Dated 29/03/2019
NEW MILLENNIA PAYROLL SERVICES LIMITED
- and -
BEE CONSTRUCTION RECRUITMENT LTD
(1)
(2)
DATA SHARING AGREEMENT
pannonecorporate.com
THIS AGREEMENT is made on 29/03/2019
BETWEEN:
(1) NEW MILLENNIA PAYROLL SERVICES LIMITED incorporated in England and Wales
(company number 04254121) whose registered office is at 1121 Ashton Old Road, Manchester,
M11 1AA (the Supplier); and
(2) BEE CONSTRUCTION RECRUITMENT LTD incorporated in England and Wales (company
number 11898658 whose registered office is at Suite 2a Blackthorn House, St. Pauls Square,
Birmingham, United Kingdom, B3 1RL (the Employment Business).
BACKGROUND
(A) The Supplier is in the business of providing funding, payroll and certain back office support
services and associated services (the Services) to employment businesses such as the
Employment Business.
(B) The parties have on 29/03/2019 entered into a separate agreement for the supply of the
Services by the Supplier to the Employment Business (the Master Agreement). The parties
will process personal data in the performance of the Master Agreement and agree that the
terms of this Agreement will apply to such processing.
AGREED TERMS
1. Definitions and interpretation
1.1. The following definitions apply in this Agreement.
Applicable Law: any laws or regulations, regulatory policies, guidelines or industry standards
or codes of practice which apply to this Agreement or its subject matter and are in force from
time to time.
Data Protection Legislation: as in force from time to time, the Data Protection Act 1998, the
Data Protection Directive (95/46/EC), the Privacy and Electronic Communications (EC
Directive) Regulations 2003, Regulation (EU) 2016/679 of the European Parliament and of the
Council of 27 April 2016 on the protection of natural persons with regard to the processing of
personal data and on the free movement of such data (General Data Protection Regulation)
(the GDPR), and all other applicable laws relating to the processing of personal data, privacy,
the protection of personal data in electronic communications, and direct marketing, including
any applicable law or regulation which supersedes, replaces or implements in the United
Kingdom any of the foregoing, and the guidelines, recommendations, best practice, opinions,
directions, decisions and codes of conduct issued, adopted or approved by the European
Commission, the European Data Protection Board, the UK’s Information Commissioner’s
Office and/or any other supervisory authority or data protection authority of competent
jurisdiction from time to time, in each case relating to the processing and protection of personal
data.
Data Subject Request: means a data subject’s request to access, correct, amend, transfer or
delete that person’s personal data consistent with that person’s rights under the Data
Protection Legislation.
Hirer: a third party who engages the services of a Workseeker through the Employment
Business.
Personal Data: personal data relating Workseekers that is processed by a party pursuant to
or in connection with the performance of the Master Agreement, including the personal data
set out in the Schedule.
Supplier Privacy Policy: the Supplier’s privacy policy which sets out information on how the
Supplier processes personal data relating to Workseekers, as notified to the Employment
Business from time to time.
Workseeker: any person or limited company (including any officer, employee or agent of it)
contracted to a Hirer by the Employment Business to provide services to a Hirer, and in respect
of which the Supplier will provide the Services under the Master Agreement.
1.2. The terms personal data, data controller, controller, data processor, processor, process,
data subject and personal data breach shall each have the applicable meaning set out in the
Data Protection Legislation. In this Agreement, the terms data controller and controller are
used interchangably, as are the terms data processor and processor.
1.3. The Schedule forms part of this Agreement and shall have effect as if set out in full in the body
of this Agreement. Any reference to this Agreement includes the Schedule.
1.4. References to clauses are to the clauses of this Agreement.
1.5. A reference to a statute or statutory provision is a reference to it as amended, extended or reenacted
from time to time and shall include all subordinate legislation made from time to time
under that statute or statutory provision.
1.6. Any words following the terms including, include, in particular, for example or any similar
phrase shall be construed as illustrative and shall not limit the generality of the related words.
2. General
2.1. In the course of the performance of the Services under the Master Agreement, it is anticipated
that Personal Data relating to Workseekers, as described in further detail in the Schedule, will
be processed by the parties.
2.2. The parties agree that clauses 3.5 and 7.1.10 in the Master Agreement relating to the
processing of Personal Data, shall be deleted and replaced by the provisions of this Agreement.
In the case of conflict or ambiguity between any of the provisions of this Agreement and the
provisions of the Master Agreement, the provisions of this Agreement will prevail.
2.3. The parties acknowledge and agree that, for the purposes of the Data Protection Legislation,
the Supplier and the Employment Business shall each be a controller in respect of its
processing of Personal Data.
3. Applicable Law
3.1. Each party shall comply with its respective obligations under the Data Protection Legislation in
respect of the processing of Personal Data.
3.2. The parties (acting reasonably and in good faith) shall review and (where necessary) agree
revisions to the provisions of this Agreement to the extent necessary in order to comply with
any changes to the Data Protection Legislation (including any updated guidance, codes of
practice issued by the Information Commissioner or any other relevant supervisory authority
with regards to Data Protection Legislation). It is agreed that each party shall bear its own costs
of any changes made in accordance with this clause 3.2, including the costs of complying with
any additional or alternative obligations.
4. Provision of information and basis for processing
4.1. Each party shall, as data controller, be responsible for ensuring that all processing of Personal
Data carried out by that data controller, or on its behalf by a processor, is fair and lawful under
the Data Protection Legislation and for obtaining any consents that may be required for such
processing.
4.2. The Employment Business shall be responsible for providing each Workseeker with all fair
processing information in respect of the Employment Business’ processing of their Personal
Data that is required to be provided under the Data Protection Legislation, such information to
be provided at the time of or within a reasonable period after the Employment Business obtains
such Personal Data and in any event within any relevant deadlines set out in the Data Protection
Legislation. The Employment Business shall be responsible for ensuring that this fair
processing information is accurate and complete and notifies each Workseeker that their
Personal Data may be transferred to and processed by and on behalf of the Supplier and its
sub-processors in connection with the provision of the Services by the Supplier to the
Employment Business.
4.3. The Employment Business shall be responsible for providing each Workseeker with a copy of
the Supplier Privacy Policy, and shall provide to the Supplier a copy of the Supplier Privacy
Policy signed by that Workseeker, before supplying any Personal Data relating to that
Workseeker to the Supplier. The Supplier shall have no liability to the Employment Business
for failure to perform its obligations under the Master Agreement in respect of any Workseeker
for which the Employment Business has not complied with its obligations under this clause 4.3.
4.4. Where the Employment Business collects Personal Data, it shall use all reasonable endeavours
to ensure that such Personal Data is accurate and complete.
5. Data Subject Requests, complaints and data breach
5.1. If either party receives a Data Subject Request in respect of Personal Data for which it is a
controller, it shall be responsible for responding to and dealing with that Data Subject Request.
If and to the extent that the party receiving the Data Subject Request (Receiving Party)
requires assistance from the other party in connection with the Data Subject Request, in respect
of processing of Personal Data carried out by the other party, the other party shall provide
commercially reasonable assistance as the Receiving Party may reasonably request to help
the Receiving Party fulfil its obligations under the Data Protection Legislation to respond to the
Data Subject Request.
5.2. In respect of any of the following events relating to any Personal Data processed by a party
under or in connection with this Agreement:
(a) a claim, complaint or allegation relating to Personal Data made against either party by a
data subject which may arise as a result of the actual or alleged breach of the Data
Protection Legislation; or
(b) an investigation in connection with any Personal Data by any supervisory authority or
other regulatory body,
the party in receipt of such complaint or investigation shall handle such complaint or
investigation in accordance with its obligations under the Data Protection Legislation. In the
event that the claim or complaint involves the processing of any Personal Data by the other
party, the other party shall on the request of the party in receipt of such complaint or
investigation, provide commercially reasonable assistance as that party may reasonably
require to deal with the complaint or investigation in accordance with its obligations under the
Data Protection Legislation.
5.3. Each party shall notify the other party without delay upon becoming aware of a personal data
breach affecting any Personal Data processed by a party under or in connection with this
Agreement, and shall provide the other party with a description of the nature of the personal
data breach (including the categories and approximate number of data subjects concerned),
and a description of the measures taken or proposed to be taken to address the personal data
breach and mitigate possible adverse effects.
5.4. Each party shall implement and maintain appropriate technical and organisational security
measures to safeguard all Personal Data processed pursuant to the Master Agreement and
this Agreement against unauthorised or unlawful Processing and against accidental loss,
disclosure or destruction of, or damage to, that Personal Data in such a way as to comply with
Data Protection Legislation.
5.5. The Employment Business shall provide the Supplier with such information as the Supplier
reasonably requests from time to time to enable the Supplier to satisfy itself that the
Employment Business is complying with its obligations under this Agreement and the Data
Protection Legislation, and shall allow the Supplier, its agents, representatives and external
auditors access (on reasonable notice) to its premises where Personal Data is processed to
allow the Supplier to audit its compliance with this Agreement and provide reasonable cooperation
as requested by the Supplier in the performance of such audit.
6. General
6.1. This Agreement and the Master Agreement (and any documents incorporated therein)
constitute the entire agreement and understanding of the parties in relation to the subject matter
of this Agreement and the Master Agreement and supersede any previous agreement between
the parties relating to such subject matter; and shall apply to the exclusion of and prevail over
any express terms contained in any standard documentation of either party (including but not
limited to any pre-printed standard terms and conditions). The parties acknowledge that they
have not entered into this Agreement in reliance upon any statement, representation,
assurance or warranty which is not set out in this Agreement.
6.2. Any variation or amendment to this Agreement will not be binding on the parties unless set out
in writing, expressed to amend this Agreement and signed by an authorised representative of
each party.
6.3. Each of the parties to this Agreement is an independent contractor and nothing contained in
this Agreement shall be construed to imply that there is any relationship between the parties of
partnership or of principal/agent or of employer/employee nor are the parties hereby engaging
in a joint venture and accordingly neither of the parties shall have any right or authority to act
on behalf of the other nor to bind the other by contract or otherwise, unless expressly permitted
by the terms of this Agreement.
6.4. The rights and remedies provided under this Agreement are in addition to, and not exclusive
of, each other and/or any rights or remedies provided by law.
6.5. No failure or delay by a party to exercise any right or remedy provided under this Agreement or
by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict
the further exercise of that or any other right or remedy. No single or partial exercise of any
right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.
7. Law and Jurisdiction
7.1. This Agreement and dispute or claim (including non-contractual disputes or claims) arising out
of or in connection with it or its subject matter or formation shall be governed by and construed
in accordance with English law.
7.2. Each party irrevocably agrees that the courts of England and Wales shall have exclusive
jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising
out of or in connection with this Agreement or its subject matter or formation.
This Agreement has been entered into on the date stated at the beginning of it.
SCHEDULE
The types of personal data which may be processed by either party in connection with the Master
Agreement are set out below:
Identity Data including name, title, date of birth, nationality, gender and other information contained
in identity documents (such as passports).
Contact Data including postal address, email address and telephone numbers.
Job Data including job history and information relating to placements via the Employment Business
and hours worked.
Worker Status Data including visa information and information relating to the Workseeker’s right
to work in the UK.
Payroll Data including bank details, information relating to the Workseeker’s hours worked and rate
of pay and information relating to payroll payments made or due to be made to the Workseeker.
PAYE Data including Tax & National Insurance deductions/codes, pension contributions and
accrued holiday pay.
CIS Data including the Workseeker’s unique tax reference number provided by HMRC in
connection with its Construction Industry Scheme tax deductions (if applicable).
For and on behalf of NEW MILLENNIA PAYROLL SERVICES LIMITED
……………………………………………………… Signature
……Paul O’Rourke……………………………….. Name of signatory
……29/03/2019…………………………………… Date
For and on behalf of BEE CONSTRUCTION RECRUITMENT LTD
……………………………………………………… Signature
……………………………………………………… Name of signatory
……………………………………………………… Date
Copyright © 2019 Bee Construction Recruitment Limited - trading as Bee Construction - All Rights Reserved.