Supplier privacy

LIONEL BLACKMAN DATA PROTECTION TERMS - SUPPLIER INSTRUCTED ON CLIENT MATTERS

1 Lionel Blackman Solicitors takes its data protection obligations seriously. It requires any third party, which processes personal data received from a member of Lionel Blackman Solicitors, to enter into appropriate contractual provisions ensuring the lawful and secure processing of that personal data by that third party or its permitted sub-contractors.

2 These data protection terms (“DP Terms”) shall:

2.1 apply between you and the member of Lionel Blackman Solicitors that instructs you;

2.2 be deemed to be incorporated into the terms of a letter of instruction between you and Lionel Blackman Solicitors (“Instructions”); and

2.3 unless the Instructions expressly state otherwise, take precedence over those Instructions.

3 You will be deemed to have accepted these DP Terms by accepting the Instructions or commencing the performance of the services required by the Instructions.

4 In these DP Terms, the following words and phrases have the following meanings:

4.1 “Data Privacy Laws” GDPR and any other applicable law on data protection or data privacy;

4.2 “GDPR” EU Regulation (EU) 2016/679 or such UK legislation intended to replace or supersede it;

4.3 “Services” the services that the Lionel Blackman Solicitors has required you to perform, which involve the processing of personal data.

5 Words and phrases which have defined meanings in the Data Privacy Laws have the same meanings when used in these DP Terms. To the extent that any UK legislation supersedes or replaces EU Regulation (EU) 2016/679, any reference in these DP Terms to a term defined or provision of the GDPR shall be interpreted as a reference to the nearest equivalent term or provision in such legislation.

6 Nothing in these DP Terms will relieve you from any of your own responsibilities and liabilities under Data Privacy Laws.

7 It is agreed that, where you process personal data under the Instructions, the subject matter and duration of the processing, the nature and purpose of the processing, and the type of personal data and categories of data subject that are subject to the processing shall be as set out in the Instructions;

8 Where you process personal data under the Instructions (whether as controller or processor), then you shall in relation to those personal data:

8.1 comply with all Data Privacy Laws;

8.2 procure that appropriate technical and organisational measures are taken (as are required by GDPR) against unauthorised or unlawful processing of such personal data and against accidental loss or destruction of, or damage to, such personal data;

8.3 act only on the documented instructions of the Lionel Blackman Solicitors as set out in the Instructions or as otherwise documented in writing, unless required to do so by applicable law in which case you shall inform the Lionel Blackman Solicitors of that legal requirement before processing (unless that law prohibits such information on important grounds of public interest);

8.4 process such personal data only to the extent, and in such manner, as is necessary for the purposes of the Instructions;

8.5 ensure that all or your staff who process those personal data are under obligations of confidentiality in relation to such personal data and are aware of the confidential nature of such personal data, and use reasonable endeavours to ensure the reliability of those staff with access to such personal data;

8.6 without prejudice to the Instructions not engage any sub-contractor to process the personal data, or transfer the personal data to a sub-contractor, without the consent of the Lionel Blackman Solicitors and (upon receiving such consent) shall:

8.6.1 ensure that any such sub-contractor is engaged on a written agreement giving commitments in relation to the processing of such personal data no less onerous than set out in these DP Terms; and

8.6.2 remain liable to the Lionel Blackman Solicitors for the acts of any such sub-contractor in relation to such personal data; and

8.7 taking into account the nature of the processing and the information available to you, assist the Lionel Blackman Solicitors in ensuring compliance with its obligations pursuant to the following GDPR articles:

8.7.1 article 32 (keeping personal data secure);

8.7.2 article 33 (notifying data breaches to the ICO);

8.7.3 article 34 (advising data subject when there has been a personal data breach);

8.7.4 article 35 (carrying out data protection impact assessments); and

8.7.5 article 36 (consulting with the ICO where a data protection impact assessment indicates there is an unmitigated high risk to the processing).

8.8 not transfer such Personal Data outside the EEA without the consent of the Lionel Blackman Solicitors and (upon receiving such consent) shall meet the following conditions:

8.8.1 agree with the Lionel Blackman Solicitors the legal framework to be used for the safe transfer of data.

8.8.2 provide appropriate safeguards in relation to the transfer;

8.8.3 respect the data subjects enforceable rights;

8.8.4 comply with reasonable instructions notified to you in advance by the Lionel Blackman Solicitors with respect to the processing of the personal data; and

8.8.5 maintain complete and accurate records and information to demonstrate compliance with this clause.

8.9 provide reasonable assistance, at your own cost, to the Lionel Blackman Solicitors to assist the Lionel Blackman Solicitors to meet its obligations to data subjects under Chapter III of GDPR including (but not limited to) complying with subject access requests and requests for the rectification or erasure of personal data and making objections to processing. Where you receive any such request yourself you shall inform the Lionel Blackman Solicitors promptly of that request and, where you are obliged to do so or the Lionel Blackman Solicitors requests that you do so, comply with it in accordance with GDPR yourself (and where you are a processor, as if you were a controller);

8.10 provide to the Lionel Blackman Solicitors all information necessary to demonstrate compliance with these DP Terms and allow for and contribute to audits (including inspections) conducted by the Lionel Blackman Solicitors or an auditor nominated by the Lionel Blackman Solicitors;

8.11 notify Lionel Blackman Solicitors if, in its opinion, an instruction given by Lionel Blackman Solicitors breaches the GDPR or other data protection laws; and

8.12 as required by Lionel Blackman Solicitors delete or return such personal data (and any copies of such personal data unless retention is required by applicable law) to Lionel Blackman Solicitors : (i) on termination of this Agreement; (ii) without delay where you have finished processing such personal data; or (iii) upon Lionel Blackman Solicitors written request (which shall excuse you from your obligations, to the extent such request means you are unable to meet them).

8.13 these terms shall cease automatically upon termination or expiry of your obligations in relation to the services.