Who are we?
SCANNELL is an online Quality, Environment, Health and Safety (QEHS) management software system and service designed to enable businesses or organisations to control safety, sustainability and quality within the scope of their business activities.
Scannell Solutions Limited (“we”) is a business registered in the Republic of Ireland and based in Cork.
All our data is held within the EU.
We are committed to conducting business in accordance with all applicable Data Protection laws and regulations, and in line with the highest standard of ethical behaviour.
We aim for our personal data collection to be always transparent, legitimate and efficient in its use.
The Office of the Data Protection Commissioner and the European Union General Data Protection Regulation (“GDPR”) outline principles of data processing which are binding on companies based in Ireland, particularly when handling any “Personal Data” which we may process on behalf of our clients (the “data controller”) in our role as “data processor”.
GDPR states that processing is lawful if:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
- processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Any extracts from legislation are intended to provide information and do not purport to be a legal interpretation. You are advised to seek professional legal advice before acting upon any information contained on this page ensuring that all individual circumstances are taken into account. The authority of the law rests solely in the original printed enactment and subordinate legislation.
Data Protection and Security in the Cloud
Data Protection and Security in the Cloud is a shared responsibility between:
- Cloud Provider who provide and manage the infrastructure (in our case this is Amazon AWS)
- Scannell Solutions who provide the application and database
We use appropriate technical and organisational measures to protect the data.
Information in “transit” (moving across the internet) and “at rest” (in the database) is encrypted using a secure algorithm making it unreadable without a valid key.
Personal Information and Privacy
The SCANNELL software/service permits our clients to input, upload, store, share and manage information (“Customer Data”) through the system. We have no control over the information contained within the Customer Data, including any Personal Data.
“Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Customers need to be aware of the types of Personal Data that they may input and their responsibilities as a “data controller” under GDPR.
WHAT TYPES OF PERSONAL DATA MAY BE HELD IN SCANNELL?
Typically, Customers are inputting this information (data) because it is necessary for compliance with a legal obligation to which they are subject and is necessary to protect the vital interests (e.g. safety and health) of the data subject or of another natural person.
In general, Customers should also consider use of “pseudonymisation” that is ensuring the personal data can no longer be attributed to a specific data subject (person) without the use of additional information.
For a person to use the SCANNELL system we need to obtain certain information to authenticate that user and their access rights, and to maintain an audit trail (for the Customer) within the system. This may include a name, email address and role. This information is obtained from the Customer with their consent. In some cases, Customers interface with their own user directories (for example Active Directory or an external HR system). Passwords are not visible to us.
Part of the core functionality of the system involves sending out emails in relation to various actions required. Customers can configure this use. We keep emails to a minimum, conscious of the level of information users receive during their daily work, by consolidating any repeat emails weekly into a single mail.
The INCIDENT module may contain data relating to work-related accidents or injuries sustained by employees or others.
Depending on how the system is configured, each incident may contain the name of the Person (or People) Involved Name(s) and/or Employee ID(s) and, in the case of an injury, a description of the injury sustained. There may be related attachments which can include photos and reports.
“Incidents” can be made “Confidential” the effect of which is to hide the above fields and attachments other than for users with Confidential Access Rights.
The RISK module may be used to undertake pre-natal risk assessments, ergonomic and other types of risk assessments.
These may include the employee name, a series of checklists on potential hazards to which the employee is or is not exposed together with recommendations and comments made by the Customer’s assessor.
Risk Assessments can be made “Confidential” the effect of which is to hide the whole assessment other than for users with Confidential Access Rights.
HOW ELSE DO WE COLLECT YOUR DATA?
Most of the personal information we collect for sales purposes (name and contact details) is obtained directly from you, although we do also collect or validate personal data from publicly available sources.
When you visit our websites, we do collect data:
- Personal information (contact details) that you provide to us directly as part of the normal sales process, for example, when we ask for your contact information.
- Company level information that helps us get a better understanding of what potential customers find interesting.
We also collect contact details from trade shows and other such events.
Information is held the CRM system (Salesforce) that we use.
How we use your data?
First and foremost, we use your personal data to operate to provide you with services requested by your employer, and to manage our relationship with you.
We are obviously in the business of selling our services, which we genuinely believe make workplaces a better place, and that means contacting potential business customers.
In addition to sending you marketing communications, we may also use your personal data to display targeted advertising to you online – through our own websites and services or through third party websites and their platforms.
We do not provide your data to third parties unless specifically required to do so legally (e.g. by court order).
The length of time we keep your personal data depends on what it is and whether we have an ongoing business need (“legitimate interest”) to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal requirements).
We’ll retain your personal data for as long as we have a relationship with you and for an appropriate period afterwards where we have an ongoing business need to retain it. Following that period, we’ll make sure it’s deleted.
Cookies are small text files that are placed on your computer, smartphone or other device when you access the internet. They are designed to enhance and customise your experience as a user and that’s how we use them.
Two types of cookies are typically used:
- Session Cookies – temporary cookies that expire when you close your browser.
- Persistent Cookies which remain on your device after you have visited our website.
None of the cookies we use contain personal information and cannot be used to identify you.
The cookies used as part of the SCANNELL Software/Service are mostly session cookies. There are some cookies which persist but expire after 20 days. These do not contain personal data or any other data which we would extract for other purposes.
Cookies enable users to navigate around websites and (where appropriate) enable us to tailor the content to fit the needs of visitors who have accessed the site and help us improve the user experience. Without cookies enabled we cannot guarantee that the website and your experience whilst visiting are as we intended it to be.
- Session cookies help the Scannell Solutions Limited website remember what you chose on the previous page, therefore avoiding the need to re-enter information and improve your experience whilst using the site.
- Persistent cookies help us identify you as a unique visitor.
We also use a web analytics service (e.g. Google Analytics) to help us to analyse how users visit the site and to monitor and manage our Website Traffic to understand how our advertising campaigns and promotions are working and to improve our site design, offers and promotions.
Most advertising networks offer you the option to opt out of targeted advertising.
How to control and delete cookies
If you wish to restrict or block the cookies which are set by us, or indeed any other website, you can do this through your browser settings. The Help function within your browser should tell you how to do this.
You can manage your cookie settings by following your browser’s instructions. Here are some links that might be of assistance:
- Google Chrome
- Microsoft Internet Explorer
- Mozilla Firefox
Please be aware that this may prevent the website or SCANNELL Software from working correctly or at all.
Please read them carefully.
These Terms are binding on any use of the Service or Software and apply to You from the time that you access the Service or Software.
By registering to use the Service or purchasing a Software Licence you acknowledge that You have read and understood these Terms and have the authority to act on behalf of any person for whom You are using the Service. You are deemed to have agreed to these Terms on behalf of any entity for whom you use the Service unless agreed otherwise with SCANNELL in writing.
These terms apply across all websites and services that we own and operate, including our online and mobile products, unless a specific contract has been agreed with a Customer.
Acceptable Use Policy
You agree not to misuse the SCANNELL Software, including associated mobile Apps, (“Software”) or help anyone else to do so.
For example, and this is not an exhaustive list, you must not or attempt to do any of the following in connection with the Software:
- probe, scan, or test the vulnerability of any system or network;
- breach or otherwise circumvent any security or authentication measures;
- access, tamper with, or use parts of the Software you are not authorised to use;
- interfere with or disrupt any user, host, or network, for example by sending a virus, overloading, flooding, spamming, or mail-bombing any part of the Software;
- access, search, or create accounts for the Software by any means other than our supported interfaces;
- send unsolicited communications, promotions or advertisements, or spam;
- send altered, deceptive or false source-identifying information, including “spoofing” or “phishing”;
- promote or advertise products or services without appropriate authorization;
- sell the Software unless specifically authorized to do so;
- publish or share materials that are unlawfully pornographic or indecent, or that contain extreme acts of violence;
- advocate bigotry or hatred against any person or group of people based on their race, religion, ethnicity, sex, gender identity, sexual preference, disability, or impairment;
- violate the law in any way, including storing, publishing or sharing material that’s fraudulent, defamatory, or misleading; or
- violate the privacy or infringe the rights of others, including the use of copyright protected material without permission.
Software as a Service (SaaS) Terms and Conditions
SCANNELL (the “Software”) is a Licenced Software Product provided as a Service (the “Service”) by Scannell Solutions Limited.
By using the software, you (“the Customer” as defined on an associated “Customer Schedule”), are agreeing (“the Agreement”) to be bound by the following terms and conditions:
The Customer is hereby granted a non-exclusive, non-transferable right to use the Software for internal business purposes as described on the associated Customer Schedule, including for jurisdiction, the number/types of Authorised Users detailed and for the period stated.
Subject to the terms of this Agreement the Customer grants to Scannell Solutions Limited the non-exclusive worldwide right to use, copy, store or transmit Customer Data within the Software solely to the extent necessary to provide the Service as requested by the Customer.
This Agreement does not grant the Customer any rights in connection with any trademarks or service marks of Scannell Solutions Limited or its suppliers.
This Agreement shall commence on the date shown on the Customer Schedule and shall continue in force unless terminated by either party giving to the other party 12 months’ notice in writing or otherwise terminated in accordance with the provisions of the Termination Clause.
Term & Fees
This Agreement is valid for the period indicated on the Customer Schedule of this Agreement.
The Customer will pay Scannell Solutions Limited the fees/costs detailed on the Customer Schedule of this Agreement in advance, within 30 days upon receipt of a Scannell Solutions Limited invoice, unless otherwise agreed in writing by the parties hereto.
All charges are exclusive of VAT or other government excise or sales duties and taxes in force from time to time, which shall be paid additionally by the Customer unless Scannell Solutions Limited is furnished with a valid Exemption Certificate.
The Fees are non-refundable.
With effect from the beginning of each calendar year, commencing on the Effective Date, Scannell Solutions Limited may amend the Fees in effect for the forthcoming year provided that not less than 30 Business Days prior written notice has been given to the Customer by Scannell Solutions Limited.
In the event the Customer’s account becomes sixty (60) days or more overdue, Scannell Solutions Limited reserves the right to suspend the Service.
Additional Data Storage Fees, at Scannell Solutions Limited’s current rates, may be charged if the storage space required for the Customer Data exceeds 10Gb.
The Customer is responsible for any and all activities that occur under the Customer’s Authorised User Accounts.
The Customer is responsible for maintaining the confidentiality of Authorized Users’ user names and passwords and agrees to notify Scannell Solutions Limited immediately of any unauthorized access or any other breach of security regarding the Service and will use reasonable mitigation efforts.
The Customer will take reasonable security measures designed to protect its Confidential Information from unauthorized access and disclosure.
The Customer will ensure that the Service complies with all relevant laws & regulations, including those related to privacy, copyright and unlawful or defamatory material.
The Customer may view the content of the Software and print it out but may only use any such printouts in accordance with these restrictions.
The Customer shall not copy or otherwise make the Software or its content available to any third party, including on a web site, without the written permission of Scannell Solutions Limited.
The Customer agrees not to rent, lease, lend or provide commercial hosting services to third parties using the Software.
The Customer will not interfere with or disrupt the Service or servers, or networks connected to the Service or use the Service to send or otherwise make available any viruses, Trojan horses, worms, corrupted files, or any other similar software that may damage the Service or the operation of another’s computer or property.
The Customer shall not assign or transfer this Agreement or any of the rights or obligations hereunder without the prior written consent of Scannell Solutions Limited.
The Customer undertakes to:
- Use the Software correctly in accordance with the use instructions.
- Notify Scannell Solutions Limited promptly if the Software is not operating correctly.
The Customer shall be solely responsible for maintaining backup copies of their data and documents unless otherwise agreed.
Software Content & Support (LAW Module only)
The information contained in the Software has been compiled with reasonable care, accuracy and attention to detail. However, Scannell Solutions Limited will not be held liable for any inaccuracy or omission that may appear within the Software. The content provided is intended for use as a tool by professionals to aid regulatory compliance and does not purport to be a legal interpretation.
Users of the Software are advised to seek professional legal advice before acting upon any information contained in the Software, ensuring that all individual circumstances are taken into account. The authority of the law rests solely in the original printed enactment and subordinate legislation.
Content updates will be provided to Customer as detailed on the Customer Schedule.
During the life of this Agreement, Scannell Solutions Limited, will provide technical support to the Customer, in respect of the latest version of the Software (incorporating all updates issued by Scannell Solutions Limited, from time to time).
Scannell Solutions Limited will make available, for the duration of this Agreement and for the licenced Product(s), duly qualified staff to deal with any queries or problems communicated by the Customer’s Representative by telephone, e mail or otherwise in writing.
This will be available during the hours of 9:00 to 17:30 (GMT or BST) Monday to Friday, excluding Republic of Ireland Bank Holidays. Support will be provided in the English Language.
During the period of this Agreement Scannell Solutions Limited will periodically issue updates to the software in order to enhance its functionality or resolve any problems.
Scannell Solutions Limited will use commercially reasonable efforts to make the service available with a Monthly Uptime Percentage of at least 99.9% (“Service Commitment”). However, this does not apply to any unavailability due to (i) suspension or termination because of failure to comply with the terms of the Agreement; (ii) factors outside of our reasonable control, including any force majeure event or Internet access or related; (iii) any actions or inactions of the Customer; (iv) scheduled maintenance downtime of up to 1 hour per month. The Customer has the right to effect the termination clause of this Agreement if this Service Commitment is not met in any 3 out of 5 consecutive months.
Scannell Solutions Limited will log all support calls received at our help desk and establish the extent and priority of the difficulty.
All critical calls, where the system is inoperable and/or where data is at risk will be responded to with urgency as soon as a suitable qualified engineer becomes available. Scannell Solutions Limited will endeavour to respond within 8 working hours. All calls will be dealt with remotely unless the Customer has on-site support detailed as a payable option on the Customer Schedule.
All non-critical calls, where the system is operable, and data is not at risk but specific critical functionality is not functioning properly, a suitably qualified engineer will respond within 24 hours of receipt of calls.
Scannell Solutions Limited cannot guarantee a time to fix a problem but will use its best endeavours to fix the issue as quickly as reasonably possible. Non-urgent fixes will be incorporated into the next available release of the software (typically 6 monthly).
The Help Desk is available on:
Telephone for Ireland (+ 353) (0) 21 230 7055
E Mail email@example.com
Scannell Solutions Limited undertakes to
- make all reasonable efforts to respond promptly to requests for assistance and will communicate with the Customer’s Representative by telephone or email in the first instance.
- use, subject to availability, a software engineer with a working knowledge of the Customer’s systems to provide the requested support
- maintain an up-to-date copy of the Software and associated documentation at its support centre.
This Service makes use of an on-demand offering that currently runs in the Amazon Elastic Compute Cloud, a commercial hosting service provided by Amazon Web Services, LLC . In terms of Service Levels, Data Protection and Security, this Agreement is dependent on the terms and conditions of that hosting service (https://aws.amazon.com/agreement/).
Scannell Solutions Limited warrants to Customer that the Services rendered under this Agreement
- shall be completed in a professional and workmanlike manner, with the degree of skill and care that is required by current, good and sound professional procedures,
- shall be completed in accordance with specifications provided to Customer and specifications published by Scannell Solutions Limited, and
- shall be correct and appropriate for the purposes intended by Customer. Scannell Solutions Limited represents and warrants to Customer that all Scannell Solutions Limited Personnel are
- properly qualified, empowered, trained and resourced to execute the Services under this Agreement, and
- under a written obligation to Scannell Solutions Limited requiring such Scannell Solutions Limited Personnel to maintain the confidentiality of information of Scannell Solutions Limited’s customers. Customer shall have no obligation to pay for Services that do not conform to the Agreement and the applicable Statement of Work.
Scannell Solutions Limited warrants that the Software provided to Customer hereunder shall
- be of a quality that meets industry standards for like material, unless specifically requested otherwise in writing by Customer,
- be delivered free from all defects in materials and workmanship,
- conform to the specifications provided to Customer and published by Scannell Solutions Limited, and
- be fit for the particular purposes for which they are intended by Customer. Scannell Solutions Limited represents and warrants that for a period of one (1) year following formal acceptance by the Customer, Scannell Solutions Limited agrees to provide timely corrections to any errors in the Software.
Disclaimer of Warranties
To the greatest extent permitted by law, and unless expressly provided herein, Scannell Solutions Limited excludes all warranties of any kind whether express or implied, statutory or otherwise. Scannell Solutions Limited specifically disclaims all express or implied warranties of design, merchantability, fitness for purpose, and noninfringement, that its services will meet all of the Customer’s requirements, or that its services will be uninterrupted, timely, secure, virus free, or error free, nor does Scannell Solutions Limited make any warranty as to the results that may be obtained from the use of the service or as to the accuracy or reliability of any information obtained through the service.
Limitation of Liability
Scannell Solutions Limited shall not be liable for any losses, damage, injury, costs or expenses resulting from use of the Software or provision of Support Services, including but not limited to:
- use of the Software or its content that may result in any loss of business, revenue, profit, anticipated savings, goodwill or reputation, or for any damage to any of these.
- loss of, or damage to, any data or computer program caused by the Customers use of the Software.
- any loss or damage caused by any virus or other harmful code.
- indirect or consequential loss or damage.
- loss or damage that results or arises from any claim against you by anyone.
- any defects in the Software or in any work done under or in connection with this Agreement.
In any event, Scannell Solutions Limited, total liability under or in connection with this Agreement (whether in contract, tort or otherwise) (excluding negligence resulting in death or injury) is limited to the amount of the Licence and Hosting Fee detailed on the Customer Schedule of this Agreement.
These exclusions and restrictions of our liability cover our liability in contract and tort for loss and damage of the kind described, however it might arise, and even if it results from our negligence or other negligence for which we would otherwise be liable.
Any Confidential Materials or Confidential Information (both as defined below) which were exchanged by the Parties prior to the Effective Date in connection with the subject matter of this Agreement shall be deemed to be covered by this section as if they had been exchanged after the Effective Date, except where the exchange was already covered by a confidentiality or non-disclosure agreement made between or otherwise governing exchanges between the Parties.
For purposes of this Agreement, “Confidential Materials” means any and all Customer Data or tangible media which is either clearly marked “Confidential” or would be deemed confidential by a reasonable person receiving such information and is provided by one Party to the other in connection with this Agreement.
“Confidential Information” means any information contained in any Confidential Materials or which a reasonable person would consider confidential based on the circumstances or the nature of the information, such as business, financial, technical, sales or customer information, product development plans, source code, technology, specifications, processes, diagrams, manuals, unpublished content and personal data, and which is disclosed by or on behalf of one Party (“the Disclosing Party”) to the other Party (“the Receiving Party”) in connection with this Agreement, but Confidential Information shall not include any such information which
- was in the public domain prior to the execution of this Agreement,
- becomes part of the public domain through no wrongful action by the Receiving Party;
- was already known by the Receiving Party without an obligation of confidentiality; or
- is independently developed by the Receiving Party without the use of or access to the Confidential Information.
The Receiving Party shall hold Confidential Information in confidence using the same degree of care as it normally exercises to protect its own confidential or proprietary information, but in no event shall it use less than reasonable care, and it shall not disclose or transfer Confidential Information without the prior written consent of the Disclosing Party.
The Receiving Party may use Confidential Information solely for the purpose of exercising its rights or performing its obligations under this Agreement and may disclose Confidential Information to its, and its Affiliates’, employees, consultants and subcontractors, solely on a need-to-know basis.
The Parties agree that any breach of this provision would cause irreparable injury not adequately compensable with monetary damages. Accordingly, in addition to any rights otherwise available at law, in equity or by statute, the non-breaching Party is entitled to seek injunctive and other equitable relief on behalf of itself and its Affiliates.
At any time, the Disclosing Party may provide a written request to the Receiving Party requiring the Receiving Party to destroy or return, at the Receiving Party’s discretion, any Confidential Information of the Disclosing Party in the possession or control of the Receiving Party and certify the completion of such to the Disclosing Party.
Scannell Solutions Limited (as a Receiving Party) will fully assist Customer (as a Disclosing Party) in all matters relating to the protection from unauthorized disclosure of Confidential Information of Customer. In particular, Scannell Solutions Limited will:
- enter into or have in place a non-disclosure or equivalent agreement with each of its employees (including, but not limited to, Scannell Solutions Limited personnel specified in any Work Order) who will have or may have access to Confidential Information of Customer and ensure that such agreement contains adequate provisions for the protection of Confidential Information;
- remind Service Provider personnel of their non-disclosure obligations during employment and at exit interviews;
- notify Customer immediately upon the discovery of any Service Provider personnel’s alleged breach of his/her obligations; and
- provide all reasonable assistance to Customer in any proceeding brought by Customer to prevent disclosure or further disclosure of Confidential Information.
If the Receiving Party is requested or required by law (by oral questions, interrogatories, requests for information or documents, subpoena, civil investigative demand or similar process) to disclose any Confidential Information, the Receiving Party shall provide the Disclosing Party with prompt notice of such request(s) (if permitted by law) so that the Disclosing Party may seek an appropriate protective order or other appropriate remedy and/or waive compliance with the confidentiality provisions of this Agreement. If such protective order or other remedy is not obtained, or if the Disclosing Party grants a waiver hereunder, the Receiving Party may furnish that portion (and only that portion) of the Confidential Information which the Receiving Party is legally compelled to disclose and will exercise its commercially reasonable efforts to obtain reliable assurance that confidential treatment will be accorded to the Confidential Information so furnished.
Scannell Solutions Limited will maintain security and confidentiality of the Customer Data in accordance with the terms and conditions set forth this Agreement.
Scannell Solutions Limited may store and use this information for the purposes of providing the Software and any Support Services.
Return of Customer Data
Upon termination of this Agreement, and upon the Customer’s written request, other than by reason of the Customer’s material breach, Scannell Solutions Limited will make available to the Customer the Data in the form of an electronic file.
Copyright & Intellectual Property
The Software, including but not limited to, any images, photographs, animations, video, audio, music, text, code, and “scripts” incorporated into the Software is protected by copyright and other intellectual property rights which are owned by Scannell Solutions Limited, or else owned by third parties and licensed to Scannell Solutions Limited.
The rights in the Software will remain the property of Scannell Solutions Limited and the relevant licensors, and the Customer will not acquire any rights or interests to or in the Material.
SCANNELL SOLUTIONS LIMITED and its licensors reserve all rights not specifically granted under this Licence Agreement.
All title and intellectual property rights in and to the content that is not contained in the Software, but may be accessed through use of the Software, is the property of the respective content owners and may be protected by applicable copyright or other intellectual property laws and treaties.
This Agreement may be terminated by Scannell Solutions Limited in the event:
- the Customer fails to comply with any of the provisions of this Agreement (including the non-payment of sums due) and does not rectify such non-compliance within 30 days of receipt of Scannell Solutions Limited’s written notice thereof; or
- the Customer is wound up or has a receiver appointed over the whole or any part of its assets
Notice of termination shall be without prejudice to any other rights or remedies.
The Customer shall defend and hold Scannell Solutions Limited harmless from and against any and all claims, demands, suits or proceedings made or brought against Scannell Solutions Limited by third parties resulting from the Customer’s use of the Software and these Services, to the extent that it infringes the rights or caused harm to that third party, and shall pay or reimburse Scannell Solutions Limited for any and all damages, costs and expenses incurred by Scannell Solutions Limited resulting from such action.
The laws of the Republic of Ireland govern this Agreement.
This forms part (“Part”) of the Agreement between Scannell Solutions Limited and the Customer in relation to Scannell Solutions Limited’s provision of the Software.
To the extent that any inconsistency arises between the other terms of the Agreement and this Part, the terms of this Part shall prevail.
In this Part, in addition to those definitions set out in the Agreement the following definitions shall apply:
“Applicable Data Protection Law” shall mean:
- the Irish Data Protection Acts 1988 and 2003 (and any successor or replacement to that legislation in Ireland);
- the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011, (and any successor or replacement to that legislation in Ireland);
- on and with effect from 25 May 2018, the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016) (the “GDPR”) and any consequential national data protection legislation implementing or complementing the GDPR; and
- any guidance and/or codes of practice issued by the Irish Data Protection Commissioner or other relevant supervisory authority, including without limitation the European Data Protection Board, in each case as amended, supplemented or replaced from time to time;
“Customer Data” means confidential information concerning the Customer or other third parties which is received by Scannell Solutions Limited, in its capacity as a service provider to the Customer (which may include Personal Data);
“Personal Data” means personal data as defined in the Applicable Data Protection Law.
The parties acknowledge and agree that each of them will comply with their respective obligations under Applicable Data Protection Law.
The parties agree as follows:
- any Personal Data processed by Scannell Solutions Limited under the Agreement shall be subject to the terms of this paragraph 3;
- for the purposes of this Agreement, the parties agree that Scannell Solutions Limited is a “data processor” whose business consists wholly or partly of processing the Personal Data on behalf of the Customer and the Customer is a “data controller” who either alone, or with others, determines and controls the contents, use, purposes and means of processing the Personal Data;
- Scannell Solutions Limited shall only process the Personal Data on and subject to the documented instructions of the Customer for the purpose of performing its obligations under this Agreement and will deal with any enquiries from the Customer relating to the processing of the Personal Data;
- Scannell Solutions Limited shall take appropriate security, technical security and organisational measures that are in accordance with Applicable Data Protection Law, where applicable, against unauthorised access to, or unauthorised alteration, disclosure or destruction of the personal data, and against the accidental loss or destruction of personal data and against all other unlawful forms of processing;
- Scannell Solutions Limited shall take all reasonable steps to ensure that applicable persons employed by Scannell Solutions Limited and other persons at the place of work of Scannell Solutions Limited are aware of, and comply with, their obligation to keep Customer Data confidential;
- the Customer will ensure that it complies with Applicable Data Protection Law in the instructions which it gives to Scannell Solutions Limited;
- the Customer acknowledges that it is its responsibility to ensure that the technical and organisational measures which Scannell Solutions Limited has in place as data processor under this Agreement comply with Applicable Data Protection Law;
- Scannell Solutions Limited may from time to time transfer personal data outside of the European Economic Area (the “EEA”) in performing its obligations under this Agreement. Where it does so, it will comply with Applicable Data Protection Law, an in particular shall ensure that an appropriate legitimising transfer mechanism is in place and will furnish details of same to the Customer on request;
- Scannell Solutions Limited agrees to cooperate with the Customer to provide reasonable access to relevant documentation as the Customer shall reasonably require in order to satisfy its obligations under Applicable Data Protection Law;
- the Customer represents and warrants that it shall take all actions necessary and appropriate to comply with applicable notification and lawful processing requirements relating to data subjects under Applicable Data Protection Law;
- Scannell Solutions Limited will make available to the Customer the information necessary to demonstrate compliance with the obligations in Article 28 of the GDPR (when that law comes into force). Scannell Solutions Limited reserves the right to charge the Customer a reasonable fee for such information if compiling it would place an unreasonable burden on Scannell Solutions Limited;
- Scannell Solutions Limited will provide reasonable assistance to the Customer in order to
- assist the Customer in vindicating data subject rights;
- respond to a personal data breach; or
- allow the Customer to comply with its obligations under Articles 32 to 36 of the GDPR (when that law comes into force).
Scannell Solutions Limited reserves the right to charge the Customer a reasonable fee for such assistance;
- each party shall provide to the other, as soon as reasonably practicable, such information as is available to it in relation to the possession and processing of Personal Data, as well as its obligations hereunder as the other party may reasonably request in writing in order for the requesting party to comply with its obligations under Applicable Data Protection Law and to assess whether the storage and processing of that Personal Data in connection with this Agreement is breaching or may breach Applicable Data Protection Law;
- each party shall comply with Applicable Data Protection Law, nothing in this Agreement shall be constructed as preventing either party from taking such steps as are necessary to comply with Applicable Data Protection Law;
- Scannell Solutions Limited may, from time to time, appoint a third party to sub-process personal data on its behalf in the performance of its obligations under this Agreement. Scannell Solutions Limited may share personal data with such a third party (a “sub-processor”) provided that
- such an arrangement is governed by a written agreement which contains terms which are comparable to the terms of this Part; and
- Scannell Solutions Limited notifies the Customer on request of any new sub-processors which are appointed;
- Scannell Solutions Limited may process personal data which is provided to it for the purposes of performing its obligations under this Agreement for the Term. After the termination of this Agreement, Scannell Solutions Limited will (at the choice of the Customer) either
- arrange for the deletion of any personal data which it holds for and on behalf of the Customer; or
- return such personal data to the Customer. Nothing in this Clause will prevent Scannell Solutions Limited from retaining personal data where it is required to do so by law; and
- the nature and categories of personal data which Scannell Solutions Limited will process for and on behalf of the Customer will be set out in a Statement of Work or otherwise agreed between the parties in writing.
The Customer represents, warrants and undertakes:
- that the Customer’s instructions to Scannell Solutions Limited in connection with or arising out of the processing of the Customer Data on the Customer’s behalf are and will at all times be lawful and shall not contravene the Applicable Data Protection Law;
- that the Processing of Customer Data by or on behalf of the Customer (up to and including the making available of the Customer Data to Scannell Solutions Limited by whatever means and whether directly by the Customer or on or under its direction) has been and will continue at all times to be carried out in accordance with the relevant provisions of the Applicable Data Protection Law (and, where applicable, has been notified to the relevant authorities of the Member State where the Customer is established) and does not contravene the Applicable Data Protection Law;
- that the Processing, in accordance with and as contemplated by this Agreement will not contravene the Applicable Data Protection Law;
- without limiting the generality of the foregoing, that the Customer has and will continue at all times to have in place all fair processing notices and (where applicable) consent mechanisms for data subjects sufficient to ensure that all processing of Customer Data by Scannell Solutions Limited, in accordance with this Part, that is contemplated by this Agreement, will be lawful and shall not contravene the Applicable Data Protection Law; and
- that in any communication with data subjects or a Data Protection Authority in relation to this Agreement it will act in good faith and in such a way as not to misrepresent or call into disrepute Scannell Solutions Limited or information furnished to it by Scannell Solutions Limited, and wherever appropriate and legally permissible, consulting in advance with Scannell Solutions Limited in relation to the same.
The Customer acknowledges that regulatory and governmental authorities and/or courts in a jurisdiction may obtain access to Customer Data which may be held or processed in such a jurisdiction or access through automatic reporting, information exchange or otherwise in accordance with the laws and regulations applicable in such jurisdictions.
The Customer mandates, authorises and instructs Scannell Solutions Limited to disclose or make available Customer Data to such authorities or courts in such jurisdiction to the extent required by the laws and regulations applicable in such jurisdictions.