Procurement Terms & Conditions

1. INTERPRETATION

1.1 In these Conditions the following expressions will have the following meanings unless inconsistent with the context:

“Addison Lee Group Company” means Addison Lee Limited (company number 01205530) and (i) its ultimate parent undertaking, and/or (ii) any subsidiary undertaking of its ultimate parent undertaking, and “parent undertaking” and “subsidiary undertaking” shall have the meaning set out in section 1162 of the Companies Act 2006, as amended, and “Addison Lee Group” shall be construed accordingly;

“Business Day” means, any day which is not a Saturday or Sunday or public holiday in England;

“Change of Control” means, in relation to an undertaking, a change in the ability to direct the affairs of that undertaking, whether by virtue of ownership of shares, contract or otherwise;

“the Company” the member of the Addison Lee Group placing the Order with the Supplier or, if different, the member(s) of the Addison Lee Group receiving delivery of the Goods and/or Services (either directly or through a nominated third party);

“Conditions” means these terms and conditions and any special terms agreed in writing by the Company and the Supplier;

“Confidential Information” all information (whether in written, oral, electronic or any other form) relating, directly or indirectly, to the Contract, the Company, the Addison Lee Group including without limitation all notes, analyses, compilations, studies, interpretations, costings technical or commercial know-how, specifications, inventions, processes or initiatives and which reflect, are based upon, or which contain in whole or in part, information disclosed to the Supplier by the Company or its agents in each case whether or not marked confidential;

“Contract” the Order and the Supplier’s acceptance of the Order;

“Controller, Data Subject, have the meanings set out in the Data Protection Laws;

Personal Data, Personal Data Breach, Joint Controller, Process, Processing, Processor and Supervisory Authority (and their equivalent terms)”

“Data Processing Particulars” means the “Data processing particulars” document forming part of these Conditions, setting out details of the Processing activities the Supplier carries out on behalf of the Company;

“Data Protection Laws” means the Regulation and any other laws, regulations and provisions relating to Processing applicable in the United Kingdom including legislation which implements the Regulation;

“Goods” any goods agreed in the Contract to be purchased by the Company from the Supplier (including any part or parts of them);

“Information Security Standards” means the standards document forming part of these Conditions, setting out details of the security standards and measures the Supplier has agreed to maintain;

“Intellectual Property Rights” without limitation, copyrights (including for the avoidance of doubt rights in computer software and typography rights), patents, trademarks, trading names, trading styles, domain names, rights in designs, databases, operating systems and specifications (both registered and unregistered) and any applications to register any of the foregoing, rights in inventions (whether patentable or not), know-how, trade secrets and other confidential information and all corresponding rights of a similar nature anywhere in the world;

“Order” the Company’s written instruction to supply the Goods and/or Services, incorporating these Conditions;

“Project Materials” any and all materials developed, written or prepared by the Supplier, its employees, agents or sub-contractors in relation to the Services (whether individually, collectively or jointly with the Company);

“Project Plan” the timetable for performing the Services specified in the Order or otherwise agreed in writing by the Company and the Supplier;

“Regulation” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation);

“Services” any services agreed in the Contract to be purchased by the Company from the Supplier (including any part or parts of them);

“Service Levels” the service levels for the Services, if any, specified in the Order or otherwise agreed in writing between the Company and the Supplier;

“Specification” the specification for the Goods and/or Services specified in the Order or otherwise agreed in writing between the Company and the Supplier;

“Sub-Processor” has the meaning set out in clause 20.9.8;

“Supplier” the person, firm or company who accepts the Company’s Order; and

“Third Country” means a country outside the European Economic Area.

1.2 In these Conditions references to any statute or statutory provision shall, unless the context otherwise requires, be construed as a reference to that statute or provision as from time to time amended, consolidated, modified, extended, re-enacted or replaced.

1.3 In these Conditions references to the masculine include the feminine and the neuter and to the singular include the plural and vice versa as the context admits or requires.

1.4 In these Conditions the headings will not affect the construction of these Conditions.

1.5 In these Conditions including the definitions

1.5.1 person includes a natural person, corporate or unincorporated body (whether or not having a separate legal personality);

1.5.2 party includes its personal representative, successors or assigns;

1.5.3 writing or written includes email;

1.5.4 including or include or similar/equivalent expression shall be construed as illustrative only and shall not limit the scope of the words preceding those terms; and

1.5.5 statute or statutory provisions is a reference to such statute or statutory provision as amended or re-enacted including subordinate legislation made under that statute or statutory provision, as amended or re-enacted.

1.6 In interpreting the Data Protection Laws, the Parties shall have regard to all guidance and codes of practice issued by the Supervisory Authority and any other body with regulatory authority in relation to the Processing.

1.7 The parties agree that if there are changes to the Data Protection Laws or related guidance from the Supervisory Authority or any other body with regulatory authority in relation to the Processing which require either Party to take additional steps to enable compliance with the Data Protection Laws, the Parties shall review the provisions of clause 20 and shall negotiate in good faith to agree appropriate changes to them.

1.8 Where any provision of clause 20 of these Conditions is incompatible with any term of the remainder of the Conditions, clause 20 shall take precedence but only to the extent required to resolve the incompatibility. However, if the incompatibility is that the provision in question imposes a higher standard or obligation on the Supplier than is applicable under clause 20, then the higher standard or obligation shall continue to apply.

2. FORMATION OF CONTRACT

2.1 These Conditions are the only conditions upon which the Company is prepared to deal with the Supplier and they shall govern the Contract to the entire exclusion of all other terms or conditions.

2.2 Each Order for Goods and/or Services by the Company from the Supplier shall be deemed to be an offer by the Company to purchase Goods and/or Services subject to these Conditions and no Order shall be accepted until the Supplier either expressly by giving notice of acceptance, or impliedly by, in a contract for Goods fulfils or begins to fulfil the Order, in whole or in part thereby accepts the offer.,The Company’s offer to purchase Goods and/or Services shall lapse if the offer has not been accepted by the Supplier within 7 days of the Company making the offer.

2.3 No terms or conditions endorsed upon, delivered with or contained in the Supplier’s quotation, acknowledgement or acceptance of order, specification or similar document will form part of the Contract and the Supplier waives any right which it otherwise might have to rely on any such terms and conditions of whatever nature whether, or which are otherwise implied by trade, custom, practice or course of dealing..

2.4 These Conditions apply to all the Company’s purchases and any variation to these Conditions shall have no effect unless expressly agreed in writing and signed by a director of the Company or a person who has delegated authority from the Company’s Board of directors.

3. QUALITY OF GOODS AND/OR SERVICES

3.1 In relation to the Goods, the Supplier warrants, represents and undertakes that the Goods shall be of the best available design, of the best quality, material and workmanship, be without fault and conform in all respects with the Order and any specification and/or patterns supplied or advised by the Company to the Supplier (including without limitation the Specification), or applied by the Supplier to the Goods, and that the Goods shall comply with any and all regulations, regulatory, statutory, legal and other such requirements applicable to the Goods including without limitation as to relevant industry best practice as to production, packaging, labelling, storage, carriage, handling, delivery and CE Marking.

3.2 In relation to the Services, the Supplier warrants, represents and undertakes that the Services shall be performed:

3.2.1 in accordance with the Contract, including without limitation the Specification and the Service Levels;

3.2.2 with reasonable skill and care and in accordance with any and all standards generally observed in the industry for similar services;

3.2.3 in accordance with the timescales set out in the Project Plan, if any, and if there is no Project Plan in a timely manner bearing in mind the nature of the Services and the Company’s requirements;

3.2.4 in compliance with any and all regulations, regulatory, statutory, legal and other such requirements applicable to the Services; and

3.2.5 in compliance with all security, health and safety and other policies, regulations, rules, codes of practice and guidelines that apply to the Company’s premises at which any Services are to be provided, copies of which shall be provided by the Company on request.

3.3 The Supplier shall demonstrate on demand the conformity of the Goods and/or Services to the requirements of Condition 3.1 and/or Condition 3.2 as appropriate and the conformity of the Supplier and its processes to any legal, regulatory or statutory requirement.

3.4 The Company’s rights under these Conditions are in addition to the statutory conditions implied in favour of the Company by the Sale of Goods Act 1979, the Supply of Goods and Services Act 1982 and any other applicable statute from time to time.

3.5 At any time prior to and after delivery of the Goods and/or Services to the Company the Company shall have the right to:

3.5.1 inspect Goods or premises at which Goods are manufactured, packed, processed or stored and test the Goods at all times; and/or

3.5.2 audit documentation relating to the Services or premises at which Services are performed.

If initial tests and/or audits on the Goods and/or Services undertaken by the Company indicate a potential defect or problem, the Company reserves the right to undertake such additional tests and/or audits as it deems appropriate and the Supplier shall reimburse the Company the cost of such additional tests and/or audits.

3.6 If the results of such inspection, testing and/or audits cause the Company to be of the opinion that the Goods and/or Services do not conform or are unlikely to conform with the Order or to any specifications and/or patterns supplied or advised by the Company to the Supplier or to any Specifications, Service Levels and/or Project Plan, the Company shall inform the Supplier and the Supplier shall immediately take such action as is necessary to ensure conformity and in addition the Company shall have the right to require and witness further testing, inspection and/or audits.

3.7 Notwithstanding any such inspection, or testing and/or audits, the Supplier shall remain fully responsible for the Goods and/or Services and any such inspection, testing and/or audit shall not diminish or otherwise affect the Supplier’s obligations under the Contract.

3.8 If any of the Goods and/or Services fail to comply with the provisions set out in Condition 3 the Company shall be entitled to avail itself of any one or more remedies listed in Condition 11.

4. INDEMNITY

4.1 The Supplier shall indemnify and hold harmless and keep the Company and all Addison Lee Group Companies indemnified in full on demand against all direct, indirect or consequential liability, loss, damages, injury, costs and expenses (including legal and other professional fees and expenses) awarded against or incurred or paid by the Company and all Addison Lee Group Companies as a result of or in connection with:

4.1.1 defective workmanship, quality or materials;

4.1.2 any of the Goods and/or Services failing to comply with the provisions set out in Condition 3;

4.1.3 an infringement or alleged infringement of any Intellectual Property Rights caused by the use, manufacture or supply of the Goods and/or Services;

4.1.4 a breach of confidentiality under these Conditions;

4.1.5 any claim made against any Addison Lee Group Company in respect of any liability, loss, damage, injury, cost or expense sustained by that Addison Lee Group Company’s employees or agents or by any customer or third party to the extent that such liability, loss, damage, injury, cost or expense was caused by, relates to or arises from the Goods and/or Services; or

4.1.6 any loss and/or damage to property of one or more Addison Lee Group Companies to the extent that such loss and/or damage was caused by, relates to, or arises from the Goods and/or Services and/or negligence of the Supplier or its employees ,agents, or sub-contractors.

5. DELIVERY AND TIME FOR PERFORMANCE

5.1 Time for delivery of the Goods and/or performance of the Services shall be of the essence.

5.2 If the whole or any part of the Goods and/or Services are not delivered on the due date then, without prejudice to any other rights which it may have, the Company reserves the right to:

5.2.1 cancel the Contract in whole or in part;

5.2.2 refuse to accept any subsequent delivery of the Goods and/or Services which the Supplier attempts to make;

5.2.3 recover from the Supplier any expenditure reasonably incurred by the Company in obtaining the Goods and/or Services in substitution from another supplier; and

5.2.4 claim damages for any additional costs, loss or expenses incurred by the Company which are in any way attributable to the Supplier’s failure to deliver the Goods and/or Services on the due date.

6. PRICE

6.1 The price of the Goods and/or Services shall be stated in the Order and unless otherwise agreed in writing by the Company shall be exclusive of value added tax but inclusive of all other charges.

6.2 No variation in the price nor extra charges will be accepted by the Company.

6.3 The Company shall be entitled to any discount for prompt payment or volume of orders customarily granted by the Supplier to any other customer.

7. PAYMENT

7.1 For Services, the Supplier shall be entitled to invoice the Company for the price at the intervals specified in the Order or otherwise agreed in writing between the Company and the Supplier. If no intervals are so specified or agreed, the Supplier shall be entitled to invoice the Company monthly in arrears.

7.2 The Supplier will provide invoice data within fourteen (14) days of the delivery of the Goods and/or Services

7.3 Subject to Condition 7.6, the Company shall pay or procure the payment of all invoices sixty (60) days end of month from date of invoice provided that:

7.3.1 if in the opinion of the Company any invoice is incorrect or does not comply with Condition 7.2, the Company shall notify the Supplier and payment shall not be due to the Supplier for the price set out in such invoice unless and until a correct invoice has been submitted to the Company and then payment shall be due within thirty (30) days of the end of the month of receipt of such corrected invoice.

7.3.2 If the payment due date of an invoice does not fall on a Business Day, payment shall become due on the Business Day following the due date.

7.4 Unless otherwise agreed, the price of any Services shall include all out-of-pocket expenses which may be incurred by the Supplier, including, without limitation, travel and subsistence expenses. If the Company agrees to reimburse expenses incurred by the Supplier, such reimbursement shall be limited to expenses necessarily incurred by the Supplier’s personnel in performing the Services and only amounts approved by the Company in advance shall be reimbursed.

7.5 If any sums are due to the Company from the Supplier, then the Company shall be entitled to exercise the right to set-off such sums against any payments due to the Supplier from the Company under or in relation to this or any other Contract.

7.6 If the Company is required, pursuant to any applicable present or future law, rule or regulation of any competent governmental or other administrative body, to make any withholding in respect of tax or otherwise from any amount or amounts payable to the Supplier pursuant to the Contract, the Company shall pay any amounts net of such withholding.

8. INSURANCE

8.1 The Supplier shall at its own cost, maintain in force for at least 6 years from the date of the Contract such insurance policies as are appropriate and adequate having regard to its obligations and liabilities under these Conditions with a reputable insurer.

8.2 The Supplier shall on written request of the Company from time to time provide the Company with reasonable details of the insurance policies in question, and, on the renewal of each policy, the Supplier shall send a copy of the premium receipt to the Company when requested to do so in writing by the Company.

9. CONFIDENTIALITY

9.1 The Supplier shall keep in strict confidence all Confidential Information.

9.2 The Supplier shall restrict disclosure of any and all Confidential Information to such of its employees, agents or sub-contractors as need to know the same for the purpose of discharging the Supplier’s obligations to the Company under these Conditions and shall ensure that such employees, agents or sub-contractors are subject to like obligations of confidentiality as bind the Supplier.

9.3 The Supplier shall not itself use or permit to be used the Confidential Information other than for the sole purpose of discharging the Supplier’s obligations to the Company under these Conditions.

9.4 The Supplier shall not make any announcement or otherwise publicise the existence of or disclose to any person the terms of these Conditions without the prior written consent of the Company.

9.5 The Supplier shall immediately notify the Company upon discovery of any unauthorised use or disclosure of the Confidential Information, together with full details thereof.

9.6 The Supplier may disclose the Confidential Information where required by law or requested by government or regulatory authorities.

9.7 Upon termination of the Contract in accordance with these Conditions, the Supplier shall (i) return to the Company and any all material in the Supplier’s possession and/or control or (i) destroy such Confidential Information, in either case at the Company’s request.

10. TERM

10.1 In respect of a Contract for Services,. If no contract term is specified in the Order, the Contract shall continue either until the Services have been performed in full or, if the Services are of a recurring nature, shall continue indefinitely unless and until terminated by the Company giving the Supplier not less than 30 days’ notice or by the Supplier giving the Company not less than 90 days’ notice.

11. TERMINATION

11.1 Notwithstanding Condition 10, the Company shall have the right at any time and for any reason to terminate the Contract in whole or in part by giving the Supplier written notice whereupon all work on the Contract shall be discontinued and the Company shall pay to the Supplier fair and reasonable compensation for work-in-progress at the time of termination but such compensation shall not include loss of anticipated profits or any consequential loss and, in the case of Services, shall not exceed the amount which would have been payable to the Supplier for the Services during the 30 day notice period referred to in Condition 10 had that period of notice been given.

11.2 The Company shall have the right at any time by giving notice in writing to the Supplier to terminate the Contract with immediate effect if:

11.2.1 the Supplier commits a material, repudiatory or persistent breach of any of the terms and conditions of the Contract and in the case of a remediable material breach fails to remedy that breach within ten (10) Business Days of receipt of notice in writing of the breach;

11.2.2 any distress, execution or other process is levied upon any of the assets of the Supplier;

11.2.3 the Supplier enters into any compromise or arrangement with its creditors, commits any act of bankruptcy, dies or by reason of mental illness or incapacity (mental or physical) is incapable of managing his own affairs (being an individual), or if an order is made or an effective resolution is passed for its winding up (except for the purposes of amalgamation or reconstruction as a solvent company) or if a petition is presented to court, or if a receiver and/or manager, receiver, administrative receiver or administrator is appointed in respect of the whole or any part of the Supplier’s undertaking or assets;

11.2.4 the Supplier suspends or threatens to suspend, ceases or threatens to cease to carry on its business;

11.2.5 the financial position of the Supplier deteriorates to such an extent that in the opinion of the Company the capability of the Supplier adequately to fulfil its obligations under the Contract has been placed in jeopardy; or

11.2.6 there is a Change of Control of the Supplier.

11.3 The termination of the Contract, however arising, will be without prejudice to the rights of the Company accrued prior to termination. The Conditions which expressly or impliedly have effect after termination will continue to be enforceable notwithstanding termination including without limitation, Clauses 1, .4, 8, 9, 15, 19, 20, 21.22 and 24.

11.4 The Company may, instead of invoking its termination right or rights under these Conditions, terminate part of the Contract relating to the Goods and/or Services (as applicable) so that the Contract shall continue in respect only of the remaining supply.

12. REMEDIES

12.1 Without prejudice to any other right or remedy which the Company may have, if any Goods and/or Services are not supplied in accordance with, or the Supplier fails to comply with, any of the terms of this Contract the Company shall be entitled to avail itself of any one or more of the following remedies at its discretion, whether or not any part of the Goods and/or Services have been accepted by the Company:

12.1.1 to rescind the Order;

12.1.2 to reject the Goods and/or Services (in whole or in part) and, in the case of Goods return them to the Supplier at the risk and cost of the Supplier on the basis that a full refund for the Goods so returned (and for costs incurred by the Company in returning those Goods) shall be paid immediately by the Supplier. If Goods are rejected by the Company, for whatever reason, the Supplier shall collect the Goods from the delivery address communicated to the Supplier in accordance with Condition 17;

12.1.3 at the Company’s option to give the Supplier the opportunity at the Supplier’s expense either to remedy any defect in the Goods and/or Services or to supply replacement Goods and/or Services and carry out any other necessary work to ensure that the terms of the Contract are fulfilled;

12.1.4 to refuse to accept any further deliveries of the Goods and/or Services but without any liability to the Supplier;

12.1.5 to carry out at the Supplier’s expense any work necessary to make the Goods and/or Services comply with the Contract; and/or

12.1.6 to claim such damages and/or compensation as may have been sustained in consequence of the Supplier’s breaches of the Contract.

13. ASSIGNMENT

13.1 The Supplier shall not be entitled to assign the Contract or any part of it (including without limitation the assignment of the financial benefit pursuant to a factoring or similar arrangement) without the prior written consent of the Company.

13.2 Where the Company agrees that the Supplier may assign to a third party (the “Third Party”) the right to collect payments pursuant to the Contract:

13.2.1 unless otherwise notified by the Third Party in writing, the Company shall comply with the instructions for payment received from the Supplier;

13.2.2 if the Supplier wishes the Company to cease making payments to the Third Party, it shall provide the Company with unequivocal written confirmation from the Third Party that payment should cease to be paid to that Third Party. Until such confirmation is received, the Supplier may continue to make payments to the Third Party;

13.2.3 then notwithstanding any assignment by a Supplier to a Third Party of the right to collect payment, the Company shall have the right to set-off against the Supplier’s invoices any amounts owed by the Supplier to the Company or to any other Addison Lee Group Company, including without limitation where the Supplier failed to fulfil an Order, or where the Goods and/or Services delivered by the Supplier do not comply with the Order; and

13.2.4 the Supplier shall bring to the attention of the Third Party the existence of these terms and, as part of the arrangements with the Third Party, the Third Party shall comply with these terms insofar as is applicable

13.3 The Company may assign the Contract or any part of it to any person, firm or company.

14. FORCE MAJEURE

Neither party shall be liable to the other as a result of failure or delay to perform its obligations under the Contract if and to the extent that such delay or failure is caused by an even or circumstances beyond the reasonable control of the Company including, without limitation, acts of God, governmental actions, war or national emergency, acts of terrorism or threats thereof, riot, civil commotion, fire, explosion, flood, epidemic, lock-outs, strikes or other labour disputes (whether or not relating to either party’s workforce), or restraints or delays affecting carriers or inability or delay in obtaining supplies of adequate or suitable materials. If such event or circumstances prevent the Company from the Supplier from supplying the Goods and/or Services for more than six (6) weeks, the Company shall have the right, without limiting its other rights or remedies, to terminate this Contract with immediate effect by giving notice to the Supplier.

15. THIRD PARTY RIGHTS

Each Addison Lee Group Company may rely upon and enforce these Conditions. The third party rights referred to in this Condition can be enforced by the relevant Addison Lee Group Company subject to and in accordance with the provisions of the Contracts (Rights of Third Parties) Act 1999 (the “Act”). Except as expressly provided in this Condition (or insofar as these Conditions otherwise expressly provides that a third party may in his own right enforce a term of these Conditions), a person who is not a party to these Conditions has no right under the Act to rely upon or enforce any terms of these Conditions but this does not affect any right or remedy of a third party which exists or is available apart from the Act.

16. ANTI-BRIBERY COMPLIANCE

16.1 The Supplier warrants and represents that it will:

16.1.1 fully comply with all applicable laws, statutes, regulations and codes relating to anti-bribery and anti-corruption including but not limited to the UK Bribery Act 2010 (“Relevant Requirements”);

16.1.2 have and maintain its own policies and procedures, including adequate procedures under the Bribery Act 2010, to ensure compliance with the Relevant Requirements and will enforce them where appropriate;

16.1.3 comply with the Company’s Ethics and Anti-bribery Policy as updated by the Company from time to time;

16.1.4 promptly report to the Company any request or demand for any undue financial or other advantage of any kind received by the Supplier in connection with the performance of these Conditions; and

16.1.5 immediately notify the Company in writing if a foreign public official becomes an officer or employee of the Supplier or acquires a direct or indirect interest in the Supplier, and the Supplier warrants that it shall have no foreign public officials as officers, employees or direct or indirect owners at the time of acceptance of each Order pursuant to Condition 2.2.

17. DELIVERY

17.1 Unless otherwise agreed in writing between the Supplier and the Company, the Goods shall be delivered, carriage paid, to the Company’s place of business or to such other place of delivery as is specified by the Company in writing prior to delivery of the Goods. The Supplier shall off-load the Goods as directed by the Company and in accordance with the Company’s health and safety policy.

17.2 The Company shall have the right to change its delivery instructions including the delivery date at any time by reasonable notice in writing to the Supplier.

17.3 The date for delivery shall be specified in the Order, or if no such date is specified then delivery shall take place within 28 days of the Order.

17.4 The Supplier shall invoice the Company upon, but separately from, delivery of the Goods to the Company.

17.5 The Supplier shall ensure that each delivery is accompanied by a delivery note which shows, inter alia, the order number, date of order, number of packages and contents and, in the case of part delivery, the outstanding balance remaining to be delivered.

17.6 If the Supplier requires the Company to return any packaging material to the Supplier that fact must be clearly stated on any delivery note delivered to the Company and any such packaging material will only be returned to the Supplier at the cost of the Supplier.

17.7 Unless otherwise stipulated by the Company in the Order, deliveries shall only be accepted by the Company in normal business hours.

17.8 Where the Company agrees in writing to accept delivery by instalments the Contract will be construed as a single contract in respect of each instalment. Nevertheless failure by the Supplier to deliver any one instalment shall entitle the Company at its option to treat the whole Contract as repudiated and the Company shall be entitled to each of the remedies at Condition 5.2.

17.9 Signature on behalf of the Company of a delivery note or other document presented for signature on delivery of the Goods is not evidence that the correct quantity or number of Goods have been delivered or that they otherwise meet the requirements of these Conditions or Order.

17.10 If the Goods are delivered to the Company in excess of the quantities ordered the Company shall not be bound to pay for the excess and any excess will be and will remain at the Supplier’s risk and will be returnable at the Supplier’s expense.

17.11 The Company shall be not deemed to have accepted any Goods until the Company has had a reasonable time to inspect them following delivery or, if later, within a reasonable time after any latent defect in the Goods has become apparent.

18. RISK/PROPERTY

The Goods shall remain at the risk of the Supplier until delivery to the Company is complete (including off-loading and stacking) when ownership of and risk in the Goods shall pass to the Company.

19. THE COMPANY’S PROPERTY

Materials, equipment, tools, dies, moulds, copyright, design rights or any other forms of intellectual property rights in all drawings, specifications and data supplied by the Company to the Supplier or not so supplied but used by the Supplier solely in or in relation to the manufacture of the Goods, or developed by or on behalf of the Supplier for the Company shall at all times be and remain the exclusive property of the Company but shall be held by the Supplier in safe custody at its own risk and maintained and kept in good condition by the Supplier until returned to the Company and shall not be disposed of other than in accordance with the Company’s written instructions, nor shall such items be used otherwise than as authorised by the Company in writing. Upon termination of the Contract, howsoever arising, the Company shall be entitled, upon reasonable notice and during normal business hours, to enter the Supplier’s premises to repossess any of the Company’s property which is in the Supplier’s possession.

20. DATA PROTECTION

20.1 With effect from 25 May 2018 or such earlier date as may be agreed between the parties, this clause 20 shall apply as between the Supplier and the Company. If there is any conflict between the remainder of these Conditions and this clause 20, the conflict shall be resolved in accordance with clause 1.8 of these Conditions.

20.2 The Parties undertake to each other that they shall comply with the Data Protection Laws in relation to their Processing of Personal Data in connection with the Services and these Conditions.

20.3 The Supplier warrants that its responses (“Response”) to the Company’s “Supplier –Information Security and Data Protection Questionnaire” and any similar or follow on questionnaires from the Company from time to time are complete and accurate.

20.4 The Supplier shall inform the Company of any changes which mean that its Response is no longer complete or accurate, or which impact its ability to comply with this clause 20.

20.5 The Supplier shall provide an updated Response to the Company (i) annually on or around the anniversary of the first Response, (ii) promptly following changes referred to in clause 20.4, and/or (ii) promptly at the Company’s request.

20.6 Each Party shall provide the other with the name and contact details of its data protection contact, who is responsible for data protection matters on a day-to-day basis as applicable to the Services.

20.7 The Supplier agrees that the Company may publish details of it, the processing it carries out for the Company and related information on www.addisonlee.com or such other website notified to the Supplier in writing from time to time.

20.8 To the extent the Supplier (as Processor), Processes Personal Data on behalf of the Company in connection with these Conditions, clauses 20.9 to 20.11 of this clause 20 shall apply to the Processing.

20.9 The Supplier (as Processor) shall:

20.9.1 process the Personal Data only on documented instructions from the Company including with regard to transfers of Personal Data to a Third Country unless required to do so by applicable law to which the Processor is subject; in such a case, the Processor shall inform the Company of that legal requirement before Processing, unless that law prohibits providing such information on important grounds of public interest;

20.9.2 ensure that persons who Process the Personal Data have committed themselves to binding obligations of confidentiality or are under an appropriate statutory obligation of confidentiality;

20.9.3 take all measures required pursuant to Article 32 of the Regulation, in particular:

20.9.3.1 taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of Data Subjects, implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk and in accordance with any Information Security policies of the Processor or the Company which the Processor has agreed to comply with. As a minimum, the minimum the Supplier will comply with the Information Security Standards;

20.9.3.2 in assessing the appropriate level of security, take account of the risks that are presented by Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise Processed; and

20.9.3.3 take steps to ensure that any natural person acting under the authority of the Company or the Processor who has access to personal data does not Process such data except on instructions from the Company, unless he or she is required to do so by law;

20.9.3.4 be entitled to engage a Sub-Processor (as defined below) provided that the Supplier provides the Company with 14 days’ prior written notice of any additions or changes to the list of Sub-Processors, during which time the Company can object to such addition or change to the list of Sub-Processors.;

20.9.4 where the Processor engages another Processor for carrying out specific Processing activities on behalf of the Company (a Sub-Processor), impose the same data protection obligations as required by the Data Protection Laws on the Sub-Processor by way of a written contract, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the Processing will meet the requirements of the Data Protection Laws. Where the Sub-Processor fails to fulfil its data protection obligations, the Processor shall remain fully liable to the Company for the performance of the Sub-Processor’s obligations;

20.9.5 taking into account the nature of the Processing, assist the Company by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Company’s obligation to respond to requests for exercising the Data Subject’s rights under the Data Protection Laws;

20.9.6 taking into account the nature of Processing and the information available to the Processor, assist the Company in ensuring compliance with the Company’s obligations under the Data Protection Laws with regard to:

20.9.6.1 the security of Processing pursuant to Article 32 of the Regulation;

20.9.6.2 notification of a Personal Data Breach to the Supervisory Authority pursuant to Article 33 of the Regulation;

20.9.6.3 communication of a Personal Data Breach to the Data Subject pursuant to Article 34 of the Regulation; and

20.9.6.4 data protection impact assessments, including prior consultation with the Supervisory Authority where there is a high risk for natural persons pursuant to Articles 35 and 36 of the Regulation;

20.9.7 at the choice of the Company, delete or return all of the Personal Data to the Company after the end of the provision of Services relating to the Processing, and delete existing copies unless storage of the Personal Data is required by law and provide written confirmation that it has done so;

20.9.8 make available to the Company all information necessary to demonstrate compliance with the obligations set out in this clause 20.9 and allow for and contribute to audits, including inspections, conducted by the Company or another auditor mandated by the Company, the Supervisory Authority any other body with regulatory authority in relation to the Processing;

20.9.9 immediately inform the Company if, in its opinion, an instruction infringes the Data Protection Laws;

20.9.10 maintain a record of all categories of Processing activities carried out on behalf of the Company in accordance with the Data Protection Laws;

20.9.11 notify the Company without undue delay (and in any event within 48 hours where possible) after becoming aware of a Personal Data Breach; and

20.9.12 notify the Company without undue delay (and in any event within 24 hours where possible) if it receives any Personal Data Breach notification, complaint or other notice or communication from a Data Subject, Supervisory Authority or any other party in relation to the Processing or either Party’s compliance with the Data Protection Laws. The Processor will not directly respond to any such Personal Data Breach notification, complaint, notice or communication unless expressly authorised to do so by the Company or required by applicable law and the Processor shall provide full co-operation, information and assistance to the Company in relation to any such complaint, notice or communication.

20.10 The Processor will not Process Personal Data in, or transfer Personal Data to a Sub-Processor in, a Third Country except where the Processor (or its Sub-Processor (as applicable) which will be Processing the Personal Data in such Third Country) has executed the Standard Contractual Clauses (Controller to Processor) as set out in the Commission Decision of 5 February 2010 (C(2010) 593) (“Model Clauses”), as amended, which are hereby incorporated into and form part of these Conditions in the form set out in Schedule 3 (The Clauses) (and the Data Processing Particulars shall apply for the purposes of Appendix 1 to the Model Clauses and the Information Security Measures will apply for the purposes of Appendix 2 to the Model Clauses) with the Company and the Processor ensures that such transfer and Processing is compliant with the terms of the Model Clauses.

20.11 Any limit on liability included in these Conditions, including any cap, shall not apply to a breach of this clause 20.

21. EFFECTS OF TERMINATION

21.1 Following the termination or expiry of the Contract for whatever reason the Supplier shall:

21.1.1 provide all assistance as is requested by the Company to transfer the Services to the Company or another service provider, subject to payment of the Supplier’s expenses reasonably incurred;

21.1.2 at no additional charge, provide the Company with copies of and a perpetual, worldwide, royalty free licence to use and sub-contract the use of all documentation, software, materials and know-how previously used by the Supplier to provide the Services. If the Supplier is unable to grant the Company a right to use the exact software previously used by the Supplier to provide the Services, the Supplier shall grant the Company a right to use software with equivalent functionality;

21.1.3 return to the Company or (at the Company’s option) destroy all or any information disclosed to it by or on behalf of the Company in connection with the Contract, together with any copies of any document containing such information in the Supplier’s possession or control; and

21.1.4 erase all or any information disclosed to it by or on behalf of the Company in connection with the Contract from any computer, word processor or other device or storage media in the Supplier’s possession or control

22. THE COMPANY’S PROPERTY AND INTELLECTUAL PROPERTY RIGHTS

22.1 Subject to the rights of the Supplier and/or any third party licensors in respect of any pre-existing materials which are supplied in conjunction with the Project Materials (which shall remain unaffected), the Company shall be entitled to all Intellectual Property Rights in the Project Materials, which Intellectual Property Rights the Supplier shall, with full title guarantee, assign to the Company immediately upon request and waive and agree not to assert any and all so-called moral rights in the same including all like, similar and analogous rights..

22.2 The Supplier shall do all such things and sign all documents or instruments reasonably necessary to enable the Company to obtain, defend and enforce its rights in the Project Materials.

22.3 All Intellectual Property Rights in any materials provided by the Company to the Supplier in connection with the Services (the “Company Materials”) vest in and remain vested in the Company or its licensors.

22.4 Upon the Company’s request and in any event upon the expiry or termination of the Contract, the Supplier shall at its expense promptly, in the Company’s sole discretion destroy and/or deliver to the Company all copies of the Project Materials and Company Materials then in the Supplier’s custody, control or possession.

22.5 The provisions of this Condition 22 shall survive the termination or expiry of the Contract.

23. PERSONNEL

23.1 The Supplier will procure that the provision of the Services is managed in such a way as to result in there not being a relevant transfer (within the meaning of the Transfer of Undertakings (Protection of Employment) Regulations 2006 (the “Regulations”)) upon the termination or expiry of the Contract.

23.2 If, notwithstanding such obligation, the Regulations apply to transfer the employment of any person employed by the Supplier to the Company or any new service provider then if the Company or such new service provider shall serve a notice terminating the employment of such person within six months of the date of such transfer, the Supplier shall indemnify the Company fully on demand against:

23.2.1 any sum payable to be person in question for redundancy and/or as damages for unfair and/or wrongful dismissal and/or as a reasonable settlement of a claim for such damages;

23.2.2 any sum payable to such new service provider in relation to the termination of employment, whether under a contract between the Company and the new service provider or otherwise; and

23.2.3 any associated costs or expenses.

24. GENERAL

24.1.1 Each right or remedy of the Company under the Contract is without prejudice to any other right or remedy of the Company whether under the Contract or not.

24.1.2 If any provision of the Contract is found by any court, tribunal or administrative body of competent jurisdiction to be wholly or partly illegal, invalid, void, voidable, unenforceable or unreasonable it shall, to the extent of such illegality, invalidity, voidness, voidability, unenforceability or unreasonableness, be deemed severable and the remaining provisions of the Contract and the remainder of such provision shall continue in full force and effect.

24.1.3 Failure or delay by the Company in enforcing or partially enforcing any provision of the Contract will not be construed as a waiver of any of its rights under the Contract.

24.1.4 Any waiver by the Company of any breach of, or any default under, any provision of the Contract by the Supplier will not be deemed a waiver of any subsequent breach or default and will in no way affect the other terms of the Contract.

24.1.5 All notices, demands, consents, approvals, requests or other communications with any of the parties to the Contract shall be in writing and shall be given by personal delivery, overnight courier service, or by Royal Mail addressed to the Board of Directors at the receiving party’s address used on the Order. The time period in which a response to any such communication must be made (if so required) within two days of the date of sending. Emails shall be deemed to be received on the day of sending, in the absence of a notification to the contrary. Letters howsoever delivered shall be deemed to be delivered two days after the day of sending.

24.1.6 Nothing in these Conditions or in the Contract is intended to, nor shall it, constitute a partnership or joint venture between the Company and the Supplier. The Supplier has no authority to act as agent for, on behalf of, or enter into any commitments for, the Company. Each party confirms it is acting on its own behalf and not for the benefit of any other person. – 14 – Addison Lee Standard Terms & Conditions for the Purchase of Goods and Services 2016

24.2 The formation, existence, construction, performance, validity and all aspects of the Contract shall be governed by the laws of England and Wales and the parties submit to the exclusive jurisdiction of the courts of England and Wales.

SCHEDULE 1 – Data processing particulars

1. Subject matter, nature, purpose and duration of the processing

The Supplier carries out the following Processing of the type of Personal Data set out in section 2 below and the categories of Data Subjects set out in section 3 below on behalf of the Company from time to time in respect of the relevant services, as more fully described in the Conditions:

a. Processing activities relevant to the Services provided.

The Supplier will Process Personal Data in relation to the Services for the duration of the Conditions. Please refer to the Conditions for details of the relevant start and end dates.

2. Type of personal data

The Supplier Processes the following types of Personal Data on behalf of the Company when required to do so in order to provide the Services:

Any or all of the following: name, title, job title, mobile phone number, email address, business contact details, online account details (e.g. name, email address and any password or username linked to them), government issued identifiers and associated information (e.g. passport, social security or national health number, tax number, drivers licence, date of birth), private address (including previous residential addresses), private contact details and bank account or, credit/debit card information, telematics data, regulatory information and wifi usage data.

The Supplier may process the following categories of special personal data: health, racial or ethnic origin, religious beliefs, trade union membership, political opinion, biometrics and sexual orientation.

3. Categories of data subjects

a. The Supplier Processes Personal Data for the following categories of Data Subjects on behalf of the Company when required to do so in order to provide the Services:

i. The Company’s employees, officers, contractors, subcontractors, drivers, partners and/or customers;

ii. Officers and employees of the Company’s clients.

4. The rights and obligations of the Company are set out in these Conditions.

The rights and obligations of the Company are set out in clause 20 of these Conditions.

SCHEDULE 2 – Information Security Standards

Security Measures has the meaning given in paragraph 1 below.

Site means any location from which the Supplier or its Sub-Processors perform any element of the Services or processes any of the Company’s data (including Personal Data).

1. The Supplier shall implement processes, procedures, policies and controls at all Sites which are designed and operated to:

a. manage and protect the confidentiality, integrity and availability of, and access to, the Services and the Company’s data (including Personal Data);

b. create and maintain resilience within its systems (being the ability to resist being affected by a disaster) so that any disruption to the Services can be minimised; and

c. demonstrate compliance with applicable legislation, recognised security and resilience standards, good industry practice and the Supplier’s obligations set out in the Conditions.

(the “Security Measures”).

2. The Supplier shall ensure that the Services are operated at all times in compliance with the Security Measures and shall provide details of the Security Measures to the Company upon request.

3. The Supplier shall not make any changes to the Security Measures in a way that is likely to compromise the confidentiality, integrity or availability of, or access to, the Services or the Company’s data (including Personal Data) and shall notify the Company of any changes to the Security Measures that it intends to make.

4. The Supplier shall:

a. test the effectiveness of the Security Measures on a regular basis (and, in any event, not less than once in every 12-month period);

b. provide the Company with details of the tests carried out and the results of those tests; and

c. promptly implement any actions or remedial measures that the Company may reasonably require.

5. The parties shall ensure that any data (including Personal Data) transferred within their organisation or outside of their organisation is transferred by secure means and in accordance with both any data protection obligations agreed between the parties and Data Protection Laws. Personal Data must be encrypted for transfer.

6. Without prejudice to additional obligations in the Conditions and the Personal Data Breach obligations set out in clause 20, the Supplier shall advise the Company without undue delay after it becomes aware of any breach, or suspected breach, of the Security Measures which has (or is likely to have) affected the Services or compromised the Company’s data (including Personal Data).

SCHEDULE 3 – THE MODEL CLAUSES

For the purposes of (i) this Agreement; and (ii) Article 26(2) of the Directive for the transfer of personal data to processors established in third countries which do not ensure an adequate level of protection, [  ] (the “Data Exporter”) and [  ] (the “Data Importer”) have agreed on the following contractual clauses (the “Clauses”) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the Data Exporter to the Data Importer of the personal data specified in Appendix 1.

Clause 1

DEFINITIONS

For the purposes of the Clauses:

(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

(b) ‘the Data Exporter’ means the controller who transfers the personal data;

(c) ‘the Data Importer’ means the processor who agrees to receive from the Data Exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

(d) ‘the sub-processor’ means any processor engaged by the Data Importer or by any other sub-processor of the Data Importer who agrees to receive from the Data Importer or from any other sub-processor of the Data Importer personal data exclusively intended for processing activities to be carried out on behalf of the Data Exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

(e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the Data Exporter is established;

(f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2

DETAILS OF THE TRANSFER

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3

THIRD-PARTY BENEFICIARY CLAUSE

1. The data subject can enforce against the Data Exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.

2. The data subject can enforce against the Data Importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the Data Exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the Data Exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the Data Exporter, in which case the data subject can enforce them against such entity.

3. The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the Data Exporter and the Data Importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the Data Exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the Data Exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4

OBLIGATIONS OF THE DATA EXPORTER

The Data Exporter agrees and warrants:

(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the Data Exporter is established) and does not violate the relevant provisions of that State;

(b) that it has instructed and throughout the duration of the personal data-processing services will instruct the Data Importer to process the personal data transferred only on the Data Exporter’s behalf and in accordance with the applicable data protection law and the Clauses;

(c) that the Data Importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2;

(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the

– 18 – Addison Lee Standard Terms & Conditions for the Purchase of Goods and Services 2016

transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

(e) that it will ensure compliance with the security measures;

(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

(g) to forward any notification received from the Data Importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the Data Exporter decides to continue the transfer or to lift the suspension;

(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

(i) that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the Data Importer under the Clauses; and

(j) that it will ensure compliance with Clause 4(a) to (i).

Clause 5

OBLIGATIONS OF THE DATA IMPORTER

The Data Importer agrees and warrants:

(a) to process the personal data only on behalf of the Data Exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the Data Exporter of its inability to comply, in which case the Data Exporter is entitled to suspend the transfer of data and/or terminate the contract;

(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the Data Exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the Data Exporter as soon as it is aware, in which case the Data Exporter is entitled to suspend the transfer of data and/or terminate the contract;

(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;

(d) that it will promptly notify the Data Exporter about:

(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;

(ii) any accidental or unauthorised access; and

(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;

(e) to deal promptly and properly with all inquiries from the Data Exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

(f) at the request of the Data Exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the Data Exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the Data Exporter, where applicable, in agreement with the supervisory authority;

(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the Data Exporter;

(h) that, in the event of sub-processing, it has previously informed the Data Exporter and obtained its prior written consent;

(i) that the processing services by the sub-processor will be carried out in accordance with Clause 11;

(j) to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the Data Exporter.

Clause 6

LIABILITY

1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the Data Exporter for the damage suffered.

2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the Data Exporter, arising out of a breach by the Data Importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the Data Exporter has factually disappeared or ceased to exist in law or has become insolvent, the Data Importer agrees that the data subject may issue a claim against the Data Importer as if it were the Data Exporter, unless any successor entity has assumed the entire legal obligations of the Data Exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.

3. The Data Importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.

4. If a data subject is not able to bring a claim against the Data Exporter or the Data Importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the Data Exporter and the Data Importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the Data Exporter or the Data Importer, unless any successor entity has assumed the entire legal obligations of the Data Exporter or Data Importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.

Clause 7

MEDIATION AND JURISDICTION

1. The Data Importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the Data Importer will accept the decision of the data subject:

(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

(b) to refer the dispute to the courts in the Member State in which the Data Exporter is established.

2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8

COOPERATION WITH SUPERVISORY AUTHORITIES

1. The Data Exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

2. The parties agree that the supervisory authority has the right to conduct an audit of the Data Importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the Data Exporter under the applicable data protection law.

3. The Data Importer shall promptly inform the Data Exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the Data Importer, or any sub-processor, pursuant to paragraph 2. In such a case the Data Exporter shall be entitled to take the measures foreseen in Clause 5(b).

Clause 9

GOVERNING LAW

The Clauses shall be governed by the law of the Member State in which the Data Exporter is established, namely [insert].

Clause 10

VARIATION OF THE CONTRACT

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11

SUB-PROCESSING

The Data Importer shall not subcontract any of its processing operations performed on behalf of the Data Exporter under the Clauses without the prior written consent of the Data Exporter. Where the Data Importer subcontracts its obligations under the Clauses, with the consent of the Data Exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the Data Importer under the Clauses(1). Where the sub-processor fails to fulfil its data protection obligations under such written agreement the Data Importer shall remain fully liable to the Data Exporter for the performance of the sub-processor’s obligations under such agreement.

The prior written contract between the Data Importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the Data Exporter or the Data Importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the Data Exporter or Data Importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the Data Exporter is established, namely [state country].

The Data Exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the Data Importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the Data Exporter’s data protection supervisory authority.

Clause 12

OBLIGATION AFTER THE TERMINATION OF PERSONAL DATA-PROCESSING SERVICES

The parties agree that on the termination of the provision of data-processing services, the Data Importer and the sub-processor shall, at the choice of the Data Exporter, return all the personal data transferred and the copies thereof to the Data Exporter, return all the personal data to the data processor designated by the Data Exporter, or shall destroy all the personal data and destroy all existing copies in the information systems of the process, and certify to the Data Exporter that it has done so, unless legislation imposed upon the Data Importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the Data Importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

The Data Importer and the sub-processor warrant that upon request of the Data Exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.

On behalf of the Data Exporter:

Name (written out in full):

Position:

Address:

Other information necessary in order for the contract to be binding (if any):

Signature

(stamp of organisation)

On behalf of the Data Importer:

Name (written out in full):

Position:

Address:

Other information necessary in order for the contract to be binding (if any):

Signature

(stamp of organisation)

Appendix 1 to the Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties.

The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.

Data exporter

The Data Exporter is (please specify briefly your activities relevant to the transfer):