WEBSITE CUSTOMERS
No information of any kind regarding your privacy or person data is collected by this Eastern Endoscopy UK website.
All communication is carried out via email and your consent to providing any such information optional at the time of your enquiry.
No customer enquiry information is passed to any other retailer or supplier or any other entity.
If you have any query please contact KEVIN DURRANT via email.
Eastern Endoscopy UK does not carry out any other marketing processes by post or electronically.
Full Terms & Conditions of Sale are available on request.
Dear Supplier / Service Provider
As one of our valued suppliers, I am setting out our expectations of you under the General Data Protection Regulations (“GDPR”).
You will receive and have access to certain pieces of personal data and you must only process these in accordance with any order from us, the terms of this letter and any additional instructions received from us in writing. For the purposes of the GDPR and in relation to Eastern Endoscopy UK are the Data Controller and you will be a Data Processor and subject to certain obligations in relation to the personal data you process on our behalf.
Data protection provisions 1.
For the purposes of this letter: 1.1 Controller, Data Subject, Personal Data, Processor and processing shall have the respective meanings given to them in applicable Data Protection Laws from time to time (and related expressions shall be construed accordingly) and Personal Data Breach shall have the respective meanings given to them in the GDPR; 1.2 Data Protection Laws means any applicable law relating to the processing, privacy and use of Personal Data, as applicable to either party or the Services, including: 1.2.1 the Directive 95/46/EC (Data Protection Directive) and/or Data Protection Act 1998 or the GDPR; 1.2.2 any laws which implement any such laws; 1.2.3 any laws that replace, extend, re-enact, consolidate or amend any of the foregoing; and 1.2.4 all guidance, guidelines, codes of practice and codes of conduct issued by any relevant supervisory authority relating to such Data Protection Laws (in each case whether or not legally binding); 1.3 GDPR means the General Data Protection Regulation (EU) 2016/679; 1.4 Protected Data means Personal Data received from or on behalf of the Eastern Endoscopy UK, or otherwise obtained in connection with the performance of your obligations under this Agreement; 1.5 Sub-Processor means any agent, subcontractor or other third party engaged by you (or by any other Sub-Processor) for carrying out any processing activities in respect of the Protected Data; and 1.6 Supervisory authority means any regulator, authority or body responsible for administering Data Protection Laws. 2 Compliance with Data Protection Laws 2.1 We agree that you shall be a Data Processor for the purposes of processing Protected Data pursuant to this letter. You shall, at all times, comply with all Data Protection Laws in connection with the processing of Protected Data and the provision of the Services. Nothing in this Agreement relieves Eastern Endoscopy UK of any responsibilities or liabilities under Data Protection Laws.
2.2 You shall keep indemnify and keep indemnified Eastern Endoscopy UK against all amounts paid or payable by Eastern Endoscopy UK to a third party, including the Data Controller or Data Subject which would not have been paid or payable if your breach of the terms of this letter had not occurred.
Instructions 3
You, and any employees, shall only process the Protected Data in accordance with this Letter, the sample request form supplied with any sample or results and our written instructions from time to time except where otherwise required by applicable law (and in such a case shall inform Eastern Endoscopy UK of that legal requirement before processing, unless applicable law prevents it doing so on important grounds of public interest). You shall immediately inform Eastern Endoscopy UK if you reasonably believe that any instruction relating to the Protected Data infringes or may infringe any Data Protection Law.
Security 4
You shall at all times implement and maintain appropriate technical and organisational measures to protect Protected Data against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access and we reserve the right to audit or check such measures by giving reasonable notice to you.
Assistance 5
You shall: 5.1 promptly provide such information and assistance (including by taking all appropriate technical and organisational measures) as Eastern Endoscopy UK may require in relation to the fulfilment of our obligations to respond to requests for exercising the Data Subjects’ rights under Chapter III of the GDPR (and any similar obligations under applicable Data Protection Laws); and 5.2 provide such information, co-operation and other assistance to Eastern Endoscopy UK as we may reasonably require to ensure compliance with Eastern Endoscopy UK’s obligations under Data Protection Laws, including with respect to: 5.2.1 security of processing; 5.2.2 data protection impact assessments (as such term is defined in Data Protection Laws); 5.2.3 prior consultation with a supervisory authority regarding high risk processing; and 5.2.4 any remedial action and/or notifications to be taken in response to any Personal Data Breach and/or any complaint or request relating to either party’s obligations under Data Protection Laws relevant to this Agreement, including (subject in each case to the our prior written authorisation) regarding any notification of the Personal Data Breach to supervisory authorities and/or communication to any affected Data Subjects.
International transfers 6.
You shall not process and/or transfer, or otherwise directly or indirectly disclose, any Protected Data in or to countries outside the European Economic Area or to any international organisation without the prior written consent of Eastern Endoscopy UK.
Records and audit 7
You shall promptly make available to Eastern Endoscopy UK (at your cost) such information as is reasonably required to demonstrate Your and Eastern Endoscopy UK’s compliance with our respective obligations under this letter and the Data Protection Laws, and allow for, permit and contribute to audits, including inspections, by Eastern Endoscopy UK (or another auditor mandated by Eastern Endoscopy UK)
Breach 8
You shall promptly (and in any event within 24 hours): 8.1 notify Eastern Endoscopy UK if you suspects or becomes aware of any suspected, actual or threatened occurrence of any Personal Data Breach in respect of any Protected Data; and 8.2 provide all information as Eastern Endoscopy UK requires to report the of the breach to a supervisory authority and to notify affected Data Subjects under Data Protection Laws.
Deletion/return 9.
You shall without delay (and in any event within 3 days), at Eastern Endoscopy UK’s written request, either securely delete or securely return all the Protected Data to Eastern Endoscopy UK in such form as we reasonably requests after the earlier of: 9.1 the end of the provision of the relevant Services related to processing of such Protected Data; or 9.2 once processing by you of any Protected Data is no longer required for the purpose your performance of your relevant obligations under this letter and securely delete existing copies (except to the extent that storage of any such data is required by applicable law and, if so, you shall inform Eastern Endoscopy UK of any such requirement).
Please sign and return the enclosed copy of this letter by post or email to confirm your understanding of your obligations in accordance with the GDPR. Should you have any questions, please do not hesitate to contact us.
—————————————————————————-
I, [ ], [on behalf of [ ],
hereby confirm that I have and understood the terms of this notice.
_____________________ ______________
Signed Date
Please SCAN, complete the information section and send via email & PDF to Eastern Endoscopy