1. For the purposes of this Agreement:
1.1. the terms “Data Controller”, “Data Processor”, “Data Subject”, “Personal Data” and “Processing” shall have the same
meaning as in the Data Protection Act 1998, and “Process” and “Processed” shall be construed accordingly;
1.2. “Data Protection Laws” means the Data Protection Act 1998 and any ICO guidance relating thereto;
1.3. “Client Data” means the Personal Data of the Client, its staff and its customers;
1.4. “ICO” means the Information Commissioner’s Office;
2. Where applicable, the parties agree that the Client is the Data Controller and EA Chauffeurs is the Data Processor.
3. EA CHAUFFEURS agrees to only process Personal Data for and on behalf of the Client for the purposes of performing
the services under this Agreement and in accordance with any other reasonable and lawful instructions issued by the Client in
writing from time to time.
4. Where the Client requires assistance from EA CHAUFFEURS in order to respond to requests, queries and/or
investigations in respect of the Client Data or requires that EA CHAUFFEURS shall help the Client in safeguarding the
Client Data, EA CHAUFFEURS shall provide such assistance, so far as is reasonable but at the Client’s cost;
5. EA CHAUFFEURS shall not be in breach of this Clause if it acts on the instructions of the Client.
The Client retains all rights, title and interest in and to the Client Data.
6. EA CHAUFFEURS will, at the Client’s written request deliver to the Client all documents and material which may be in
EA CHAUFFEURS’s possession which contain the Client Data. Digital Data will be made available for a period of seven (7)
days, for download by Client via FTP or SFTP.
7. With the exception of a hosting provider who uses UK BASED data centres (details provided on request), EA Chauffeurs will not use a sub-processor without the prior written authorization of the controller (ARTICLE 28,2 GDPR 2016/679)
8. EA CHAUFFEURS will co-operate with supervisory authorities (such as ICO) in accordance with Article 31, GDPR
9. EA CHAUFFEURS will ensure the security of its processing in accordance with Article 32 (GDPR 2016/679)
10. EA CHAUFFEURS will keep records of its processing activities in accordance with Article 30.2 (GDPR 2016/679)
11. EA CHAUFFEURS will notify any personal data breaches to the controller in accordance with Article 33 (GDPR
12. EA CHAUFFEURS will employ a data protection officer if required in accordance with Article 37; and appoint (in
writing) a representative within the European Union if required in accordance with Article 27. (GDPR 2016/679)
13. The processor must ensure that people processing the data are subject to a duty of confidence;
14. The processor must take appropriate measures to ensure the security of processing;
15. The processor must assist the data controller in providing subject access and allowing data subjects to exercise their rights
under the GDPR;
16. The processor must assist the data controller in meeting its GDPR obligations in relation to the security of processing, the
notification of personal data breaches and data protection impact assessments;
17. The processor must delete or return all personal data to the controller as requested at the end of the contract; and
the processor must submit to audits and inspections, provide the controller with whatever information it needs to ensure that
they are both meeting their Article 28 obligations, and tell the controller immediately if it is asked to do something infringing
the GDPR or other data protection law of the EU or a member state.
18. As Data Controller, the Client shall:
18.1. comply at all times with the Data Protection Laws;
18.2. ensure it is not subject to any prohibition or restriction which would:
(a) prevent or restrict it from disclosing or transferring the Personal Data to EA CHAUFFEURS, as required under this
(b) prevent or restrict it from granting EA CHAUFFEURS access to the Personal Data, as required under this Agreement;
(c) prevent or restrict EA CHAUFFEURS from Processing the Client Data as envisaged under this Agreement;
18.3. EA CHAUFFEURS shall use appropriate technical and organisational methods to ensure the security of the Client