Secure Online Payments
Fast UK Delivery
Free Delivery Over £200
100s of Tools in Stock
Tried & Tested Products

Data Processing Agreement

Contractual agreement regarding processing of personal data by Belfry Façade Systems Limited

1. Definition

1.1 Belfry Façade Systems Ltd (“BFSL”) acts as a data processor on behalf of its customers who, as data controllers, submit data in order to access the services of providers of courier and postal despatch. BFSL processes data to this end and in order to provide supporting and related services. In certain cases the data so provided will relate to an identifiable subject and so is defined as “personal data” under EU General Data Protection Regulation 2016/679 (“GDPR”). This document serves the purpose of the written contract required to be in place between BFSL and its customers (“Controller”) clarifying their responsibilities and liabilities under GDPR.

2. Terms of Processing

2.1 BFSL will act only on the written (post, e-mail, fax, text) and verbal instructions of the Controller in processing any data supplied (“the Data”), personal or otherwise, unless required by law to act without such instruction. Agreement to trade with BFSL under written Sales Orders is taken to constitute consent to process the Data solely for the purposes necessary to perform the contracted services.

2.2 BFSL will ensure that any people processing or accessing the Data are subject to a duty of confidence. All staff of BFSL are bound by the terms of BFSL’s Staff Data Policy regarding correct and lawful processing.

2.3 BFSL will take appropriate measures to ensure the security of processing the Data, such that are outlined in BFSL’s Privacy Policy as published on BFSL’s website.

2.4 By submitting the Data for delivery by a chosen courier or postal provider, such shipment being governed by prior written Sales Order, the Controller consents to BFSL passing any of the Data necessary to that courier or postal provider for processing and/or the supplier for their contracted purpose of conducting that delivery. Any other sub processing of the Data will be subject to BFSL’s Privacy Policy and/or a further and separate written agreement.

2.5 BFSL will assist the Controller in meeting any stated obligations regarding the provision of subject access to their personal data and any other rights under GDPR. Should BFSL receive such a request directly, it will in the first instance refer the request to the Controller, inform the data subject that it has done so, and subsequently act according to the reasonable instruction of the Controller in providing further information or access.

2.6 BFSL will assist the Controller in meeting any stated obligations regarding security of processing of the Data.

2.7 BFSL will notify the Controller of any personal data breaches relating to the Data, and any resultant data protection impact assessments, in line with its obligations under GDPR.

2.8 BFSL will submit to audits and inspections of its processing practices by any supervisory authority and provide the Controller with any information required to meet an equivalent audit or inspection or any connected legal obligations.

2.9 BFSL will immediately inform the Controller if it is asked by a third-party to infringe GDPR or any other applicable data protection law in relation to the Data.

3. Details of Processing

3.1 BFSL processes the Data on behalf of the Controller through the supply relevant information to suppliers and providers of courier and postal despatch. Subsequently the data is used to provide tracking information and supporting customer services on request and through provided online tools.

3.2 BFSL processes the data for the purpose of enabling delivery to the Controller’s designated recipients.

3.3 The Data may contain a number of types of “personal data”, frequently consisting of name and address information and sometimes also accompanying telephone numbers and/or email addresses. Those names may be connected with either business or home addresses, and their usage for both business and personal purposes. While it is conceivable there may be “Personal Data” relating to vulnerable persons, to children, and to other special categories of person within the Data, this in current practice will not be identifiable therein, nor is the purpose of processing related to that status.

3.4 BFSL’s general policy is that there should be no reason for the Controller to supply definable “sensitive personal data” to BFSL for the purposes of its processing. Should BFSL become aware of such instances, the Controller will be advised on ways in which the Data can be supplied that does not constitute qualification as “sensitive”. Should there be no alternative to the Controller supplying “sensitive personal data” to meet its processing deeds, BFSL will agree a separate written arrangement regarding its safe usage and storage.

3.5 The Data is retained in accordance with our privacy policy.

3.6 The Data is submitted by BFSL to suppliers and the supplier of the chosen despatch service for the purpose of conducting delivery and will then be stored by that supplier in line with their own processing terms.

3.7 Information, including the Data where applicable, that is submitted to BFSL by email or otherwise is stored in accordance with our privacy policy.

3.8 The Controller holds responsibility for ensuring that the Data it provides to BFSL for processing complies with all legal obligations. Specifically,
(a) the Controller verifies that the Data, and any record therein, has been made subject to a valid and documented “lawful basis for processing” under GDPR, and that
(b) the Controller verifies that it has complied with any valid and reasonable subject request for removal or deletion it has received and that no records of such subjects exist within the Data,
(c) the Controller verifies that the Data does not contain any record that is required to be excluded by either MPS or TPS registration as appropriate,
(d) the Controller verifies that it is willing and able to cooperate with any compliance requirements made of it under GDPR.

4. Responsibilities

4.1 BFSL does not indemnify the Controller against any data breach or against any other financial harm resultant from its lawful processing of the Data, other than by prior additional arrangement or other than as governed by law.

4.2 Nothing within this contract relieves BFSL of its own direct responsibilities and liabilities under GDPR.

 

 

SIGN UP FOR OUR MAILING LIST TO RECEIVE OUR LATEST NEWS & OFFERS

    website uptime string