4. Data Protection

4.1  To enable Us to discharge the Services and for other related purposes including updating and enhancing customer records, analysis for management purposes and statutory returns, crime prevention and legal and regulatory compliance, We may obtain, use, process and disclose Personal Data about You/ Your organisation its officers, employees, shareholders and clients.

4.2  In the course of providing Services to You and processing Personal Data in connection with the performance by US of Our obligations under this Agreement, We may disclose Personal Data to other firms in Our professional network, a regulatory body or other Recipient, in accordance with clause 3.1 of these Terms.

4.3  You shall ensure that any disclosure of Personal Data to Us complies with all applicable Data Protection Legislation. If You supply Us with any Personal Data You shall ensure You have a lawful basis to pass it to Us and shall fully indemnify and hold Us harmless if You do not have such a basis and that causes Us loss, regulatory fine or censure or claims by Data Subjects.

4.4  If You are supplying Us with Personal Data on the basis of a power of attorney for anyone, You shall produce to Us an original or certified power of attorney on demand. You shall ensure You have provided the necessary information to the relevant Data Subjects regarding its use by Us.

4.5  If You or Your organisation is wholly or partly located in a Third Country the exchange of Personal Data between You and Us constitutes a Restricted Transfer. By executing our Engagement Letter You give Your consent to all such Restricted Transfers.

4.6  To the extent that Personal Data is processed by Us one or more of the following shall apply:

4.7 As Controller:

4.7.1  if We determine the purposes and means of the processing of Personal Data then We shall be Controller of such Personal Data in accordance with:

4.7.1.1  Privacy Policy which defines how We process the Personal Data of Our clients, and their rights as Data Subjects; and

4.7.1.2  Data Protection Policy which defines how We comply with relevant Data Protection Legislation.

4.8  As Joint Controller:

4.8.1  if We jointly determine the purposes and means of the processing of Personal Data with You then We shall both be Joint Controllers of such Personal Data subject to Data Sharing Agreement (DSA) which is incorporated by reference as if it had been set out in full in these Terms.

4.9  As Processor:

4.9.1  if We process Personal Data on Your behalf then We shall be Processor of such Personal Data subject to Data Processing Agreement (DPA) which is incorporated by reference as if it had been set out in full in these Terms.

4.9.2  If either party is required to perform a Restricted Transfer of Personal Data to a Third Country to satisfy contractual or legal obligations such transfer shall be subject to Standard Contractual Clauses which are incorporated by reference as if they had been set out in full in these Terms (unless the transfer is permitted on the basis of an adequacy decision).

4.10  If You need to contact Us about any data protection issue please contact Our Data Protection Officer at dpo@azets.co.uk.

4.11  Definitions and links to relevant documents are as follows: