Contract Conditions & Schedules


1.1 Definitions:

“Business Day” means a day other than a Saturday, Sunday, or public holiday in England and Scotland, when banks in London are open for business.

“Charges” means the charges payable by the Data Controller (Customer) for the supply of the Services by the Data Processor (Supplier), as set out in the Contract Details.

“Completed Form” means a copy of the Data Processor’s (Supplier) standard Customer Engagement Form, completed by the Data Controller, (Customer) and signed by an authorised representative of the Data Controller in Section 8.

“Conditions” means these terms and conditions set out in clause 1 (Interpretation) to clause 10 (General) (inclusive).

“Contract” means the Supply of Services Contract between the Data Controller (Customer) and the Data Processor (Supplier) for the supply of the Services in accordance with the Contract Details and these Conditions and any Schedules.

“Control” has the meaning given in section 1124 of the Corporation Tax Act 2010, and the expression change of control shall be construed accordingly.

“Customer Materials” means all materials, equipment, and assets (including Data Bearing Assets) supplied by the Customer to the Supplier.

“Data Bearing Assets” means anything listed in section 4 of the Completed Form under the headings PC’s, Media, Monitors, Printers/Scanners or Network/Telecoms (or anything under any other heading in section 4 which is specifically identified by the Customer in the Completed Form as being a Data Bearing Asset).

“Data Controller” means “controller” as defined in Article 4 (7) of the GDPR; Can also be referred to as “Customer”.

“Data Processor” means “processor” as defined in Article 4 (8) of the GDPR; Can also be referred to as “Supplier”.

“Deliverables” means all documents, products and materials developed by the Supplier or its agents, subcontractors, and personnel as part of or in relation to the Services in any form, including without limitation computer programs, data, reports, and specifications (including drafts) and the Key Deliverables set out in the Contract Details.

“Intellectual Property Rights” means patents, utility models, rights to inventions, copyright and neighbouring and related rights, moral rights, trademarks and service marks, business names and domain names, goodwill and the right to sue for passing off or unfair competition, rights in designs, rights in computer software, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.

“Saleable Items” means all Customer Materials save for any expressly excluded in the Contract Details.

“Services” means the services, including without limitation any Deliverables, to be provided by the Supplier pursuant to the Contract, as described in the Contract Details.

“Services Start Date” means the day on which the Data Processor (Supplier) is to start provision of the Services, as set out in the Contract Details.

“Supplier IPRs” means all Intellectual Property Rights subsisting in the Deliverables excluding any Customer Materials incorporated in them.

1.2 Interpretation:

1.2.1 A reference to legislation or a legislative provision: is a reference to it as amended, extended or re-enacted from time to time; and shall include all subordinate legislation made from time to time under that legislation or legislative provision.

1.2.2 Any words following the terms including, include, in particular, for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.

1.2.3 A reference to writing or written includes email.


The Contract shall commence on the date when it has been signed by both parties and shall continue, unless terminated earlier in accordance with its terms, until all the Services have been completed. Those clauses which expressly or by implication continue in force after expiry or termination (including without limitation clause 8) shall so continue.


3.1 The Data Processor (Supplier) shall supply the Services to the Data Controller (Customer) from the Services Start Date in accordance with the Supply of Services Contract or the Customer Engagement Form.

3.2 The Supplier shall:

3.2.1 perform the Services with reasonable care and skill;

3.2.2 observe all reasonable health and safety rules and regulations and security requirements that apply at any of the Customer’s premises (at which Services are to be performed) and have been communicated to the Supplier, provided that the Supplier shall not be liable under the Contract if, as a result of such observation, it is in breach of any of its obligations under the Contract; and

3.2.3 take reasonable care of all Customer Materials in its possession.

3.3 In performing the Services, the Data Processor shall use the method(s) of sanitation of data from Data Bearing Assets set out in the Supply of Services Contract or Customer Engagement Form. Where no method is specified in the Contract or Engagement Form, then the Supplier shall have absolute discretion as to the method to be used, and the Customer shall have no remedy against the Supplier if it is dissatisfied with the method chosen. For information, typical methods used by the Supplier for different Data Bearing Assets include disintegration, incineration, shredding, degaussing, crushing, punching, and overwriting.


4.1 The Data Controller (Customer) shall:

4.2 Co-operate with the Data Processor (Supplier) in all matters relating to the Services.

4.2.1 provide, for the Supplier, its agents, subcontractors, consultants, and employees, in a timely manner and at no charge, access to the Customer’s premises, office accommodation, data and other facilities as required by the Supplier.

4.2.2 ensure that (save where otherwise agreed in writing by the Supplier) all Customer Materials to be collected are grouped in a single location within the applicable premises, with step-free pallet access and close to an exit from the premises.

4.2.3 ensure that the Customer’s Representative identified in the Contract Details is available at site on the date nominated by the Supplier (or its delivery contractor) for collection, to facilitate that collection.

4.2.4 provide, in a timely manner, such information as the Supplier may require, and ensure that it is accurate and complete in all material respects.

4.2.5 fully and accurately complete and sign (by an authorised representative) prior to each collection of Customer Materials and/or Saleable Items a Completed Form.

4.2.6 provide the Supplier with its SIC Code and Hazardous Waste Producer Number at the time of sending the Supplier the Completed Form.

4.2.7 not less than 5 Business Days prior to the date nominated by the Supplier (or its delivery contractor) for collection of the Customer Materials, inform the Supplier in writing whether: any of the Customer Materials could cause damage or injury to persons or property. any of the Customer Materials are hazardous (and if so the applicable European Waste Catalogue Code(s)); and any of the Customer Materials are dangerous goods (meaning those goods in respect of which the European Agreement concerning the International Carriage of Dangerous Goods by Road either prohibits or restricts their carriage); and

4.3 ensure that no hazardous items are included within the Customer Materials save those items under EWC codes 09 01 11* (single-use cameras containing batteries included in 16 06 01, 16 06 02 or 16 06 03), 16 02 09* (transformers and capacitors containing PCBs), 16 02 10* (discarded equipment containing or contaminated by PCBs other than those mentioned in 16 02 09) 16 02 11* (discarded equipment containing chlorofluorocarbons, hydrochlorofluorocarbons and hydrofluorocarbons), 16 02 12* (discarded equipment containing free asbestos), 16 02 13* (discarded equipment containing hazardous components other than those mentioned in 16 02 09 to 16 02 12), 16 02 15* (hazardous components removed from discarded equipment), 16 06 01* (lead batteries), 16 06 02* (Ni-cad batteries), 16 06 03* (mercury-containing batteries), 20 01 21* (fluorescent tubes and other mercury-containing waste), 20 01 23* (discarded equipment containing chlorofluorocarbons), 20 01 33* (Batteries and accumulators included in 16 06 01, 16 06 02 or 16 06 03 and unsorted batteries and accumulators containing these batteries) and 20 01 35* (discarded electrical and electronic equipment other than those mentioned in 20 01 21 and 20 01 23 containing hazardous components); in each case save with the Supplier’s prior agreement.

4.4 Without prejudice to the generality of clause 4.1, the Customer acknowledges that the Supplier will not review or have logical access to any personal data contained within Customer Materials. The Customer warrants and undertakes to the Supplier that it has all necessary consents and rights to transfer all personal data present on or in the Customer Materials to the Supplier, and to authorise the Supplier to exercise its contractual rights and perform its contractual obligations hereunder in respect thereof. The Customer hereby indemnifies and holds the Supplier harmless from and against all cost, expense and liability of any nature whatsoever arising out of or relating to any non-compliance with the warranty or undertaking in this clause 4.2 by the Customer.

4.5 In respect of any data held on Customer Materials which the Customer wishes to retain, the Customer must take back-up or duplicate copies of such data before providing the applicable Customer Materials to the Supplier. The Customer irrevocably confirms its understanding that such data may no longer be visible or recoverable from the Customer Materials after they are collected by the Supplier. The Customer hereby acknowledges that the Supplier will not have logical access to the data stored on any Customer Materials. Accordingly, it is entirely the responsibility of the Customer to ensure that the performance of the Services in respect of such data is in compliance with all Applicable Laws (as defined in Schedule 1 hereto).

4.6 If the Supplier’s performance of its obligations under the Contract is prevented or delayed by any act or omission of the Customer, its agents, subcontractors, consultants or employees, the Supplier shall:

4.6.1 not be liable for any costs, charges or losses sustained or incurred by the Customer that arise directly or indirectly from such prevention or delay.

4.6.2 be entitled to payment of the Charges despite any such prevention or delay.

4.6.3 be entitled to recover any additional costs, charges, or losses the Supplier sustains or incurs that arise directly or indirectly from such prevention or delay; and

4.6.4 in respect of any Customer Materials which are non-compliant with clause 4.3, the Supplier may refuse to accept and/or perform the Services in respect thereof.


Schedule 1 sets out the rights and responsibilities of each party in respect of the protection of personal data.


6.1 The Supplier and its licensors shall retain ownership of all Supplier IPRs. The Customer and its licensors shall retain ownership of all Intellectual Property Rights in the Customer Materials.

6.2 The Supplier grants the Customer or shall procure the direct grant to the Customer of, a fully paid-up, worldwide, non-exclusive, royalty-free, licence to use the Supplier IPRs to the extent necessary for the purpose of receiving and using the Services and the Deliverables in the Customer’s business during the term of the Contract.

6.3 The Customer grants the Supplier a fully paid-up, worldwide, non-exclusive, royalty-free, non-transferable, sub-licensable licence to copy and modify the Customer Materials for the term of the Contract for the purpose of providing the Services to the Customer in accordance with the Contract.


7.1 In consideration for the provision of the Services, the Customer shall pay the Supplier the Charges in accordance with this clause 7.

7.2 All amounts payable by the Customer exclude amounts in respect of value added tax (VAT), which the Customer shall additionally be liable to pay to the Supplier at the prevailing rate (if applicable), subject to receipt of a valid VAT invoice.

7.3 The Supplier shall submit invoices for the Charges plus VAT if applicable to the Customer monthly in arrears, on or after the 1st day of each month or (if applicable) at the intervals specified in the Contract Details.

7.4 The Customer shall pay each invoice due and submitted to it by the Supplier, within 14 days of receipt, to a bank account nominated in writing by the Supplier.

7.5 If the Customer fails to make any payment due to the Supplier under the Contract by the due date for payment, then, without limiting the Supplier’s remedies under clause 9:

7.5.1 the Customer shall pay interest on the overdue sum from the due date until payment of the overdue sum, whether before or after judgment. Interest under this clause will accrue each day at 4% a year above the Bank of England’s base rate from time to time, but at 4% a year for any period when that base rate is below 0%.

7.5.2 the Supplier may suspend all Services until payment has been made in full.

7.6 All amounts due under the Contract from the Customer to the Supplier shall be paid by in full without any set-off, counterclaim, deduction or withholding (other than any deduction or withholding of tax as required by law).

7.7 The Supplier shall be entitled to amend the rates on which the Charges are based not more than once per calendar year, on the provision of 14 days prior notice to the Customer.

7.8 The additional terms at Schedule 2 shall apply in relation to all Saleable Items.


8.1 The Supplier has obtained insurance cover in respect of its own legal liability for individual claims not exceeding £5 million per claim. The Supplier has been unable to obtain insurance in respect of certain types of loss at a commercially viable price. The limits and exclusions in this clause reflect the insurance cover the Supplier has been able to arrange, and the Customer is responsible for making its own arrangements for the insurance of any excess loss.

8.2 References to liability in this clause 8 include every kind of liability arising under or in connection with the Contract, whether direct or indirect, including but not limited to liability in contract, tort (including negligence), misrepresentation, restitution or otherwise.

8.3 Nothing in the Contract limits or excludes any liability to the extent that such liability cannot legally be limited or excluded.

8.4 Subject to clause 8.3, the Supplier’s liability for the following types of loss is wholly excluded:

8.4.1 loss of profits or revenue.

8.4.2 loss of sales or business.

8.4.3 loss of opportunity.

8.4.4 loss of agreements or contracts.

8.4.5 loss of anticipated savings or increased costs.

8.4.6 loss of use or corruption of software, data, or information.

8.4.7 loss of or damage to goodwill or reputation.

8.4.8 pure economic loss; and

8.4.9 indirect or consequential loss.

8.5 Subject to 8.3 and without prejudice to clause 8.4:

8.5.1 the Supplier’s total aggregate liability to the Customer arising out of or relating to any breaches by the Supplier of Applicable Data Protection Laws (as defined in Schedule 2 hereto) shall not exceed £5 million.

8.5.2 the Supplier’s total aggregate liability to the Customer arising out of or relating to property damage caused by the negligence or breach of the Contract by the Supplier shall not exceed £5 million; and

8.5.3 the Supplier’s total aggregate liability to the Customer arising out of or relating to any matter not set out in clauses 8.5.1 or 8.5.2 shall not exceed the total Charges paid by the Customer under this Contract.

8.6 The Supplier has given commitments as to compliance of the Services with relevant standards in clause 3. In view of these commitments, the terms implied by sections 3, 4 and 5 of the Supply of Goods and Services Act 1982 are, to the fullest extent permitted by law, excluded from the Contract.

8.7 Unless the Customer notifies the Supplier that it intends to make a claim in respect of an act, omission or event within the notice period, the Supplier shall have no liability for that act, omission, or event. The notice period for an act, omission or event shall start on the day on which the Customer became, or ought reasonably to have become, aware of the act, omission or event having occurred and shall expire 28 days from that date. The notice must be in writing and must identify the act, omission or event and the grounds for the claim in reasonable detail.

8.8 Where the Customer is procuring some or all of the Services for or on behalf of one or more persons (each an “End User”), then the Customer shall indemnity the Supplier and hold it harmless from and against any and all liability to an End User where such liability is:

8.8.1 A duplication of liability owed by the Supplier to the Customer; or

8.8.2 In excess of the liability that the Supplier would owe to the Customer if the Customer were in the position of the End User.


9.1 Without affecting any other right or remedy available to it, either party to the Contract may terminate it with immediate effect by giving written notice to the other party if:

9.1.1 the other party commits a material breach of any term of the Contract which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 28 days after being notified in writing to do so;

9.1.2 the other party takes any step or action in connection with its entering administration, provisional liquidation or any composition or arrangement with its creditors (other than in relation to a solvent restructuring), applying to court for or obtaining a moratorium under Part A1 of the Insolvency Act 1986, being wound up (whether voluntarily or by order of the court, unless for the purpose of a solvent restructuring), having a receiver appointed to any of its assets or ceasing to carry on business or, if the step or action is taken in another jurisdiction, in connection with any analogous procedure in the relevant jurisdiction; or

9.1.3 the other party suspends, or threatens to suspend, or ceases or threatens to cease to carry on all or a substantial part of its business.

9.2 Without affecting any other right or remedy available to it, the Supplier may terminate the Contract with immediate effect by giving written notice to the Customer if:

9.2.1 the Customer fails to pay any amount due under the Contract on the due date for payment.

9.2.2 there is a change of control of the Customer; or

9.2.3 the Customer’s financial position deteriorates to such an extent that in the Supplier’s opinion the Customer’s capability to adequately fulfil its obligations under the Contract has been placed in jeopardy.

9.3 On termination of the Contract for whatever reason:

9.3.1 the Customer shall immediately pay to the Supplier all of the Supplier’s outstanding unpaid invoices and interest and, in respect of Services supplied but for which no invoice has been submitted, the Supplier may submit an invoice, which shall be payable immediately on receipt.

9.3.2 any provision of the Contract that expressly or by implication is intended to come into or continue in force on or after termination or expiry of the Contract shall remain in full force and effect; and

9.3.3 termination or expiry of the Contract shall not affect any of the rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination or expiry, including the right to claim damages in respect of any breach of the Contract which existed at or before the date of termination or expiry.


10.1 Force majeure. Neither party shall be in breach of the Contract nor liable for delay in performing, or failure to perform, any of its obligations under the Contract if such delay or failure result from events, circumstances or causes beyond its reasonable control.

10.2 Assignment and other dealings.

10.2.1 The Customer shall not assign, transfer, charge, subcontract, declare a trust over or deal in any other manner with any or all of its rights and obligations under the Contract without the Supplier’s prior written consent.

10.2.2 The Supplier may at any time assign, transfer, charge, subcontract, declare a trust over or deal in any other manner with any or all of its rights under the Contract.

10.3 Confidentiality.

10.3.1 Each party undertakes that it shall not at any time disclose to any person any confidential information concerning the business, affairs, customers, clients or suppliers of the other party, except as permitted by this clause 10.3.

10.3.2 Each party may disclose the other party’s confidential information: to its employees, officers, representatives, contractors, subcontractors or advisers who need to know such information for the purposes of carrying out the party’s obligations under the Contract. Each party shall ensure that its employees, officers, representatives, contractors, subcontractors or advisers to whom it discloses the other party’s confidential information comply with this clause 10.3; and as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority.

10.3.3 Neither party shall use any other party’s confidential information for any purpose other than to perform its obligations under the Contract.

10.4 Entire agreement.

10.4.1 The Contract constitutes the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter.

10.4.2 Each party acknowledges that in entering into the Contract it does not rely on and shall have no remedies in respect of any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in the Contract. Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in the Contract.

10.5 Variation. No variation of the Contract shall be effective unless it is in writing and signed by the parties (or their authorised representatives).

10.6 Waiver.

10.6.1 A waiver of any right or remedy under the Contract or by law is only effective if given in writing and shall not be deemed a waiver of any subsequent right or remedy.

10.6.2 A failure or delay by a party to exercise any right or remedy provided under the Contract or by law shall not constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict any further exercise of that or any other right or remedy. No single or partial exercise of any right or remedy provided under the Contract or by law shall prevent or restrict the further exercise of that or any other right or remedy.

10.7 Severance. If any provision or part-provision of the Contract is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause 10.7 shall not affect the validity and enforceability of the rest of the Contract.

10.8 Notices.

10.8.1 Any notice given to a party under or in connection with the Contract shall be in writing and shall be: delivered by pre-paid first-class post or other next working day delivery service at its registered office (if a company) or its principal place of business (in any other case); or sent by email to the address specified for its representative in the Contract Details.

10.8.2 Any notice shall be deemed to have been received: if sent by pre-paid first-class post or other next working day delivery service, at 9.00 am on the second Business Day after posting; or if sent by email, at the time of transmission, or, if this time falls outside business hours in the place of receipt, when business hours resume. In this clause, business hours means 9.00am to 5.00pm Monday to Friday on a day that is not a public holiday in the place of receipt.

10.8.3 This clause 10.8 does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.

10.9 Third party rights. The Contract does not give rise to any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of the Contract.

10.10 Non-solicitation. The Customer undertakes that it will not, and that it will procure that no company under common control with it shall, within 2 years of the Services Start Date, employ or engage (directly or indirectly) in any capacity any person who is a current employee of the Supplier or has been an employee of the Supplier within the preceding 12 months, save with the Supplier’s consent. The Supplier may require payment of a fee equivalent to the salary of the applicable employee at the time he or she ceased or would cease to be an employee of the Supplier, as a condition of granting such consent.

10.11 Governing law. The Contract, and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation, shall be governed by, and construed in accordance with the law of England and Wales.

10.12 Jurisdiction. Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with the Contract or its subject matter or formation.  



“Applicable Laws” means:

(a) To the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom.

(b) To the extent EU GDPR applies, the law of the European Union or any member state of the European Union to which the Supplier is subject.

“Applicable Data Protection Laws” means:

(a) To the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom which relates to the protection of personal data.

(b) To the extent the EU GDPR applies, the law of the European Union or any member state of the European Union to which the Supplier is subject, which relates to the protection of personal data.

“Customer Personal Data” means any personal data which the Supplier processes in connection with this Contract.

“EU GDPR” means the General Data Protection Regulation ((EU) 2016/679).

“Purpose ” means the purposes for which the Customer Personal Data is processed, as set out in Paragraph 1.8.1.

“UK GDPR” has the meaning given to it in the Data Protection Act 2018.


11.1 For the purposes of this paragraph 1, the terms controller, processor, data subject, personal data, personal data breach and processing shall have the meaning given to them in the UK GDPR.

11.2 Both parties will comply with all applicable requirements of Applicable Data Protection Laws. This paragraph 1 is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under Applicable Data Protection Laws.

11.3 The parties have determined that, for the purposes of Applicable Data Protection Laws, the Supplier shall process the Customer Personal Data as a processor on behalf of the Customer.

11.4 Should the determination in paragraph 1.3 change, then each party shall work together in good faith to make any changes which are necessary to this paragraph 1 or the remainder of this schedule.

11.5 By entering into this Contract, the Customer consents to (and shall procure all required consents, from its personnel, representatives and agents, in respect of) all actions taken by the Supplier in connection with the processing of Customer Personal Data, provided these are in compliance with the then-current version of the Supplier’s privacy policy available at (Privacy Policy). In the event of any inconsistency or conflict between the terms of the Privacy Policy and this Contract, the Privacy Policy will take precedence.

11.6 Without prejudice to the generality of paragraph 1.2, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Customer Personal Data to the Supplier for the duration and purposes of this Contract.

11.7 In relation to the Customer Personal Data, paragraph 2 sets out the scope, nature and purpose of processing by the Supplier, the duration of the processing and the types of personal data and categories of data subject.

11.8 Without prejudice to the generality of paragraph 1.2 the Supplier shall, in relation to Customer Personal Data:

11.8.1 process that Customer Personal Data only on the documented instructions of the Customer, which (in the absence of alternative written instructions) shall be to process the Customer Personal Data for the purposes set out in paragraph 2, unless the Supplier is required by Applicable Laws to otherwise process that Customer Personal Data. Where the Supplier is relying on Applicable Laws as the basis for processing Customer Processor Data, the Supplier shall notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Provider from so notifying the Customer on important grounds of public interest. The Supplier shall inform the Customer if, in the opinion of the Supplier, the instructions of the Customer infringe Applicable Data Protection Legislation;

11.8.2 implement the technical and organisational measures set out in paragraph 3 to protect against unauthorised or unlawful processing of Customer Personal Data and against accidental loss or destruction of, or damage to, Customer Personal Data, which the Customer has reviewed and confirms are appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures;

11.8.3 ensure that any personnel engaged and authorised by the Supplier to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory or common law obligation of confidentiality;

11.8.4 assist the Customer insofar as this is possible (taking into account the nature of the processing and the information available to the Supplier), and at the Customer’s cost and written request, in responding to any request from a data subject and in ensuring the Customer’s compliance with its obligations under Applicable Data Protection Laws with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;

11.8.5 notify the Customer without undue delay on becoming aware of a personal data breach involving the Customer Personal Data;

11.8.6 at the written direction of the Customer, delete or return Customer Personal Data and copies thereof to the Customer on termination of the Contract unless the Supplier is required by Applicable Law to continue to process that Customer Personal Data. For the purposes of this paragraph 1.8.6 Customer Personal Data shall be considered deleted where it is put beyond further use by the Supplier; and

maintain records to demonstrate its compliance with this paragraph 1 and allow for reasonable audits by the Customer or the Customer’s designated auditor, for this purpose, on reasonable written notice and at the Customer’s cost and expense.

11.9 The Customer hereby provides its prior, general authorisation for the Supplier to appoint processors to process the Customer Personal Data, provided that the Supplier:

11.9.1 shall ensure that the terms on which it appoints such processors comply with Applicable Data Protection Laws, and are consistent with the obligations imposed on the Supplier in this paragraph 1;

11.9.2 shall remain responsible for the acts and omission of any such processor as if they were the acts and omissions of the Supplier; and

11.9.3 shall inform the Customer of any intended changes concerning the addition or replacement of the processors, thereby giving the Customer the opportunity to object to such changes provided that if the Customer objects to the changes and cannot demonstrate, to the Supplier’s reasonable satisfaction, that the objection is due to an actual or likely breach of Applicable Data Protection Law, the Customer shall indemnify the Supplier for any losses, damages, costs (including legal fees) and expenses suffered by the Supplier in accommodating the objection. The current list of potential processors can be found at

11.10 For the avoidance, the limits and exclusions of liability set out at clause 8 of the Conditions shall apply in respect of the obligations of the Supplier under this Schedule.


12.1 The Customer shall determine the categories of personal data processed, and the data subjects to which they relate, by the data present on the Customer Materials when handed over to the Supplier. Limited further personal data such as names and email addresses may also be provided as part of the arrangement and performance of the Contract.

12.2 The Customer shall also determine the duration of the data processing service and the nature and purpose of the processing for the supplier.

12.3 The Supplier shall process that personal data to the minimum extent reasonably necessary to perform its obligations and exercises its rights under the Contract. The specific method of processing to occur in respect of Data Bearing Assets should be selected by the Customer in the Completed Form.


13.1 As a minimum, the Supplier shall apply the following measures (as applicable to the relevant Services):

13.1.1 Secure transport of collected materials in GPS-tracked vehicles;

13.1.2 Security cleared staff;

13.1.3 Sign-off manifest for Customer Materials leaving site;

13.1.4 Asset tracking of all Data Bearing Assets;

13.1.5 Customer visibility of Customer Materials’ status via portal;

13.1.6 Data-bearing cage for Data Bearing Assets;

13.1.7 Secure site with 24 CCTV cameras under 24/7/365 monitoring;

13.1.8 Failsafe in place to check and certify processing of Data Bearing Assets prior to release by the Supplier;

13.1.9 Random sampling of Data Bearing Assets after erasure; and

13.1.10 In-house destruction to NPSA standards.


14.1 The Supplier warrants that, during the term of the Contract, it shall maintain the following qualifications (or functional equivalents):

14.1.1 ISO 27001:2013, ISO 14001:2015 and ISO 9001:2015, each certified by a UKAS accredited certification body.

14.1.2 Cyber Essentials certification by a CREST approved organisation.

14.1.3 ADISA ICT Asset Recovery Standard 8.0 certification – Minimum DIAL 1

14.1.4 SAFE Contractor Accreditation.

14.1.5 ICO Registration (Ref: Z9840642).

14.1.6 Environmental Permit issued by the Environment Agency under The Environmental Permitting (England and Wales) Regulations 2016 or Registration of Exemption issued by SEPA under The Waste Management Licensing (Scotland) Regulations 2011.

14.1.7 Environment Agency approved Authorised Treatment Facility; and

14.1.8 Upper Tier waste carrier, broker & dealer registration.


15.1 Each job processed within ADISA standards is assigned a Data Impact Assurance Level (DIAL). The Customer generates a DIAL rating based on these key decisions/factors: (i) threat; (ii) risk appetite; (iii) category of data; (iv) volume of data; (v) business impact. This produces a rating for level of destruction/recycling required by the Customer:

15.1.1 DIAL 1 – most cost-effective.

15.1.2 DIAL 2 – balanced cost and security; and

15.1.3 DIAL 3 – most secure.



1.1 The Customer shall ensure that the Saleable Items shall:

1.1.1 correspond with their description in the Completed Form; and

1.1.2 be of satisfactory quality (within the meaning of the Sale of Goods Act 1979, as amended) and fit for any purpose held out by the Customer expressly or by implication.

1.1.3 Have all endpoint and remote management controls and/or BIOS passwords removed from all saleable items prior to acceptance by the Supplier.


2.1 The Customer shall ensure that:

2.1.1 the Saleable Items are properly packed and secured in such manner as to enable them to reach their destination in good condition; and

2.1.2 each consignment of the Saleable Items is accompanied by a packing note which shows the Contract number (if any), the type and quantity of the Saleable Items, special storage instructions (if any) and, if the Saleable Items are being collected by instalments, the outstanding balance of Saleable Items remaining to be collected.

2.2 The Customer shall ensure that the Supplier is able to collect the Saleable Items on any agreed date and from any agreed location, or in the absence of such agreement from the Customer’s usual business premises on reasonable notice from the Supplier.

2.3 Collection of the Saleable Items shall be completed on the completion of loading the Saleable Items onto the Supplier’s vehicle (or that of its delivery contractor).

2.4 The Customer shall not make the Saleable Items available for collection in instalments without the Supplier’s prior written consent.


Title and risk in the Saleable Items shall pass to the Supplier on completion of collection.


4.1 No payment shall be due from the Supplier to the Customer in respect of the transfer of ownership of the Saleable items. The Customer irrevocably acknowledges that performance of Services provides valid consideration in respect of such transfer.

4.2 Following completion of any Services applicable to the relevant Saleable Items:

4.2.1 The Supplier shall offer the Saleable Items for sale by such means, and on such terms, as it shall consider appropriate in its absolute discretion; an

4.2.2 The Supplier may deduct from the proceeds of any such sale its costs and expenses incurred in respect of such Saleable Items (including without limitation storage, insurance and sale fees/commission);

4.2.3 From the remaining proceeds of sale, the Supplier may retain the percentage set out in the Contract Details; and

4.2.4 Subject to the Supplier’s right of set-off in respect of any unpaid invoices or other sums owed by the Customer to the Supplier (if any), the Supplier shall promptly transfer the remaining proceeds to the Customer’s nominated bank account.


5.1 The Customer shall indemnify the Supplier against all liabilities, costs, expenses, damages and losses (including but not limited to any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal costs (calculated on a full indemnity basis) and all other professional costs and expenses) suffered or incurred by the Supplier as a result of or in connection with:

5.1.1 any claim made against the Supplier for actual or alleged infringement of a third party’s intellectual property rights arising out of or in connection with the supply or use of the Saleable Items;

5.1.2 any claim made against the Supplier by a third party for death, personal injury or damage to property arising out of or in connection with the Saleable Items; and

5.1.3 any other claim made against the Supplier by a third party arising out of or in connection with the supply of the Saleable Items, to the extent that such claim arises out of the negligence, breach, or failure or delay in performance of the Contract by or of the Supplier, its employees, agents or subcontractors.


6.1 For the avoidance of doubt, where the Contract is terminated (for any reason):

6.1.1 The title in respect of all Saleable Items shall remain with the Supplier; and

6.1.2 If the Supplier sells the Saleable Items after termination, paragraph 4 of this Schedule shall continue to apply in respect of the sale proceeds.

For any queries relating to the Terms and Conditions or specifically for ITAD services, please get in touch.