GDPR

  1. Data Protection Clause (EU Companies)

1.1.1 “Applicable Data Protection Legislation” shall mean (a) the Irish Data Protection Act 2018; and (b) the General Data Protection Regulation (GDPR), read in conjunction with and subject to any applicable EU Member State national legislation that provides for specifications or restrictions of the GDPR’s rules;

1.1.2 “Customer” shall mean the entity contracting with Truway Holdings Ltd as identified in the agreement between such customer and Truway Holdings Ltd;

1.1.3 “Truway Holdings Ltd” shall mean Truway Holdings Ltd. an entity identified in the agreement with the Customer as the Service Provider;

1.1.4 “GDPR” shall mean the General Data Protection Regulation (EU) 2016/679; and

1.1.5 “Personal Data”, “Data Controller”, “Data Processor”, “Data Subject”, and “processing” (and other parts of the verb ‘to process’) shall have the meaning set out in the Applicable Data Protection Legislation.

1.2 Each party shall comply at all times with its respective obligations under the provisions of the Applicable Data Protection Legislation and shall not perform its obligations under this Agreement in such a way as to cause the other to breach any of its applicable obligations under Applicable Data Protection Legislation.

1.3 In the event Truway Holdings Ltd provides a service listed in (hyperlink to our Product Privacy Page and referred to as our “Product Related Privacy Notice”), then Truway Holdings Ltd processes Personal Data on behalf of the Customer as described in the Product Related Privacy Notice and for such purposes Truway Holdings Ltd is the Data Processor and the Customer is the Data Controller. In connection with such processing Truway Holdings Ltd shall:

1.3.1 Process the Personal Data only on documented instructions from the Customer and in accordance with this Agreement;

1.3.2 Ensure that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality and take steps to ensure that such persons only act on Truway Holdings Ltd’s instructions in relation to the processing;

1.3.3 Implement appropriate technical and organisational measures to protect the Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm and risk which might result from any unauthorised or unlawful processing, accidental loss, destruction or damage to the Personal Data and having regard to the nature of the Personal Data which is to be protected (and the Customer shall notify Truway Holdings Ltd immediately if the nature of such Personal Data changes in a material way);

1.3.4 Remain entitled to appoint third party sub-processors. Where Truway Holdings Ltd appoints a third party sub-processor, it shall, with respect to data protection obligations: (a) ensure that the third party is subject to, and contractually bound by, at least the same obligations as Truway Holdings Ltd; and (b) remain fully liable to the Customer for all acts and omissions of the third party;

1.3.5 In addition to the sub-processors engaged pursuant to clause 1.3.4 above, be entitled to engage additional or replacement sub-processors, subject to: (a) the provisions of clause 1.3.4 above being applied; and (b) Truway Holdings Ltd notifying the Customer of the additional or replacement sub-processor, and where the Customer objects to the additional or replacement sub processor, the parties shall discuss the objection in good faith;

1.3.6 Not transfer Personal Data outside of the European Economic Area except where such transfer is made in such a way as to ensure that the level of protection offered to natural persons by the Applicable Data Protection Law is not undermined;

1.3.7 Assist the Customer to respond to requests from Data Subjects who are exercising their rights under the Applicable Data Protection Legislation;

1.3.8 Notify the Customer without undue delay after becoming aware that it has suffered a Personal Data breach and shall not inform any third party of the Personal Data breach without first obtaining the Customer’s prior written consent, except when law or regulation requires it;

1.3.9 Upon the Customer’s reasonable request, assist the Customer to comply with the Customer’s obligations pursuant to Articles 32-36 of the GDPR (or such corresponding provisions of the Applicable Data Protection Legislation), comprising (if applicable): (a) notifying a supervisory authority that Truway Holdings Ltd has suffered a Personal Data breach; (b) communicating a Personal Data breach to an affected individual; (c) carrying out an impact assessment; and (d) where required under an impact assessment, engaging in prior consultation with a supervisory authority;

1.3.10 Unless applicable law requires otherwise, upon termination of the Agreement, at the option of the Customer comply or procure compliance with the following (i) delete all personal data provided by the Customer to Truway Holdings Ltd and/or (ii) return to the Customer all Personal Data provided by the Customer to Truway Holdings Ltd; and

1.3.11 Not more than once in any 12 month period and on reasonable notice, of at least twenty (20) business days, permit the Customer (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit Truway Holdings Ltd’s data processing activities to enable the Customer to verify and/or procure that Truway Holdings Ltd is complying with its obligations under this clause.

1.4 Each party may collect, store and process contact Personal Data (such as name, work email address, telephone/mobile work number, and work address) of the other party and/or its employees for the purposes of the performance of this Agreement, and such collection and/or processing shall be carried out in accordance with such party’s privacy policy. 

  1. Data Protection Clause (UK Companies)

2.1.1 “Applicable Data Protection Legislation” shall mean (a) the Data Protection Act 2018; and (b), the General Data Protection Regulation (GDPR), read in conjunction with and subject to any applicable UK national legislation that provides for specifications or restrictions of the GDPR’s rules;

2.1.2 “Customer” shall mean the entity contracting with Truway Holdings Ltd as identified in the agreement between such customer and Truway Holdings Ltd;

2.1.3 “Truway Holdings Ltd” shall mean Truway Holdings Ltd., an entity identified in the agreement with the Customer as the Service Provider;

2.1.4 “GDPR” shall mean the General Data Protection Regulation (EU) 2016/679; and

2.1.5 “Personal Data”, “Data Controller”, “Data Processor”, “Data Subject”, and “processing” (and other parts of the verb ‘to process’) shall have the meaning set out in the Applicable Data Protection Legislation.

2.2 Each party shall comply at all times with its respective obligations under the provisions of the Applicable Data Protection Legislation and shall not perform its obligations under this Agreement in such a way as to cause the other to breach any of its applicable obligations under Applicable Data Protection Legislation.

2.3 In the event Truway Holdings Ltd provides a service listed in (hyperlink to our Product Privacy Page and referred to as our “Product Related Privacy Notice”) then Truway Holdings Ltd processes Personal Data on behalf of the Customer as described in the Product Related Privacy Notice and for such purposes Truway Holdings Ltd is the Data Processor and the Customer is the Data Controller. In connection with such processing Truway Holdings Ltd shall:

2.3.1 Process the Personal Data only on documented instructions from the Customer and in accordance with this Agreement;

2.3.2 Ensure that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality and take steps to ensure that such persons only act on Truway Holdings Ltd’s instructions in relation to the processing;

2.3.3 Implement appropriate technical and organisational measures to protect the Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm and risk which might result from any unauthorised or unlawful processing, accidental loss, destruction or damage to the Personal Data and having regard to the nature of the Personal Data which is to be protected (and the Customer shall notify Truway Holdings Ltd immediately if the nature of such Personal Data changes in a material way);

2.3.4 Remain entitled to appoint third party sub-processors. Where Truway Holdings Ltd appoints a third party sub-processor, it shall, with respect to data protection obligations: (a) ensure that the third party is subject to, and contractually bound by, at least the same obligations as Truway Holdings Ltd; and (b) remain fully liable to the Customer for all acts and omissions of the third party;

2.3.5 In addition to the sub-processors engaged pursuant to clause 2.3.4 above, be entitled to engage additional or replacement sub-processors, subject to: (a) the provisions of clause 2.3.4 above being applied; and (b) Truway Holdings Ltd notifying the Customer of the additional or replacement sub-processor, and where the Customer objects to the additional or replacement subprocessor, the parties shall discuss the objection in good faith;

2.3.6 Not transfer Personal Data outside of the UK except where such transfer is made in such a way as to ensure that the level of protection offered to natural persons by the Applicable Data Protection Law is not undermined;

2.3.7 Assist the Customer to respond to requests from Data Subjects who are exercising their rights under the Applicable Data Protection Legislation;

2.3.8 Notify the Customer without undue delay after becoming aware that it has suffered a Personal Data breach and shall not inform any third party of the Personal Data breach without first obtaining the Customer’s prior written consent, except when law or regulation requires it;

2.3.9 Upon the Customer’s reasonable request, assist the Customer to comply with the Customer’s obligations pursuant to Articles 32-36 of the GDPR (or such corresponding provisions of the Applicable Data Protection Legislation), comprising (if applicable): (a) notifying a supervisory authority that Truway Holdings Ltd has suffered a Personal Data breach; (b) communicating a Personal Data breach to an affected individual; (c) carrying out an impact assessment; and (d) where required under an impact assessment, engaging in prior consultation with a supervisory authority;

2.3.10 Unless applicable law requires otherwise, upon termination of the Agreement, at the option of the Customer comply or procure compliance with the following (i) delete all personal data provided by the Customer to Truway Holdings Ltd and/or (ii) return to the Customer all Personal Data provided by the Customer to Truway Holdings Ltd; and

2.3.11 Not more than once in any 12 month period and on reasonable notice, of at least twenty (20) business days, permit the Customer (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit Truway Holdings Ltd’s data processing activities to enable the Customer to verify and/or procure that Truway Holdings Ltd is complying with its obligations under this clause.

2.4 Each party may collect, store and process contact Personal Data (such as name, work email address, telephone/mobile work number, and work address) of the other party and/or its employees for the purposes of the performance of this Agreement, and such collection and/or processing shall be carried out in accordance with such party’s privacy policy. 

Back
WhatsApp
Messenger
Email
Call Back

    Enter your Phone Number so we can call you to discuss more