top of page

SCHEDULE OF SERVICES (607) PAYROLL SERVICES, (608) AUTO-ENROLMENT AND (607-8a) THE DATA PROCESSOR AGREEMENT

Included on this page is:

  • Schedule of Services (607) Payroll (including CIS Contractors)

  • Schedule of Services (608) Auto-enrolment

  • The Data Processor Agreement (applicable to payroll and auto-enrolment)

 

SCHEDULE OF SERVICES (607) PAYROLL SERVICES

This schedule should be read in conjunction with the engagement letter and the 300 Standard terms & conditions | Massey Accounting Company

 

Recurring compliance work

 

We will prepare your UK payroll for each payroll period to meet UK employment tax requirements, specifically:

  1. calculating the pay as you earn (PAYE) deductions including at the Scottish rate of income tax if applicable

  2. calculating the employees’ national insurance contributions (NIC) deductions

  3. calculating the employer’s NIC liabilities

  4. calculating statutory payments – for example, statutory sick pay and/or statutory maternity pay

  5. calculating reclaims of statutory payment – for example, maternity payments

  6. calculating employee and employer pension contributions for employees and workers who are members of workplace pension schemes (including those who are auto-enrolled) on the basis of the information your provide

  7. claiming employment allowance

  8. calculating, if appropriate, apprenticeship levy

  9. calculating other statutory and non-statutory deductions

  10. submitting information online to HMRC under real-time information (RTI) for PAYE.

 

We will prepare and send to you the following documents before the time of payment through the payroll or due date for delivering information to HMRC:

  1. payroll summary report showing the reconciliation from gross to net for each employee and all relevant payroll totals;

  2. A P45 for each leaver;

  3. A note showing your PAYE and NIC liability and due date for payment; and

  4. A note showing pension contributions payable in respect of each employee to the respective workplace pension scheme(s) of which they are members and the due date(s) for payment.

We will submit FPSs online to HMRC on the basis of the data provided, by you. FPSs must reach HMRC normally on or before the payday. You must ensure that the data provided to us is complete and accurate, and your attention is drawn to your legal responsibilities as set out below.

 

For each tax month we will prepare, where appropriate, an employer payment summary (EPS) from the information and explanations that you provide to us. (Examples of EPS data include statutory payments, employment allowance, Construction Industry Scheme deductions, apprenticeship levy allowance allocated to the PAYE scheme, apprenticeship allowance payable to date and confirmation that no payments were made to employees.)

 

We will submit EPSs to HMRC the basis of the data provided by you. (EPSs must reach HMRC by the 19th of the month following the tax month to which they relate). You must ensure that the data provided to us is complete and accurate, and your attention is drawn to your legal responsibilities as set out below.

 

At the end of the payroll year we will:

  1. prepare the final FPS (or EPS) and submit this to HMRC on the basis of the data provided by you. (The final FPS (or EPS) for the year must reach HMRC by 19 April following the end of the tax year.) You must ensure that the data provided to us is complete and accurate and your attention is drawn to your legal responsibilities as set out below

  2. prepare and send to you form P60 for each employee on the payroll at the year-end so that you can give them to employees by the statutory due date of 31 May following the end of the tax year

  3. prepare and send to you a statement for every employee for whom benefits-in-kind (BiK) have been payrolled, identifying every benefit provided to each employee during the tax year and the cash equivalent of each benefit treated as PAYE income so you can give them to employees by the statutory due date of 31 May following the end of the tax year

  4. provide you with details of the class 1A NIC on payrolled BiK and expenses accounted for in the payroll for the preparation of form P11D(b) unless we prepare and submit this on your behalf

 

We will submit national insurance number (NINO) verification requests as appropriate to verify or obtain a NINO for a new employee.

 

Note that we will only deal with the nominated person within the organisation. Any enquiries from individual employees concerning their wages or other payroll details will be referred back to that responsible person.

 

Ad hoc queries by way of telephone and email enquiries are not routine compliance and may result in additional fees. As indicated below, where appropriate we will aim to discuss and agree additional fees, but it may not always be possible to agree these in advance and we reserve the right to charge you an additional fee for these queries.

 

Ad hoc and advisory work

 

Where you have instructed us to do so we will provide such other taxation ad hoc and advisory services as may be agreed between us from time to time. These services will be subject to the terms of this engagement letter and standard terms and conditions of business unless we decide to issue a separate engagement letter. An additional fee may be charged for these services. Examples of such work include:

  • advising on ad hoc transactions (for example, termination payments to employees) and queries (including telephone conversations), preparing and submitting information in the relevant format to HMRC and calculating any related tax and NIC liabilities;

  • dealing with any compliance check or enquiry by HMRC into the payroll returns;

  • preparing and submitting any amended returns or data for previous tax years and corresponding with HMRC as necessary;

  • where your company is a personal service company, helping you to determine deemed employment status under the IR35 rules for work undertaken for clients by the company;

  • where your company is a personal service company and deemed employment status under the IR35 rules applies to work undertaken for clients by the company, calculating deemed employment payments and accounting through payroll to HMRC for tax and NIC etc;

  • where the off-payroll working rules apply and your company pays deemed employees’ personal service companies, accounting via payroll for tax and NIC etc on the payments

  • where you have contractors working for your company through their own personal service companies, helping you to determine whether or not your company is “small” under the off-payroll working rules;

  • where you have contractors working for your company via their own personal service companies and your company is not “small” under the off-payroll working rules, helping you to determine the deemed employment status of those contractors and prepare employment status determination statements to give to those contractors and labour supply agencies that you have contracted with;

  • helping with setting up and administering workplace pension schemes, including referring you to appropriate specialists where necessary;

  • agreeing with you which employer-provided BiK will be processed through the payroll and for which employees, registering the PAYE scheme to payroll BiK, processing through the payroll cash equivalent notional amounts, notifying HMRC of in-year changes, advising you on the payment of associated class 1A NIC, preparing and submitting return P11D(b), and notifications to employees;

  • preparing and submitting returns P11D and P11D(b) for employee BiK and expenses, and advising on the payment of associated class 1A NIC (such work if undertaken is covered in a separate schedule of services);

  • assisting you in the operation of the Construction Industry Scheme (CIS) for subcontractors;

  • conducting PAYE, and benefits and expenses health checks; and

  • helping you to allocate apprenticeship levy allowance across your different PAYE schemes/group companies/connected charities.

 

Where specialist advice is required on occasion, we may need to seek this from or refer you to appropriate specialists. We will only do this when instructed by the nominated person.

 

Changes in the law or public policy and practice

 

We will not accept responsibility if you act on advice given by us on an earlier occasion without first confirming with us that the advice is still valid in the light of any change in the law or public policy and practice or your circumstances.

 

We will accept no liability for losses arising from changes in the law or public policy and practice that are first published after the date on which the advice is given.

 

Your responsibilities

 

You are legally responsible for:

  1. ensuring that the data in your payroll submissions is correct and complete

  2. making any submissions by the due date

  3. paying tax and NIC on time.

Failure to do this may lead to penalties and/or interest.

 

Employers cannot delegate this legal responsibility to others. You agree to check that submissions that we have prepared for you are correct and complete before our agree date of submission.

 

You are responsible for maintaining your employees’ information, including any changes to the employees’ bank account details.

 

To enable us to carry out our work you agree:

  1. that all information required to be delivered online is submitted on the basis of full disclosure

  2. to provide full information necessary for dealing with your payroll affairs and workplace pension scheme contributions; we will rely on the information and documents being true, correct and complete, and will not audit the information or those documents

  3. to agree with us the names of the persons authorised by you to notify us of changes in employees and in rates of pay. We will process the changes only if notified by that/those individuals

  4. to advise us in writing of changes of payroll pay dates and workplace pension scheme contribution dates

  5. to notify us at least 5 working days prior to the payroll date of all transactions or events that may need to be reflected in the payroll for the period, including details of:

  • all new employees (including full names, address, date of birth, gender, national insurance number) and details of their remuneration packages

  • all leavers and any termination payments

  • all changes to remuneration packages

  • all pension scheme changes

  • all changes to benefits and expenses reportable under an existing payrolling benefits and expense online service registration

  • irregular and/or ad hoc payments and the dates to be paid;

  1. to provide the data required to complete:

  • in-year FPS by at least 5 working days prior to payroll pay dates so that they can be submitted on or before payday, or as agreed with us;

  • in-year EPS by at least 5 working days prior to 19th of the month following the tax month;

  • final FPS (or EPS when applicable) for the year at least 5 working days prior to 19 April following the end of the tax year;

  • EYU within 5 working days;

  1. to authorise us to approach such third parties as may be appropriate for information that we consider necessary to deal with your affairs.

 

You will keep us informed of material changes in circumstances that could affect the payroll of the business. If you are unsure whether the change is material or not please let us know so that we can assess the significance.

 

Where you wish us to deal with HMRC communications you will forward to us all communications received from HMRC. These must be provided in time to enable us to deal with them as may be necessary within the statutory time limits. It is essential that you let us have copies of any correspondence received because HMRC is not obliged to send us copies of all communications issued to you.

 

To have paid our full fee in respect of the work to complete your payroll prior to us making any submission(s), including monthly RTI submissions, to HMRC. Where the work has been completed but our fee is not paid in full, we reserve the right to withhold submission.

 

If the information required to complete the payroll services set out above is received later than the dates specified above or agreed with us, we will still endeavour to process the payroll and returns to meet the agreed payroll date and filing deadlines but we will not be liable for any costs or other losses arising if the payroll is late or the returns are filed late in these circumstances. We may charge an additional fee of up to double the normal payroll fee for work carried out in a shorter time period.

 

You must also refer to the attached schedule The Data Processor Agreement.

 

Limitation of liability

 

Our services as detailed above are subject to the limitations on our liability set out in the

engagement letter and in our standard terms and conditions of business. These are important provisions, which you should read and consider carefully.

 

 

SCHEDULE OF SERVICES (608) AUTO ENROLMENT

 

This schedule should be read in conjunction with the engagement letter and the 300 Standard terms & conditions | Massey Accounting Company

 

Initial set up

 

You are responsible for establishing the staging date applicable for your payroll. You will advise us if you bring forward, postpone or otherwise delay any aspect of your staging. We will assist you in establishing the staging date that applies. This is the date that you, as an employer, must start to auto enrol your workers.

 

Using the data supplied by you in order for us to complete your payroll we will identify those individuals who would qualify as a ‘worker’ for auto enrolment purposes and will produce a list of them. We will send you this list together with the definition of a ‘worker’ and, if required and requested, Pension Regulator guidance on how to assess workers’ earnings and if the worker is under a UK contract. You should review this definition for any individual not included on the payroll records and inform us of any changes.

 

We will help you to establish which category each worker falls into, whether entitled worker, eligible jobholder or non-eligible jobholder.

 

You will choose a pension scheme that meets the automatic enrolment qualifying criteria and we recommend that you take appropriate independent advice. You can:

  1. Choose the existing scheme used by the business if it is an eligible scheme for auto enrolment;

  2. Go through the National Employment Savings Trust (NEST); or

  3. Seek the advice of a financial adviser on a suitable pension scheme.

 

We will not provide advice on the choice of a scheme, but refer you to guidance issued by the Pension Regulator on pension scheme selection.

 

You are responsible for providing the required statutory information to your workers.

 

You will enrol all eligible jobholders into an eligible pension scheme on the appropriate date. We will assist you in this process. If required, we will prepare and send to you for distribution a notice for each eligible jobholder telling them that they have been or will be enrolled, and setting out what that means for them, and also detailing their right to opt out (and to opt back in again). We will send information about the eligible jobholders to the pension scheme. (For eligible jobholders who are already active members of a qualifying scheme, we will prepare a notice for you to send them giving them information about the scheme. This is the only action required for such members.)

 

If required, we will prepare and send to you a notice to send to each non-eligible jobholder that sets out certain information about opting in to an automatic enrolment scheme and what this means for them. They do not need to be automatically enrolled but have the right to opt in. If the non-eligible jobholder chooses to opt in, you will enrol them onto the scheme on receipt of an opt-in notice. We will assist you in this process. We will send information to the pension scheme about those non-eligible jobholders who choose to opt in.

 

If required, we will prepare and send to you a notice to send to each entitled worker, giving them information about joining a pension scheme and what it means for them. You will arrange membership to a scheme for those entitled workers who choose to join and complete a joining notice. This can be a different scheme to the one used for auto enrolment. We will assist you in this process.

 

You are required within five calendar months of your staging date to make a declaration of compliance with the Pensions Regulator. If required by you in writing to assist, we will, on receipt of the scheme information from you and the pension provider, assist you in making the declaration with the Pensions Regulator.

 

Recurring compliance work

 

As part of the preparation of your UK payroll, we will:

  1. calculate the deductions to be made from each worker’s pay

  2. calculate the contribution you as an employer are obliged to make to the scheme

  3. process through the payroll any refunds from the scheme

 

We will include the pension payments on the following documents:

  1. the payroll summary report showing the reconciliation from gross to net for each employee and all relevant payroll totals

  2. a report showing your total pension contributions (employees and employers) and due date for payment

 

We can provide advice to you regarding your choice of a pension scheme but we are not authorised to provide specific advice to your employees. You are responsible for choosing a pension scheme that meets the automatic enrolment qualifying criteria and we recommend that you take appropriate independent advice.

 

We can assist you by:

  1. providing factual information about pension schemes

  2. helping you to compare schemes

  3. referring you to a specialist adviser

  4. referring you to guidance issued by The Pensions Regulator on pension scheme selection.

 

We will help you to establish which category each worker falls into, whether entitled worker, eligible jobholder or non-eligible jobholder.

 

We will prepare and send to you a notice to send to each non-eligible jobholder that sets out certain information about opting in to an automatic enrolment scheme and what this means for them. If the non-eligible jobholder chooses to opt in, you will enrol them onto the scheme on receipt of an opt-in notice. We will assist you in this process. We will send information to the pension scheme about those non-eligible jobholders who choose to opt in.

 

We will prepare and send to you a notice to send to each entitled worker, giving them information about joining a pension scheme and what it means for them. This includes new starters and those becoming eligible to be enrolled by age or earnings. They do not need to be automatically enrolled but have the right to opt in. You will arrange membership to a scheme for those entitled workers who choose to join and complete a joining notice. This can be a different scheme to the one used for auto-enrolment. We will assist you in this process.

 

We will prepare a notice for you to give to the eligible jobholder telling them that they have been enrolled, setting out what that means for them and also detailing their right to opt out (and to opt back in again). You must re-enrol eligible jobholders every three years. We recommend that you establish a process for this review.

 

We will, on receipt of the scheme information from you and the pension provider, assist you when you make your declaration of compliance to The Pensions Regulator.

 

Ad hoc queries by way of telephone and email enquiries are not routine compliance and may result in additional fees. As indicated below, where appropriate we will aim to discuss and agree additional fees, but it may not always be possible to agree these in advance and we reserve the right to charge you an additional fee for these queries.

 

Ad hoc and advisory work

 

Where you have instructed us to do so we will provide such other taxation ad hoc and advisory services as may be agreed between us from time to time. These services will be subject to the terms of this engagement letter and standard terms and conditions of business unless we decide to issue a separate engagement letter. An additional fee may be charged for these services.  Examples of such work include:

  • dealing with any enquiry from The Pensions Regulator

  • preparing any amended records that may be required and corresponding with The Pensions Regulator as necessary.

 

Where specialist advice is required on occasion, we may need to seek this from or refer you to appropriate specialists. We will only do this when instructed by the nominated person.

 

Changes in the law or public policy and practice

 

We will not accept responsibility if you act on advice given by us on an earlier occasion without first confirming with us that the advice is still valid in the light of any change in the law or public policy and practice or your circumstances.

 

We will accept no liability for losses arising from changes in the law or public policy and practice that are first published after the date on which the advice is given.

 

Your responsibilities

 

You are legally responsible for:

  1. ensuring that your payroll and pensions records are correct and complete

  2. making payment of pensions contributions on time.

 

You will keep and retain the records required by law. These include:

  1. records about jobholders and workers, eg name, date of birth, national insurance number, gross earnings, contributions, gender, address, status within the pension scheme, opt-in notice, opt-out notice and joining notice

  2. records about the pension scheme, eg employer pension scheme reference, scheme name and address, and other information in respect of specific pension schemes.

 

You must retain these records for six years except for requests to leave the pension scheme, which must be kept for four years.

 

You are responsible for choosing an eligible scheme and for regularly reviewing that it meets the automatic enrolment qualifying criteria, and we recommend that you take appropriate independent advice.

 

You are responsible for providing all relevant information to the trustees or managers of the pension scheme within the statutory period.

 

You are responsible for the monitoring of workers’ age and earnings, and agree to advise us on any change in categorisation or status of your workers.

 

You are responsible for monitoring opt-in and opt-out requests and where workers with the right to opt in or opt out exercise that right. If required and requested by you, we will assist you in providing appropriate information for you to provide to the jobholder.

 

You are responsible for providing the required statutory information to your workers. This includes writing to new starters and those becoming eligible to be enrolled by age or earnings within six weeks of them meeting the age or earnings criteria.

 

You will enrol all eligible jobholders into an eligible pension scheme on the appropriate date.

You are legally responsible for:

  1. choosing your re-enrolment date from within a six-month window, which starts three months before the third anniversary of your automatic enrolment staging date and ends three months after it

  2. assessing your job holders, including those enrolled into the scheme and those you will put back into the scheme.

 

You are required within five calendar months from the start of your legal duties and thereafter when re-enrolling eligible jobholders to make a declaration of compliance with The Pensions Regulator.

To enable us to carry out our work, you agree:

  1. to provide full information necessary for dealing with your workers’ pensions; we will rely on this information and documents being true, correct and complete, and will not audit the information or documents

  2. to agree with us the name(s) of the person(s) authorised by you to notify us of changes in employees and in rates of pay. We will process the changes only if notified by that (those) individual(s)

  3. to advise us in writing of changes of payroll pay dates

  4. to notify us at least 5 working days prior to the payroll date of all transactions or events that may need to be considered in relation to auto-enrolment obligations for the period, including details of:

  • all new workers and details of their remuneration packages

  • all leavers and details of termination arrangements for all workers

  • changes in categorisation or status of your workers

  • all opt-in and opt-out requests from your workers

  • all remuneration changes for all workers

  • all pension scheme changes.

 

You will keep us informed of material changes in circumstances that could affect the pension scheme, workers and deductions. If you are unsure whether the change is material or not, please let us know so that we can assess its significance or otherwise and to seek your authority to approach such third parties as may be appropriate for information that we consider necessary to deal with your affairs.

 

Where you wish us to deal with them you will forward to us all communications received from The Pension Regulator. These must be provided in time to enable us to deal with them as may be necessary within the statutory time limits. It is essential that you let us have copies of any correspondence received because The Pension Regulator is not obliged to send us copies of all communications issued to you.

 

If the information required to complete the services set out above is received less than 5 days before the payroll date, we will endeavour to process the payroll to meet the agreed payroll date but we will not be liable for any costs or other losses arising if the payroll is late in these circumstances. We may charge an additional fee of up to double the quoted fee for work carried out in a shorter time period.

 

You must also refer to the attached schedule The Data Processor Agreement.

 

Limitation of liability

 

Our services as detailed above are subject to the limitations on our liability set out in the engagement letter and in our standard terms and conditions of business. These are important provisions, which you should read and consider carefully.

 

 

THE DATA PROCESSOR AGREEMENT (APPENDIX TO TERMS OF ENGAGEMENT – PAYROLL SERVICES, INCLUDING AUTO ENROLEMENT)

 

1. Introduction

1.1 This agreement re processing of personal data (the ”Data Processor Agreement”) regulates Massey Accounting Company Limited’s (the ”Data Processor”) processing of personal data on behalf of the client (the ”Data Controller”) and is attached as an addendum to the Engagement Letter in which the parties have agreed the terms for the Data Processor’s delivery of services to the Data Controller.

2. Legislation

2.1 The Data Processor Agreement shall ensure that the Data Processor complies with the applicable data protection and privacy legislation (the ”Applicable Law”), including in particular The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)

3. Processing of personal data

3.1 Purpose: The purpose of the processing under the Service Level Agreement is the provision of the Services by the Data Processor as specified in the Service Level Agreement.

3.2 In connection with the Data Processor’s delivery of the Main Services to the Data Controller, the Data Processor will process certain categories and types of the Data Controller’s personal data on behalf of the Data Controller.

3.3 ”Personal data” includes “any information relating to an identified or identifiable natural person” as defined in GDPR, article 4 (1) (1) (the ”Personal Data”). The categories and types of Personal Data processed by the Data Processor on behalf of the Data Controller are listed in sub-appendix A. The Data Processor only performs processing activities that are necessary and relevant to perform the Main Services. The parties shall update sub-appendix A whenever changes occur that necessitates an update.

3.4 The Data Processor shall have and maintain a register of processing activities in accordance with GDPR, article 32 (2).

4. Instruction

4.1 The Data Processor may only act and process the Personal Data in accordance with the documented instruction from the Data Controller (the ”Instruction”), unless required by law to act without such instruction. The Instruction at the time of entering into this Data Processor Agreement (DPA) is that the Data Processor may only process the Personal Data with the purpose of delivering the Main Services as described in the Main Service Level Agreement. Subject to the terms of this DPA and with mutual agreement of the parties, the Data Controller may issue additional written instructions consistent with the terms of this Agreement. The Data Controller is responsible for ensuring that all individuals who provide written instructions are authorised to do so.

4.2 The Data Controller guarantees to process Personal Data in accordance with the requirements of Data Protection Laws and Regulations. The Data Controller’s instructions for the processing of Personal Data shall comply with Applicable Law. The Data Controller will have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which it was obtained.

4.3 The Data Processor will inform the Data Controller of any instruction that it deems to be in violation of Applicable Law and will not execute the instructions until they have been confirmed or modified.

5. The Data Processor’s obligations

5.1 Confidentiality

5.1.1 The Data Processor shall treat all the Personal Data as strictly confidential information. The Personal Data may not be copied, transferred or otherwise processed in conflict with the Instruction, unless the Data Controller in writing has agreed.

5.1.2 The Data Processor’s employees shall be subject to an obligation of confidentiality that ensures that the employees shall treat all the Personal Data under this DPA with strict confidentiality.

5.1.3 Personal Data will only be made available to personnel that require access to such Personal Data for the delivery of the Main Services and this Data Processor Agreement.

5.2 The Data Processor shall also ensure that employees processing the Personal Data only process the Personal Data in accordance with the Instruction.

5.3 Security

5.3.1 The Data Processor shall implement the appropriate technical and organizational measures as set out in this Agreement and in the Applicable Law, including in accordance with GDPR, article 32. The security measures are subject to technical progress and development. The Data Processor may update or modify the security measures from time-to-time provided that such updates and modifications do not result in the degradation of the overall security.

5.4 The Data Processor shall provide documentation for the Data Processor’s security measures if requested by the Data Controller in writing.

5.5 Data protection impact assessments and prior consultation

5.5.1 If the Data Processor’s assistance is necessary and relevant, the Data Processor shall assist the Data Controller in preparing data protection impact assessments in accordance with GDPR, article 35, along with any prior consultation in accordance with GDPR, article 36.

5.6 Rights of the data subjects

5.6.1 If the Data Controller receives a request from a data subject for the exercise of the data subject’s rights under the Applicable Law and the correct and legitimate reply to such a request necessitates the Data Processor’s assistance, the Data Processor shall assist the Data Controller by providing the necessary information and documentation. The Data Processor shall be given reasonable time to assist the Data Controller with such requests in accordance with the Applicable Law.

5.6.2 If the Data Processor receives a request from a data subject for the exercise of the data subject’s rights under the Applicable Law and such request is related to the Personal Data of the Data Controller, the Data Processor must immediately forward the request to the Data Controller and must refrain from responding to the person directly.

5.7 Personal Data Breaches

5.7.1 The Data Processor shall give immediate notice to the Data Controller if a breach occurs, that can lead to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data transmitted, stored or otherwise processed re the Personal Data processed on behalf of the Data Controller (a “Personal Data Breach”).

5.7.2 The Data Processor shall make reasonable efforts to identify the cause of such a breach and take those steps as they deem necessary to establish the cause, and to prevent such a breach from reoccurring.

5.8 Documentation of compliance and Audit Rights

5.8.1 Upon request by a Data Controller, the Data Processor shall make available to the Data Controller all relevant information necessary to demonstrate compliance with this DPA, and shall allow for and reasonably cooperate with audits, including inspections by the Data Controller or an auditor mandated by the Data Controller. The Data Controller shall give notice of any audit or document inspection to be conducted and shall make reasonable endeavours to avoid causing damage or disruption to the Data Processors premises, equipment and business in the course of such an audit or inspection. Any audit or document inspection shall be carried out with reasonable prior written notice of no less than 30 days, and shall not be conducted more than once a year.

5.8.2 The Data Controller may be requested to sign a non-disclosure agreement reasonably acceptable to the Data Processor before being furnished with the above.

5.9 Data Transfers

5.9.1 Ordinarily, The Data Processor will not transfer your data to countries outside the European Economic Area. In some cases, personal data will be saved on storage solutions that have servers
outside the European Economic Area (EEA), for example, Dropbox or Google. Only those storage solutions that provide secure services with adequate relevant safeguards will be employed.

6. Sub-Processors

6.1 The Data Processor is given general authorisation to engage third-parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorization from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes to object to the relevant Sub-Processor, the Data Controller shall give notice hereof in writing within ten 10 business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed a consent to the relevant Sub-Processor.

6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Services by providing written notice to the Data Processor.

6.3 The Data Processor shall complete a written sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub- Processors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing.

6.4 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions.

6.5 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub- Processors listed in sub-appendix B. If the Data Processor initiates sub-processing with a new Sub-Processor, such new Sub-Processor shall be added to the list in sub-appendix B under paragraph 2.

7. Remuneration and costs

7.1 The Data Controller shall remunerate the Data Processor based on time spent to perform the obligations under section 5.5, 5.6, 5.7 and 5.8 of this Data Processor Agreement based on the Data Processor’s hourly rates.

7.2 The Data Processor is also entitled to remuneration for any time and material used to adapt and change the processing activities in order to comply with any changes to the Data Controller’s Instruction, including implementation costs and additional costs required to deliver the Main Services due to the change in the Instruction. The Data Processor is exempted from liability for non-performance with the Main Agreement if the performance of the obligations under the Main Agreement would be in conflict with any changed Instruction or if contractual delivery in accordance with the changed Instruction is impossible. This could for instance be the case; (i) if the changes to the Instruction cannot technically, practically or legally be implemented; (ii) where the Data Controller explicitly requires that the changes to the Instruction shall be applicable before the changes can be implemented; and (iii) in the period of time until the Main Agreement is changed to reflect the new Instruction and commercial terms thereof.

8. Limitation of Liability

8.1 The total aggregate liability to the Client, of whatever nature, whether in contract, tort or otherwise, of the Data Processor for any losses whatsoever and howsoever caused arising from or in any way connected with this engagement shall be subject to the “Limitation of Liability” clause set out in the engagement letter.

8.2 Nothing in this DPA will relieves the processor of its own direct responsibilities and liabilities under the GDPR.

9. Duration

9.1 The Data Processor Agreement shall remain in force until the engagement is terminated.

10. Data Protection Officer

10.1 The Data Processor will appoint a Data Protection Officer where such appointment is required by Data Protection Laws and Regulations.

11. Termination

11.1 Following expiration or termination of the Agreement, the Data Processor will delete or return to the Data Controller all Personal Data in its possession as provided in the Agreement except to the extent the Data Processor is required by Applicable law to retain some or all of the Personal Data (in which case the Data Processor will archive the data and implement reasonable measures to prevent the Personal Data from any further processing). The terms of this DPA will continue to apply to such Personal Data.

12. Contact

12.1 The contact information for the Data Processor and the Data Controller is provided in the engagement letter.

bottom of page