All existing managed print agreements and any new managed print agreements will be subject to the clauses in this Schedule in order to be compliant with the General Data Protection Regulation 2016\679 (“GDPR”).
In this Schedule,
“Business Day” means a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business
“Personal Data” means personal data supplied by You to Us pursuant to the Services.
“Security Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration,
“Services” means the provision of Managed Print services and
“Data subject”, “personal data”, “processing” and “appropriate technical and
1.3 In this Schedule, all clauses within the existing or new managed print agreement shall apply alongside and in addition to those clauses set out below. Unless otherwise specified in this Schedule, all clause references shall be to clauses contained in this Schedule.
2.1 Subject to any contrary terms contained in the Existing Contracts or Schedule:
2.1.1 You own and control the data (including Personal Data) held on your photocopier and any attached IT system that may be subject to the Services; and
2.1.2 You are both data controller and data processor in relation to personal data and you are responsible for ensuring compliance with the GDPR as regards the data held by you.
In the course of performing the Services, we may incidentally act as
2.3 Where we are a data processor, you and we shall comply with our respective obligations set out in this Schedule.
3 DATA PROCESSING
We shall process the personal data in compliance with your documented instructions from time to time unless we are required to do otherwise by law in which case we shall inform you about that legal requirement before
The parties agree that the subject matter, duration, nature
4.1 We shall keep at our normal place of business records relating to the processing of the personal data insofar as it is necessary to demonstrate compliance with our obligations under this Schedule ("Records").
4.2 We shall permit you, on reasonable notice, to gain access to and take copies of, the Records at our premises and inspect those Records provided that:
4.2.1 such Records shall only be made available to the extent the same is necessary for us to discharge our obligations pursuant to the GDPR (and, in particular, Article 28(3)(h) of the GDPR); and
4.2.2 you shall use the Records for no other purpose except the purpose of auditing our compliance with our obligations under this Schedule only;
4.2.3 you shall carry out such inspection as soon as possible after the Records have been made available to you and then return copies of the same to us as soon as possible after completion of such inspection; and
4.2.4 you shall exercise your rights under this clause 4 with as little disturbance to our business operations as possible.
6.1.1 we shall not engage another processor unless in accordance with clause 9;
6.1.3 we shall, taking into account the nature of the processing, assist you by appropriate technical and organisational measures, in so far as this is possible, for the fulfilment of your obligations to respond to requests for exercising the data subject’s rights laid down in Chapter III GDPR provided that any costs incurred in relation to such assistance shall be borne exclusively by you;
6.1.4 we shall assist you in ensuring compliance with the obligations pursuant to Articles 32 (Security of processing) to Article 36 (Prior consultation) of the GDPR taking into account the nature of processing and the information available to us and provided that any costs incurred in relation to such assistance shall be borne exclusively by you; and
6.1.5 at your option, we shall delete or return all of the personal data to you after the end of the term, and shall delete existing copies unless any provision of the GDPR requires storage of the personal data.
7.1 Each party warrants to the other that it will process the personal data in compliance with the GDPR.
7.2.1 taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including as appropriate:
the ability to ensure the
8.1.2 as soon as reasonably practicable return or destroy (as directed in writing by you) all personal data, provided to us by you in connection with the existing or new managed print agreement.
9.1 We shall not engage another processor without your prior specific or general written authorisation and without acting in accordance with the provisions of this clause 9.
9.3 If you reject such appointment under clause 9.2 , or we do not receive a response from you within 5 Business Days of our notice under clause 9.2 , we shall not sub-contract any of our obligations under this Schedule to such proposed sub-processor and we reserve the right to terminate the existing or new managed print agreement on written notice. If you approve the appointment of such sub-processor under that clause, then before such appointment takes effect, we shall enter into and maintain for the duration of such appointment a written agreement with such sub-processor on terms that are similar those set out in this Schedule.
Managed Print Services including maintenance of the supplier equipment, supply of consumables and support for remote services and follow me print solutions.
The term of the existing or new managed print agreement
Nature and purpose of processing
Type of data
This includes full names, usernames, passwords, addresses, email addresses, telephone numbers
Categories of data subjects
Customers (and our customers’ employees, suppliers and/or customers)