For ease of navigation we have provided links to our corporate policies and standard terms & conditions below:
This privacy policy applies between you, the User of this Website and ID Insight Consulting Ltd, the owner and provider of this Website. ID Insight Consulting Ltd takes the privacy of your information very seriously. This privacy policy applies to our use of any and all Data collected by us or provided by you in relation to your use of the Website. Please read this privacy policy carefully.
Definitions and interpretation
1. In this privacy policy, the following definitions are used:
Data
collectively all information that you submit to ID Insight Consulting Ltd via the Website. This definition incorporates, where applicable, the definitions provided in the prevailing regulation;
Cookies
a small text file placed on your computer by this Website when you visit certain parts of the Website and/or when you use certain features of the Website. Details of the cookies used by this Website are set out in the clause below (Cookies);
ID Insight Consulting Ltd, or us
ID Insight Consulting Ltd, a company incorporated in England and Wales with registered number 9363477 whose registered office is at 15 Palace Street, Norwich, Norfolk, NR3 1RT;
UK and EU Cookie Law
the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011;
User or you
any third party that accesses the Website and is not either (i) employed by ID Insight Consulting Ltd and acting in the course of their employment or (ii) engaged as a consultant or otherwise providing services to ID Insight Consulting Ltd and accessing the Website in connection with the provision of such services; and
Website
the website that you are currently using, http://www.idinsightconsulting.com/home.html, and any sub-domains of this site unless expressly excluded by their own terms and conditions.
2. In this privacy policy, unless the context requires a different interpretation:
a. the singular includes the plural and vice versa;
b. references to sub-clauses, clauses, schedules or appendices are to sub-clauses, clauses, schedules or appendices of this privacy policy;
c. a reference to a person includes firms, companies, government entities, trusts and partnerships;
d. "including" is understood to mean "including without limitation";
e. reference to any statutory provision includes any modification or amendment of it;
f. the headings and sub-headings do not form part of this privacy policy.
Scope of this privacy policy
3. This privacy policy applies only to the actions of ID Insight Consulting Ltd and Users with respect to this Website. It does not extend to any websites that can be accessed from this Website including, but not limited to, any links we may provide to social media websites.
Data collected
4. We may collect the following Data, which includes personal Data, from you:
a. Name
b. Date of Birth;
c. Gender;
d. Job Title;
e. Profession;
f. Contact Information such as email addresses and telephone numbers;
g. Demographic information such as post code, preferences and interests;
h. in each case, in accordance with this privacy policy.
Our use of Data
5. For purposes of the prevailing regulation, ID Insight Consulting Ltd is the "data controller".
6. We will retain any Data you submit for 6 months.
7. Unless we are obliged or permitted by law to do so, and subject to any third party disclosures specifically set out in this policy, your Data will not be disclosed to third parties. This does not include our affiliates and / or other companies within our group.
8. All personal Data is stored securely in accordance with the principles of the prevailing regulation. For more details on security see the clause below (Security).
9. Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Website. Specifically, Data may be used by us for the following reasons:
a. internal record keeping;
b. improvement of our products / services;
c. transmission by email of promotional materials that may be of interest to you;
d. contact for market research purposes which may be done using email, telephone, fax or mail. Such information may be used to customise or update the Website;
in each case, in accordance with this privacy policy.
Third party websites and services
10. ID Insight Consulting Ltd may, from time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the Website. The providers of such services have access to certain personal Data provided by Users of this Website.
11. Any Data used by such parties is used only to the extent required by them to perform the services that we request. Any use for other purposes is strictly prohibited. Furthermore, any Data that is processed by third parties will be processed within the terms of this privacy policy and in accordance with the prevailing regulation.
Links to other websites
12. This Website may, from time to time, provide links to other websites. We have no control over such websites and are not responsible for the content of these websites. This privacy policy does not extend to your use of such websites. You are advised to read the privacy policy or statement of other websites prior to using them.
Changes of business ownership and control
13. ID Insight Consulting Ltd may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of ID Insight Consulting Ltd. Data provided by Users will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this privacy policy, be permitted to use the Data for the purposes for which it was originally supplied to us.
14. We may also disclose Data to a prospective purchaser of our business or any part of it.
15. In the above instances, we will take steps with the aim of ensuring your privacy is protected.
Controlling use of your Data
16. Wherever you are required to submit Data, you will be given options to restrict our use of that Data. This may include the following:
17. use of Data for direct marketing purposes; and
18. sharing Data with third parties.
Functionality of the Website
19. To use all features and functions available on the Website, you may be required to submit certain Data.
20. You may restrict your internet browser's use of Cookies. For more information see the clause below (Cookies).
Accessing your own Data
21. You have the right to ask for a copy of any of your personal Data held by ID Insight Consulting Ltd (where such Data is held) on payment of a small fee, which will not exceed £0.
Security
22. Data security is of great importance to ID Insight Consulting Ltd and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected via this Website.
23. If password access is required for certain parts of the Website, you are responsible for keeping this password confidential.
24. We endeavour to do our best to protect your personal Data. However, transmission of information over the internet is not entirely secure and is done at your own risk. We cannot ensure the security of your Data transmitted to the Website.
Cookies
25. This Website may place and access certain Cookies on your computer. ID Insight Consulting Ltd uses Cookies to improve your experience of using the Website. ID Insight Consulting Ltd has carefully chosen these Cookies and has taken steps to ensure that your privacy is protected and respected at all times.
26. All Cookies used by this Website are used in accordance with current UK and EU Cookie Law.
27. Before the Website places Cookies on your computer, you will be presented with a pop-up requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling ID Insight Consulting Ltd to provide a better experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of the Website may not function fully or as intended.
28. This Website may place the following Cookies:
29. Type of CookiePurposeStrictly necessary cookiesThese are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.Analytical/performance cookiesThey allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.Functionality cookiesThese are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).Targeting cookiesThese cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
30. You can choose to enable or disable Cookies in your internet browser. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser.
31. You can choose to delete Cookies at any time; however you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings.
32. It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.
Transfers outside the European Economic Area
33. Data which we collect from you may be stored and processed in and transferred to countries outside of the European Economic Area (EEA). For example, this could occur if our servers are located in a country outside the EEA or one of our service providers is situated in a country outside the EEA. These countries may not have data protection laws equivalent to those in force in the EEA.
34. If we transfer Data outside the EEA in this way, we will take steps with the aim of ensuring that your privacy rights continue to be protected as outlined in this privacy policy. You expressly agree to such transfers of Data.
General
35. You may not transfer any of your rights under this privacy policy to any other person. We may transfer our rights under this privacy policy where we reasonably believe your rights will not be affected.
36. If any court or competent authority finds that any provision of this privacy policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy policy will not be affected.
37. Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
38. This Agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.
Changes to this privacy policy
39. ID Insight Consulting Ltd reserves the right to change this privacy policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the privacy policy on your first use of the Website following the alterations.
You may contact ID Insight Consulting Ltd by email at admin@idinsightconsulting.com.
04 April 2018
ID Insight Consulting is registered as a Data Controller with the Information Commissioner’s Office (ICO). It is the responsibility of ID Insight Consulting and all its employees to ensure that they adhere to the Data Protection Principles at all times.
The Data Protection Principles are set out in the Data Protection Act 2018. The core Principles within the act are shown below.
These principles are also included in the current Market Research Society’s Code of Conduct, to which we adhere.
Scope – the principles apply to any personal data held by ID Insight Consulting, in particular this policy covers data held on
A) ID Insight Consulting’s employees
B) Participants of market research conducted by ID Insight Consulting
C) Client data shared with ID Insight Consulting
ID Insight Consulting’s DPO is the business owner
Definitions :-
§ Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, generic, mental, economic, cultural or social identity of that natural person.
§ Special categories of Personal Data is information pertaining to an individual’s race or ethnic origin, political, religious or philosophical beliefs, trade union membership, health data including physical or mental health, sexual life and sexual orientation and biometric data. For obvious reasons, particular care must be taken with this type of information.
Processing of personal data – processing means obtaining, recording or holding data or carrying out any operation(s) on the data.
De-personalised data is exempt from the Act.
§ Employee is any individual employed by ID Insight Consulting, whether as a permanent member of staff, a contract worker or employed on any other basis.
§ Participant is any individual or organization from or about whom data is collected or is approached for Interview.
§ Interview is any form of contact intended to provide information from a Respondent or group of Respondents.
§ Children - for the purpose of the MRS Code of Conduct, children are defined as those under 16.
Additional definitions can be found here: http://www.privacy-regulation.eu/en/article-4-definitions-GDPR.htm
The core Principles within the Data Protection Act 2018 are:
1. Personal data shall be:
(a) processed lawfully, fairly and in a transparent manner in relation to the data subject ('lawfulness, fairness and transparency');
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes ('purpose limitation');
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ('data minimisation');
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay ('accuracy');
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject ('storage limitation');
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ('integrity and confidentiality').
2. The Controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’)
ID Insight Consulting maintains a record of processing (as per GDPR art.30)
The core principles of the MRS Code of Conduct are:
MRS Members shall:
1. Ensure that their professional activities can be understood in a transparent manner.
2. Be straightforward and honest in all professional and business relationships.
3. Be transparent as to the subject and purpose of data collection.
4. Ensure that their professional activities are not used to unfairly influence views and opinions of participants.
5. Respect the confidentiality of information collected in their professional activities.
6. Respect the rights and well-being of all individuals.
7. Ensure that individuals are not harmed or adversely affected by their professional activities.
8. Balance the needs of individuals, clients, and their professional activities.
9. Exercise independent professional judgement in the design, conduct and reporting of their professional activities.
10. Ensure that their professional activities are conducted by persons with appropriate training, qualifications and experience.
11. Protect the reputation and integrity of the profession.
12. Take responsibility for promoting and reinforcing the principles and rules of the MRS Code of Conduct
In order to ensure ID Insight Consulting and its employees adhere to the Principles of the Data Protection Act 2018, they must comply with the following procedures and practices:
ID Insight Consulting will ensure new employees are made aware of the company’s Data Protection Policy and are briefed to relevant aspects of the data protection requirements, during their induction/training.
All employees must comply with the data protection requirements and training given and are responsible for keeping themselves up to date with the requirements.
The company considers breaches of the Data Protection Principles outlined in this policy to be a serious offence, which may result in disciplinary action including dismissal.
A. Personal data held on employees
ID Insight Consulting undertakes to adhere to the provisions of the Data Protection Act and the relevant Codes of Practice relating to personal data held on employees, including employment records, monitoring in the workplace, recruitment and selection and medical records.
ID Insight Consulting will:
Inform employees of their rights under the Data Protection Act 2018 and inform new employees what information will be held about them. As per the Data Protection Act 2018, we will provide the following rights for individuals:
1- The right to be informed
2- The right to access
3- The right to rectification
4- The right to erasure
5- The right to restrict processing
6- The right to object
7- Rights in relation to automated decision making and profiling
- give individuals the opportunity to regularly update personal information
- provide appropriate security for personal data held, and limit the number of persons with access to such records
- to prevent unauthorised or unlawful processing of personal data, and to protect against accidental loss, destruction of or damage to personal data.
In particular, ID Insight Consulting and its employees will:
only store hard personal data in secure locations with restricted access, such as locked filing cabinets
only store electronic personal data in specified locations on the company’s protected spaces
ensure ID Insight Consulting’s data is only accessible to ID Insight Consulting employees and approved agents:
o access to ID Insight Consulting’s data is password protected;
o user passwords are only known to relevant individuals, and are changed regularly
o conduct and comply with an annual review of systems access
o remove employee access to all ID Insight Consulting systems and data, including email and third-party software, at point of contract termination
ensure a pre-determined plan is in place for disaster recovery
comply with ID Insight Consulting’s back-up procedures
ensure ID Insight Consulting premises are protected against intrusion
comply with the measures taken to secure ID Insight Consulting’s offices, including setting of alarms and locking up procedures
follow best practice relating to the recruitment and selection of new employees
not disclose information to third parties without consent
not transfer information to a country or territory outside the European Economic Area unless there is adequate provision for protection
retain only those employment records that are genuinely required for the needs of the business
dispose of any personal data by destroying it in a manner that prevents it being obtained by 3rd parties
provide employees with a copy of the personal data held about them on their request – this “subject access request” should be made in writing, and ID Insight Consulting must respond within 30 days.
(ID Insight Consulting is required to provide this information free of charge)
ID Insight Consulting’s employees will:
ensure the personal information they give the company is accurate, and inform the company of any changes to that information
comply with the requirements outlined above where these are applicable to their role
All staff are required to report immediately all incidents that involve the suspected or actual loss, theft, unauthorised disclosure or inappropriate use of personal data to the business owner
B. Personal data held on market research participants
ID Insight Consulting undertakes to adhere to the provisions of the Data Protection Act and the relevant Codes of Practice, including the MRS Code of Conduct, relating to personal data obtained and processed for the purpose of conducting market research.
https://www.mrs.org.uk/pdf/MRS-Code-of-Conduct-2019.pdf
We have privacy policies in place and guidance for different data collection methods.
ID Insight Consulting and its employees will:
conform to all relevant national and international laws
behave ethically and not do anything that might damage the reputation of market research
ensure that participants cooperation is voluntary by obtaining their agreement to participate in an Interview
take special care when carrying out research among children and other vulnerable groups of the population; the informed consent of the parent or responsible adult must be obtained before interviewing a child under 16
ensure that participants anonymity is preserved
ensure transparency, that participants cooperation is based on adequate information about the general purpose and nature of the project – the reason for the research must be clearly spelt out to participants at the beginning of an interview
ensure participants are clear that the information collected during the interview will only be used for confidential research purposes
ensure participants permission for a further interview is gained during the initial interview, where it is known a further interview is likely to be necessary
never undertake any activities, under the guise of research, which aim to manipulate, misled or coerce individuals.
respect participants right to refuse participation, and ensure they are not contacted again on a project after refusing
respect participants right not to be contacted again, and ensure their details are removed from future sample files
provide participants with a copy of the personal data held about them on their request – this “subject access request” should be made in writing, and ID Insight Consulting must respond within 30 days and free of charge.
ensure participants are told, normally at the beginning of the interview, if recording equipment or observation techniques are being used (except where these are used in a public place)
if a participant so wishes, the record or relevant section of it must be destroyed or deleted - participants anonymity must not be infringed by the use of such methods
ensure that – where a participant has given permission for data to be passed on in a form that allows the participant to be identified personally –
o the participant is first told to whom the information would be supplied and the purposes for which it would be used
o the information will not be used for any non-research purposes
o The recipient of the information has agreed to confirm to the requirements of the MRS Code of Conduct
· disclose the identity of clients where there is a legal obligation to do so
· take all reasonable precautions to ensure that participants are in no way directly harmed or adversely affected as a result of their participation in a market research project
· take all reasonable precautions to ensure that participant data is not processed to support measures or decisions with respect to those particular individuals
o ensure the following where research results are to be used for purposes other than “classic” research, in particular at a personal level:
o that feedback is provided where personal data drawn when sampling from a customer database is shown at the interview state to be inaccurate or out-of-date
o individual complaints or dissatisfaction about customer service raised by participants during an interview are fed back at the participants request
o ensure personal data collected on participants is exclusively used for research purposes
ensure participants are able to check without difficulty the identity and bona fides of the researcher or research company
only keep personal data for as long as is necessary for the purpose(s) it was obtained for
dispose of any personal data by destroying it in a manner that prevents it being obtained by a third party
provide appropriate security for personal data held and limit the number of persons with access to such records – to prevent unauthorised or unlawful processing of personal data, and to protect against accidental loss, destruction of or damage to personal data
In particular, ID Insight Consulting and its employees will follow the procedures outlined earlier.
not transfer information to a country or territory outside the European Economic Area unless there is adequate provision for protection
ensure that research projects and activities are designed, carried out, reported and documented accurately, transparently, objectively and to appropriate quality
Re scope of this policy:
Children have the same rights as adults within the 2018 Act.
Internet research – the same principles apply to online data collection and survey management
Business to Business Research – 2018 Act doesn’t apply to data held about corporate or other types of organisation, but “care should be taken to ensure that….the 2018 Act is not infringed when collecting/holding data about individuals working within organisations. This particularly applies when interviewing individuals who are registered as sole traders or within partnerships.”
See also “Guidelines for Business to Business Research” by MRS.
Other points to be aware of, not specifically covered above:
- qualitative research – client must make sure they have written permission to video participants AND to show video material to client; in theory we ought to have a standard sentence saying focus groups are held with the understanding that clients are complying with the DP act etc.
- surveys involving prize draws – must always include relevant T&Cs
- client owned customer databases – specific issues apply here, covered in DP Act
See: “Data Protection & Research: Guidance for MRS Members and Company Partners 2018” and further guidance on the MRS website: https://www.mrs.org.uk/standards/binding-guidelines
ID INSIGHT CONSULTING – BUSINESS OWNER
November 2019
Introduction
The EU General Data Protection Regulation (GDPR), and Data Protection Act 2018 (DPA 2018) which implements it in the UK, has strengthened legislation in this area, in particular requiring that organisations are accountable and able to demonstrate compliance. References to data protection legislation in this policy include provisions of the GDPR and DPA 2018. It is important that ID Insight Consulting Ltd protects and safeguards person-identifiable information that it gathers, creates processes and discloses, to comply with the law and relevant ID Insight Consulting Ltd policy, as well as provide assurance to clients and other stakeholders.
All employees of ID Insight Consulting Ltd must comply with data protection legislation. Staff must handle personal information they may come into contact with during the course of their work in a lawful and compliant manner. This is not just a requirement of their responsibilities but also a requirement within data protection legislation. It is important for staff to be aware that it is an offence under DPA 2018 for a person knowingly or recklessly to obtain or disclose personal data.
This policy sets out the requirements placed on all ID Insight Consulting Ltd staff when sharing personal information both internally withing the business and externally with clients and other stakeholders.
The Information Commissioner’s Office (ICO) has issued a data sharing code of practice that must be adhered to when sharing personal data. Information can relate to clients, staff of ID Insight Consulting Ltd (including temporary staff), members of the public, or any other identifiable individual, however stored. Information may be held on paper, CD/DVD, USB sticks, computer file or printout, laptops, mobile phones, digital cameras or even heard by word of mouth.
Sharing of non-personal information
Some information sharing does not involve personal data, for example where only statistics that cannot identify anyone are being shared.
Anonymous or aggregate (numbers) information may be shared internally or with other organisations.
Sharing personal information with other organisations
Necessary and proportionate, personal information may be shared with other organisations.
This policy covers two main types of information sharing:
• ‘Systematic’, routine information sharing where the same data sets are shared between the same organisations for an established purpose; and
• exceptional, one-off decisions to share information for any of a range of purposes.
Different approaches apply to these two types of information sharing and this policy reflects this. Some of the good practice recommendations that are relevant to systematic, routine information sharing are not applicable to exceptional, one-off decisions about sharing.
‘Systematic’ information sharing
This will generally involve routine sharing of data sets between organisations for an agreed purpose.
Exceptional or ‘one-off’ information sharing
Much information sharing takes place in a pre-planned and routine way. As such, this should be governed by established rules and procedures. However, staff may also decide, or be asked, to share information in situations which are not covered by any routine agreement. All ad-hoc or one-off sharing decisions must be carefully considered and documented.
Factors to consider
When deciding whether to enter into an arrangement to share personal data (either as a provider, a recipient or both) you should consider what the sharing is to achieve. There should be a clear objective or set of objectives. Being clear about this will identify the following:
• Could the objective be achieved without sharing the data or by anonymising it?
• It is not appropriate to use personal data to plan service provision, for example, where this could be done with information that does not amount to personal data.
• What information needs to be shared? You should not share all the personal data you hold about someone if only certain data items are needed to achieve the objectives.
• Who requires access to the shared personal data? You should employ ‘need to know’ principles, meaning that when sharing both internally between staff and externally with other organisations, individuals should only have access to your data if they need it to do their job, and that only relevant staff should have access to the data. This should also address any necessary restrictions on onward sharing of data with third parties.
• When should it be shared? Again, it is good practice to document this, for example setting out whether the sharing should be an on-going, routine process or whether it should only take place in response to particular events.
• How should it be shared? This involves addressing the security surrounding the transmission or accessing of the data and establishing common rules for its security.
• How can we check the sharing is achieving its objectives? You will need to judge whether it is still appropriate and confirm that the safeguards still match the risks.
• What risk to the individual and/or the organisation does the data sharing pose? For example, is any individual likely to be damaged by it? Is any individual likely to object? Might it undermine individuals’ trust in the organisations that keep records about them?
It is good practice to document all decisions and reasoning related to the information sharing.
For any assistance and guidance, and if in any doubt about when it is appropriate to share information please refer to the Owner.
In all circumstances of information sharing, staff will ensure that:
• When information needs to be shared, sharing complies with the law and this guidance.
• Only the minimum information necessary for the purpose will be shared.
• Individuals’ rights will be respected, particularly confidentiality, security and the rights established by the GDPR.
• Confidentiality must be adhered to.
• Reviews of information sharing should be undertaken to ensure the information sharing is meeting the required objectives/purpose and is still fulfilling its obligations.
Information Sharing Agreements
Information sharing agreements, sometimes known as ‘Information sharing protocols’ or ‘data sharing protocols’, set out a common set of rules to be adopted by the various organisations involved in an information sharing operation. These could well form part of a contract between organisations. It is good practice to have an information sharing agreement in place, and to review it regularly, particularly where information is to be shared on a large scale, or on a regular basis.
An information sharing agreement must, at least, document the following:
• The purpose, or purposes, of the sharing.
• The legal basis for sharing under the DPA 2018 / GDPR.
• The potential recipients or types of recipient and the circumstances in which they will have access.
• Who the data controller(s) is and any data processor(s).
• The data to be shared.
• Data quality – accuracy, relevance, usability.
• Data security.
• Retention of shared data.
• Individuals’ rights – procedures for dealing with access requests, other applicable GDPR rights, queries and complaints.
• Review of effectiveness/termination of the sharing agreement; and
• Any particular obligations on all parties to the agreement, giving an assurance around the standards expected, sanctions for failure to comply with the agreement or breaches by individual staff.
Introduction
All ID Insight Consulting Ltd staff members must ensure they are familiar with the contents of this policy, which describes the standards of practice we require in the management of our records. It is based on current legal requirements and professional best practice.
Records and Documents are different. Documents consist of information or data that can be structured or unstructured and accessed by ID Insight Consulting Ltd staff. Records provide evidence of the activities of functions and policies. Records have strict compliance requirements regarding their retention, access and destruction, and generally have to be kept unchanged. Conversely, all records are documents.
This policy relates to all documents and records held by ID Insight Consulting Ltd staff, regardless of format, including, but not limited to, email, paper, digital, social media, videos and telephone messages.
Records are created to provide information about what happened, what was decided, and how to do things. Individuals cannot be expected or relied upon to remember or report on past policies, discussions, actions and decisions accurately all of the time. So, as part of their daily work they keep a record – by updating a register or database, writing a note of a meeting or telephone call, audio recordings of interaction or filing a letter or email – which ensures that they and their successors have something to refer to in the future.
Records are a valuable resource because of the information they contain. High-quality information underpins the delivery of high-quality services. Information has most value when it is accurate, up-to-date and accessible when it is needed. An effective records management function ensures that information is properly managed and is available whenever and wherever there is a justified need for that information, and in whatever media it is required.
Records management is about controlling records within a framework made up of policies, standard operating procedures, systems, processes and behaviours. Together they ensure that reliable evidence of actions and decisions is kept and remains available for reference and use when needed, and that the organisation benefits from effective management of one of its key assets - its records.
A records retention schedule is a control document. It sets out the classes of records which ID Insight Consulting Ltd retains and the length of time these are retained before a final disposition action is taken (i.e. destruction). It applies to information regardless of its format or the media in which it is created or might be held. All staff members should be familiar with this records retention schedule and apply retention periods to records.
A records management policy is a cornerstone of effective management of records in an organisation. It will help to ensure ID Insight Consulting Ltd keeps the records it needs for business, regulatory, legal and accountability purposes.
The purpose of this policy is to establish a framework in which ID Insight Consulting Ltd records can be managed, and to provide staff members with an overview of their obligations under it.
Scope
Staff of ID Insight Consulting Ltd fall under the scope of this document, including contractors, temporary staff and all permanent employees.
Responsibilities
Owner
Responsibility for data management and handling resides ultimately with the Owner.
All Staff
All staff are responsible for data management and handling and therefore must understand and comply with this policy and associated guidance. Failure to do so may result in disciplinary action.
Procedures
This policy covers the management of both documents and records at ID Insight Consulting Ltd. The policy sets in place the arrangements for all documents and records produced and received by ID Insight Consulting Ltd.
This policy is mandatory and applies to all information in all formats. It covers all stages within the information lifecycle, including retention and disposition.
Staff members must not alter, deface, block, erase, destroy or conceal records with the intention of preventing disclosure under a request relating to the Freedom of Information Act 2000 or the Data Protection Act 2018.
Staff members are expected to manage records about individuals in accordance with this policy irrespective of their race, disability, gender, age, sexual orientation, religion or belief, or socio-economic status.
Records and Information Management
Stage 1 – Creation and Receipt
This part of the process is when we put pen to paper, make an entry into a database or start a new electronic document. This is the first phase. It can be created by members of staff or received from an external source.
Stage 2 - Distribution
Distribution is managing the information once it is created or received whether it is internal or external. It occurs when records are sent to someone for which they were intended or were copied. Records are distributed when photocopied, printed, attached to an email, hand delivered or regular mail, etc. After records are distributed, they are used.
Stage 3 - Use
This stage takes place after information is distributed. This is when records are used on a day to day basis, in line with business activities.
Stage 4 - Maintenance
Maintenance is when records are not used on a day to day basis and are stored. Even though they are not used on a day to day basis, they will be kept for reference future need until they have met their retention period. The maintenance phase includes filing, transfers and retrievals. The information may be retrieved during this period to be used as a resource for reference or to aid in a business decision.
Stage 5 - Disposition
Disposition is when a record is less frequently accessed, has no more value to ID Insight Consulting Ltd or has met its assigned retention period. It is then reviewed and if necessary destroyed under confidential destruction conditions. This is the final phase.
Record Naming and Good Practice
Record naming is an important process in the management of data and it is essential that a unified approach is undertaken within the business.
Staff members should refrain from naming folders or files with their own name unless the folder or file contains records that are biographical in nature about that individual, for example, personnel records.
ID Insight Consulting Ltd standard naming convention must be used for the filename of all electronic documents created by staff members.
The re-naming of old documents is optional but new documents must follow the standard naming convention.
Version Control is the management of multiple revisions to the same document. Version control enables us to tell one version of a document from another.
Where records contain person identifiable data or corporate sensitive information it is a requirement that such data is stored securely. You must ensure access to the data is password protected and access only allowed for specific, named personnel.
Good record keeping should prevent record duplication. Staff members should ensure team members have not previously created a record prior to initiating a new document.
Staff members should ensure records are relevant and need to be retained.
Record Maintenance
Electronic documents and records should be maintained in accordance with this policy.
The movement and location of paper records should be controlled and tracked to ensure that a record can be easily retrieved at any time. This will enable the original record to be traced and located if required and must be held in a shared location.
Records Security - Work Base, Home Working, Agile Working
All person identifiable data or commercially sensitive data must be saved with appropriate security measures.
Staff must not use home email accounts or private computers to hold or store any sensitive records or information which relates to the business activities of ID Insight Consulting Ltd.
Removable Media must be owned by ID Insight Consulting Ltd. Ideally, person sensitive data should not be stored on any removable media, however if there is no other option ensure this data is stored on a corporate encrypted device and deleted once transferred to identified secure area folder.
When printing paper records, especially sensitive documents, ensure appropriate measures have been taken in collecting all documents immediately after printing.
When transferring data, ensure security measures and precautions have been actioned by the sender and receiver.
Never leave your computer screen open when unattended. Always lock it using the keys Control + Alt + Delete and then click on ‘Lock This Computer’.
Missing and Lost Records
A ‘missing record’ is when a record cannot be found, or is not available when required.
In the event of a missing record, a thorough search must be undertaken.
If after 5 working days, the record has not been found, the missing record must be reported to the Owner. The severity of the incident will determine the level of investigation required.
Business Continuity and Recovery
The business owner will make appropriate plans for business continuity in the event of any business interruption that compromises delivery of contracted services to clients. This will also extend to disaster recovery planning. Key principles of planning are:
· Ability to access business critical systems remotely – from secure, protected devices
· Secure storage of key documents within recoverable systems
· Use of encrypted and password protected removable devices containing key business documents
· Availability of appropriate alternative work spaces for employees in the event of main office being inaccessible for a period of more than 1 week
· Identifiable resources, in addition to key project owners for all continuous projects
Monitoring
Compliance with the policies and procedures laid down in this document will be monitored by the Owner. The Owner is responsible for the monitoring, revision and updating of this document if the need arises.
1. INTRODUCTION
Information Security is strategically important to our business and accordingly we are committed to preserving the confidentiality, integrity and availability of all the physical and electronic information assets throughout the organisation in order to preserve our reputation, cash-flow, profitability, legal, regulatory and contractual compliance and commercial position.
2. PURPOSE
This information security policy defines the framework within which information security will be managed within the business and demonstrates the commitment and support for information security within the business.
3. SCOPE
All employees are obliged to comply with this policy.
The policy covers, but is not limited to, any systems or data related to our computer or telephone networks, any systems provided by us and any communications sent to or from the agency and any data which is owned either by the business or on behalf of our clients held on systems internally or external to the agency’s network.
4. ORGANISATION AND RESPONSIBILITY
Our responsibilities
The owner is ultimately responsible for the maintenance of this policy and for compliance within the business. This policy has been approved and forms part of our policies and procedures.
The owner is responsible for reviewing this policy on an annual basis and is responsible for identifying and assessing security requirements and risks. They will provide clear direction, visible support and promote information security through appropriate commitment and adequate resourcing.
The owner is responsible for the management of information security and, specifically, to provide advice and guidance on the implementation of this policy.
It is the responsibility of all employees to implement this policy within their area of responsibility and the responsibility of the owner to ensure they are fully aware of the policy and given appropriate support and resources to comply.
Your responsibilities
It is the responsibility of EVERY EMPLOYEE to adhere to this policy at all times.
Failure to comply with this policy that occurs as a result deliberate, malicious or negligent behaviour, may result in disciplinary action.
5. POLICY
We are committed to protecting the security of its information and information systems and to a policy of education, training and awareness for information security. It is our policy that the information we manage shall be appropriately secured to protect against breaches of confidentiality, failures of integrity or interruptions to the availability of that information and to ensure appropriate legal, regulatory and contractual compliance. In particular, contingency plans, data backup procedures, avoidance of viruses and hackers, access control to systems and information security incident reporting are fundamental to this policy. Control objectives for each of these areas are defined and are supported by specific, documented policies and procedures as appropriate.
To determine the appropriate level of security control that should be applied to information systems, a process of risk assessment shall be carried out in order to define security requirements and identify the probability and impact of security breaches.
It is our policy to report and log all information or IT security incidents, or other suspected breaches of the policy. All employees will follow the procedure for escalation and reporting of security incidents and any data breaches that involve personal data will subsequently be reported to the Information Commissioner’s Office, as appropriate.
Owner
February 2020
Policy Statement
Modern slavery is a crime and a violation of fundamental human rights. It takes various forms, such as slavery, servitude, forced and compulsory labour and human trafficking, all of which have in common the deprivation of a person's liberty by another in order to exploit them for personal or commercial gain. We have a zero-tolerance approach to modern slavery and we are committed to acting ethically and with integrity in all our business dealings and relationships and to implementing and enforcing effective systems and controls to ensure modern slavery is not taking place anywhere in our own business or in any of our supply chains.
We are also committed to ensuring there is transparency in our own business and in our approach to tackling modern slavery throughout our supply chains. We expect the same high standards from all of our contractors, suppliers and other business partners, and we expect that our suppliers will hold their own suppliers to the same high standards.
This policy applies to all persons working for us or on our behalf in any capacity, including employees at all levels, directors, officers, agency workers, seconded workers, volunteers, interns, agents, contractors, external consultants, third-party representatives and business partners.
This policy does not form part of any employee's contract of employment and we may amend it at any time.
Responsibility for the Policy
The Business Owner has overall direct responsibility for ensuring this policy complies with our legal and ethical obligations, and that all of those under the control of the Business Owner comply with it. The Business Owner has primary responsibility for implementing this policy, monitoring its use and effectiveness, dealing with any queries about it, and auditing internal control systems and procedures to ensure they are effective in countering modern slavery.
The Business Owner is responsible for ensuring employees at all levels understand and comply with this policy.
You are invited to comment on this policy and suggest ways in which it might be improved. Comments, suggestions and queries are encouraged and should be addressed to the Business Owner.
Compliance with the Policy
You must ensure that you read, understand and comply with this policy.
The prevention, detection and reporting of modern slavery in any part of our business or supply chains is the responsibility of all those working for us or under our control. You are required to avoid any activity that might lead to, or suggest, a breach of this policy.
You must notify the Business Owner as soon as possible if you believe or suspect that a conflict with this policy has occurred, or may occur in the future.
You are encouraged to raise concerns about any issue or suspicion of modern slavery in any parts of our business or supply chains of any supplier tier at the earliest possible stage.
If you believe or suspect a breach of this policy has occurred or that it may occur you must report it as soon as possible.
If you are unsure about whether a particular act, the treatment of workers more generally, or their working conditions within any tier of our supply chains constitutes any of the various forms of modern slavery, raise it with the Business Owner.
We aim to encourage openness and will support anyone who raises genuine concerns in good faith under this policy, even if they turn out to be mistaken. We are committed to ensuring no one suffers any detrimental treatment as a result of reporting in good faith their suspicion that modern slavery of whatever form is or may be taking place in any part of our own business or in any of our supply chains. Detrimental treatment includes dismissal, disciplinary action, threats or other unfavourable treatment connected with raising a concern.
Communication and awareness of this Policy
Our zero-tolerance approach is communicated to all business partners at the outset of our business relationship with them and reinforced as appropriate thereafter.
Breaches of this Policy
Any employee who breaches this policy will face disciplinary action, which could result in dismissal for misconduct or gross misconduct.
We may terminate our relationship with other individuals and organisations working on our behalf if they breach this policy.
ID Insight Consulting Ltd – Business Owner
Created: October 2019
Last updated: April 2021
Whereas, a purchase order or confirmatory email (“PO”) has been placed by client (“Client”) to purchase the provision of Services and Deliverables, as applicable, as set out in the scope of work (“SoW”) from ID Insight Consulting Limited, company number 9363477, with its registered office at 15 Palace Street, Norwich, Norfolk, NR3 1RT (“Agency”). The “Agreement” comprises the PO, these Client Standard Terms & Condition (“Conditions”) and if applicable, any terms, conditions, caveats and assumptions contained in the SoW referenced in the PO or Order Acknowledgement (as defined below). In the event of a conflict between terms, the order of precedence shall be (i) the SoW; (ii) these Conditions; (iii) the Order Acknowledgement; and then (iv) the PO, unless expressly agreed in writing otherwise.
1 Appointment & Scopes of Work
The Agency, or its Affiliates, shall perform the Services and supply Deliverables to the Client in accordance with a SoW. Agency reserves the right to subcontract Services as it deems appropriate. A PO may be deemed accepted by the Agency (i) upon commencement of the Services, or (ii) in writing (“Order Acknowledgement”). All quotes contained in a proposal will be valid for a 3 month period.
2 Client’s Obligations
2.1 The Client will promptly supply to the Agency (at no charge) any Client Materials reasonably required by the Agency or otherwise necessary to provide the Services and Deliverables and shall ensure that it has all rights and licences in place to enable use by the Agency of all Client Materials.
2.2 If the Client (or its appointed third party suppliers) does not fulfil its obligations under or in connection with this Agreement (including its payment obligations), then to the extent that such failure prevents the Agency from performing any Services and/or providing any Deliverables in accordance with this Agreement, the Agency will be relieved of its obligations to the Client, and the Agency shall not be liable for any Losses incurred by the Client as a result of any such failure.
3 Service Delivery
3.1 The Agency shall use reasonable endeavours to meet any deadlines agreed to as part of a Scope of Work and apply such time, attention, and reasonable skill and care as may be necessary or appropriate for its proper performance of the Services and provision of the Deliverables.
3.2 If at any time the Agency becomes aware that it may not be able to perform the Services or deliver any Deliverables by any date set out in the applicable SoW (or any other deadline agreed by the parties in writing), the Agency will promptly notify the Client and give details of the reasons for the delay.
4 Amendments and Cancellations
Any material amendment to a SoW shall be subject to the agreement of both parties in writing and the Fees payable to the Agency in respect of the amended Services shall not decrease below the level of Fees that would have been payable had the Services not been amended, save with the prior written approval of the Agency. In the event of any such cancellation the Client will reimburse the Agency for all Fees up to the date of cancellation, together with any Third Party Costs or other expenses or costs incurred by the Agency or to which the Agency is committed as well as any charges or other expenses or costs imposed on the Agency by third parties arising from the cancellation.
5 Fees
5.1 The Agency shall invoice 50% of the Fees upon commissioning of the Services and 50% of the Fees upon completion of the Services, unless otherwise agreed in a SOW.
5.2 The Fees, Expenses and Third Party Costs will be invoiced in accordance with the payment terms set out in the applicable SoW and shall be payable (subject to clause 5.8) within thirty (30) days of the date of the relevant invoice, or such other reasonable period as the parties may agree in the applicable SoW.
5.3 All sums stated in this Agreement or in any SoW, quotation or estimate exclude VAT and any other applicable sales tax (unless otherwise stated) which shall also be payable by the Client at the rate prevailing from time to time.
5.4 All Fees, Expenses and Third Party Costs shall be payable in GBP unless otherwise agreed in a SoW.
5.5 The terms of remuneration set out in this Agreement do not cover the performance of services which are outside of a SoW. If any such services are required the terms relating to their provision together with the applicable fees will be agreed in writing by the parties.
5.6 The Agency shall be entitled to charge the Client interest on overdue payment in accordance with The Late Payment of Commercial Debts (Interest) Act 1998.
5.7 Each party shall pay all monies which are payable by it to the other without any right of set off, abatement or withholding in respect of monies which are due to it or alleged to be due to it from the other party.
5.8 The actual cost to the Agency of Third Party Costs in respect of materials or services purchased overseas for the Deliverables may be more or less than the cost anticipated at the date when the Agency ordered the relevant materials or services (or obtained the Client’s approval for such Third Party Costs) as a result of fluctuations in the rate of currency exchange. If so, the Agency will charge the Client at the rate of currency exchange in operation on the date the Agency pays for the relevant Third Party Costs, which shall be deemed to be the closing mid-point rate in London for that day as subsequently quoted in the next published edition of The Financial Times.
5.9 If Fees are quoted in a currency other than GBP, the Agency reserves the right to re-cost the study for fluctuations in exchange rates exceeding 5% between the time of quotation and the time of invoicing.
5.10 If the Agency is procuring third party services in a currency other than GBP on your behalf in connection with the study, the Agency reserves the right to pass through any additional costs arising from fluctuations in exchange rates exceeding 5% between the time of commissioning the third party and the receipt of the third party invoice.
5.11 In the event that any Third Party Costs require payment in advance or sooner than the payment terms set out in clause 5.1, the Agency will notify the Client as soon as reasonably practicable in advance and the Client shall pay such costs within the period set out in the relevant invoice.
6 Confidentiality
6.1 Each of the parties acknowledges that, whether by virtue of and in the course of this Agreement or otherwise, it may receive or otherwise become aware of information relating to the other party, its clients, customers, businesses, business plans or affairs, which information is proprietary and confidential to the other party (“Confidential Information”). Confidential Information shall include any document marked “Confidential”, or any information which the recipient has been informed is confidential or which it ought reasonably to expect the other party would regard as confidential.
6.2 Confidential Information shall exclude information which:
(a) at the time of receipt by the recipient is in the public domain;
(b) subsequently comes into the public domain through no fault of the recipient, its officers, employees or agents;
(c) is lawfully received by the recipient from a third party on an unrestricted basis;
(d) is independently developed by the recipient; and/or
(e) is already known to the recipient before receipt hereunder.
6.3 Each of the parties undertake to maintain the confidentiality of the other party’s Confidential Information at all times and to use no less adequate measures than it uses in respect of its own confidential information to keep the other party’s Confidential Information reasonably secure. Neither party shall at any time without the prior written approval of the other party, use, disclose, exploit, copy or modify any of the other party’s Confidential Information, or authorise or permit any third party to do the same, other than for the sole purpose of the exercise of its rights and/or the performance of its obligations in connection with this Agreement.
6.4 Each of the parties undertakes to disclose the other party’s Confidential Information only to those of its associates, advisors, representatives or Affiliates to whom, and to the extent to which, such disclosure is necessary for the purposes contemplated under this Agreement.
6.5 The Client acknowledges and agrees that any identifiable and original idea or concept presented by the Agency in relation to any promotion or advertising campaign developed by the Agency shall be acknowledged as being available only for such promotion or campaign and shall not be used for any other purposes whatsoever without the Agency’s express prior written approval. Even where no promotion or campaign is agreed, the ideas and concepts presented to the Client shall remain strictly confidential and shall not be used in any way, including communication to any third party, without the Agency’s prior written approval.
6.6 The Agency shall have the right to publicly announce the key terms of the Agreement and may use non-Confidential Information as part of its marketing literature without the consent of the Client.
6.7 Neither party shall be in breach of this clause 6 if it discloses the other party’s Confidential Information in circumstances where such disclosure is required by law, regulation or order of a competent authority or regulatory body, provided that the other party is given reasonable advance notice of the intended disclosure and a reasonable opportunity to challenge the same.
7 Liability
7.1 Without prejudice to clause 7.2 the Agency’s maximum aggregate liability under or in connection with this Agreement, whether in contract, tort (including negligence) or otherwise, shall in no circumstances exceed one hundred percent (100%) of the Fees relating to the SoW under which such liability arises.
7.2 Nothing in this Agreement shall exclude or in any way limit either party’s liability for fraud, death or personal injury caused by its negligence or any other liability to the extent such liability may not be excluded or limited as a matter of law.
7.3 Without prejudice to clause 7.2, neither party shall be liable to the other party, whether in contract, tort (including negligence), breach of statutory duty, or otherwise for any Consequential Loss.
7.4 Without prejudice to clause 7.2, any and all claims, actions or other similar disputes brought by the Client against the Agency arising out of or in connection with this Agreement must be brought within twelve (12) months of the date of completion of the Services.
8 Intellectual Property Rights
8.1 The Agency acknowledges that ownership of Client Materials and ownership of all Intellectual Property Rights in any Client Materials (including any modifications or adaptations of such Client Materials produced in the course of providing the Services and Deliverables) shall remain vested in the Client or its licensors. The Client hereby grants to the Agency a non-exclusive licence during the Term to use the Client Materials solely for the purposes of providing the Services and Deliverables.
8.2 Subject to the remaining provisions of this clause 8 and subject to the Agency receiving payment of all Fees attributable to the Agency Materials the Agency hereby assigns (and in the case of copyright, by way of a present assignment of future copyright) all of the Intellectual Property Rights in the Agency Materials which are capable of being assigned together with the right to sue for past infringement of the Intellectual Property Rights in the Agency Materials.
8.3 The Client acknowledges that all Intellectual Property Rights in the Agency Proprietary Materials or direct improvements thereto which are used, improved or modified by the Agency under or during the term of this Agreement are the product of the Agency technical expertise possessed and developed by the Agency prior to or during the performance of this Agreement and are the sole and exclusive property of and vest in the Agency. Subject to the Agency receiving payment of all Fees attributable to the Agency Proprietary Materials licensed under this clause, the Agency hereby grants to the Client a licence to use such Agency Proprietary Materials and improvements thereto as are included in the Deliverables, in the Territory, solely for the purpose and the time period required to enjoy the rights in the Deliverables as envisaged under this Agreement.
8.4 Prior to delivery of the Deliverables, the Agency shall obtain such licences or consents in respect of Third Party Materials as shall be necessary in order that the Client can use such Third Party Materials for the purposes set out in the SoW. The Agency shall notify the Client of any restrictions on usage and any other contractual restrictions arising in respect of such Third Party Materials.
8.5 The Agency agrees, at the Client’s request and expense, to take all such actions and execute all such documents as are necessary (in the Client’s reasonable opinion) to enable the Client to obtain, defend or enforce its rights in the Deliverables, and shall not do or fail to do any act which would or might prejudice the Client’s rights under this clause 8.
8.6 To the extent permitted by law, and subject to the Agency receiving payment of all Fees attributable to the Agency Materials, the Agency shall ensure that all Moral Rights in the Agency Material included in the Deliverables are waived (or where not lawfully possible to waive Moral Rights, the Agency agrees not to assert any Moral Rights in respect of the Agency Materials). Subject to the Agency receiving payment of all Fees attributable to the Agency Materials, the Agency shall use its reasonable endeavours to ensure that all Moral Rights in Third Party Materials are waived (or where not lawfully possible to waive Moral Rights, to procure that Moral Rights are not asserted in respect of Third Party Materials), but if the Agency cannot obtain such waiver of (or agreement not to assert) such Moral Rights in respect of any Third Party Materials, the Agency will notify the Client and shall obtain the Client’s approval prior to incorporating such Third Party Materials into the Deliverables.
8.7 Notwithstanding any of the above and save as otherwise expressly provided for in a SoW, the Agency shall:
(a) be able to use any Deliverables which have been broadcast, published, distributed or otherwise made available to the public, and the Client’s name and logo for the purposes of promoting its work and its business including on the Agency’s website, in credentials pitches and in its showreel. Any other use by the Agency shall be subject to the Client’s prior approval; and
(b) retain all know how obtained in connection with the Services and Deliverables.
8.8 If the Agency is asked to take part in a competitive pitch or other similar process for the Client, then notwithstanding any of the previous provisions of this clause 8, the Agency shall retain ownership of all Intellectual Property Rights in any Materials
8.9 For the avoidance of doubt, the Agency shall not be liable under or in connection with this Agreement for any modifications, adaptations or amendments to any Deliverables made by the Client or by a third party on the Client’s behalf, nor in the event that any fault, error, destruction or other degradation in the quality and/or quantity of the Deliverables arises due to the acts or omissions of the Client and/or its Associates.
8.10 The terms of and obligations imposed by this clause 8 shall survive the termination of this Agreement for any reason.
9 Termination
9.1 Either party may terminate this Agreement without cause by giving not less than three (3) months’ written notice to the other party.
9.2 Either party may terminate this Agreement or any SoW immediately upon written notice to the other party:
(a) in the event of any material breach of this Agreement by the other party which breach is not remediable or, if remediable, is not remedied within twenty (20) days after the service by the party not in default of a written notice on the defaulting party, specifying the nature of the breach and requiring such breach to be remedied;
(b) if the other party suspends, or threatens to suspend payment of its debts or is unable to pay its debts as they fall due, or is deemed unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986;
(c) if the other party commences negotiations with all or any class of its creditors with a view to rescheduling any of its debts, or makes a proposal or enters into any compromise or arrangement with its creditors (other than for the sole purpose of a solvent reconstruction or a scheme for a solvent amalgamation of that other party with other companies);
(d) if a petition is filed, or a notice is given, or a resolution is passed or an order is made for or in connection with the winding up of that other party (other than for the sole purpose of a solvent reconstruction or a scheme for a solvent amalgamation of that other party with other companies); or
(e) if an application is made to court, or an order is made, for the appointment of an administrator, or if a notice of intention to appoint an administrator is given or if an administrator is appointed over the other party.
10 Consequences of Termination
10.1 Upon termination of this Agreement the Client shall pay the Agency all Fees, Expenses and Third Party Costs due to the Agency (in accordance with clause 5 where relevant) including during the notice period.
10.2 If prior to termination of the Agreement, the Agency has (at the request of the Client) prepared detailed plans or proposals for future Deliverables in respect of which the Agency has not been paid, the Agency shall be entitled to receive remuneration from the Client based on the Agency’s time spent preparing such plans or proposals and the Rate Card. Any handover work during the Termination Notice shall be at Clients reasonable cost at the agreed Rate Card.
10.3 Provisions of this Agreement which are either expressed to survive its termination or which from their nature or context are contemplated to survive termination shall remain in full force and effect notwithstanding termination of this Agreement.
11 Notices
11.1 Any notice or other communication given to a party under or in connection with this Agreement shall be in writing and shall be:
(a) delivered by hand or by pre-paid first-class post or other next working day delivery service at its registered office (if a company) or its principal place of business (in any other case); or
(b) sent by email to the address specified in the SoW.
11.2 Any notice or communication shall be deemed to have been received:
(a) if delivered by hand, on signature of a delivery receipt or at the time the notice is left at the proper address;
(b) if sent by pre-paid first-class post or other next working day delivery service, at 9.00 am on the second Business Day after posting or at the time recorded by the delivery service.
(c) if sent by email, at 9.00 am on the next Business Day after transmission.
11.3 This clause does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.
12 Data Protection
12.1 Each party warrants to the other that it is and will continue to comply with the terms of any applicable Data Protection Legislation and any other relevant data protection laws, legislation and regulation. For the purposes of this clause, “personal data” and “processes” shall have the meanings given under Data Protection Legislation.
12.2 The Client warrants and undertakes that it has all necessary rights to provide personal data to the Agency and to require the Agency to process personal data on its behalf.
12.3 Where appropriate, the parties shall enter into a separate data processing agreement to govern any data processing envisaged under the SoW.
13 General
13.1 Neither party may assign, transfer or charge or otherwise dispose of this Agreement or any of its rights or obligations arising hereunder without the prior written approval of the other party.
13.2 Both parties acknowledge and agree that neither party tolerates bribery in any form in connection with the conduct of its business. Breach of this clause shall be deemed a material breach of this Agreement. Each party shall comply with all applicable laws, statutes, regulations, codes and guidance relating to anti-bribery and anti-corruption, including the UK Bribery Act 2010, and promptly report to the other party any request or demand for any undue financial or other advantage of any kind received by that party in connection with the performance of this Agreement.
13.3 Unless expressly provided in this Agreement, no term of this Agreement is enforceable pursuant to the Contracts (Rights of Third Parties) Act 1999 by any person who is not a party to it.
13.4 This Agreement constitutes the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter.
13.5 Each party agrees that it shall have no remedies in respect of any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in this agreement. Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in this Agreement.
13.6 Except as expressly provided in this Agreement, each party shall pay its own costs incurred in connection with the negotiation, preparation, and execution of this Agreement and any documents referred to in it.
13.7 No variation of this Agreement shall be effective unless it is in writing and signed by the parties (or their authorised representatives).
13.8 A waiver of any right or remedy under this Agreement or by law is only effective if given in writing and shall not be deemed a waiver of any subsequent breach or default or a continuing waiver unless expressly confirmed in the waiver.
13.9 A failure or delay by a party to exercise any right or remedy provided under this Agreement or by law shall not constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict any further exercise of that or any other right or remedy. No single or partial exercise of any right or remedy provided under this agreement or by law shall prevent or restrict the further exercise of that or any other right or remedy.
13.10 Except as expressly provided in this Agreement, the rights and remedies provided under this Agreement are in addition to, and not exclusive of, any rights or remedies provided by law.
13.11 If any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of this Agreement.
13.12 Agreement is intended to, or shall be deemed to, establish any partnership or joint venture between any of the parties, constitute any party the agent of another party, or authorise any party to make or enter into any commitments for or on behalf of any other party.
13.13 Each party confirms it is acting on its own behalf and not for the benefit of any other person.
13.14 Each party shall, and shall use reasonable endeavours to procure that any necessary third party shall, promptly execute and deliver such documents and perform such acts as may reasonably be required for the purpose of giving full effect to this Agreement
13.15 This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales.
13.16 Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this agreement or its subject matter or formation (including non-contractual disputes or claims).
14 Definitions
“Affiliates” means any company, partnership or other entity which at any time directly or indirectly controls, is controlled by or is under common control with either party including as a subsidiary, parent or holding company.
“Agency Materials” means those Materials specifically created by the Agency for the purposes of a SoW by officers, employees or freelancers (including any Materials adapted, modified or derived from the Client Materials).
“Agency Proprietary Materials” means software (including all programming code in object and source code form), methodology, know-how and processes and Materials in relation to which the Intellectual Property Rights are owned by (or licensed to) the Agency and which are (i) in existence prior to the date on which it is intended to use them for a SoW, or (ii) created by or for the Agency outside of a SoW and which are intended to be reused across its business.
“Client Materials” means any data, client equipment, computer systems, software, documents, copy, Intellectual Property Rights, artwork, logos and any other materials or information owned by or licensed to the Client which are provided to the Agency by the Client.
“Consequential Loss” means loss of profit or anticipated profit, income, revenue, anticipating savings, goodwill or data, or incidental, consequential or punitive damages or losses, in each case whether direct or indirect and whether or not foreseeable.
“Data Protection Legislation”means (i) prior to 25 May 2018, the Data Protection Act 1998; (ii) from 25 May 2018, the General Data Protection Regulation (EU 2016/679) (“GDPR”) and any legislation which amends, re-enacts or replaces it in England and Wales; (iii) the Electronic Communications (EC Directive) Regulations 2003, together with any legislation which replaces it; (iv) at all times, any other data protection laws and regulations applicable in the England and Wales; and/or (v) in non-EU countries, any similar or equivalent laws, regulations or rules relating to information or data about individuals.
“Intellectual Property Rights” means copyright and related rights, trade marks and service marks, trade names and domain names, patents, rights to inventions, rights in get-up, rights to goodwill and to sue for passing off and unfair competition, rights in designs, rights in computer software, the “look and feel” of any websites, database rights, rights in confidential information (including know-how and trade secrets) and any other intellectual property rights, in each case whether registered or unregistered and including all applications (and rights to apply) for, and renewals or extensions of, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist, now or in the future, in any part of the world;
“Losses” means losses, damages, liabilities, claims, demands, actions, penalties, fines, awards, costs and expenses (including reasonable legal and other professional expenses), subject to clause 7.1 and 7.3.
“Materials” means any artwork, copy, models, designs, photographs, commercial, feature film, character, music, voice over, sound recording, performance, book, painting, logo, or any other material protected by Intellectual Property Rights, but not including any software.
“Moral Rights” means all rights described in Part I, Chapter IV of the Copyright Designs and Patents Act 1988 and any similar rights of authors anywhere in the world.
“Third Party Costs” means any third party costs required to perform the Services or supply the Deliverables.
“Third Party Materials” means those Materials owned or created by a third party to be used in the Services and/or Deliverables, but which excludes software which is owned or licensed by a third party.
February 2020
ID Insight Consulting
St George's Works, Colegate, Norwich, NR3 1DD, UK
Copyright © 2023 ID Insight Consulting - All Rights Reserved.