We are always on the look for Construction Talent

admin@beeconstruction.org 01217690767

GDPR and Privacy Policy

Dated 29/03/2019

NEW MILLENNIA PAYROLL SERVICES LIMITED

- and -

BEE CONSTRUCTION RECRUITMENT LTD

(1)

(2)

DATA SHARING AGREEMENT

pannonecorporate.com

THIS AGREEMENT is made on 29/03/2019

BETWEEN:

(1) NEW MILLENNIA PAYROLL SERVICES LIMITED incorporated in England and Wales

(company number 04254121) whose registered office is at 1121 Ashton Old Road, Manchester,

M11 1AA (the Supplier); and

(2) BEE CONSTRUCTION RECRUITMENT LTD incorporated in England and Wales (company

number 11898658 whose registered office is at Suite 2a Blackthorn House, St. Pauls Square,

Birmingham, United Kingdom, B3 1RL (the Employment Business).

BACKGROUND

(A) The Supplier is in the business of providing funding, payroll and certain back office support

services and associated services (the Services) to employment businesses such as the

Employment Business.

(B) The parties have on 29/03/2019 entered into a separate agreement for the supply of the

Services by the Supplier to the Employment Business (the Master Agreement). The parties

will process personal data in the performance of the Master Agreement and agree that the

terms of this Agreement will apply to such processing.

AGREED TERMS

1. Definitions and interpretation

1.1. The following definitions apply in this Agreement.

Applicable Law: any laws or regulations, regulatory policies, guidelines or industry standards

or codes of practice which apply to this Agreement or its subject matter and are in force from

time to time.

Data Protection Legislation: as in force from time to time, the Data Protection Act 1998, the

Data Protection Directive (95/46/EC), the Privacy and Electronic Communications (EC

Directive) Regulations 2003, Regulation (EU) 2016/679 of the European Parliament and of the

Council of 27 April 2016 on the protection of natural persons with regard to the processing of

personal data and on the free movement of such data (General Data Protection Regulation)

(the GDPR), and all other applicable laws relating to the processing of personal data, privacy,

the protection of personal data in electronic communications, and direct marketing, including

any applicable law or regulation which supersedes, replaces or implements in the United

Kingdom any of the foregoing, and the guidelines, recommendations, best practice, opinions,

directions, decisions and codes of conduct issued, adopted or approved by the European

Commission, the European Data Protection Board, the UK’s Information Commissioner’s

Office and/or any other supervisory authority or data protection authority of competent

jurisdiction from time to time, in each case relating to the processing and protection of personal

data.

Data Subject Request: means a data subject’s request to access, correct, amend, transfer or

delete that person’s personal data consistent with that person’s rights under the Data

Protection Legislation.

Hirer: a third party who engages the services of a Workseeker through the Employment

Business.

Personal Data: personal data relating Workseekers that is processed by a party pursuant to

or in connection with the performance of the Master Agreement, including the personal data

set out in the Schedule.

Supplier Privacy Policy: the Supplier’s privacy policy which sets out information on how the

Supplier processes personal data relating to Workseekers, as notified to the Employment

Business from time to time.

Workseeker: any person or limited company (including any officer, employee or agent of it)

contracted to a Hirer by the Employment Business to provide services to a Hirer, and in respect

of which the Supplier will provide the Services under the Master Agreement.

1.2. The terms personal data, data controller, controller, data processor, processor, process,

data subject and personal data breach shall each have the applicable meaning set out in the

Data Protection Legislation. In this Agreement, the terms data controller and controller are

used interchangably, as are the terms data processor and processor.

1.3. The Schedule forms part of this Agreement and shall have effect as if set out in full in the body

of this Agreement. Any reference to this Agreement includes the Schedule.

1.4. References to clauses are to the clauses of this Agreement.

1.5. A reference to a statute or statutory provision is a reference to it as amended, extended or reenacted

from time to time and shall include all subordinate legislation made from time to time

under that statute or statutory provision.

1.6. Any words following the terms including, include, in particular, for example or any similar

phrase shall be construed as illustrative and shall not limit the generality of the related words.

2. General

2.1. In the course of the performance of the Services under the Master Agreement, it is anticipated

that Personal Data relating to Workseekers, as described in further detail in the Schedule, will

be processed by the parties.

2.2. The parties agree that clauses 3.5 and 7.1.10 in the Master Agreement relating to the

processing of Personal Data, shall be deleted and replaced by the provisions of this Agreement.

In the case of conflict or ambiguity between any of the provisions of this Agreement and the

provisions of the Master Agreement, the provisions of this Agreement will prevail.

2.3. The parties acknowledge and agree that, for the purposes of the Data Protection Legislation,

the Supplier and the Employment Business shall each be a controller in respect of its

processing of Personal Data.

3. Applicable Law

3.1. Each party shall comply with its respective obligations under the Data Protection Legislation in

respect of the processing of Personal Data.

3.2. The parties (acting reasonably and in good faith) shall review and (where necessary) agree

revisions to the provisions of this Agreement to the extent necessary in order to comply with

any changes to the Data Protection Legislation (including any updated guidance, codes of

practice issued by the Information Commissioner or any other relevant supervisory authority

with regards to Data Protection Legislation). It is agreed that each party shall bear its own costs

of any changes made in accordance with this clause 3.2, including the costs of complying with

any additional or alternative obligations.

4. Provision of information and basis for processing

4.1. Each party shall, as data controller, be responsible for ensuring that all processing of Personal

Data carried out by that data controller, or on its behalf by a processor, is fair and lawful under

the Data Protection Legislation and for obtaining any consents that may be required for such

processing.

4.2. The Employment Business shall be responsible for providing each Workseeker with all fair

processing information in respect of the Employment Business’ processing of their Personal

Data that is required to be provided under the Data Protection Legislation, such information to

be provided at the time of or within a reasonable period after the Employment Business obtains

such Personal Data and in any event within any relevant deadlines set out in the Data Protection

Legislation. The Employment Business shall be responsible for ensuring that this fair

processing information is accurate and complete and notifies each Workseeker that their

Personal Data may be transferred to and processed by and on behalf of the Supplier and its

sub-processors in connection with the provision of the Services by the Supplier to the

Employment Business.

4.3. The Employment Business shall be responsible for providing each Workseeker with a copy of

the Supplier Privacy Policy, and shall provide to the Supplier a copy of the Supplier Privacy

Policy signed by that Workseeker, before supplying any Personal Data relating to that

Workseeker to the Supplier. The Supplier shall have no liability to the Employment Business

for failure to perform its obligations under the Master Agreement in respect of any Workseeker

for which the Employment Business has not complied with its obligations under this clause 4.3.

4.4. Where the Employment Business collects Personal Data, it shall use all reasonable endeavours

to ensure that such Personal Data is accurate and complete.

5. Data Subject Requests, complaints and data breach

5.1. If either party receives a Data Subject Request in respect of Personal Data for which it is a

controller, it shall be responsible for responding to and dealing with that Data Subject Request.

If and to the extent that the party receiving the Data Subject Request (Receiving Party)

requires assistance from the other party in connection with the Data Subject Request, in respect

of processing of Personal Data carried out by the other party, the other party shall provide

commercially reasonable assistance as the Receiving Party may reasonably request to help

the Receiving Party fulfil its obligations under the Data Protection Legislation to respond to the

Data Subject Request.

5.2. In respect of any of the following events relating to any Personal Data processed by a party

under or in connection with this Agreement:

(a) a claim, complaint or allegation relating to Personal Data made against either party by a

data subject which may arise as a result of the actual or alleged breach of the Data

Protection Legislation; or

(b) an investigation in connection with any Personal Data by any supervisory authority or

other regulatory body,

the party in receipt of such complaint or investigation shall handle such complaint or

investigation in accordance with its obligations under the Data Protection Legislation. In the

event that the claim or complaint involves the processing of any Personal Data by the other

party, the other party shall on the request of the party in receipt of such complaint or

investigation, provide commercially reasonable assistance as that party may reasonably

require to deal with the complaint or investigation in accordance with its obligations under the

Data Protection Legislation.

5.3. Each party shall notify the other party without delay upon becoming aware of a personal data

breach affecting any Personal Data processed by a party under or in connection with this

Agreement, and shall provide the other party with a description of the nature of the personal

data breach (including the categories and approximate number of data subjects concerned),

and a description of the measures taken or proposed to be taken to address the personal data

breach and mitigate possible adverse effects.

5.4. Each party shall implement and maintain appropriate technical and organisational security

measures to safeguard all Personal Data processed pursuant to the Master Agreement and

this Agreement against unauthorised or unlawful Processing and against accidental loss,

disclosure or destruction of, or damage to, that Personal Data in such a way as to comply with

Data Protection Legislation.

5.5. The Employment Business shall provide the Supplier with such information as the Supplier

reasonably requests from time to time to enable the Supplier to satisfy itself that the

Employment Business is complying with its obligations under this Agreement and the Data

Protection Legislation, and shall allow the Supplier, its agents, representatives and external

auditors access (on reasonable notice) to its premises where Personal Data is processed to

allow the Supplier to audit its compliance with this Agreement and provide reasonable cooperation

as requested by the Supplier in the performance of such audit.

6. General

6.1. This Agreement and the Master Agreement (and any documents incorporated therein)

constitute the entire agreement and understanding of the parties in relation to the subject matter

of this Agreement and the Master Agreement and supersede any previous agreement between

the parties relating to such subject matter; and shall apply to the exclusion of and prevail over

any express terms contained in any standard documentation of either party (including but not

limited to any pre-printed standard terms and conditions). The parties acknowledge that they

have not entered into this Agreement in reliance upon any statement, representation,

assurance or warranty which is not set out in this Agreement.

6.2. Any variation or amendment to this Agreement will not be binding on the parties unless set out

in writing, expressed to amend this Agreement and signed by an authorised representative of

each party.

6.3. Each of the parties to this Agreement is an independent contractor and nothing contained in

this Agreement shall be construed to imply that there is any relationship between the parties of

partnership or of principal/agent or of employer/employee nor are the parties hereby engaging

in a joint venture and accordingly neither of the parties shall have any right or authority to act

on behalf of the other nor to bind the other by contract or otherwise, unless expressly permitted

by the terms of this Agreement.

6.4. The rights and remedies provided under this Agreement are in addition to, and not exclusive

of, each other and/or any rights or remedies provided by law.

6.5. No failure or delay by a party to exercise any right or remedy provided under this Agreement or

by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict

the further exercise of that or any other right or remedy. No single or partial exercise of any

right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.

7. Law and Jurisdiction

7.1. This Agreement and dispute or claim (including non-contractual disputes or claims) arising out

of or in connection with it or its subject matter or formation shall be governed by and construed

in accordance with English law.

7.2. Each party irrevocably agrees that the courts of England and Wales shall have exclusive

jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising

out of or in connection with this Agreement or its subject matter or formation.

This Agreement has been entered into on the date stated at the beginning of it.

SCHEDULE

The types of personal data which may be processed by either party in connection with the Master

Agreement are set out below:

Identity Data including name, title, date of birth, nationality, gender and other information contained

in identity documents (such as passports).

Contact Data including postal address, email address and telephone numbers.

Job Data including job history and information relating to placements via the Employment Business

and hours worked.

Worker Status Data including visa information and information relating to the Workseeker’s right

to work in the UK.

Payroll Data including bank details, information relating to the Workseeker’s hours worked and rate

of pay and information relating to payroll payments made or due to be made to the Workseeker.

PAYE Data including Tax & National Insurance deductions/codes, pension contributions and

accrued holiday pay.

CIS Data including the Workseeker’s unique tax reference number provided by HMRC in

connection with its Construction Industry Scheme tax deductions (if applicable).

For and on behalf of NEW MILLENNIA PAYROLL SERVICES LIMITED

……………………………………………………… Signature

……Paul O’Rourke……………………………….. Name of signatory

……29/03/2019…………………………………… Date

For and on behalf of BEE CONSTRUCTION RECRUITMENT LTD

……………………………………………………… Signature

……………………………………………………… Name of signatory

……………………………………………………… Date