DATA SHARING CONDITIONS

Last update: May 2018

AGREED TERMS

1. INTERPRETATION

The following definitions and rules of interpretation apply in these Conditions:

1.1 Definitions:

Agreed Purpose: has the meaning given to it in clause 2.1.

Annual Review: has the meaning given in clause 7.2.

Authorised Person: has the meaning given to it in clause 2.3.

Club: shall mean you, the individual squash club signing up to these Conditions

Authorised Person: has the meaning given to it in clause 2.3.

Club: shall mean you, the individual squash club signing up to these Conditions

Club Locker Platform: means the mobile and web based app platform called “Club Locker”, operated through a collaboration between US Squash and ES offering various services and tools to players, coaches, County Associations and clubs, including in respect of tournament and league management, rankings, membership and event registration.

Commencement Date: means the date on which these Conditions are signed up to by the Club.

Confidential Information: means any and all commercial, financial, marketing, technical or other information, know-how or trade secrets in any form or medium belonging to or disclosed by one of the Parties or obtained under or in connection with the Conditions, including Shared Personal Data. Information will not be considered Confidential Information if it is already in the public domain at the time of disclosure or enters the public domain other than by breach of any confidentiality obligation.

Data Subject Requests: means any request by a Data Subject to exercise their rights prescribed by the Data Protection Laws.

Data Protection Laws: means any applicable law which relates to the protection of individuals with regards to the Processing of Personal Data, including the General Data Protection Regulation (EU) 2016/679.

ES: means England Squash Limited a company incorporated and registered in England and Wales with company number 02411107 whose registered office is at National Squash Centre, Rowsley Street, Manchester, M11 3FF

Party: shall mean either ES or the Club as appropriate and together they shall be the “Parties”.

Privacy and Data Protection Requirements: the GDPR, the Electronic Communications Data Protection Directive (2002/58/EC), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003) (as amended), any successor legislation to the above and all applicable laws and regulations relating to the processing of Personal Data and data privacy, including where applicable, the guidance and codes of practice issued by the UK Information Commissioner, and the equivalent of any of the foregoing in any relevant jurisdiction.

Shared Personal Data: means the Personal Data to be shared between the Parties in connection with these Conditions.

1.2 Data Controller, Data Processor, Data Subject, Personal Data and processing shall have the meanings given to them in the Data Protection Laws.

1.3 A reference to a statue or statutory provision shall include all subordinate legislation made from time to time under that statute or statutory provision.

1.4 A reference to writing or written includes email.

2. PURPOSE

2.1 The Parties consider these Conditions necessary to facilitate the effective administration of squash and squash 57 by both ES at a national level and the Club at a local level, in each case for the benefit of England Squash members. Further, these Conditions are necessary to establish the parameters by which the Parties are to operate in order to effectively safeguard the Shared Personal Data (the “Agreed Purpose”). The Parties agree that the following purposes for processing Shared Personal Data fall within the scope of “Agreed Purpose”:

(a) The proper administration and operation of clubs, including the Club;

(b) The proper administration and operation of national, county and club squash and squash 57 tournaments;

(c) Dealing with all matters relating to England Squash members; and

(d) The central administration of England Squash, including the processing of Shared Personal Data through the Club Locker Platform.

2.2 The Parties agree to provide each other with Shared Personal Data where they reasonably consider it is necessary for achieving the Agreed Purpose. The Parties shall process Shared Personal Data in accordance with the terms of these Conditions and shall not process Shared Personal Data in a way that is incompatible with the Agreed Purpose.

2.3 Each Party shall appoint one or more authorised person(s) (“Authorised Person(s)”) who will act as the point of contact for that Party in relation to these Conditions. The Parties’ Authorised Persons shall work together in relation to any issues arising from these Conditions and to actively improve the effectiveness of these Conditions. Each Party shall notify the other Party of their Authorised Person within 5 working days of the Commencement Date (and promptly following any replacement of their Authorised Person).

3. DATA PROTECTION

3.1 The Parties acknowledge and agree that they are agreeing to these Conditions each in their capacity as a Data Controller.

3.2 In respect of the provision of Shared Personal Data by one Party to the other Party, the relevant Party providing the Shared Personal Data warrants and undertakes that it has complied and shall comply with the Data Protection Laws in respect of the provision of such Shared Personal Data, including ensuring that such Shared Personal Data is:

(a) processed lawfully (including ensuring that it has the ability to share the relevant Shared Personal Data with the other Party to enable the other Party to process such Shared Personal Data in the manner permitted under this Agreement);

(b) processed fairly and in a transparent manner (including, providing data subjects with all necessary information about the use and sharing of their personal data in connection with this Agreement, by way of privacy notice or otherwise, save to the extent that the provision of any such information is not required under the Data Protection Laws);

(c) collected for specified, explicit and legitimate purposes;

(d) adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;

(e) accurate and where relevant, kept up to date;

(f) kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the data is processed; and

(g) processed in a manner that ensures appropriate security of such data, taking into account the fact that the processing of certain of the Shared Personal Data may be high risk and contain highly sensitive types of data.

3.3 In respect of the receipt and further processing by a Party (the “recipient”) of the Shared Personal Data provided by the other Party, the recipient warrants and undertakes:

(a) at all times to process the relevant Shared Personal Data in accordance with the terms of this Agreement and the Data Protection Laws;

(b) (process the Shared Personal Data fairly and lawfully in accordance with the Data Protection Laws, including only processing such Shared Personal Data where it can satisfy at least one of the relevant “lawful processing conditions” for processing such data (as set out in the Data Protection Laws);

(c) only use the relevant Shared Personal Data to the extent, and in such a manner, as is necessary for its Agreed Purpose;

(d) not retain or process any Shared Personal Data for longer than is necessary to carry out the Agreed Purpose;

(e) ensure that it puts in place suitable safeguards (in consultation with the other Party) for the transfer of any Shared Personal Data outside of the EEA (if applicable);

(f) other than as set out in this Agreement, not disclose any Shared Personal Data to any third party without the other Party’s prior written consent (and subject to suitable safeguards as the other Party may specify) and ensure that any Shared Personal Data it discloses is not irrelevant or excessive with regard to the Permitted Purpose;

(g) notify the other Party immediately after it becomes aware of: (i) any unauthorised or unlawful processing, loss of, damage to or destruction of the Shared Personal Data; or (ii) a dispute or claim brought by a data subject concerning the processing of Shared Personal Data against either Party;

(h) respond, in consultation with the other Party, to any request by any data subject to exercise any right afforded to data subjects under the Data Protection Laws (“Data Subject Requests”) and any requests from the Information Commissioner’s Office or other relevant Data Protection Supervisory Authority (“DPSA”) (in each case in relation to the Shared Personal Data), in accordance with the timescales and other requirements set out in the Data Protection Laws. Further it agrees to provide reasonable assistance (at the other Party’s cost) as is necessary to the other Party to enable it to comply with Data Subject Requests and to respond to any other queries or complaints from data subjects or the DPSA;

(i) promptly comply with any request from the other Party to amend, transfer or delete (unless there is a justified legal reason for retaining the relevant data) the Shared Personal Data, in any event, within 14 days following such request;

(j) take appropriate technical and organisational measures to protect the confidentiality of the Shared Personal Data, to protect against the unauthorised or unlawful processing of Shared Personal Data and against the accidental loss or destruction of, or damage to, Shared Personal Data, in each case, taking into account the fact that the processing of certain of the Shared Personal Data may be high risk and contain highly sensitive types of data; and

(k) where appropriate, the Parties agree that they shall notify relevant data subjects of the essence of the data sharing provisions contained in this Agreement, in such manner as the Parties may agree to from time to time.

3.4 Further the Club warrants that, in respect of any Personal Data relating to a prospective member of England Squash which it provides to ES on behalf of such prospective member, that is has, prior to providing any such data: (i) provided, or made easily accessible, to the prospective member, a copy of the latest version of ES’ privacy policy and has taken reasonable steps to ensure that the prospective member has read and understood the terms of such policy; and (ii) obtained appropriate consent from that prospective member (or where the prospective member is a junior, from their parent or legal guardian) to enable the Club to lawfully share that Personal Data with ES under these Conditions. The form of consent shall be as prescribed by ES from time to time.

4. RECORDS AND RETENTION

4.1 Authorised Person(s) are responsible for maintaining a record of the relevant Party’s processing activities in respect of the Shared Personal Data including copies of any requests for Shared Personal Data, details of the Shared Personal Data accessed and shared and where relevant, notes of any meeting, correspondence or phone calls relating to a request.

4.2 Each Party shall ensure that it returns the other Party’s Shared Personal Data (or, if directed by the other Party, destroys such Shared Personal Data in accordance with any procedure agreed in writing between the Parties) in the following circumstances (whichever is earlier):

(a) on termination of the Conditions;

(b) following an Annual Review, where the Parties have agreed that it is necessary to cleanse the relevant Shared Personal Data;

(c) once processing of the Shared Personal Data is no longer necessary for the Agreed Purpose,

provided in each case that a Party may retain a copy of the Shared Personal Data to the extent that it is necessary to retain such Shared Personal Data pursuant to an applicable law.

5. SECURITY

5.1 Each Party shall only provide the Shared Personal Data to the other Party via secure methods as agreed between the Parties from time to time.

5.2 The Parties shall take appropriate technical and organisational measures against the unauthorised or unlawful processing of Shared Personal Data and against the accidental loss or destruction of, or damage to, Shared Personal Data.

5.3 It is the responsibility of each Party to ensure that its staff members are appropriately trained to handle and process the Shared Personal Data in accordance with appropriate technical and organisational security measures.

5.4 The level, content and regularity of training referred to in clause 5.3 shall be proportionate to the staff members' role, responsibility and frequency with respect to their handling and processing of the Shared Personal Data.

5.5 The Parties each agree that they have in place their own guidance that must be followed in the event of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Shared Personal Data.

5.6 The Parties agree to provide reasonable assistance as is necessary to each other to facilitate the handling of any data breach in an expeditious and compliant manner.

6. CONFIDENTIAL INFORMATION

6.1 Each Party acknowledges that the Shared Personal Data may contain Confidential Information relating to the other Party and each Party agrees in respect of the other Party’s Confidential Information:

(a) that they shall not disclose the other Party’s Confidential Information to any third party save for its legal and other professional advisors without the prior written consent of the other Party;

(b) to keep the other Party’s Confidential Information confidential at all times;

(c) to keep the other Party’s Confidential Information and any documents and any other matter or thing containing the other Party’s Confidential Information at all times in a secure place and establish and maintain adequate security measures including any reasonable security measures proposed by the other Party from time to time to safeguard the other Party’s Confidential Information from unauthorised access or use;

(d) not to use the other Party’s Confidential Information for any purpose not contemplated by these Conditions;

(e) not without the prior written consent of the other Party make or have made any copies or articles duplicating or embodying all or any part of the other Party’s Confidential Information in any form;

(f) immediately notify the other Party of any suspected or actual unauthorised use, copying or disclosure of the other Party’s Confidential Information; and

(g) to the extent reasonably practicable, return to the other Party on demand and, in any event, on termination of these Conditions, all documents and other articles containing the other Party’s Confidential Information and all copies thereof and to destroy any other articles, documents or material derived from such documents or articles (provided that a Party may retain documents and materials containing, reflecting, incorporating or based on the other Party's Confidential Information to the extent required by law or any applicable governmental or regulatory authority). The provisions of this clause shall continue to apply to any such documents and materials retained by a recipient Party).

6.2 The obligations in clause 6.1 shall survive expiry or the termination of these Conditions.

7. TERM AND REVIEW

7.1 These Conditions shall come into force on the Commencement Date and shall continue in force until terminated in accordance with this clause 7.

7.2 The Parties shall review the effectiveness of these Conditions every 12 months having consideration to the Agreed Purpose (the “Annual Review”).

7.3 The Annual Review will involve:

(a) assessing whether the Agreed Purpose is still applicable;

(b) assessing whether any Shared Personal Data is inaccurate or redundant and the extent to which and Shared Personal Data should be “cleansed”;

(c) assessing whether the legal framework governing data quality, retention, and data subjects' rights are being complied with; and

(d) assessing whether Personal Data breaches (if any) involving the Shared Personal Data have been handled in accordance with these Conditions and the applicable legal framework.

7.4 Without affecting any other right or remedy available to it, either Party may terminate these Conditions with immediate effect by giving written notice to the other Party:

(a) if the other Party commits a material breach of any term of these Conditions which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of seven days after being notified in writing to do so; or

(b) during the 14-day period following each Annual Review.

8. LIMITATION OF LIABILITY

8.1 Neither Party excludes or limits liability to the other Party for:

(a) fraud or fraudulent misrepresentation;

(b) death or personal injury caused by negligence; or

(c) any matter for which it would be unlawful for a Party to limit or exclude.

8.2 Subject to clause 8.1, neither Party shall in any circumstances be liable whether in contract, tort (including for negligence and breach of statutory duty howsoever arising), misrepresentation (whether innocent or negligent), restitution or otherwise, for:

(a) any loss (whether direct or indirect) of profits, business, business opportunities, revenue, savings, turnover, reputation or goodwill; or

(b) any indirect or consequential loss.

8.3 Each Party undertakes to indemnify (the “indemnifying party”) the other (the “indemnified party”) and hold the indemnified party harmless from any costs, charges, damages, claims, expenses or losses which they cause the indemnified party as a result of the indemnifying party’s breach of any of the provisions of these Conditions.

9. NOTICES

9.1 Any notice or other communication given to a Party under or in connection with these Conditions shall be in writing, addressed to the Authorised Person(s) and shall be:

(a) delivered by hand or by pre-paid first-class post or other next working day delivery service at its registered office; or

(b) sent by email (save that any notice alleging a dispute or purporting to terminate or vary these Conditions will only be valid if accompanied by the same notice given by a delivery method set out in (a) above).

9.2 Any notice or communication shall be deemed to have been received:

(a) if delivered by hand, on signature of a delivery receipt;

(b) if sent by pre-paid first-class post or other next working day delivery service, at 9.00 am on the second working day after posting.

(c) if sent by email, at 9.00 am on the next working day after transmission.

10. GENERAL

10.1 Each Party shall perform its obligations under these Conditions at its own cost.

10.2 No one other than a Party to these Conditions shall have any right to enforce any of its terms.

10.3 No variation of these Conditions shall be effective unless it is in writing and signed by the Parties (or their authorised representatives).

10.4 No failure or delay by a Party to exercise any right or remedy provided under these Conditions or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.

10.5 If any provision or part-provision of these Conditions is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of these Conditions.

10.6 If the Privacy and Data Protection Requirements change in a way that these Conditions are no longer adequate for the purpose of governing lawful data sharing exercises, the Parties agree to negotiate in good faith to review these Conditions in light of the new requirements.

10.7 These Conditions constitutes the entire agreement between the Parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter.

10.8 Each Party acknowledges that in entering into these Conditions it does not rely on, and shall have no remedies in respect of any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in these Conditions.

11. GOVERNING LAW AND JURISDICTION

11.1 These Conditions and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the law of England and Wales.

11.2 Each Party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with these Conditions or its subject matter or formation.