no remedies in respect of any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in the Contract. Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in the Contract.

12.10.3

Nothing in this clause shall limit or exclude any liability for fraud.

12.11 Governing Law.

The Contract, and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the law of England and Wales.

12.12 Jurisdiction.

Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with the Contract or its subject matter or formation.