Terms of Business
ASTRIA PAYROLL LIMITED –
TERMS OF BUSINESS
1 Professional Obligations
Professional Indemnity Insurance
2 Client Monies
4 Retention of Records
5 Conflicts of Interest and Independence
7 Quality Control
Dealing with HM Revenue & Customs
8 Help us to Give you the Right Service
- your insolvency, bankruptcy or other arrangement being reached with creditors;
- failure to pay our fees by the due dates;
- either party being in breach of their obligations where this is not corrected within 30 days of being asked to do so.
9 Applicable Law
10 Changes in the Law
11 Internet Communication
12 Data Protection
12.2 We confirm that, in respect of your personal data, if you are an individual or a partnership, we are each considered an independent data controller. In relation to personal data that we are processing on your behalf, we agree that we will be the processor and you the controller. We will each comply with the relevant provisions of the Data Protection Act 2018 (the DPA), the Electronic Communications Data Protection Directive (2002/58/EC), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003) (as amended) and the UK GDPR and all applicable laws and regulations relating to the processing of the personal data and privacy, including where applicable the guidance and codes of practice issued by the Information Commissioner or any other national data protection authority, and the equivalent of any of the foregoing in any relevant jurisdiction – “Data Protection Legislation”.
12.4 We warrant that to the extent we process any personal data on your behalf we will:
- act only on instructions from you;
- have in place appropriate technical and organisational security measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. Such measures shall be appropriate to the harm that might result from the unauthorised or unlawful processing;
- ensure all personnel who have access to the personal data are obliged to keep it confidential;
- assist you to respond to a data subject’s request to enforce their rights of subject access, rectification, erasure and any other rights conferred by the Data Protection Legislation;
- assist you if requested with respect to security, breach notifications, impact assessments and any investigations by a supervisory authority or regulator;
- notify you without undue delay in the event of a data security breach and assist you with any investigations;
- at your direction delete or return to you all personal data and copies on termination unless required by law to retain the same;
- maintain complete and accurate records to demonstrate its compliance with this clause and allow for audits by you; and
- keep up to date a data processing register.
We shall not appoint new third-party sub-processors without giving you 7 days’ notice and ensuring that any such third-party sub-processor enters into an agreement with the same or substantially similar terms in relation to Data Protection Legislation.
13 Contracts (Rights of Third Parties) Act 1999
14 The Proceeds of Crime Act 2002 and the Money Laundering Regulations 2017
- deliberate tax evasion;
- deliberate failure to inform the tax authorities of known underpayments or excessive repayments;
- fraudulent claiming of benefits or grants; or
- obtaining a contract through bribery.