Data Protection – Terms & Conditions Applying To Suppliers
These terms set out the provisions that apply where a third party (“Supplier”) is appointed to provide services (“Services”) in connection with, or to, the Business of Nicholas COOK t/a notarypublic.co.uk (“Notary” or “Business”) and which may involve the Supplier processing personal data. This Policy will also apply if an existing Supplier is re-contracted on new terms or re-engaged on existing terms.
SUPPLIER AS A DATA CONTROLLER
- A solicitor, accountant, notary or similar professional appointed to provide services to the Business.
- The Foreign Office or any other public authority will generally act under their official authority and will likely be a Data Controller.
SUPPLIER AS A DATA PROCESSOR
- Where the Supplier is a data storage provider (e.g. NotarySafe service).
- An agent appointed to provide legalisation services (only if processing of personal data takes place, i.e. the documents are not provided in a sealed envelope and the Supplier can read them).
- A translation service provider.
- An IT contractor with access to confidential information of the Business.
SUPPLIER NOT ENGAGED IN “PROCESSING”
- As mentioned above, this Policy does not apply if the Supplier’s services do not involve the processing of personal data as set out in the examples below.
- Couriers are not considered processors as long as they do not access personal data, i.e. they are handed a sealed envelope that they must not open. They are a mere conduit between the sender and recipient.
STANDARD DATA PROTECTION TERMS: DATA CONTROLLERS AND DATA PROCESSORS
“Data Protection Legislation” shall mean all applicable laws relating to data protection and privacy including (without limitation) the EU Data Protection Directive (95/46/EC) as implemented in each jurisdiction, the EU General Data Protection Regulation (2016/679), the EU Privacy and Electronic Communications Directive 2002/58/EC as implemented in each jurisdiction, and any amending or replacement legislation from time to time;
“Customer personal data” shall mean all personal data (as defined in the Data Protection Legislation) controlled by the Business which is processed by the Supplier in connection with the Services;
- DATA PROTECTION
- In this clause , the terms “personal data”, “process”, “data controller” and “data processor” shall have the meanings set out in the Data Protection Legislation.
- The Supplier acknowledges that it shall be acting as an independent data controller in respect of Customer personal data handled in the performance of the Services.
- Without prejudice to clause [1.2], if circumstances arise whereby the Supplier is acting as a data processor in the performance of the Services on behalf of the Business then the Supplier shall promptly, on request by the Business, execute written contractual commitments which meet the requirements of the Data Protection Legislation. Until such written commitments can be put in place in a form that is acceptable to the Business (such approval not to be unreasonably withheld or delayed), this clause  shall be interpreted to give the closest possible effect to the requirements of the Data Protection Legislation.
- The Supplier shall comply with its obligations under the Data Protection Legislation in respect of Customer personal data. Without prejudice to the foregoing, the Supplier shall not process Customer personal data in a manner that will or is likely to result in the Business breaching its obligations under the Data Protection Legislation.
- The Supplier shall only process Customer personal data for the purposes of performing its obligations under this Agreement and for which it was disclosed by the Business to the Supplier.
- The Supplier shall not process Customer personal data outside the European Economic Area (“EEA”) (including by way of remote access) without the prior written consent of Business.
Revised April 2018