Data Collection Terms
Data Collection Terms
WILLIAM REED BUSINESS MEDIA LTD
DATA COLLECTION TERMS
1 Definitions and interpretation
1.1 In these Terms the following terms have the following meanings:
“Agreement” means any agreement between Reed and Company incorporating these Terms and a Data Collection Form;
"Commencement Date" means the commencement date for the processing as set out in the Data Collection Form;
"Confidential Information" means all information whether in written or any other form which has been or may be disclosed in the course of the discussions leading up to the entering of these Terms and which is identified as confidential or is clearly by its nature confidential including information relating to these Terms, including any data or subscriber information disclosed pursuant to the Purpose;
“Data Collection Form” means any form setting out the details of the data collection to be governed by these Terms;
“the data protection legislation” has the meaning set out in the Data Protection Act 2018;
“Data Protection Law” means the data protection legislation or similar legislation as implemented under English law (including any national implementing laws, regulations and secondary legislation), in each case as applicable and in force in the United Kingdom from time to time and all other applicable laws and regulations, relevant industry codes of practice and guidance issued by the Information Commissioner, supervisory authority or other bodies in relation to the processing of personal data;
"Purpose" as defined in Clause 2.3;
"Reed" means the William Reed Business Media Ltd registered in England no. 2883992 at registered address Broadfield Park, Crawley RH11 9RT (or its successors or assigns) as the case may be;
"Company" means the entity that hereby agrees to these Terms for the Purpose;
"Terms" means the terms and conditions set out in this document.
1.2 In these Terms headings are included for convenience only and shall not affect interpretation.
1.3 The words "include", "includes", "including" and "included" will be construed without limitation unless inconsistent with the context.
2.1 Reed is the owner of a number of business to business titles, services and events.
2.2 Company wishes Reed to provide such services to a number of recipients who are employed or otherwise retained by Company and in respect of which the Company has obtained the requisite consent.
2.3 Reed maintains and regularly updates a subscriber database in respect of such recipients (“the Purpose”) and the parties hereby agree to the Terms herein for such Purpose.
3 Data Protection
3.1 “Controller”, “data subject”, “personal data”, “personal data breach”, “process”, “processor” and “supervisory authority” shall have the meanings set out in the data protection legislation.
3.2 Company warrants and represents that:
3.2.1 it has appointed where required by Data Protection Law an authorised representative in each of the UK and the EU; and
3.2.2 it has appointed where required by Data Protection Law a data protection officer;
3.2.3 if a mandatory data protection officer is not required by Data Protection Law then Company will inform Reed if it has appointed a voluntary data protection officer; and;
3.2.4 in each case Company shall provide all relevant contact details and any updates..
3.3 In the event Company processes personal data pursuant to the Purpose the parties agree that, for the purposes of Data Protection Law, Reed shall be the controller and Company shall be the processor.
3.4 The parties have set out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects in a Data Collection Form (which may be updated by the parties in writing from time to time).
3.5 In relation to such processing, Company shall:
3.5.1 only process the personal data on documented instructions from Reed as set out in these Terms or in writing from time to time;
3.5.2 immediately inform Reed if, in its opinion, an instruction infringes Data Protection Law or other EU or EU Member State data protection provisions; and
not make independent use of the personal data and only process the personal data to the extent, and in such a manner, as is necessary for the purposes of the Contract.
3.6 In relation to such processing, Company shall at its own cost:
3.6.1 implement and maintain appropriate technical and organisational measures in relation to the processing so that the processing will meet the requirements of Data Protection Law and ensure the protection of the rights of the data subjects and take all measures set out in Data Protection Law regarding security of processing in relation to the personal data;
3.6.2 implement and maintain appropriate technical and organisational measures in relation to the processing so as to enable Reed to comply with Reed's obligations to respond to requests for data subjects exercising their rights (including without limitation in respect of transparency, information, rights of data subject access, and rights to erasure and rectification);
3.6.3 comply with Data Protection Law;and
3.6.4 comply with Reed’s policies notified from time to time.
3.7 In relation to such processing, Company shall at all times at its own cost:
3.7.1 ensure the reliability of its employees, staff, other workers and agents and any subcontractors or agents who are engaged in the provision of the processing from time to time (“Company’s Personnel”) including by the provision of adequate training and ensure their compliance with Data Protection Law;
3.7.2 ensure that all Company’s Personnel who process the personal data have committed to confidentiality obligations or are under an appropriate statutory obligation of confidentiality;
3.7.3 notwithstanding any other provision of the Contract, not engage another processor or allow access to the personal data to any third party without prior specific written authorisation of Reed;
3.7.4 inform Reed in advance of any proposed changes to processors and allow Reed an opportunity to discuss and object; and
3.7.5 procure that the processor is subject to terms equivalent to the terms of this Contract including equivalent data protection and confidentiality obligations as those imposed on Company.
3.8 In relation to such processing, Company shall at its own cost:
3.8.1 notify Reed within 24 hours if it receives a request from a data subject for access to that person’s personal data; and
3.8.2 not respond to any requests from data subjects or third parties without Reed’s consent;
3.8.3 provide such assistance, co-operation and information as Reed requires within timescales provided by Reed to enable Reed to ensure compliance with Data Protection Law including without limitation with respect to:
184.108.40.206 security of processing;
220.127.116.11 data protection impact assessments;
18.104.22.168 consultation with the supervisory authority; and
22.214.171.124 any actions to be taken in respect of personal data breaches.
3.9 In relation to such processing, Company shall at its own cost in the event of a suspected or actual personal data breach or complaint:
3.9.1 notify Reed immediately and in any event within 24 hours of becoming aware;
3.9.2 immediately and in any event with within 24 hours of becoming aware provide Reed with all information, assistance and cooperation required by the Reed to enable Reed to comply with Data Protection Law;
3.9.3 promptly undertake such actions as are required by Reed in order to remedy any defect or potential breach of Company’s obligations.
3.10 In relation to such processing, Company shall at its own cost:
3.10.1 at Reed’s option either securely delete or return all the personal data to Reed promptly and in any event within 24 hours after the end of the provision of personal data processing services or termination of the Agreement and securely delete existing additional copies;
3.10.2 make available to Reed all information, assistance and cooperation required by Reed to demonstrate compliance with these Terms and Data Protection Law and permit and contribute to audits, including inspections, conducted by Reed or an auditor appointed by Reed; and
3.10.3 maintain a written record of all categories of processing activities carried out on behalf of Reed, containing the information required by Data Protection Law, and make the record available to Reed upon request.
3.11 In relation to such processing, Company shall not without the prior written consent of Reed disclose or transfer the personal data to any location outside the United Kingdom or the European Economic Area.
3.12 Reed shall be responsible for complying with the obligations that apply to it as a controller under Data Protction law.
3.13 Each party shall indemnify the other party at all times against all claims, demands, costs (including legal costs on a full indemnity basis), claims, damages, expenses, losses, fines and liabilities incurred by such other party arising out of or in connection with:
3.13.1 any breach by it of this clause 3;
3.13.2 any act or omission of processing by it, its affiliates or it’s authorised third party sub-contractors which infringes Data Protection Law.
3.14 This clause 3 is intended to apply to the allocation of losses as between the parties including with respect to compensation to data subjects notwithstanding any provision under Data Protection Law to the contrary except to the extent not permitted by law.
3.15 Company shall do, or cause to be done at its own cost, all things necessary to comply with any additional requirements reasonably imposed by Reed to ensure compliance by the Company and/or Reed with Data Protection Law as expeditiously as practicable including, without limitation, the performance of such further acts or the execution and delivery of any additional instruments or documents as Reed may reasonably request for effecting the same.
4 Confidential Information
4.1 Each Party acknowledges that in the course of the Contract it will have access to Confidential Information. Each party shall keep all Confidential Information confidential and shall not either during, or at any time after termination disclose such Confidential Information to any third party or use such Confidential Information (other than for its own internal management purposes) without the other party's prior written consent.
4.2 The provisions of clause 4.1 shall not apply to information which is:
4.2.1 in or comes into the public domain otherwise than by breach of these Terms;
4.2.2 already in the receiving party's possession; or
4.2.3 obtained from a third party who is free to disclose the same.
4.2.4 required to be disclosed by operation of law.
5 Limitation of liabilities
No party limits its liability for:
These terms will commence from the Commencement Date and shall continue in full force and effect for the duration of the processing as stated in the Data Collection Form.
7 Rights of Third Parties
A person who is not a party to this Agreement shall have no rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this Agreement.
These terms are not intended to create any partnership or joint venture relationship between Reed and Company. If any provision of these Terms is declared by any competent court or body to be illegal, invalid or unenforceable under the law of any jurisdiction, or if any enactment is passed that renders any provision of These Terms illegal, invalid or unenforceable under the law of any jurisdiction this shall not affect or impair the legality, validity or enforceability of the remaining provisions of These Terms. These Terms will be governed by and construed in accordance with the laws of England and will be subject to the exclusive jurisdiction of England.