Forgot your password?

Create an Account

Quick Application

Business Details

Please enter the below details if you work for a company rather than self employed.

Driving Convictions

Date
Code
Points
Details

Create your password

Select a site nearest to you

From the list below please select the site that is closest to you. Your application will then be sent to them to review.

How we use your information

 

 

1.               Definition and Interpretation

 

1.1.          In this Addendum the following words and phrases shall bear the following meanings:

 

“Agreement(s)” The agreement or agreements between Rico Logistics Limited and the Service Provider for logistics, transport services, engineering services and/or technology services.

“Approved Country” means the United Kingdom and/or any country in the European Union or any country deemed adequate by the European Commission (as may be amended from time to time);

“Competent Authority” means for the United Kingdom the Information Commissioner or such other role as may be a successor thereto;

“Data Controller”, “Data Processor”, “Data Subject” shall have the meaning as set out in the Data Protection Legislation.

“Data Protection Legislation”Data Protection Legislation:  (i) unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998. The legislation will be interpreted in accordance with the relevant guidance issued and/or confirmed by the Competent Authority.

“Rico” means Rico Logistics Limited, and all its affiliates and subsidiaries, whose registered office is at Kennet House, Unit 4 Langley Quay, Waterside Drive, Slough, Berkshire SL3 6EY (registered number 02869014) (“Rico”) previously traded as Rico Logistics Partnership.

To the extent any of the above are referred to in the Agreement(s) with the Service Provider.

“Processing” has the meaning as set out in the Data Protection Legislation and together with the term “Processed” shall be construed accordingly;

“Personal Data” means any personal data (as defined in the Data Protection Legislation) provided by the Data Controller which is subject to processing by Data Processor pursuant to instructions given by Data Controller;

“Personnel” means an employee, contractor and/or agent of the Service Provider and/or Sub-processor;

“Security Breach” means any unauthorised disclosure, deletion, corruption, access or contravention of the technical and operational security requirements.

“Service(s)” means the goods or service provided in the agreement(s) entered into with Rico;

“Special Categories” shall have the meaning as assigned to it in the Data Protection Legislation.

“Sub-processor” means any third party processing Personal Data as instructed by the Data Processor. “Transfer Date” means the date the parties agree the Personal Data is to be transferred to the Data Controller (or the Data Controller directs) upon termination of the Agreement.

 

1.1.           To the extent any of the Agreement(s) currently in force with Rico contains obligations to the compliance of laws and change of laws, data protection and privacy of Personal data, security and confidentiality then this Addendum supplements such obligations in the Agreement and does not directly release or replace existing obligations.

 

2.               Processing instructions

2.1.          The parties acknowledge that Rico is a Data Controller and the Service Provider is a Data Processor, the Data Processor agrees:

2.1.1.     to process all Personal Data only in accordance with the instructions of Data Controller and shall not use the Personal Data for any other purpose;

2.1.2.     it will not other than for the purpose of comply with a legal or regulatory obligation disclosure the Personal Data to a third party without the prior written consent of the Data Controller;

2.1.3.     it will not use the Personal Data other than for the purposes other than those specified in this Addendum.

2.1.4.     It will not without the prior written consent and knowledge of the Data Controller enter into any correspondence and or discussion with any regulatory authority appointed under the Data Protection Legislation in respect of the Data Controller’s Personal Data save to the extent required by law.

2.2.          The Data Processor will indemnify Data Controller fully against all losses, damages, claims, demands and expenses suffered by the Data Controller which arise in any way from any negligence, wilful default or breach of contract on the part of Data Processor or its directors or employees from a breach of the Data Processor of the provisions of this Addendum.

 

3.      Transfer of Personal Data Outside UK

3.1.          The Data Processor will not without the prior written consent of the Data Controller transfer Personal Data outside an Approved Country or store data in the cloud other than solely on servers situated in an Approved Country and with access restricted to those located within an Approved Country.

3.2.          Any consent given by the Data Controller is subject to the transfer being compliant with the Data Protection Legislation applicable during the term of the Agreement.

3.3.          If the transfer ceases to be compliant, the Data Processor will make all reasonable endeavours to make the transfer compliant with the Data Protection Legislation and/or transfer the Personal Data to a compliant Approved Country.


 

4.      Security

4.1.          The Data Processor will take appropriate technical and organisational measures against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data and that, having regard to the state of technological development and the costs of implementing any measures, such measures will ensure a level of security appropriate to the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the Personal Data.

4.2.          The Data Processor agrees to notify the Data Controller immediately if Personal Data is subject to a Security Breach and within twenty-four (24) hours of the Data Processor being aware of the Security Breach.

4.3.          The Data Processor will provide the Data Controller with such information as the Data Controller will reasonably require for the Data Controller to comply with the Data Controller’s regulatory obligations including but not limited to:

4.3.1. Nature of the breach;

4.3.2. Personal Data compromised;

4.3.3. Categories of Data Subjects impacted:

4.3.4. Number of Data Subjects impacted;

4.3.5. Identification of cause;

4.3.6. Containment actions undertaken;

4.3.7. Rectification actions undertaken;

4.3.8. Notifications made to any other party and/or Competent Authority;

4.3.9. Risk or damage to data subjects arising from the Security Breach.

4.4.          The Data Processor shall not, save to the extent required to do so for legal or regulatory reasons make any announcement or disclosure in relation to the Security Breach without the prior approval of the Data Controller.

 

5.      Personnel and Training

5.1.          The Data Processor will use its reasonable endeavours to ensure the reliability of any of its Personnel who have access to the Personal Data.

5.2.          Data Processor will ensure that all appropriate Personnel are aware of and behave in accordance with the terms of the Data Processor obligations and confidentiality obligations contained in this Addendum.

5.3.          The Data Processor shall and shall use reasonable endeavours to procure that all persons providing services under this Agreement are aware of and shall comply with the Data Protection Legislation, and in particular the data protection principles set out therein, in connection with the subject matter of this Agreement.

 

6.      Use of Sub-processors

6.1.   The Data Controller hereby consents to the use by the Data Processor of the services of subcontractors in order to provide agreed services.

6.2.   The Data Processor shall, at all times, be responsible as between itself and the Data Controller for the observance by its contractors of the obligations contained in this Contract, as if such sub-contractors were the Data Processor.

6.3.   The Data Processor is obligated to only select contractors which offer sufficient guarantees that the appropriate technical and organisational measures will be implemented in such a manner that the processing of Controller Data takes place in accordance with the requirements of the data Protection Legislation. Processor must satisfy itself prior to the commencement of the processing of compliance with the technical and organisational measures by the contractor.

6.4.          The Data Processor will ensure that the Sub-processors specified and any additional or replacement Sub-processors:

6.4.1.enter into written agreements with the Data Processor including but not limited to obligations on the Sub-processor which are no less onerous than the obligations on the Data Processor under this Addendum, including without limitation an obligation not to sub-contract the processing of any Personal Data on behalf of the Data Controller to any third party without obtaining the prior specific written consent of the Data Controller and the Data Processor.

6.5.          The Data Processor will remain liable to the Data Controller for all acts and/or omissions on the part of the sub-processor and will ensure the sub-processor complies with the obligations contained in the Agreement.

 

7.      Data Protection Reporting

7.1.          The Data Processor will upon written request provide the Data Controller with such reports and or information as are reasonably required by the Data Controller to comply with the Data Controller’s reporting obligations under the Data Protection Legislation.

 

8.      Data Subject Requests

8.1.          The Data Processor shall, at no additional cost to the Data Controller promptly;

8.1.1.provide such information co-operation and assistance to Data Controller as the Data Controller may reasonably require to allow the Data Controller to comply with the rights of data subjects, including subject access rights and/or information notices served by any data protection authority;

8.1.2.refer to the Data Controller any communication from data subjects making a data subject access request and/or any other request in respect of the data, any data protection authority or other law enforcement authority which relates directly or indirectly to the processing of Personal Data or to either party’s compliance with the Data Protection Legislation and the Data Processor shall not, subject to any legal, statutory and/or regulatory obligation (when they shall to the extent permitted by law, advise the Data Controller of any such disclosure) disclose or release any Information to such a third party without obtaining the consent of the Data Controller.

8.1.3.provide such assistance as the Data Controller may reasonably require to enable the Data Controller to comply with its obligations pursuant to the Data Protection Legislation to implement appropriate technical and organisational measures to ensure appropriate security of processing, to notify Security Breaches to the Competent Authority and relevant Data Subjects, to carry out data protection impact assessments and/or to consult with the Competent Authority in relation to such assessments.

 

9.      Audit

9.1.          The Data Processor agrees that while this Agreement continues in force it and for a period of up to twelve months after termination the Data Processor will co-operate with Data Controller to enable Data Controller to monitor compliance by the Data Processor with its obligations under this Addendum and in particular that an independent third party appointed by the Data Controller shall on giving reasonable prior notice to Data Processor have reasonable access to the Personal Data and any premises of the Data Processor and/or sub-process where processing of Personal Data is being carried out for the purposes of the Agreement for the purpose of conducting an audit of Personal Data.

9.2.          The Data Processor agrees the Data Controller can from time to time conduct an audit of the Data Processor’s compliance with its obligations under this Addendum.

9.3.          The Data Controller agrees it will not, unless it has reasonable grounds to believe there has been a breach of the obligations contained in this Addendum, conduct any such audit more than once per calendar year.

9.4.          Any such audit shall be strictly limited to an audit of the Data Controller’s Personal Data and organisational and technical processes relating to such Personal Data and may not include any information in relation to any third party such as the Data Processor’s other clients and/or services provided by the Data Processor to third parties.

 

10.  Retention, Correction and Deletion

10.1.       Data Processor shall if so instructed by the Data Controller will promptly;

10.1.1.   comply with the Data Controller’s instructions to return, delete, update and/or amend the Personal Data for the purpose of ensuring the accuracy and validity of the Personal Data; and

10.1.2.   comply with the Data Controller’s instruction to restrict, restrain from and/or suspend Processing of an individual Data Subject’s Personal Data.

 

11.  Return of Data on Termination

11.1.       Within thirty (30) days’ notice of termination of this Agreement the Data Processor and the Data Controller shall agree a data migration process (“Migration Plan”) such process to include:

11.1.1.  Encryption technology to be used to protect the Personal Data in transit;

11.1.2.  Data format and fields;

11.1.3.  Name, address and contact details of recipient of the Data Controller’s Personal Data;

11.1.4.  The Transfer Date for the Personal Data such date to be no later the date of termination of this Agreement;

11.1.5.  The method of transfer of the Data Controller’s Personal Data.

 

12.  Consequences of Termination

12.1.       The Data Controller’s Personal Data may be held by the Data Processor after the Transfer Date or termination date of the Agreement for the following periods;

12.1.1.  If the Transfer Date precedes the termination date of this Agreement, the Data Processor must transfer the Personal Data as directed by the Data Controller no later than sixty (60) days from the Termination Date; or

12.1.2.  If no transfer of the Data Controller’s Personal Data is required, from the date notified to the Data Processor by the Data Controller that the Data Processor must cease processing and/or holding the Data Controller’s Personal Data; or

12.1.3.  If the termination date of this Agreement precedes the Transfer Date, from the Transfer Date for a period not exceeding thirty (30) days.

The Data Processor must not delete the Data Controller’s Personal Data until the date specified by the Data Processor in accordance with this clause 12.1.

12.2.       The obligations in relation to the Personal Data as set out in this Addendum will survive termination of the Agreement.

 

13.  Compliance with Policies

13.1.       The Data Processor will comply with the Data Controller’s Data Protection Policies.

13.2.       Where the Data Processor has their own Data Protection Policies in place the Data Processor confirms that any such policy or policies are consistent with and no less onerous than the Data Controller’s Policies.

13.3.       The Data Processor will notify the Data Controller if the Data Controller’s Data Protection Polices are inconsistent with any legal, regulatory and/or industry accreditation applicable to the Service.

13.4.       Upon receipt of the notification, the parties shall work together to establish is an amendment to the Data Protection Policies can agreed in respect of the Services. In the absence of any such agreement, the Data Controller may at its reasonable discretion terminate this Agreement without additional costs or penalty.

 

14.  Categories of Personal Data and Purpose.

14.1.       For the purpose of this Addendum the categories of Data Subject may include:

Rico employees, contractors, Rico clients and customers of Rico clients

14.2.       The Personal Data does not include Special Categories of Personal Data.

14.3.       The purpose for which the Personal Data is provided is the Services as specified in the Agreement.

14.4.       The following special instructions apply to the processing of the Personal Data.

·        Personal Data may not be extracted from the Data Processor’s systems unless encrypted.

·        Personal Data may not be transferred outside the Data Processor’s own controlled environment.

·        To the extent Personal Data includes card payment information the Personal Data must be processed in accordance with the applicable Payment Card Industry Standards.

14.5.       Either party may from time to time notify the other if this Clause 14 needs to be amended to reflect any changes made (or proposed to be made) to the processing of Personal Data under the Agreement, in which case both parties will act reasonably and in good faith in agreeing appropriate amendments to this Clause 14 so that it remains accurate and complete.

 

15.  Miscellaneous

15.1.                  Governing Law and Jurisdiction

15.1.1.   The construction, validity and Performance of this Data Protection Addendum and all matters relating to the interpretation and effect of this Data Protection Addendum and non-contractual obligations arising from or connected with this Data Protection Addendum (and any amendment hereto) shall be governed by the laws of England and the parties submit to the exclusive jurisdiction of the English courts.

15.2.                  Invalidity

15.2.1.   If any provision of this Data Protection Addendum (or part of any provision) is found by any court or other authority of competent jurisdiction to be invalid, illegal or unenforceable, that provision or part-provision shall, to the extent required, be deemed not to form part of this Data Protection Addendum, and the validity and enforceability of the other provisions of this Data Protection Addendum shall not be affected.

 

 

 

Please Sign Here


iFleet is Copyright © 2009 - 2019 WebxSolution Ltd and protected under UK and international law.