1.0 DEFINITIONS

In this Agreement, unless the context otherwise requires, the following definitions will apply:

“Assignment Instructions” means the written instructions prepared by The Company in respect of The Customer’s premises containing details of The Service to be provided. 

“The Agreement” means The Agreement between the Company and The Service Partner. The Company is prepared to outsource the supply of The Service on an individual case basis to The Service Partner upon the terms of The Agreement. The Service Partner agrees to provide The Service under the terms of The Agreement. The Customer is under a separate contractual obligation with The Company but receives The Service from The Service Partner through The Agreement. Upon entering into The Agreement, The Service Partner will become a preferred supplier of The Service to The Company.

“The Company” means Alarm Response & Keyholding Ltd Trading As ARM Secure, Company No. 5599475, whose Registered Office is Suite 2 720 Mandarin Court, Warrington, WA1 1GG, or any other holding company or subsidiary company or associated company under common ownership thereof, designated by Alarm Response & Keyholding Ltd as the contracting party for the purposes of The Agreement.

“The Customer” means any person, company, firm or organisation which is a customer of The Company during the course of The Agreement who is provided with The Service.

“Key Receipt” means the Company’s standard form document (a copy of which has been provided to the Service Provider prior to the date of The Agreement) required to be signed by The Service Provider acknowledging receipt of keys, access codes, key cards and any other thing that may be required to obtain access to The Customer’s premises. The Key Receipt shall contain an undertaking required to be provided by The Service Partner to The Company confirming that the keys, access codes, key cards and any other thing that may be required to obtain access to The Customer’s premises shall be held by The Service Provider in accordance with best industry standards and all appropriate security requirements shall be adhered to.

“The Parties” means The Company and The Service Partner 

“The Service” means the provision of keyholding, emergency response and mobile security services, lock ups, guarding, and other complimentary services as agreed between The Parties to be provided by The Service Partner and supplied to The Customer by The Company under the terms of The Agreement.

 “The Service Partner” means The Service Partner and any person firm, or company carrying out The Service on behalf of The Company or any other holding company or subsidiary company or associated company under common ownership of The Service Partner, designated by Alarm Response & Keyholding Ltd as the contracting party for the purposes of The Agreement

“Service Provider Management System” means the online reporting software application, portal or platform that ARM Secure grants The Service Partner access to in order to submit duty reports.

2.0 SUPPLY OF SERVICES

2.1 The Service Partner shall supply The Services to The Customer on behalf of The Company in accordance with the terms of The Agreement, as required by The Company.
2.2 The Service Partner warrants to The Company that for the duration of The Agreement it shall:
2.2.1 Perform The Service with the highest level of care skill and diligence in accordance with best practice in The Service Provider’s industry, profession or trade;
2.2.2 Provide The Service according to The Company and The Customer’s specifications and in accordance with British Standard BS7984-1:2016 Keyholding and Response Services and BS7858 2019 – codes of practice or any superseding document, standard or regulation in place at the time The Service is delivered as a minimum level of service requirement;
2.2.3 Use its best endeavours to visit The Customer to supply The Service at the times agreed between The Company and The Customer as notified by The Company to The Service Partner and shall be bound by the conditions as set out in The Customer’s order to The Company;
2.2.4 Be bound by the conditions and standards as laid down in the Company’s Health and Safety Policy;
2.2.5 Provide The Company with sufficient evidence that they and their employees have been screened in accordance with BS7858:2019 and provide evidence of the screening to both The Company and The Customer immediately on request. The evidence must not include personal data but sufficient evidence to ensure compliance with this clause. Where this evidence is not provided within a reasonable period of time, The Service Partner shall not continue to provide The Service and The Agreement may be terminated immediately on written notice by The Company with no penalty to The Company nor any requirement to pay any outstanding invoices due to the Service Provider at the time this Agreement is terminated;
2.2.6 Hold SIA Approved Contractor Status for the provision of the scope of The Service being provided to The Customer;
2.2.7 (Being a Limited Company) adheres to the working time directive 2003 / 88 / EC and the National Minimum Wage Act and follows the HMRC rules in relation to PAYE;
2.2.8 Not have authority to invoice and shall not accept any payments from The Customers for the supply of The Service. The Company shall invoice The Customer only and any payment made / passed to The Service Partner by The Customer shall be held on trust and passed to The Company within one working day; and
2.2.9 Supply The Services placed under The Agreement, which shall not be varied without The Company’s written consent. These conditions are to the exclusion of all other standard terms and conditions incorporated within any of The Service Partner’s documents unless an authorised representative of The Company, expressly agrees them in writing.
2.3 The Company engages The Service Partner upon the basis that The Service Partner has the status of a private limited company or self-employed person or partnership and The Service Partner shall be responsible for all its own tax liabilities and National Insurance contributions and The Service Partner shall indemnify and keep indemnified The Company forthwith, on demand, in full and without any set-off, counterclaim or any other deduction against any claims which may be made by the relevant authorities against The Company in respect of tax liabilities and National Insurance or similar contributions relating to The Service Partner’s rights and obligations under this Agreement.
2.4 The Parties shall agree rates for work undertaken on a site-by-site basis in writing and in accordance with The Companies process.
2.5 The Agreement supersedes any previous agreement between The Parties prior to this date. The Company may assign all contracts with The Service Partner at any time as The Company’s business needs and structure demand.
2.6 The Service Provider shall not assign or novate the terms of The Agreement without prior written consent from The Company.
2.7 The Company may vary the conditions of The Agreement by providing advance written notice to The Service Partner at any time.

3.0 EQUIPMENT AND ASSISTANCE

3.1 The Company shall use reasonable endeavours to arrange access to The Customer’s premises on behalf of The Service Partner to enable the provision of The Service. The Company will not accept and shall not be liable for any costs levied against the Company by The Service Partner related to denied any access.

4.0 PAYMENT

4.1 After 60 days following the receipt by The Company of an agreed invoice, The Company shall pay The Service Partner in accordance with the Rates agreed, provided that a fully detailed description of The Service has been provided which must include all the works carried out, the date such works were carried out, time of attendance, operator details and time of leaving site which must also detail The Company’s Service Provider Management System unique reference number.
4.2 All payments shall be made to The Service Partner by The Company by way of electronic payment.
4.3 The Company has no obligation to pay The Service Partner in relation to any invoices received over 60 days following the provision of the aspect of The Service to which it relates. By way of example and for the avoidance of doubt, annual service fees must be invoiced within 60 days of the renewal date and invoices for activations must be received within 60 days of the activation date.
4.4 The Service Partner will be liable to pay The Company a pro-rata refund if The Customer cancels their agreement with The Company on the grounds of poor performance by the Service Partner. In this event The Service Partner agrees to refund The Company with immediate effect.
4.5 The Company shall be under no obligation to pay sums to The Service Provider in the event of The Service Partner’s insolvency as more particularly defined in clause 7.1.2.
4.6 The Service Partner shall not be entitled to charge The Company interest on any payments due to be paid to The Service Provider in accordance with clause 4.1.
4.7 The Service Partner shall pay to The Company a 5% retrospective annual rebate calculated on the aggregate of all invoices submitted to The Company by The Service Partner over the previous 12-month period (Exclusive of VAT). The Service Partner shall pay The Company the retrospective annual rebate within 60 days of the end of each calendar year or otherwise on the date this Agreement ends (howsoever it ends and whichever date is the earlier). In the event that the retrospective annual rebate is not paid on the due date, The Company may deduct the retrospective annual rebate from any outstanding invoices or other sums due from The Company to The Service Provider.

5.0 DURATION

5.1 The Agreement shall begin on either (i) the date upon which it is signed by The Parties or (ii) the date the Service Partner provides The Services following receipt of the terms of this Agreement (whether by post or email) (whichever is the earlier) and shall, subject to the provisions for Clause 7, Clause 8, Clause 9 and Clause 11, continue in force until terminated by either of The Parties giving to the other, a minimum of 1 months written notice (the “Term”). Upon completion of the notice period, all instructions to provide The Services will be terminated either immediately or upon the anniversary date of each contract between The Company and The Customer for whom The Service Partner provided The Service to be decided at the sole discretion of The Company.
5.2 For the avoidance of any doubt, the Service Partner is deemed to have accepted the terms of this Agreement in its entirety and the provision of any of The Services by the Service Partner following the Service Partner having received this Agreement (whether by post or electronically by email) shall be carried out fully in accordance with the terms of this Agreement.
5.3 The Service Partner shall be deemed to have duly received this Agreement:
a) on the second business day following The Company having sent this Agreement (by first class post) to the Service Partner’s registered office address or trading address or the address last known to The Company; or
b) on the fifth business day following The Company having sent this Agreement (by second class post) to the Service Partner’s registered office address or trading address or the address last known to The Company; or
c) on the same day this Agreement is sent by email to the Service Partner to an email address The Company reasonably believes is being used by the Service Partner.
5.4 The terms of this Agreement shall be to the exclusion of all other terms and conditions or any previous course of dealings (including any terms and conditions contained in any acknowledgement or order sent or provided by the Service Partner) unless specifically agreed in writing to the contrary by a director of The Company.

6.0 LIABILITY AND INSURANCE

6.1 The Service Partner shall indemnify the Company and keep The Company indemnified, on demand, in full and without any set off, counterclaim or any other deduction whatsoever against all claims, actions, proceedings, loss, damage, costs and expenses incurred by The Company as a result of:
6.1.1 Any breach by The Service Partner of the warranties in Clause 2;
6.1.2 Any and all damage to (i) any premises (whether or not owned by The Customer) and (ii) the contents of any such premises where The Service is carried out which is caused by any act or omission of The Service Partner.
6.2 Without prejudice to the obligations under Clause 2, The Service Partner acknowledges that The Services shall be provided for the ultimate benefit of The Customer and The Service Partner shall:
6.2.1 Provide The Services so that no act or omission by The Service Provider (or any of its subcontractors) in relation thereto will constitute, cause or contribute to any breach by The Company of any of its obligations under and/or in connection with the contract with The Customer (the substantive requirements of which have been provided to The Service Provider prior to The Services being provided by The Service Partner); and
6.2.2 Assume and perform all the obligations and observe and comply with all the terms of the contract between The Company and The Customer on the part of The Company to be assumed, performed and complied with insofar as they relate and apply to The Services or any part thereof.

6.3 The Service Partner shall, for the duration of The Agreement, ensure that it is insured with a reputable insurance company up to a limit of not less than £2,000,000 (two million pounds sterling) for any type of loss or damage (whether to persons or property) caused by the negligence of The Service Partner. The Service Partner shall promptly supply The Company with copies of the insurance policy at least annually, schedules of such insurance and proof of payment of premiums. This insurance cover shall include loss of keys cover and The Service Partner accepts that he is responsible solely for the cost of any replacement keys, key cards, locks and any associated costs, damages, losses or expenses that may be incurred by The Company or charged to The Company as a result of a loss of any item or thing required to gain access to any of The Customer’s premises.

6.4 The Service Provider shall further indemnify and keep The Company indemnified against all losses, charges, expenses and damages sustained by the Company or the Customer arising as a result of the loss of any item or thing required to gain access to any of The Customer’s premises.

6.5 The Service Provider shall immediately on demand by The Company return the keys, key cards, access codes and any item or thing required to gain access to any of The Customer’s premises without claiming any lien or any other right to withhold the keys, key cards, access codes and any item or thing required to gain access to any of The Customer’s premises.

7.0 TERMINATION

7.1 The Company may terminate The Agreement at any time by giving notice in writing to The Service Partner upon the happening of any one or more of the following events namely:
7.1.1 The Service Partner commits a breach of The Agreement which, in the case of a breach capable of remedy, is not remedied within 30 days of the party receiving written notice from the other to remedy or desist from such breach; or
7.1.2 The Service Partner, being an individual, partnership or a partner therein, appears to be unable to pay his debts within Section 26(f) of the Insolvency Act 1986 (or subsequent re-enactments of this legislation) or make any voluntary arrangement within Section 235 of the said Act (or subsequent re-enactments of this legislation) or presents his own, or has presented against him, a bankruptcy petition; or being a Limited Company is deemed to be unable to pay its debts within Section 123 of the Insolvency Act 1986 (or subsequent re-enactments of this legislation) or makes any voluntary arrangement within Section 1 of the said Act (or subsequent re-enactments of this legislation) or has an Administrative Receiver or a Receiver and Manager appointed of the whole or any part of its undertaking, property, or assets, or has a petition presented and order made, or a resolution for the winding up of it, or for the appointment of an Administrator to it; or
7.1.3 If a problem arises that causes the cleared security screening status of The Service Partner (including Disclosure and Barring Services (DBS) changes of status) to be withdrawn; or
7.1.4 In the event of The Service Partner failing to provide The Service in a manner acceptable to The Company or The Customer, or the work is not in accordance with British Standard BS7984-1:2016 Keyholding and Response Services and BS7858:2019 – codes of practice and/or documents superseding them, or failure to adhere to The Company’s or The Customers guidelines and specifications. For the avoidance of doubt termination of The Agreement based on a failure to deliver The Service will be at the sole discretion of The Company.
7.2 Termination of The Agreement shall be without prejudice to any other rights or remedies, which either of The Parties may have at the date of termination.
7.3 On the termination of The Agreement for any reason, The Service Partner shall, immediately on demand from the time of termination, deliver or post and agree with The Company at a time and place specified by The Company any equipment, keys, access codes or documentation belonging to or relating to The Company or The Customer in the possession, custody or control of The Service Partner at the date of termination.
7.4 Failure to return any keys, access codes, or any other means of entry into The Customer’s premises along with proper identification of the keys and instructions will result in The Company incurring significant cost to remedy this failure. The Service Partner will be responsible and liable for these costs and any costs involved in the recovery of these costs as per the loss of the end client and shall pay The Company for subsequent replacement. This will be paid to The Company within 30 days of receipt of an invoice from The Company for these costs without any deduction whatsoever.

8.0 SUBCONTRACTING / ASSIGNMENT AND INTRODUCTIONS

8.1 The Service Partner shall not assign any part of The Service without the written consent of The Company and, even if such consent is given, it shall not relieve The Service Partner of any of their liabilities or obligations under The Agreement. The Company maintains a list of approved partners for services such as; boarding up, glazing, emergency services and has formal arrangements with those approved partners directly and The Service Partner must ensure these approved partners are appointed to undertake the relevant works for The Customer to the satisfaction of The Company.
8.2 The Service Provider shall not directly or indirectly solicit or entice away (or attempt to solicit or entice away) from the employment of The Company or employ or attempt to employ any of The Company’s employees, directors, workers or consultants at any time during the Term or for a further period of twelve (12) months after the expiry or termination of this Agreement other than by means of a national advertising campaign open to all comers (excluding a general LinkedIn job post) and not specifically targeted at any of The Company’s employees, directors, workers or consultants. In the event that an approach or engagement is made in breach of this clause 8.2, The Service Partner shall be liable to The Company for a fee to the value of 39% of the relevant individual’s gross annual salary (which shall include any benefits (including car allowances or similar) or bonuses received by the relevant individual in the 12 months prior to the approach) (the “Agency Fee”). The Agency Fee shall be payable within seven (7) working days of the commencement of employment by the relevant individual with The Service Provider or the Agency Fee shall be payable by the Service Partner within seven (7) working days of any attempt to solicitor or entice the relevant individual away from The Company. The Service Partner agrees and acknowledges that the payment of the Agency Fee is fair and reasonable having regard to the training, recruitment and replacement of another employee, director, worker or consultant.
8.3 The Company may terminate this Agreement immediately on written notice to The Service Provider in the event of a breach by the Service Partner of clause 8.2.
8.4 The Service Partner shall provide not less than three months advance notice in writing to a director of The Company (such notice to be sent by email and by recorded delivery) and shall include the date of the launch of the national advertising campaign (referred to in clause 8.2). The intended date of the launch of the national advertising campaign must be included in the written notice required in accordance in this clause shall not be a date that is less than 3 months from the date of the written notice to The Company.

9.0 STANDARDS OF PERFORMANCE

9.1 The Service Partner will send a copy of the Assignment Instructions and Key Receipt to The Company within a maximum of 72 hours of the site survey and key collection taking place.
9.2 Subject to clause 9.3, The Service Partner will send all Activation Reports to The Company via the Service Provider Management System by the next working day after an activation to enable the company to notify The Customer of its attendance. Failure to comply within this clause will nullify payment of the invoice relating to the event and The Service Partner will agree to credit any invoice raised relating to the event.
9.3 The Service Partner shall provide live visibility of The Service Partner’s attendance at the relevant premises should a live visibility request by made by The Company or The Customer.
9.4 The Service Provider shall procure that any of its personnel, when on The Customer’s premises, comply with all health and safety rules, regulations and risk assessments identified by The Service Provider when undertaking the site survey (referred to in clause 9.1) as well as any other requirements that may be notified to it by The Company.
9.5 The Service Provider shall:
9.5.1 comply with The Company’s policies and procedures, including, health, safety, environment and security;
9.5.2 ensure that all Service Provider personnel are aware of their legal responsibilities towards health, safety and environmental management, as well as any specific requirements from the Company;
9.5.3 ensure all Service Provider personnel have received relevant health and safety training as required by their role with annual refresher training;
9.5.4 ensure that all legal health, safety and environmental requirements and standards are met;
9.5.5 ensure that all the Company’s and any legal health, safety and environmental management reporting requirements are met;
9.5.6 ensure that all activities requiring a risk assessment and/or method statement are in place prior to any activity taking place. The Service Provider should actively participate in the risk assessment process to ensure operational application and assessment;
9.5.7 take directions from members of the Customer’s / Company’s safety/environmental team, incident management and crisis management teams, in the event of an alarm activation, incident or crisis on site, unless they feel that the request would put them at risk of injury or ill health; and
9.5.8 report immediately to The Company safety advisor any breach of health, safety and/or environmental standard and any accident or incident within 24 hours.
9.6 Repeated failure by The Service Partner to comply with the conditions of Clause 9 may result in the immediate termination of The Agreement at the sole discretion of The Company.

10.0 CONFIDENTIALITY

10.1 Any confidential information disclosed by either of The Parties must remain private and must not be disclosed to any third party without the other party’s written consent. Without prejudice to the generality of the foregoing, The Service Partner or his agents acknowledge that the identities and any information about The Customer, including information belonging to The Company, and The Service Partner shall also not disclose the same to any third party without The Company’s written consent.
10.2 The obligations of confidentiality imposed by clause 10.1 shall not apply to any information, which is, or becomes part of any overriding legal obligation to disclose the information by operation of law.
10.3 The obligations of confidentiality imposed by clause 10.1 shall survive the termination of this Agreement.

11.0 COMPETITION

11.1 The Service Partner hereby agrees:
11.1.1 that they will not, at any time whilst contracted by The Company, solicit the custom or enter into any arrangement or agreement with any of The Company’s customers to supply goods or services normally provided by The Company, either directly or through a third party. In the event of a breach of this clause, The Company is entitled to terminate The Agreement immediately and recover the value of any loss of business, together with damages expenses and costs incurred from The Service Partner’s breach of The Agreement, including but not limited to; enforcement of this clause and sourcing, vetting and appointment of an alternative Service Partner; and
11.1.2 save for the purpose of the provision of The Service, not to make any record, or copy the details of The Company’s customers. If any such record or copy is made for the purpose of the provision of The Service, then it must be returned to The Company immediately upon termination of The Agreement in accordance with Clause 7.
11.1.3 without prejudice to any other remedy, The Company may have for a breach by The Service Partner of The Agreement, The Service Partner accepts that The Company will be entitled to recover associated consequential loss.
11.2 The Company recognises that:
11.2.1 The Service Partner may have a financial interest in, or advise, or act as consultant to any business or trade which does not compete with that of The Company, provided that his advisory or consultancy work for that business or trade does not in any way, diminish or restrict the performance of his duties to The Company.
11.3 The Service Partner is obliged to pass leads to The Company which are outside of The Service Partner’s geographical and or technical area of coverage. The Service Partner is entitled to be financially rewarded by The Company for any leads that result in new contracts for The Company.

12.0 DATA PROTECTION SCHEDULE

12.1 Where a party to this Agreement processes personal data on behalf of the other party, the Data Protection Schedule (below) shall apply.

13.0 LIMITATION OF LIABILITY

THE SERVICE PARTNER’S ATTENTION IS SPECIFICALLY DRAWN TO THE PROVISIONS OF THIS CLAUSE

13.1 Nothing in this Agreement shall operate to exclude or limit a party’s liability for any of the following:
13.1.1 any fraudulent act or omission; or
13.1.2 any liability that cannot as a matter of law be limited including liability for death or personal injury;
13.2 Subject to the terms of clause 13.1, The Company’s maximum aggregate liability to the Service Provider for losses or damages suffered (whether in contract or tort (including negligence) or otherwise) in connection with this Agreement and the performance and/or receipt of the Services shall be limited to and will in no circumstances whatsoever exceed the sums payable in accordance with Clause 4 of this Agreement.

14.0 RIGHTS OF THIRD PARTIES

12.1 The Parties do not intend that this Agreement or any of its terms shall confer any benefit on or be enforceable by any Third Party.

15.0 ENTIRE AGREEMENT

13.1 The Agreement embodies the entire understanding of The Parties and overrides and / or supersedes any prior promises, representations, understandings or implications.

16.0 LAW AND JURISDICTION

16.1 This Agreement shall be governed by and construed in accordance with the laws of England and The Parties submit to the exclusive jurisdiction of the English courts.

17.0 SIGNED UNDERTAKING

The Parties agree to the terms of The Agreement: 

Signed              …………………………                                 Signed              …………………………

Print Name       …………………………                                  Print Name       …………………………

Position            …………………………                                  Position            …………………………

Date                 …………………………                                  Date                 …………………………

For and on behalf of The Company                                For and on behalf of The Service Partner 

ARM Secure                                                                 [Insert Name of Service Partner]

Suite 2 720 Mandarin Court                                                                      

Warrington

WA1 1GG                                                           

DATA PROTECTION SCHEDULE

1.1 In this schedule, unless the context otherwise requires, the following expressions have the following meaning:

“Data Protection Legislation” means any data protection legislation from time to time in force in the United Kingdom including, but not limited to, the Data Protection Act 2018, any legislation which succeeds that Act, EU Regulation 2016/679 General Data Protection Regulation (“GDPR”), any other directly applicable European Union data protection or privacy regulations (for as long as, and to the extent that, the law of the European Union has legal effect in the United Kingdom), and, where applicable, guidance and codes of practice issued by any relevant data protection supervisory authority or authorities;
“controller”
“data controller”
“data processor”
“data subject”
“personal data”
“processing”
“processor”
“personal data breach”
“special category personal data”
“supervisory authority” and
“appropriate technical and organisational measures” shall have the meanings ascribed thereto in the Data Protection Legislation;
“Representatives” means, in relation to either Party, its officers and employees, professional advisers or consultants engaged to advise that Party, contractors or sub-contractors engaged by that Party;
“Shared Personal Data” means the personal data and special category personal data to be shared between the Parties under this schedule;
“Stated Purposes” means the purposes set out in paragraph 18 for which the Shared Personal Data is to be shared;
“Term” means the term of this Agreement.

1.2 Unless the context otherwise requires, each reference in this schedule to:
1.2.1 “writing”, and any cognate expression, includes a reference to any communication effected by electronic or facsimile transmission or similar means;
1.2.2 a statute or a provision of a statute is a reference to that statute or provision as amended or re-enacted at the relevant time;
1.2.3 “this schedule” is a reference to this Schedule as amended or supplemented at the relevant time;
1.2.4 a Paragraph or paragraph is a reference to a Paragraph of this Schedule; and
1.2.5 a “Party” or the “Parties” refer to the parties to this Agreement.
1.3 The headings used in this Schedule are for convenience only and shall have no effect upon the interpretation of this Schedule.
1.4 Words imparting the singular number shall include the plural and vice versa.
1.5 References to any gender shall include the other gender.
1.6 References to persons shall include corporations.

Stated Purposes
2.1 This Schedule establishes the framework for the sharing of the Shared Personal Data between the Parties as data controllers.
2.2 The Parties have determined that the sharing of the Shared Personal Data is necessary to the provision of keyholding, emergency response and mobile security services, lock ups, guarding, and other complimentary services.
2.3 The Parties shall not process the Shared Personal Data for any purpose or in any way that is incompatible with the Stated Purposes set out in paragraph 18.
2.4 The Shared Personal Data shall be disclosed by the Disclosing Party to the Receiving Party only to the extent reasonably necessary for the Stated Purposes, as set out in paragraph 18.

3.Data Protection Compliance

3.1 Each Party shall appoint a data protection officer and/or at least one other of its Representatives as a point of contact for all issues relating to the sharing of the Shared Personal Data and the Data Protection Legislation (including, but not limited to, compliance, training, and the handling of personal data breaches). The contact details for the Parties’ appointed points of contact are as follows:

3.1.1 Pete Holland, Group Technical Director, [email protected]; and

3.1.2

3.2 Both Parties shall at all times during the Term of this Schedule comply with their obligations as data controllers, the rights of data subjects, and all other applicable requirements under the Data Protection Legislation. This Schedule is in addition to, and does not relieve, remove, or replace either Party’s obligations under the Data Protection Legislation. Any material breach of the Data Protection Legislation by either Party shall, if not remedied within 7 days of written notice from the other Party, give the other Party grounds to terminate this Agreement with immediate effect.

Both Parties shall at all times during the Term of this Schedule comply with their obligations as data controllers, the rights of data subjects, and all other applicable requirements under the Data Protection Legislation. This Schedule is in addition to, and does not relieve, remove, or replace either Party’s obligations under the Data Protection Legislation. Any material breach of the Data Protection Legislation by either Party shall, if not remedied within 7 days of written notice from the other Party, give the other Party grounds to terminate this Agreement with immediate effect.

4. The Shared Personal Data

4.1 The Shared Personal Data, including any applicable restrictions relating to it agreed by the Parties is described fully in paragraph 18. 4.2 No special category personal data is to be shared between the Parties. The Disclosing Party shall ensure that the Shared Personal Data is accurate and up-to-date prior to its disclosure to the Receiving Party.

4.3 The Parties shall use compatible technology for the processing of the Shared Personal Data in order to preserve accuracy.

5. Shared Personal Data – Fair and Lawful Processing

5.1 Both Parties shall at all times during the Term of this Agreement process the Shared Personal Data fairly and lawfully.
5.2 Both Parties shall ensure that they have legitimate grounds for processing the Shared Personal Data under the Data Protection Legislation.
5.3 The Disclosing Party shall ensure that it has in place all required notices and consents in order to enable the sharing of the Shared Personal Data under this Schedule. In particular, the Disclosing Party shall ensure that data subjects are provided with clear and sufficient information about the following:
5.3.1 the purposes for which their personal data is to be processed;
5.3.2 the legal basis upon which it is relying for such purposes;
5.3.3 the fact that their personal data is to be transferred to a third party and sufficient detail about the transfer to enable the data subject to understand the purpose of the transfer and any risks associated therewith; and
5.3.4 in the event that their personal data is to be transferred outside of the European Economic Area under sub-Paragraph 8.3, the fact that such a transfer is to take place and sufficient detail about the transfer to enable the data subject to understand the purpose of the transfer and any risks associated therewith; and
5.3.5 all other information required under Article 13 of the GDPR.
5.4 The Receiving Party shall ensure that it has in place all required notices and consents in order to enable the sharing of the Shared Personal Data under this Schedule. In particular, the Receiving Party shall ensure that data subjects are provided with clear and sufficient information about the following:
5.4.1 the purposes for which their personal data is to be processed;
5.4.2 the legal basis upon which it is relying for such purposes; and
5.4.3 in the event that their personal data is to be transferred to a third party under Paragraph 8, the fact that such a transfer is to take place and sufficient detail about the transfer to enable the data subject to understand the purpose of the transfer and any risks associated therewith; and
5.4.4 in the event that their personal data is to be transferred outside of the European Economic Area under sub-Paragraph 8.3, the fact that such a transfer is to take place and sufficient detail about the transfer to enable the data subject to understand the purpose of the transfer and any risks associated therewith; and
5.4.5 all other information required under Article 14 of the GDPR.

6. The Rights of Data Subjects
6.1
The Parties shall assist one another in complying with their respective obligations and the rights of data subjects under the Data Protection Legislation. Such assistance shall include, but not be limited to:
6.1.1 consulting with the other Party with respect to information and notices provided to data subjects relating to the Shared Personal Data;
6.1.2 informing the other Party about the receipt of data subject access requests and providing reasonable assistance in complying with the same;
6.1.3 not disclosing or otherwise releasing any Shared Personal Data in response to a data subject access request without prior consultation with the other Party, whenever reasonably possible;
6.1.4 assisting the other Party at its own cost in responding to any other data subject request.
6.2 Each Party shall maintain records of all data subject requests received, the decisions made in response, and any information provided to the data subject(s) concerned. Such records shall include copies of the request, details of any data accessed and shared, and, if applicable, details of any further correspondence, telephone conversations, or meetings relating to the request.

7. Data Retention and Deletion and/or Disposal


7.1 Subject to sub-Paragraph 7.2, the Receiving Party shall hold and process the Shared Personal Data only for so long as is necessary for the fulfilment of the Stated Purposes.
7.2 In the event that any statutory or similar retention periods apply to any of the Shared Personal Data, the relevant personal data shall be retained by the Receiving Party in accordance therewith.
7.3 The Receiving Party shall delete (or otherwise dispose of) the Shared Personal Data (or the relevant part thereof) and any and all copies thereof or, on the written request of the Disclosing Party, return it to the Disclosing Party, subject to any legal requirement to retain any applicable personal data, in the following circumstances:
7.3.1 upon the termination or expiry of this Agreement; or
7.3.2 once the Stated Purposes have been fulfilled and it is no longer necessary to retain the Shared Personal Data (or the relevant part thereof) in light of the Stated Purposes;
whichever is earlier.
7.4 All Shared Personal Data to be deleted or disposed of under this Schedule shall be deleted or disposed of using the following method(s): return of data to the disclosing party.
7.5 Following the deletion and/or disposal of the Shared Personal Data (as applicable), the Receiving Party shall notify the Disclosing Party of the same in writing, confirming that the Shared Personal Data has been deleted or disposed of using the method(s) set out above in sub-Paragraph 7.4.

8. Shared Personal Data Transfers


8.1 For the purposes of this Paragraph 8, the transfer of Shared Personal Data shall refer to any sharing of the Shared Personal Data by the Receiving Party with a third party. Such sharing shall include, but not be limited to, the appointment of a third-party data processor and sharing the Shared Personal Data with a third-party data controller.
8.2 The Receiving Party shall not transfer any of the Shared Personal Data outside of the European Economic Area.

9. Shared Personal Data Security
9.1 The Disclosing Party shall transfer the Shared Personal Data to the Receiving Party using the following secure method(s): remote desktop application provided by the disclosing party.
9.2 Both Parties shall ensure that they have in place appropriate technical and organisational measures (as set out in paragraph 10) to protect against the unauthorised or unlawful processing of, and against the accidental loss or destruction of, or damage to, the Shared Personal Data, having regard to the state of technological development and the cost of implementing any such measures.
9.3 When putting appropriate technical and organisational measures in place, both Parties shall ensure a level of security appropriate to the nature of the Shared Personal Data which is to be protected, and to the potential harm resulting from the unauthorised or unlawful processing of, the accidental loss or destruction of, or damage to, the Shared Personal Data.
9.4 All technical and organisational measures put in place by both Parties shall be reviewed regularly by the respective Party, updating such measures upon the agreement of the other Party as appropriate throughout the Term of this Agreement.

10. Technical and Organisational Data Protection Measures
10.1 Each Party shall ensure that, in respect of all Shared Personal Data, it maintains security measures to a standard appropriate to:
10.1.1 the nature of the Shared Personal Data which is to be protected; and
10.1.2 the potential harm resulting from the unauthorised or unlawful processing of, the accidental loss or destruction of, or damage to, the Shared Personal Data.
10.2 Each Party shall have in place, and comply with, a security policy which:
10.2.1 defines security needs based on a risk assessment;
10.2.2 allocates responsibility for implementing the policy to a specific individual or personnel;
10.2.3 is provided to the other Party on or before the commencement of this Agreement;
10.2.4 is disseminated to all relevant Representatives (and other staff, if applicable); and
10.2.5 provides a mechanism for feedback and review.
10.3 Each Party shall:
10.3.1 ensure that appropriate security safeguards and virus protection are in place to protect the hardware and software which is used in processing the Shared Personal Data in accordance with best industry practice;
10.3.2 prevent unauthorised access to the Shared Personal Data;
10.3.3 protect the Shared Personal Data using pseudonymisation, where it is practical to do so;
10.3.4 ensure that its storage of Shared Personal Data conforms with best industry practice such that the media on which Shared Personal Data is recorded (including paper records and records stored electronically) are stored in secure locations and access by personnel to Shared Personal Data is strictly monitored and controlled;
10.3.5 have secure methods in place for the transfer of Shared Personal Data whether in physical form (for example, by using couriers rather than post) or electronic form;
10.3.6 password protect all computers and other devices on which Shared Personal Data is stored, ensuring that all passwords are secure, and that passwords are not shared under any circumstances;
10.3.7 take reasonable steps to ensure the reliability of personnel who have access to the Shared Personal Data;
10.3.8 have in place methods for detecting and dealing with breaches of security (including loss, damage, or destruction of Shared Personal Data) including:
10.3.8.1 the ability to identify which individuals have worked with specific Shared Personal Data;
10.3.8.2 having a proper procedure in place for investigating and remedying breaches of the Data Protection Legislation; and
10.3.8.3 notifying the other Party as soon as any such security breach occurs,
10.3.9 have a secure procedure for backing up all electronic Shared Personal Data and storing back-ups separately from originals;
10.3.10 have a secure method of disposal of unwanted Shared Personal Data including for back-ups, disks, print-outs, and redundant equipment; and
10.3.11 adopt such organisational, operational, and technological processes and procedures as are required to comply with the requirements of ISO/IEC 27001:2013, as appropriate to the Stated Purposes and the nature of the Shared Personal Data.

11. Training
11.1 Both Parties shall ensure that any and all of their Representatives by whom the Shared Personal Data is to be handled and processed are appropriately trained to do so in accordance with the Data Protection Legislation and with the technical and organisational measures set out in paragraph 10.
11.2 The Receiving Party shall further ensure that any of its Representatives to whom the Shared Personal Data is to be disclosed are subject to contractual obligations in relation to confidentiality and data protection that bind those Representatives and that are same as the obligations imposed upon the Receiving Party by this Schedule.

12. Personal Data Breaches
12.1 In the event of a personal data breach, each Party shall comply with its obligations to report such a breach to the supervisory authority and, if applicable, to the affected data subjects in accordance with Article 33 of the GDPR. Furthermore, each Party shall inform the other Party of any such breach without undue delay, irrespective of whether it is required to be reported to the supervisory authority or to data subjects.
12.2 Each Party shall provide reasonable assistance to the other Party at its own cost in the handling of personal data breaches.

13. Review and Termination
13.1 This schedule shall come into force on the date of this Agreement. The Parties shall review the sharing of the Shared Personal Data under this Schedule on a 12 monthly basis, in light of the reasons, aims, and benefits described in sub-Paragraph 2.2 and, based upon the outcome of such a review, the Parties shall continue, amend, or terminate this Agreement.
13.2 Reviews under this Paragraph 13 shall address the following:
13.2.1 evaluating the purposes for which the Shared Personal Data is being processed in order to determine whether those purposes are still limited to the Stated Purposes;
13.2.2 evaluating whether the Parties are complying with the Data Protection Legislation and with the provisions of this Schedule governing fair and lawful processing (Paragraph 5), the rights of data subjects (Paragraph 6), data retention (Paragraph 7), and data security (Paragraph 9); and
13.2.3 evaluating whether any personal data breaches affecting the Shared Personal Data have been handled in accordance with this Schedule and the Data Protection Legislation.
13.3 Each Party shall have the right to inspect the other Party’s arrangements for holding and processing the Shared Personal Data and to terminate this Agreement if it considers that the other Party is not processing that Shared Personal Data in accordance with the Data Protection Legislation or this Agreement.

14. Resolution of Disputes with Data Subjects or the Supervisory Authority
14.1 In the event of a dispute or claim brought by a data subject or the supervisory authority concerning the processing of Shared Personal Data against either or both Parties, the Parties will inform each other about any such disputes or claims, and will cooperate with a view to settling them amicably in a timely fashion.
14.2 The Parties agree to respond to any generally available non-binding mediation procedure initiated by a data subject or by the supervisory authority. If they do participate in the proceedings, the Parties may elect to do so remotely (such as by telephone or other electronic means). The Parties also agree to consider participating in any other arbitration, mediation, or other dispute resolution proceedings developed for data protection disputes.
14.3 Each Party shall abide by a decision of a competent court of the Disclosing Party’s country of establishment or of the supervisory authority.

15. Warranties
15.1 Each Party hereby warrants and undertakes that it shall:
15.1.1 hold and process the Shared Personal Data in compliance with the Data Protection Legislation and all other applicable laws, enactments, regulations, orders, standards, and similar applicable instruments;
15.1.2 respond without undue delay and as far as reasonably possible to any enquiries from the supervisory authority relating to the Shared Personal Data;
15.1.3 respond to data subject access requests in accordance with the Data Protection Legislation;
15.1.4 if applicable, pay the appropriate fees to the supervisory authority; and
15.1.5 take all appropriate steps to ensure compliance with the security measures set out in Paragraph 9 of this Schedule.
15.2 The Disclosing Party hereby warrants and undertakes that it is authorised to share the Shared Personal Data with the Receiving Party and that the Shared Personal Data will be accurate and up-to-date.
15.3 The Receiving Party hereby warrants and undertakes that it shall not transfer any of the Shared Personal Data outside of the European Economic Area.
15.4 Except as expressly stated in this Schedule, all other warranties, conditions, and terms, whether express or implied by statute, common law, or otherwise, are hereby excluded to the fullest extent permissible by law.

16. Indemnity
Subject to the provisions of sub-Paragraph 17.1, each Party shall indemnify the other against any cost, charge, damages, expense, or loss, suffered or incurred by the indemnified Party arising out of or in connection with the indemnifying Party’s (or its Representatives’) breach of the Data Protection Legislation or this Agreement, provided that the indemnified Party provides the indemnifying Party with prompt notice of any such claim, full information about the circumstances giving rise to the claim, reasonable assistance in dealing with the claim, and the sole authority to manage, defend, and/or settle the claim.

17. Limitation of Liability
17.1
Subject to sub-Paragraph 17.2, neither Party shall be liable, whether in contract, tort (including negligence and breach of statutory duty howsoever arising), misrepresentation (whether innocent or negligent), restitution, or otherwise, for any direct or indirect loss of profits, business, business opportunity, revenue, turnover, reputation, or goodwill; any direct or indirect loss of anticipated savings or wasted expenditure; or any direct or indirect loss or liability under or in relation to any other contract.
17.2 Neither Party shall exclude its liability to the other Party for fraud or fraudulent misrepresentation, death or personal injury resulting from negligence, a breach of any obligations implied by Section 12 of the Sale of Goods Act 1979 or Section 2 of the Supply of Goods and Services Act 1982, or any other matter for which it would be unlawful for either Party to exclude liability.
17.3 Nothing in sub-Paragraph 17.1 shall prevent claims for direct financial loss that are not excluded under any of the categories set out therein or for tangible property or physical damage.

18.Shared Personal Data and Stated Purposes

Category of Personal DataCategory of Data SubjectStated PurposesRestrictions (If Applicable)
Name, address, email, mobile phone number, telephone numberCustomers and their employeesCarry out the provision of keyholding, emergency response and mobile security services, lock ups, guarding, and other complimentary servicesData not to be provided to third parties, including sub-subcontracted providers without express written permission from an ARM Secure Board Director
    
    

19. No Partnership or Agency
19.1 Nothing in this Agreement shall establish any partnership or joint venture between the Parties, constitute either Party the agent of the other Party, or authorise either Party to make or enter into any commitments for or on behalf of the other Party.
19.2 Each Party hereby confirms that it is acting on its own behalf and not for the benefit of any other person.

20. Non-Assignment of Agreement
Neither Party may assign, transfer, sub-contract, or in any other manner make available to any third party the benefit and/or burden of this Agreement without the prior written consent of the other Party, such consent not to be unreasonably withheld.

21. Entire Agreement
This Agreement contains the entire agreement between the Parties with respect to its subject matter and may not be modified except by an instrument in writing signed by the duly authorised representatives of the Parties.

22. Variation
No variation of or addition to this Schedule shall be effective unless in writing signed by each of the Parties or by a duly authorised person on its behalf.

23. No Waiver
No failure or delay by either Party in exercising any of its rights under this Schedule shall be deemed to be a waiver of that right, and no waiver by either Party of a breach of any provision of this Schedule shall be deemed to be a waiver of any subsequent breach of the same or any other provision.

24. Severance
The Parties agree that, in the event that one or more of the provisions of this Schedule is found to be unlawful, invalid, or otherwise unenforceable, that or those provisions shall be deemed severed from the remainder of this Agreement. The remainder of this Agreement shall be valid and enforceable.

25. Communication
25.1 All notices under this Schedule shall be in writing and be deemed duly given if signed by the Party giving the notice or by a duly authorised officer thereof, as appropriate.
25.2 Notices shall be deemed to have been duly given:
25.2.1 when delivered, if delivered by courier or other messenger (including registered mail) during the normal business hours of the recipient; or
25.2.2 when sent, if transmitted by facsimile or email and a successful transmission report or return receipt is generated; or
25.2.3 on the fifth business day following mailing, if mailed by national ordinary mail, postage prepaid; or
25.2.4 on the tenth business day following mailing, if mailed by airmail, postage prepaid.
25.3 All notices under this Schedule shall be addressed to the most recent address, facsimile number, or email address notified to the other Party.