STANDARD TERMS & CONDITIONS APPLICABLE TO STORAGE CUSTOMERS
The Company being BC Data Management Limited
The Customer being the business or entity using the Services
The Services being Archive Storage, Management, Delivery, Collection, Secure Destruction and associated services.
- The Company shall provide the agreed Services in accordance with these Standard Terms & Conditions unless otherwise agreed by both parties in writing or by the Company or Customer in a separate written contractual agreement, this strictly excludes customers terms included on Purchase Orders;
- The Company will provide archive management, backup media management and services using container management software. The complete database is the property of the Company;
- The service is agreed between both parties verbally or in writing but any alterations to the agreed service must be communicated in writing The Company will serve notices to the Customer at the email address to which invoices are sent;
- All charges are as agreed between the Company and the Customer in writing;
- Any variations to those prices must be confirmed in writing by the Company to the Customer and delivered by recorded mail and or email at the email address to which invoices are sent;
- All payments to the Company are due within 14 days of the invoice date;
- In the event of the Customer failing to remit payment for correct invoices to the Company by the due date the Company shall be immediately entitled to suspend all services being carried out on behalf of the Customer. The Company shall have the right to hold the property of the Customer until all outstanding amounts are settled in full;
- The company reserves the right to charge interest at the current Barclays Bank Plc base rate plus three percent on any sum unpaid by the due date;
- All risks, including risk of loss, destruction or damage to the stored information remain with the Customer. The Company carries a professional indemnity of £1,000,000 to cover acts of negligence;
- The Customer shall be wholly responsible for ensuring that its insurance adequately covers the stored information while in the possession of the Company and the Company shall be under no obligation to insure the same;
- The Company shall not be responsible for any loss or damage, delay or variation caused or occasioned by any event beyond the control of the Company whether occurring in the United Kingdom or elsewhere (including without limitation, force majeure, refusal or withdrawal of any license, inability to obtain materials, fire, flood, explosion, war, riot, act of Government, act of God, strike or labour dispute);
- These Standard Terms & Conditions shall commence from the date of the first deposit of containers or stored information with the Company and shall remain automatically in effect on an annual basis from such date. Payment of invoices confirms acceptance of these Standard Terms & Conditions. If the Company or the Customer wishes to end this agreement they must advise the other party with a notice of termination of this agreement to be given no less than 3 (three) months prior to the anniversary of the commencement date.
- The Company or Customer shall be immediately entitled to terminate this agreement upon or at any time following any of the following events:
- The Customer or the Company defaults in or commits a major breach of any obligation owed under these Standard Terms & Conditions;
- The Customer or the Company offers to make arrangement or composition with its creditors or commits any acts of bankruptcy;
- The presentation of a bankruptcy or winding up petition against the Customer or the Company;
- Any distress or execution is levied on the Customers or the Companies property or assets;
- The commencement of any act or proceedings in which the Customers or the Companies solvency is involved;
- In the event of termination in whatever circumstances the Customer shall be liable for 12 (twelve) months storage charge from the date of termination notice and any costs relating to the removal of the stored from the Companies premises;
- Condition of Archive Boxes. The Company reserves the right to re-box any of the Customers boxes if deemed to be in an unsuitable condition prior to transportation. The cost of this will be the responsibility of the Customer.
- Data Protection.
16.1 The Customer is the controller of, and the Company is the processor of any personal data (the Data) contained within the Stored Information. Each part shall comply with the obligations that apply to it under Applicable Data Protection Law.
16.2The Company shall process the Data as a processor only as necessary to perform its obligations under this Agreement and strictly in accordance with the instructions of the Customer (the Permitted Purpose), except where otherwise required by any EU (or any EU Member State) or UK law applicable to the Company. In no event shall the Company process the Data for its own purposes or those of any third party.
16.3International Transfers. The Company shall not transfer the Data (nor permit the Data to be transferred) outside of the European Economic Area (the EEA) unless:
(a). it has first obtained the Customer’s written consent, and;
(b). it takes such measures as are necessary to ensure the transfer is in compliance with Applicable Data Protection Law.
16.4 Confidentiality of Processing. The Company shall ensure that any person that it authorises to process the Data (including its employees, agents and subcontractors) shall be subject to a strict duty of of confidentiality and shall not permit any person to process the Data who is not under such a duty of confidentiality. The Company shall ensure that any such processing only occurs as necessary for the Permitted Purpose.
16.5 Security. The Company shall implement and maintain appropriate technical and organisational measures to protect the Data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or unauthorised access. Such measures shall have regard to the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. The Company shall also implement and maintain such other technical and organisational measures as would be taken by a responsible and prudent service provider.
16.6 Sub-processing. The Customer hereby provides its consent for the Company to engage third party sub-processors to process the Data provided that the Company provides to adhere to the following conditions:
(a). provides the Customer at least 30 days prior notice of any sub-processor detailing the processing that it will perform.
(b). maintain an up to date register of all third part sub-processors engaged in connection with the Data.
(c). impose data protection terms on any sub-processor it appoints that protect the Data to the same standard as this Agreement.
(d). the Customer reserves the right to object to any sub-processor appointed by the Company.
(e). if the Customer raises any such objection the Company will not appoint the sub-processor.
(f). the Company remains fully liable for any breach caused by any sub- processor it may appoint.
16.7 Cooperation with data subjects’ rights. The Company shall provide all reasonable assistance, with costs to be agreed as required to the Customer to enable to Customer to respond to any request from a data subject exercising any of its rights under Applicable Data Protection Law. In the event that any such request is made by the data subject to the Company, the Company shall notify the Customer promptly (within 2 business days) providing details of the same.
16.8 Data Protection Impact Assessment. Upon the Customers’ request, the Company shall provide the Customer with all such reasonable and timely assistance as the Customer may require in conducting a data protection impact assessment. If the Company becomes aware that it is processing of the Data is likely to result in a high risk to the data protection rights and freedoms of data subjects it shall inform the Customer promptly (within 2 business days).
6.9 Security Incidents. Upon becoming aware of a Security Incident, The Company shall inform the Customer immediately and shall provide all such timely information and cooperation as the Customer may require in order for the Customer to fulfil its data breach reporting obligations under and in accordance with the timescales required by Applicable Data Protection Law. The Company shall further take all such measures and actions as are necessary to remedy or mitigate the effects of the Security Incident and shall keep the Customer informed of all developments in connection with the Security Incident.
16.10 Deletion or return of Data. Upon termination or expiry of the Agreement, the Company shall, as a cost to be agreed with the Customer, return to the customer , and/or at the Customers request, securely destroy or permanently erase (and certify in writing such secure destruction and/or erasure), all data (including any copies of Data) in its possession or control (including and Data sub-contracted to a third party for processing). This requirement shall not apply to the extent that the Company is required by any EU (or any EU Member State) Law to retain some or all of the Data, in which case the Company shall isolate and protect the Data from further processing except to the extent required by such Law.
6.11 Audit. The Company shall permit the Customer (or its appointed third party auditors), at its own costs and with the Companies reasonable costs to be paid by the Customer, to audit the Companies compliance with the Data Protection provisions of this Agreement, and shall make available to the Customer all information, systems and employees necessary for the Customer (or its third party auditors) to conduct such an audit. The Company acknowledges that the Customer (or its third party auditors) may enter its premises for the purposes of conducting this audit, provided that the Customer gives reasonable prior notice of its intention to audit, conducts its audit during normal business hours and takes all reasonable measures to prevent unnecessary disruption to the Companies operations. The Customer shall not exercise its right to audit more than once in any 12 month period except where required to do so on the instruction of a recognised data protection authority, where the Customer believes there is an ongoing Security Incident or that a Security Incident is likely to result in the absence of an additional audit.
6.12. Disclosure. In the event of any of the following Authorities requiring access to and or possession of some or all of the Stored Information, the Customer herby permits the Company to allow such access and or relinquish possession and cooperate fully with such authorities as required by Law (at the Customers reasonable expense) provided that the Company shall immediately notify the Customer of any such requests from the following authorities or their equivalent replacements:
(a). HM Revenue & Customs.
(b). Any person requiring disclosure and / or possession in accordance with any enactment of rule of law or by order of the Court.
The Customer hereby acknowledges that the Company shall not be required, beyond making all reasonable enquiries to investigate the authenticity or validity of any request for access and or possession made by such Authorities referred to above or any Authorities or persons purporting to be the same.
Last Updated 02/12/2020