<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=156961&amp;fmt=gif">

GDPR AMENDMENT SCHEDULE TO EXISTING MANAGED PRINT AGREEMENT

 

All existing managed print agreements and any new managed print agreements will be subject to the clauses in this Schedule in order to be compliant with the General Data Protection Regulation 2016\679 (“GDPR”).

 

AGREED TERMS

1                 Interpretation

1.1             In this Schedule, capitalised words shall unless varied below have the meaning given to them in the any existing or new managed print agreement. Where there is a conflict between these definitions then the definitions in the Schedule will apply. In addition, the following definitions apply to this Schedule:

“Business Day” means a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business

“Personal Data” means personal data supplied by You to Us pursuant to the Services.

“Security Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed

“Services” means the provision of Managed Print services and multi functional printer maintenance.

1.2             Data subject”, “personal data”, “processing” and “appropriate technical and organisational measures” shall bear the meanings given to those terms respectively in the Data Protection Act and, from 25 May 2018, the GDPR.

1.3             In this Schedule, all clauses within the existing or new managed print agreement shall apply alongside and in addition to those clauses set out below. Unless otherwise specified in this Schedule, all clause references shall be to clauses contained in this Schedule.

2                 PERSONAL DATA

2.1             Subject to any contrary terms contained in the Existing Contracts or Schedule:

2.1.1         You own and control the data (including Personal Data) held on your photocopier and any attached IT system that may be subject to the Services; and

2.1.2         You are both data controller and data processor in relation to personal data and you are responsible for ensuring compliance with the GDPR as regards the data held by you.

2.2             In the course of performing the Services, we may incidentally act as data processor of your data. You shall remain data controller of that data.

2.3             Where we are a data processor, you and we shall comply with our respective obligations set out in this Schedule.

3                 DATA PROCESSING

3.1             We shall process the personal data in compliance with your documented instructions from time to time unless we are required to do otherwise by law in which case we shall inform you about that legal requirement before processing, unless we are prohibited by law to do so on grounds of public interest.

3.2             The parties agree that the subject matter, duration, nature and purpose of processing, the type of personal data and the categories of data subject are set out in Appendix 1.

4                 Audit

4.1             We shall keep at our normal place of business records relating to the processing of the personal data insofar as it is necessary to demonstrate compliance with our obligations under this Schedule ("Records").

4.2             We shall permit you, on reasonable notice, to gain access to and take copies of, the Records at our premises and inspect those Records provided that:

4.2.1         such Records shall only be made available to the extent the same is necessary for us to discharge our obligations pursuant to the GDPR (and, in particular, Article 28(3)(h) of the GDPR); and

4.2.2        you shall use the Records for no other purpose except the purpose of auditing our compliance with our obligations under this Schedule only;

4.2.3        you shall carry out such inspection as soon as possible after the Records have been made available to you and then return copies of the same to us as soon as possible after completion of such inspection; and

4.2.4         you shall exercise your rights under this clause 4 with as little disturbance to our business operations as possible.

5                 Security BREACH

5.1             If we become aware of a security breach relating to the personal data, then we shall, without undue delay, notify you of the same.

6                 OUR PROCESSING obligations

6.1             For the purposes of Article 28 of the GDPR (Processor) We agree that:

6.1.1         we shall not engage another processor unless in accordance with clause 9;

6.1.2         all persons authorised to process the personal data have entered into a binding contractual agreement with us to ensure that the personal data remains confidential at all times or are under an appropriate statutory obligation of confidentiality in respect of the personal data;

6.1.3         we shall, taking into account the nature of the processing, assist you by appropriate technical and organisational measures, in so far as this is possible, for the fulfilment of your obligations to respond to requests for exercising the data subject’s rights laid down in Chapter III GDPR provided that any costs incurred in relation to such assistance shall be borne exclusively by you;

6.1.4         we shall assist you in ensuring compliance with the obligations pursuant to Articles 32 (Security of processing) to Article 36 (Prior consultation) of the GDPR taking into account the nature of processing and the information available to us and provided that any costs incurred in relation to such assistance shall be borne exclusively by you; and

6.1.5         at your option, we shall delete or return all of the personal data to you after the end of the term, and shall delete existing copies unless any provision of the GDPR requires storage of the personal data.

7                 Warranties

7.1             Each party warrants to the other that it will process the personal data in compliance with the GDPR.

7.2             Without prejudice to clause 7.1, we warrant that:

7.2.1         taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including as appropriate:

7.2.1.1     the pseudonymisation and encryption of the personal data;

7.2.1.2     the ability to ensure the on going confidentiality, integrity, availability and resilience of processing systems and services;

7.2.1.3     the ability to restore the availability and access to the personal data in a timely manner in the event of a physical or technical incident; and

7.2.1.4     a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing;

8                 effect of termination

8.1             On any termination of the existing or new managed print agreement for any reason or expiry of the term we shall:

8.1.1         unless notified otherwise by you or required by law, as soon as reasonably practicable cease all processing of the personal data;

8.1.2         as soon as reasonably practicable return or destroy (as directed in writing by you) all personal data, provided to us by you in connection with the existing or new managed print agreement.

9                 SUB-PROCESSING

9.1             We shall not engage another processor without your prior specific or general written authorisation and without acting in accordance with the provisions of this clause 9.

9.2             we will notify you of the identity of any proposed sub-processor following which you shall either approve or reject the appointment of such sub-contractor.

9.3             If you reject such appointment under clause 9.2, or we do not receive a response from you within 5 Business Days of our notice under clause 9.2, we shall not sub-contract any of our obligations under this Schedule to such proposed sub-processor and we reserve the right to terminate the existing or new managed print agreement on written notice. If you approve the appointment of such sub-processor under that clause, then before such appointment takes effect, we shall enter into and maintain for the duration of such appointment a written agreement with such sub-processor on terms that are similar those set out in this Schedule.

APPENDIX 1
Key details


GDpr article 28 particulars

item

description

Subject Matter

Managed Print Services including maintenance of the supplier equipment, supply of consumables and support for remote services and follow me print solutions.

Duration

The term of the existing or new managed print agreement

Nature and purpose of processing

In provision of our services we may incidentally come across personal data in the course of providing those services but in very limited circumstances.

Type of data

This includes full names, usernames, passwords, addresses, email addresses, telephone numbers

Categories of data subjects

Customers (and our customers’ employees, suppliers and/or customers)

 

Contact us now on 0845 094 2765 for more information about our services

Phone Us Find Us Email Us