8. Data Protection
- a) The Data Protection obligations are in addition to, and do not relieve, remove or replace, the Client’s obligations under the Data Protection Legislation.
- b) The parties acknowledge that for the purposes of the Data Protection Legislation, Strategic People is the Data Controller and the Client is the Data Processor.
- c) The Client shall, in relation to any Personal Data processed in connection with the performance by the Client of its obligations under the Agreement:
(i) process that Personal Data only on the written instructions of Strategic or having obtained written consent from the Data Subject directly, unless required to do otherwise by applicable law. In which event, the Client shall inform Strategic of such legal requirement before Processing the Personal Data other than in accordance with Strategic’s documented instructions, unless that same law prohibits the Client from doing so on important grounds of public interest;
(ii) shall ensure that any natural person acting under the authority of the Client who has access to the Personal Data does not process it except on the instructions of Strategic or permission from the Data Subject, unless required to do otherwise under applicable law;
(iii) ensure that it has in place industry leading security of the Personal Data, including protection against unauthorised or unlawful Processing and against accidental loss, destruction or damage to Personal Data and implement industry leading technical and organisational measures, to ensure a level of security appropriate to the risk of harm that might result from, unauthorised or unlawful Processing, accidental or unlawful loss, destruction or alteration, unauthorised (or disclosure of) access or damage to Personal Data taking into account:
- i) the nature, scope, context and purposes of the Processing of the personal data to be protected,
- ii) the state of the art in technological developments in information security; and
iii) the cost of implementing any measures; and
- iv) shall include, as a minimum, encrypting the Personal Data, ensuring confidentiality, integrity, availability and resilience of systems and services, ensuring that availability of and access to the Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it;
(iv) ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential;
(v) immediately inform Strategic if it considers that any of Strategic’s instructions infringe the Data Protection Legislation;
(vi) not transfer any Personal Data outside of the European Economic Area or any other territory in which the European Commission has decided that the third country ensures an adequate level of protection. In which case, the Client shall comply with any safeguards put in place by Strategic to protect the Personal Data. The Client shall also ensure that enforceable data subject rights and effective legal remedies for data subjects are available;
(vii) notify Strategic without undue delay on becoming aware of a Personal Data breach, which shall include without limitation if any Personal Data is lost, stolen, destroyed, damaged or corrupted or where there is an unauthorised or accidental disclosure of such Personal Data;
(viii) notify Strategic immediately if it receives any complaint, notice or communication that relates to the Processing of the Personal Data (including without limitation any Data Subject requests) and/or to either party’s compliance with the Data Protection Legislation;
(ix) at the written direction of Strategic and automatically on the termination of the Agreement, delete or return Personal Data and copies thereof to Strategic unless required by applicable law to store the Personal Data provided always that if the Client continues to employ the permanent candidate or engage contractors whose assignments have continued following the termination of the Agreement to which the Data relates, then such Personal Data may be retained for each such Data Subject until such assignment has been completed;
(x) maintain complete and accurate records and information to demonstrate its compliance with this clause and make available such records and any other information necessary to demonstrate compliance with its obligations as a Data Processor under the Data Protection Legislation, and allow for and contribute to audits by Strategic or data supervisory authority on reasonable notice; and
(xi) assist and co-operate with Strategic as necessary and reasonable, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators. The Client shall be solely responsible for its own costs in complying with this provision.
- d) Strategic does not consent to the Client appointing any third party processor of Personal Data under the Agreement.
- e) The Client shall indemnify Strategic against all loss, liability, damages, costs, third party claims, fees and reasonable incurred expenses which Strategic may incur or suffer by reason of any breach of Clause 8 or the Data Protection Legislation by the Client save where the Client is acting at the direct instruction of Strategic. This indemnity shall only apply to the extent that such losses, liability, damages, costs, claims, fees and expenses are not materially contributed to by Strategic. This indemnity and the provisions in this clause shall not be subject to any limitations of liability set out in the Agreement or otherwise but shall subject to any contractual control of defence provisions in relation to third party claims.
- a) This is the entire agreement between the parties. The agreement may not be cancelled and these terms may not be varied or their application or any breach of them waived other than by a document signed by a director, divisional/regional manager or legal representative of Strategic. No-one else acting for Strategic has authority to agree to any variation or waiver.
- b) If a specific fee or payment arrangement has been made between Strategic and the Client, which includes a variation of any of these terms and the Client breaches any term of that arrangement, then all of these terms shall be substituted for and form part of that arrangement with immediate effect.
- c) In addition to and without prejudicing any of its other remedies, Strategic may terminate the agreement between the parties with immediate effect if the Client breaches any of its terms or (in Strategic’s view) materially alters the Instructions.
- d) If the agreement is cancelled or terminated because of a material alteration to the Instructions, the Client agrees to indemnify Strategic against Losses incurred by it to that date or resulting from the cancellation or termination.
- e) Strategic shall not incur any liability to the Client for any Losses if the performance of Strategic’s obligations is prevented or delayed by the acts or omissions of others or other events, which are beyond its reasonable control.
- f) If any of these terms (or part thereof) is judged to be invalid or unenforceable for any reason, then the offending words shall be severed from the agreement or amended so as to ensure that the original spirit and intent of the term is made valid as far as possible. In the event that any term is severed for any reason, all other terms and conditions shall continue in full force and effect.
- g) Both parties agree not to approach or induce with offers of employment, directly or indirectly, any of the other party’s employees that it has had direct contact with under this agreement, without the prior written agreement of the other party. In the event that the Client employs or engages an employee of Strategic, then a Fee calculated upon that person’s Remuneration Package at the rates shown above, or £12,500 (whichever is the greater), shall become immediately payable to Strategic by the Client.
- h) For the avoidance of doubt, the laws of England and Wales shall apply to this agreement and any disputes arising from it are subject to the exclusive jurisdiction of the English courts.