Supply of Services - Terms and Conditions

The Customer’s attention is particularly drawn to the provisions of clause 8.

1. INTERPRETATION

1.1 Definitions. In these Conditions, the following definitions apply:

Business Day: a day (other than a Saturday, Sunday or public holiday) when banks in London are open for business.

Charges: the charges payable by the Customer for the supply of the Services in accordance with clause 5.

Commencement Date: has the meaning set out in clause 2.2.

Conditions: these terms and conditions as amended from time to time in accordance with clause 12.7.

Contract: the contract between the Processor and the Customer for the supply of Services in accordance with these Conditions.

Customer: the person or firm who purchases Services from the Processor.

Customer IPR: any Intellectual Property Rights owned or used by the Customer applicable to the performance of the Services.

Deliverables: the deliverables set out in the Order produced by the Processor for the Customer.

Intellectual Property Rights: patents, rights to inventions, copyright and related rights, trade marks, business names and domain names, rights in get-up, goodwill and the right to sue for passing off, rights in designs, database rights, rights to
use, and protect the confidentiality of, confidential information (including know-how), and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.

Order: the Customer’s order for Services as set out in the Customer’s written acceptance of the Processor’s quotation or in the Customer’s purchase order form, as the case may be.

Services: the services, including the Deliverables, supplied by the Processor to the Customer as set out in the Specification.

Specification: the description or specification of the Services, the service levels, performance dates and Charges provided in writing by the Processor to the Customer.

Processor: City Digital Limited registered in England and Wales under number 03514232 the registered office of which is at CDL House, 1 Vestry Road, Sevenoaks, Kent, TN14 5EL.

Processor IPR: any Intellectual Property Rights owned or used by the Processor applicable to the performance of the Services.

Processor Materials: has the meaning set out in clause 4.1(g).

1.2 Construction. In these Conditions, the following rules apply:

(a) a person includes a natural person, corporate or unincorporated body (whether or not having separate legal personality);

(b) a reference to a party includes its successors or permitted assigns;

(c) a reference to a statute or statutory provision is a reference to such statute or statutory provision as amended or re-enacted. A reference to a statute or statutory provision includes any subordinate legislation made under that statute or statutory provision, as amended or re-enacted;

(d) any phrase introduced by the terms including, include, in particular or any similar expression, shall be construed as illustrative and shall not limit
the sense of the words preceding those terms; and

(e) a reference to writing or written includes faxes and e-mails.

 

2. BASIS OF CONTRACT

2.1 The Order constitutes an offer by the Customer to purchase Services in accordance with these Conditions.

2.2 The Order shall only be deemed to be accepted when the Processor issues written acceptance of the Order at which point and on which date the Contract shall come into existence (Commencement Date).

2.3 The Contract constitutes the entire agreement between the parties. The Customer acknowledges that it has not relied on any statement, promise, representation, assurance or warranty made or given by or on behalf of the Processor which is not set out in the Contract.

2.4 Any samples, drawings, descriptive matter or advertising issued by the Processor, and any descriptions or illustrations contained in the Processor’s catalogues or brochures, are issued or published for the sole purpose of giving an approximate idea of the Services described in them. They shall not form part of the Contract or have any contractual force.

2.5 These Conditions apply to the Contract to the exclusion of any other terms that the Customer seeks to impose or incorporate, or which are implied by trade, custom, practice or course of dealing.

2.6 Any quotation given by the Processor shall not constitute an offer, and is only valid for a period of 30 Business Days from its date of issue.

 

3. SUPPLY OF SERVICES

3.1 The Processor shall supply the Services to the Customer in accordance with the service levels specified in the Specification in all material respects.

3.2 The Processor shall use all reasonable endeavours to meet any performance dates specified in the Specification, but any such dates shall be estimates only and time shall not be of the essence for performance of the Services.

3.3 The Processor shall have the right to make any changes to the Services which are necessary to comply with any applicable law or safety requirement, or which do not materially affect the nature or quality of the Services, and the Processor shall notify the Customer in any such event.

3.4 The Processor warrants to the Customer that the Services will be provided using reasonable care and skill.

 

4. CUSTOMER’S OBLIGATIONS

4.1 The Customer shall:

(a) ensure that the terms of the Order and any information it provides in the Specification are complete and accurate;

(b) co-operate with the Processor in all matters relating to the Services;

(c) provide the Processor, its employees, agents, consultants and subcontractors, with access to the Customer’s premises, office accommodation and other facilities as reasonably required by the Processor;

(d) provide the Processor with such information and materials as the Processor may reasonably require in order to supply the Services, and ensure that
such information is accurate in all material respects;

(e) prepare the Customer’s premises for the supply of the Services;

(f) obtain and maintain all necessary licences, permissions and consents which may be required before the date on which the Services are to start;

(g) keep and maintain all materials, equipment, documents and other property of the Processor (Processor Materials) at the Customer’s premises in safe custody at its own risk, maintain the Processor Materials in good condition until returned to the Processor, and not dispose of or use the Processor Materials other than in accordance with the Processor’s written instructions or authorisation; and

4.2 If the Processor’s performance of any of its obligations under the Contract is prevented or delayed by any act or omission by the Customer or failure by the Customer to perform any relevant obligation (Customer Default):

(a) the Processor shall without limiting its other rights or remedies have the right to suspend performance of the Services until the Customer remedies the Customer Default, and to rely on the Customer Default to relieve it
from the performance of any of its obligations to the extent the Customer Default prevents or delays the Processor’s performance of any of its obligations;

(b) the Processor shall not be liable for any costs or losses sustained or incurred by the Customer arising directly or indirectly from the Processor’s failure or delay to perform any of its obligations as set out in this clause 4.2; and

(c) the Customer shall reimburse the Processor on written demand for any costs or losses sustained or incurred by the Processor arising directly or indirectly from the Customer Default.

 

5. CHARGES AND PAYMENT

5.1 The Charges for the Services shall be on a time and materials basis:

(a) the Charges shall be calculated in accordance with the Processor’s standard product and service rates, as set out in the Specification;

(b) the Processor shall be entitled to charge the Customer for any expenses reasonably incurred by the individuals whom the Processor engages in connection with the Services including, but not limited to, travelling expenses, hotel costs, subsistence and any associated expenses, and for the cost of services provided by third parties and required by the Processor for the performance of the Services, and for the cost of any materials.

5.2 The Processor reserves the right to increase its standard product and service rates, provided that such charges cannot be increased more than once in any 12 month period. The Processor will give the Customer written notice of any such increase 3 months before the proposed date of the increase. Ifsuch increase is not acceptable to the Customer, it shall notify the Processor in writing within 3 weeks of the date of the Processor’s notice and the Processor shall have the right without limiting its other rights or remedies to terminate the Contract by giving 3 weeks’ written notice to the Customer.

5.3 The Processor shall invoice the Customer monthly in arrear.

5.4 The Customer shall pay each invoice submitted by the Processor:

(a) within the period set out in the Specification or if no period is specified within 30 days of the date of the invoice; and

(b) in full and in cleared funds to a bank account nominated in writing by the Processor, and time for payment shall be of the essence of the Contract.

5.5 All amounts payable by the Customer under the Contract are exclusive of amounts in respect of value added tax chargeable for the time being (VAT). Where any taxable supply for VAT purposes is made under the Contract by the Processor to the Customer, the Customer shall, on receipt of a valid VAT invoice from the Processor, pay to the Processor such additional amounts in respect of VAT as are chargeable on the supply of the Services at the same time as payment is due for the supply of the Services.

5.6 If the Customer fails to make any payment due to the Processor under the Contract by the due date for payment, then the Customer shall pay interest on the overdue amount at the rate of 4% per cent per annum above Barclays Bank’s base rate
from time to time. Such interest shall accrue on a daily basis from the due date until actual payment of the overdue amount, whether before or after judgment. The Customer shall pay the interest together with the overdue amount.

5.7 The Customer shall pay all amounts due under the Contract in full without any set-off, counterclaim, deduction or withholding (except for any deduction or withholding required by law). The Processor may at any time, without limiting its other rights or remedies, set off any amount owing to it by the Customer against any amount payable by the Processor to the Customer.

 

6. INTELLECTUAL PROPERTY RIGHTS

6.1 All Intellectual Property Rights in or arising out of or in connection with the Services (other than the Customer IPR) shall be owned by the Processor.

6.2 The Customer acknowledges that, in respect of any third party Intellectual Property Rights, the Customer’s use of any such Intellectual Property Rights is conditional on the Processor obtaining a written licence from the relevant licensor on such terms as will entitle the Processor to license such rights to the Customer.

6.3 All Processor Materials are the exclusive property of the Processor.

6.4 The Processor warrants to the Customer that it owns or has the right to use the Processor IPR in connection with the performance of the Services and the Customer warrants to the Processor that it owns or has the right to use the Customer IPR in connection with the performance of the Services.

6.5 Each party shall indemnify and hold the other harmless from all claims and all direct, indirect or consequential liabilities (including loss of profits, loss of business, depletion of goodwill and similar losses), costs, proceedings, damages and expenses (including legal and other professional fees and expenses) awarded against, or incurred or paid by, the other as a result of or in connection with any alleged or actual infringement, whether or not under English law, of any third party’s Intellectual Property Rights or other rights arising out of the use the Processor IPR or the Customer IPR, as the case may be, in the performance of the Services.

 

7. CONFIDENTIALITY

A party (receiving party) shall keep in strict confidence all technical or commercial know-how, specifications, inventions, processes or initiatives which are of a confidential nature and have been disclosed to the receiving party by the other party (disclosing party), its employees, agents or subcontractors, and any other confidential information concerning the disclosing party’s business, its products and services which the receiving party may obtain. The receiving party shall only disclose such confidential information to those of its employees, agents and subcontractors who need to know it for the purpose of discharging the receiving party’s obligations under the Contract, and shall ensure that such employees, agents and subcontractors comply with the obligations set out in this clause as though they were a party to the Contract. The receiving party may also disclose such of the disclosing party’s confidential information as is required to be disclosed by law, any governmental or regulatory authority or by a court of competent jurisdiction. This clause 7 shall survive termination of the Contract.

 

8. LIMITATION OF LIABILITY

THE CUSTOMER’S ATTENTION IS PARTICULARLY DRAWN TO THIS CLAUSE

8.1 Nothing in these Conditions shall limit or exclude the Processor’s liability for:

(a) death or personal injury caused by its negligence, or the negligence of its employees, agents or subcontractors;

(b) fraud or fraudulent misrepresentation; or

(c) breach of the terms implied by section 2 of the Supply of Goods and Services Act 1982 (title and quiet possession).

8.2 Subject to clause 8.1:

(a) the Processor shall under no circumstances whatever be liable to the Customer, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, for any loss of profit, or any indirect or consequential loss arising under or in connection with the Contract; and

(b) each party’s total liability to the other in respect of all other losses arising under or in connection with the Contract, whether in contract,
tort (including negligence), breach of statutory duty, or otherwise, shall in no circumstances exceed the Charges paid by the Customer during the previous 12 months.

8.3 The terms implied by sections 3 to 5 of the Supply of Goods and Services Act 1982 are, to the fullest extent permitted by law, excluded from the Contract.

8.4 This clause 8 shall survive termination of the Contract.

 

9. TERMINATION

9.1 Without limiting its other rights or remedies, either party may terminate the Contract by giving the other party 3 months’ written notice.

9.2 Without limiting its other rights or remedies, either party may terminate the Contract with immediate effect by giving written notice to the other party if:

(a) the other party commits a material breach of any term of the Contract and (if such a breach is remediable) fails to remedy that breach within 14 days of that party being notified in writing to do so;

(b) the other party suspends, or threatens to suspend, payment of its debts or is unable to pay its debts as they fall due or admits inability to pay its debts or (being a company or limited liability partnership) is deemed unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986 or (being an individual) is deemed either unable to pay its debts or as having no reasonable prospect of so doing, in either case, within the meaning of section 268 of the Insolvency Act 1986 or (being a partnership) has any partner to whom any of the foregoing apply;

(c) the other party commences negotiations with all or any class of its creditors with a view to rescheduling any of its debts, or makes a proposal for or enters into any compromise or arrangement with its creditors other than (where a company) for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party;

(d) a petition is filed, a notice is given, a resolution is passed, or an order is made, for or in connection with the winding up of that other party (being a company) other than for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party;

(e) the other party (being an individual) is the subject of a bankruptcy petition or order;

(f) a creditor or encumbrancer of the other party attaches or takes possession of, or a distress, execution, sequestration or other such process is levied or enforced on or sued against, the whole or any part of its assets and such attachment or process is not discharged within 14 days;

(g) an application is made to court, or an order is made, for the appointment of an administrator or if a notice of intention to appoint an administrator is given or if an administrator is appointed over the other party (being a company);

(h) the holder of a qualifying floating charge over the assets of that other party (being a company) has become entitled to appoint or has appointed an administrative receiver;

(i) a person becomes entitled to appoint a receiver over the assets of the other party or a receiver is appointed over the assets of the other party;

(j) any event occurs or proceeding is taken with respect to the other party in any jurisdiction to which it is subject that has an effect equivalent or similar to any of the events mentioned in clause 9.2(b) to clause 9.2(i) (inclusive);

(k) the other party suspends or ceases, or threatens to suspend or cease, to carry on all or a substantial part of its business;

(l) the other party’s financial position deteriorates to such an extent that in the Processor’s opinion the Customer’s capability to adequately fulfil its obligations under the Contract has been placed in jeopardy; or

(m) the other party (being an individual) dies or, by reason of illness or incapacity (whether mental or physical), is incapable of managing his own affairs or becomes a patient under any mental health legislation.

9.3 Without limiting its other rights or remedies, the Processor may terminate the Contract with immediate effect by giving written notice to the Customer if the Customer fails to pay any amount due under this Contract on the due date for payment and fails to pay all outstanding amounts within 14 days after being notified in writing to do so.

9.4 Without limiting its other rights or remedies, the Processor may suspend provision of the Services under the Contract or any other contract between the Customer and the Processor if the Customer becomes subject to any of the events listed in clause 9.2(b)) to clause 9.2(m), or the Processor reasonably believes that the Customer is about to become subject to any of them, or if the Customer fails to pay any amount due under this Contract on the due date for payment.

 

10. CONSEQUENCES OF TERMINATION

On termination of the Contract for any reason:

(a) the Customer shall immediately pay to the Processor all of the Processor’s outstanding unpaid invoices and interest and, in respect of Services supplied but for which no invoice has been submitted, the Processor shall submit an invoice, which shall be payable by the Customer immediately on receipt;

(b) the Customer shall return all of the Processor Materials and any Deliverables which have not been fully paid for. If the Customer fails to do so, then the Processor may enter the Customer’s premises and take possession of them. Until they have been returned, the Customer shall be solely responsible for their safe keeping and will not use them for any purpose not connected with this Contract;

(c) the accrued rights, remedies, obligations and liabilities of the parties as at expiry or termination shall be unaffected, including the right to claim damages in respect of any breach of the Contract which existed at or before the date of termination or expiry; and

(d) clauses which expressly or by implication survive termination shall continue in full force and effect.

 

11. FORCE MAJEURE

11.1 For the purposes of this Contract, Force Majeure Event means an event beyond the reasonable control of the Processor including but not limited to strikes, lock-outs or other industrial disputes (whether involving the workforce of the Processor or any other party), failure of a utility service or transport network, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of Processors or subcontractors.

11.2 The Processor shall not be liable to the Customer as a result of any delay or failure to perform its obligations under this Contract as a result of a Force Majeure Event.

11.3 If the Force Majeure Event prevents the Processor from providing any of the Services for more than 4 weeks, the Processor shall, without limiting its other rights or remedies, have the right to terminate this Contract immediately by giving written notice to the Customer.

 

12. GENERAL

12.1 Assignment and other dealings.

(a) The Processor may at any time assign, transfer, mortgage, charge, subcontract or deal in any other manner with all or any of its rights under the Contract
and may subcontract or delegate in any manner any or all of its obligations under the Contract to any third party or agent.

(b) The Customer shall not, without the prior written consent of the Processor, assign, transfer, mortgage, charge, subcontract, declare a trust over or
deal in any other manner with any or all of its rights or obligations under the Contract.

12.2 Notices.

(a) Any notice or other communication given to a party under or in connection with the Contract shall be in writing, addressed to that party at its registered office (if it is a company) or its principal place of business (in any other case) or such other address as that party may have specified to the other party in writing in accordance with this clause, and shall be delivered personally, sent by pre-paid first class post or other next working day delivery service, commercial courier, fax or e-mail.

(b) A notice or other communication shall be deemed to have been received: if delivered personally, when left at the address referred to in clause 12.2(a); if sent by pre-paid first class post or other next working day delivery service, at 9.00 am on the second Business Day after posting; if delivered by commercial courier, on the date and at the time that the courier’s delivery receipt is signed; or, if sent by by fax or e-mail, one Business Day after transmission.

(c) The provisions of this clause shall not apply to the service of any proceedings or other documents in any legal action.

12.3 Severance.

(a) If any provision or part-provision of the Contract is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of the Contract.

(b) If any provision or part-provision of this Contract is invalid, illegal or unenforceable, the parties shall negotiate in good faith to amend such provision so that, as amended, it is legal, valid and enforceable, and, to the greatest extent possible, achieves the intended commercial result of the original provision.

12.4 Waiver. A waiver of any right under the Contract or law is only effective if it is in writing and shall not be deemed to be a waiver of any subsequent breach or default. No failure or delay by a party in exercising any right or remedy provided under the Contract or by law shall constitute a waiver of that or any
other right or remedy, nor shall it prevent or restrict its further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.

12.5 No partnership or agency. Nothing in the Contract is intended to, or shall be deemed to, establish any partnership or joint venture between the parties, nor constitute either party the agent of the other for any purpose. Neither party shall have authority to act as agent for, or to bind, the other party in any way.

12.6 Third parties. A person who is not a party to the Contract shall not have any rights to enforce its terms.

12.7 Variation. Except as set out in these Conditions, no variation of the Contract, including the introduction of any additional terms and conditions, shall be effective unless it is agreed in writing and signed by the Processor.

12.8 Governing law. This Contract, and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims), shall be governed by, and construed in accordance with the law of England and Wales.

12.9 Jurisdiction. Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this Contract or its subject matter or formation (including non-contractual disputes or claims).

DATA PROTECTION

CITY DIGITAL LIMITED incorporated and registered in England and Wales with company number 03514232 whose registered office is at CDL House, 1 Vestry Road, Sevenoaks, Kent, TN14 5EL (hereinafter referred to as the “Parties”) hereby referred to as the Processor.

BACKGROUND:

The Controller processes Personal Data in connection with its business activities;

The Processor processes Personal Data on behalf of other businesses or organisations;

The Controller wishes to engage the services of the Processor to process Personal Data on its behalf.

The Processor is certified to ISO 27001 Information Security Management System and the Processor is working towards ISO 27701 Privacy Information Management.

1. Definitions

Agreement: this Data Processing Agreement.

Business Day: a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business.

Data Protection Authority: the relevant data protection authority is the Information Commissioners Office (ICO)

Data Protection Legislation: means the Data Protection Act 2018, GDPR (United Kingdom General Data Protection Regulation) (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation. Where data is processed by a controller or processor established in the European Union or comprises the data of people of the European Union, it also includes the EU General Data Protection Regulation (EU GDPR). This includes any replacement legislation coming into effect from time to time.
Data Security Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Shared Personal Data.

Parties: Controller, Processor

DATA PROTECTION

The processor with only process data in line with the Controllers requirements. It is the controllers responsibility to ensure that the correct legal justifications, notifications to the data subject are met.

The purpose of this Data Processing Agreement is to describe the work to be carried out by the Processor in relation with the Agreement. This Data Processing Agreement shall be deemed to take effect from the effective on engagement of any activity with the processor.

3. Processing of the personal data

3.1 The Processor agrees to process the Personal Data only in accordance with Data Protection Legislation.

3.2 Both Parties will comply with all applicable requirements of the Data Protection Legislation. This clause is in addition to, and does not relieve, remove, or replace, a Party’s obligations or rights under the Data Protection Legislation. In this clause 1, Applicable Laws means (for so long as and to the extent that they apply to the Provider) the law of the European Union, the law of any member state of the European Union and/or Domestic UK Law; and Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK. Where it is believed that the controllers processing instruction infringes the applicable legislation this will be highlighted to the controller and the processing will not take place until further verification with the controller.

3.3 The Parties acknowledge that the Processor will only act on behalf of the Controller when engaged in activities requested by the controller, under this agreement or under any overriding agreements supplied by the controller.

3.4 To the extent that the Processor processes Personal Data on behalf of the Controller in connection with this Agreement, the Processor shall:

3.4.1 Solely process the Personal Data for the purposes of fulfilling its obligations under this Agreement and in compliance with the Controller’s written instructions as set out in this Agreement and as may be specified from time to time in writing by the Controller;

3.4.2 Notify the Controller immediately if any instructions of the Controller relating to the processing of Personal Data are unlawful;

3.4.3 Maintain a record of its processing activities in accordance with Article 30(1) of the GDPR;

3.4.4 Assist the Controller in ensuring compliance with the obligations set out in Articles 32 to 36 of the GDPR taking into account the nature of the data processing undertaken by the Processor and the information available to the Processor.

4. Sub-Processors

4.1 The Processor will engage with Sub-Processor/Sub-Contractor to carry out any processing of Personal Data using this agreement as the prior written consent of the Controller (such consent not to be unreasonably withheld), provided that notwithstanding any such consent the Processor shall remain liable for compliance with all of the requirements of this Agreement including in relation to the processing of Personal Data;

4.2 The Controller gives the Processor general authorisation to replace any of its Sub-Processors or to add a new Sub-Processor.

4.3 Ensure that obligations equivalent to the obligations set out in this clause 2 are included in all contracts between the Processor and permitted Sub-Contractors who will be processing Personal Data;

4.4 Ensure that its Sub-Processor/Sub-Contractors shall not transfer to or access any Personal Data from a Country outside of the European Economic Area without the prior written consent of the Controller;

4.5 Any of the above Sub-Processing agreements will be override by any direct contract in place between the Controller and Processor.

5. International Data Transfers

The Processor shall comply with the Controller’s instructions in relation to transfers of Personal Data to a Country outside of the European Economic Area unless the Processor is required pursuant to applicable laws to transfer Personal Data outside the European Economic Area, in which case the Processor shall inform the Controller in writing of the relevant legal requirement before any such transfer occurs, unless the relevant law prohibits such notification on important grounds of public interest;

6. Staff Confidentiality

The Processor shall ensure that any persons used by the Processor to process Personal Data are subject to legally binding obligations of confidentiality in relation to the Personal Data and shall ensure that only such persons used by it to provide the Services have undergone training in Data Protection and in the care and handling of Personal Data;

7. Security Measures

The Processor shall take appropriate technical and organisational measures against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of or damage to Personal Data taking into account the harm that might result from such unauthorised or unlawful processing, loss, destruction or damage and the nature of the Personal Data to be protected including without limitation, all such measures that may be required to ensure compliance with Article 32 of the GDPR;

Transmission of data will be undertaken in line with the Controllers requirements. Where these requirements are not defined, the processor will adhere to their own controls for data transmission.

8. Data Subject Rights

8.1 The Processor shall promptly notify the Controller if it receives a request from a Data Subject (Data Subject Access Request) under any Data Protection Legislation in respect of Personal Data.

8.2 Ensure that it does not respond to that request except on the documented instructions of the Controller or as required by applicable Data Protection Legislation to which the Processor is subject, in which case the Processor shall to the extent permitted by applicable Data Protection Legislation inform the Controller of that legal requirement before the Processor responds to the request.

8.3 Taking into account the nature of the data processing activities undertaken by the Processor, provide all possible assistance and co-operation (including without limitation putting in place appropriate technical and organisational measures) to enable the Controller to fulfil its obligations to respond to requests from individuals exercising their rights under the Data Protection Legislation.

8.4 In certain circumstances, it is permitted that Personal Data be shared without the knowledge or Consent of a Data Subject. This is the case where the disclosure of the Personal Data is necessary for any of the following purposes:

The prevention or detection of crime.

The apprehension or prosecution of offenders.

The assessment or collection of a tax or duty.

By the order of a court or by any rule of law.

8.5 Where the processor receives any legally binding request for the disclosure of personal data (PII) it will notify the controller within 72 hours of request.

8.6. Where the processor receives any requests to disclose data that are not legally binding will be passed by the controller and rejected if applicable.

9. Data Breaches

The Processor shall provide information and assistance upon request to enable the Controller to notify Data Security Breaches to the Information Commissioner and / or to affected individuals and / or to any other regulators to whom the Controller is required to notify any Data Security Breaches;

10. USE OF ARTIFICIAL INTELLIGENCE (AI) IN DATA PROCESSING

The Company may utilise Artificial Intelligence (AI) technologies to process data where it enhances operational efficiency, improves decision-making, or provides better services. The use of AI will always comply with applicable data protection laws and will be transparent to all stakeholders.

10.1 Data Minimisation AI systems will be designed and configured to process only the data necessary for their Intended purpose. Unnecessary or irrelevant data will not be collected, stored, or processed

10.2 Fairness and Non-Discrimination AI systems will be developed and monitored to ensure they operate in a fair and unbiased manner. Steps will be taken to identify and mitigate risks of discriminatory outcomes or unfair treatment.

10.3 Data Subject Rights Individuals retain all rights over their personal data, including the right to access, rectify, erase, restrict processing, and object to the use of AI in decisions significantly affecting them. Where automated decision-making is used, individuals will be informed and provided with a mechanism to seek human intervention or contest decisions.

10.4 Security and Accountability AI systems will be subject to rigorous testing, monitoring, and regular reviews to ensure data security and compliance with this policy. Robust safeguards will be implemented to prevent unauthorised access, breaches, or misuse of data.

10.5 Third-Party AI Providers if third-party AI solutions are used, the company will ensure that these providers comply with data protection standards through appropriate agreements, due diligence, and regular audits.

10.6 Ethical Use of AI The Company is committed to the ethical use of AI and will refrain from deploying AI technologies in ways that compromise privacy, undermine human rights, or conflict with our organizational values.

11. Data Protection Impact Assessments

The Processor shall provide input into and carry out Data Protection Impact Assessments in relation to the Processor’s data processing activities;

12. Deletion or Return of Data

Upon termination of this Agreement, at the choice of the Controller, the Processor shall delete securely or return all Personal Data to the Controller and delete all existing copies of the Personal Data unless and to the extent that the Processor is required to retain copies of the Personal Data in accordance with applicable laws in which case the Processor shall notify the controller in writing of the applicable laws which require the Personal Data to be retained.

13. Audits

The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations set out in this clause 2 and allow for and contribute to audits, including inspections, conducted by or on behalf of the Controller or by the Information Commissioners Office (ICO) pursuant to Article 58(1) of the GDPR.

SEXUAL HARASSMENT POLICY

Policy Statement

The Company is committed to a safe, supportive work environment free from harassment, intimidation, or coercion. Such an environment cannot exist where any member of staff is subjected to harassment, intimidation, aggression, victimisation or coercion. We recognise that we have a duty to implement this policy and all employees are expected to comply with it.

The Company undertakes to review this policy at regular intervals in order to monitor its effectiveness.

Sexual harassment is illegal under the Equality Act 2010 and will not be tolerated. We will educate all staff about the rules and policies relating to the prevention of harassment in the workplace and during work-related social events.

Our managers operate an open-door policy and our employees should feel empowered to raise any complaints or concerns if they see or experience inappropriate behaviour.

Complaints will be taken seriously, investigated promptly, and kept confidential. Instances of sexual harassment or victimisation may lead to disciplinary action up to, and including, termination of employment.

Definitions of Sexual Harassment and Victimisation

Sexual harassment includes unwanted sexual conduct which has the purpose or effect of violating a person’s dignity or creating an intimidating, hostile, degrading, humiliating or offensive environment for that person.

Sexual harassment also covers treating someone less favourably because they have submitted to, or refused to submit to, unwanted conduct of a sexual nature or in relation to gender reassignment or gender.

Sexual harassment may be persistent or an isolated incident, obvious or subtle, face-to-face or indirect.

Examples of behaviour which may constitute sexual harassment include (but are not limited to):

  • Unwelcome sexual advances or physical contact;
  • Sexual comments, intrusive questions or offensive/embarrassing jokes
  • Physical assault
  • Abusing a position of power e.g. by making promises in exchange for sexual favours
  • Blocking promotion or access to development opportunities `
  • Cyber-bullying e.g. sending offensive and/or sexually explicit emails, texts or visual images, or posting emba1Tassing images on social media
  • Displaying sexually graphic pictures or photos
  • Suggestive looks, staring or leering
  • Spreading sexual rumours about an individual.

Victimisation

Victimisation is subjecting an individual to detriment because they have done, are suspected of doing, or intend to do, an act which is protected under discrimination and harassment laws. These are:

  • Making a claim or complaint under the Equality Act;
  • Helping another individual to make a claim by giving evidence or information in connection with proceedings under the Equality Act; and
  • Making an allegation that someone has breached the Equality Act.
  • Examples of victimisation may include:
  • Not considering an individual for promotion because they have previously made a complaint of sexual harassment;
  • Dismissing an individual because they accompanied a colleague to a meeting about a sexual harassment complaint; or
  • Excluding an individual from meetings because they gave evidence as a witness for another employee as part of a sexual harassment employment tribunal claim.

Unlawful Grounds of Sexual Harassment

The Company prohibits sexual harassment on any grounds, applicable to your normal workplace, digitally via home working and off-site work related events.

Harassment can be committed by a colleague or third party, in person or digitally.

Eg: Whatsapp, social media sites, Teams etc

Reporting Harassment

Employees have the right to complain if they are treated in a way that they believe constitutes sexual harassment or victimisation. The informal and formal procedures to follow are set out below.

Employees who make a genuine complaint under this policy will not be subjected to any unfavourable treatment or victimisation as a result of making the complaint.

Witnessing Harassment or Victimisation

If an employee sees sexual harassment or victimisation taking place, they are encouraged to take appropriate action to address it. If the employee is unable to intervene to prevent the action, they should encourage the employee who is being harassed or victimised to report the incident or report the incident themselves.

Reports of incidents should be made in writing to the HR manager.

Third-Party Harassment

The Company has a zero-tolerance policy for harassment by clients, suppliers, or visitors. The law requires employers to take steps to prevent sexual harassment by third parties and we are committed to doing so.

All employees are encouraged to report any instances of harassment involving a third party in line with the reporting procedure set out below.

In order to prevent third-party sexual harassment from occurring, the Company will ensure that our Sexual Harassment policy is available to view on our CDL website. The company will ensure to communicate our sexual harassment policy to all third parties.

If an allegation of harassment by a third party proves to be well-founded, steps taken by the Company may include:

  • Warning the individual about the inappropriate nature of their behaviour;
  • Banning the individual from the Company’s premises; and
  • Reporting the individual’s actions to the police.

Complaint Procedures

Any employee who feels that they have been subjected to sexual harassment or victimisation should raise the matter as soon as reasonably practicable.

Employees can raise a complaint informally and/or formally. They should contact their line manager/HR manager or another manager/Director i11 the absence of that manager or where their complaint is against that specific manager.

Before filing a formal complaint, employees are encouraged to informally address the issue directly with the person they believe is harassing them. This approach may help resolve the matter, as the individual may be genuinely unaware that their behaviour is unwelcome or distressing and that a direct approach can resolve the matter without the need to use the formal procedure.

Informal Procedure

If an employee feels harassed and feels able to do so, they should address it directly, state explicitly that they feel they are being harassed and that the behaviour is unacceptable to them. They can also discuss it with a colleague, manager, or HR for support, asking them to speak to the harasser on their behalf if required.

If direct communication isn’t possible, they may write a letter to them clearly outlining the offending behaviour and requesting it to stop immediately and ensure to keep a copy for any possible future formal complaint. Maintaining an incident diary is also recommended. If informal resolution fails, a formal grievance can be filed.

Formal Investigation

Employees who believe they have experienced sexual harassment may pursue formal procedures through the Company’s grievance procedure at any time, regardless of whether they have taken informal steps.

When bringing a complaint of sexual harassment, the employee should state:

  • The name of the person whose behaviour is believed to amount to sexual harassment;
  • The behaviour that is causing offence, with specific examples;
  • Dates and times when incidents of sexual harassment occurred;
  • The names of any employees who witnessed any incidents;
  • Details of any action the employee has taken to try and address the harassment.
  • The Company will investigate any complaint thoroughly and fairly.

An employee accused of sexual harassment will be informed of the exact nature of the complaint against them and given a full opportunity to give their version of events.

During the investigation, the Company rese1·ves the right to suspend or temporarily redeploy either the employee making the complaint of sexual harassment, or the employee suspected of sexual harassment. Suspension will be on full pay and is not a disciplinary sanction. As soon as the investigation is complete, the Company will inform the employee suspected of sexual harassment of the outcome and decide if it is appropriate to start disciplinary proceedings.

On conclusion of the investigation, a report of the findings will be submitted to the manager who will hold the grievance meeting. The employee who has made the complaint will be invited to discuss the matter, in line with the Company’s grievance policy.

If, following the hea1·ing, it is decided that the allegation is well-founded, the harasser will be subject to disciplinary action up to, and including, dismissal in accordance with the Company’s disciplinary procedure.

The Company is committed to ensuring employees are not discouraged from using this procedure and no employee will be victimised for having brought a complaint.

Consequences of Breach

Sexual harassment is a disciplinary offence and will be dealt with according to the Company’s Disciplinary Procedure. Sexual harassment or victimisation may constitute gross misconduct, punishable by summary dismissal without notice.

Employees should bear in mind that harassment may also constitute a criminal offence punishable by a fine and/or imprisonment.

Responsibilities of Employees and Managers

All employees must behave appropriately and professionally at all times.

All employees are responsible for their own behaviour and should ensure that they comply with this Policy at all times.

Managers are responsible for upholding this policy and addressing complaints swiftly and confidentially.

Any complaints under this Policy brought to the attention of a manager must be dealt with promptly, confidentially, fairly and consistently.

All incidents of sexual harassment will be reported to the HR team.

Any form of harassment or victimisation may lead to disciplinary action up to and including dismissal if it is committed:

  • In a work situation;
  • During any situation related to work, such as a social event; or
  • Against a colleague or other individual connected to the employer outside of a work situation, including on social media.

Training

The Company will provide training on sexual harassment, victimisation and the reporting process to ensure a clear understanding for all employees and managers.

  • The training will include:
  • What sexual harassment and victimisation is;
  • Expected levels of behaviour;
  • How employees can report any incidents of having been harassed or having witnessed such incidents; and
  • How acts of sexual harassment will be dealt with under the disciplinary procedure, which can potentially result in dismissal.

In addition, the Company will ensure that all managers are trained on implementing this policy.

Support and Advice

The Company will offer counselling and mediation where appropriate.

  • We can provide information relevant organizations that offer support, including:
  • NHS Sexual Assault Advice
  • Victim Support
  • Survivors UK
  • Women’s Aid
  • Citizens Advice
  • ACAS

Additionally, emergency service numbers remain applicable and should be used when necessary.

Confidentiality

The Company will treat all complaints under this Policy confidentially. All employees involved in investigations must respect this confidentiality.

Records of investigations and their outcomes will be kept confidential and in accordance with the Company’s Data Protection Policy.

Any breaches of confidentiality will lead to disciplinary action.