FASTWAY DATA PROCESSING TERMS
DATA SHARING AGREEMENT
Between Independent Data Controllers
Last updated 2023-02-24
(A) These Terms and their Appendices (the “Terms”) reflect the parties’ agreement with respect to the Processing of Personal Data by each party in connection with the Services (as defined below)
(B) To give effect to the terms of the Services Agreement (the “Agreement”), it is necessary for certain Personal Data to be shared between the Parties; Either Party may be a provider of Personal Data to the other, or a recipient of Personal Data from the other;
(C) This Data Sharing Agreement establishes the terms and conditions under which the Parties can acquire and use data from the other Party, and the framework for the sharing of Personal Data between the Parties. It defines the principles and procedures that the Parties shall adhere to and the responsibilities the Parties owe to each other as well as the data subjects.
(D) We may update these Terms from time to time and we will notify you in writing if we do this.
1. DEFINITIONS AND INTERPRETATION
The following definitions apply in this Agreement. Capitalized terms that are used but not otherwise defined herein shall have the meanings as set forth in the Agreement.
Services Agreement: the Agreement for Services together with its Schedules, Annexures and Appendices.
Agreed Purposes: the purposes set out in Clause 6.
Applicable Law: any laws or regulations, regulatory policies, guidelines industry standards, or codes of practice which apply to this Agreement or its subject matter and are in force from time to time.
Associated Company: means in relation to a Party, any ‘subsidiary’ or ‘holding company’ from time to time of that party and any subsidiary from time to time of a holding company of that Party (as such terms are defined in the Companies Act, Ireland) and any company ‘connected’ with that party from time to time.
Customer Data: means the personal data of Customers, within the meaning of Data Protection Legislation, processed for the purpose of providing the Services, and as described in this Data Sharing Agreement.
Data Protection Legislation: the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and the applicable law which implements the GDPR in the United Kingdom and the Republic of Ireland, including, but not limited to the UK GDPR (as defined in the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019/419); the Privacy and Electronic Communications (EC Directive) Regulations 2003, Data Protection Acts 1988, 2003 and 2018 (Ireland) the EU Regulation on Privacy and Electronic Communications and all other Applicable Law relating to the processing of personal data, privacy, the protection of personal data in electronic communications, and direct marketing, including any applicable law or regulation which supersedes, replaces or implements in the United Kingdom or the Republic of Ireland, any of the foregoing, and the guidelines, recommendations, best practice, opinions, directions, decisions and codes of conduct issued, adopted or approved by the European Data Protection Board, the UK’s Information Commissioner’s Office, Ireland’s Data Protection Commission and/or any other supervisory authority or data protection authority of competent jurisdiction from time to time, in each case relating to the processing of personal data and/or privacy.
CCPA: means the California Consumer Privacy Act of 2018, as amended.
Data Discloser: a Party that discloses Shared Personal Data to the other Party.
Independent Data Controller: also referred to as “Controller-in-Common” means each of the Parties in their roles as Data Controller, independent of the other, and specifically excluding being a joint controller, as defined in Data Protection Legislation.
Permitted Recipients: the Parties to this agreement, the employees of each Party, and any third parties engaged to perform obligations in connection with this Agreement
Shared Personal Data: the Personal Data to be shared between the Parties under Annex 1 of this data sharing agreement.
Regulator: regulator having regulatory or supervisory authority over Data Protection in respect of the Parties.
Technical and Organisational Security Measures: means those measures aimed at protecting Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing;
1.1. The terms “Personal Data”, “Controller”, “Processor”, “Process”, “Data Subject”, “Data Protection Impact Assessment”, “Third Country”, “International Organisation” and “Personal Data Breach” shall each have the applicable meaning set out in the Data Protection Legislation.
1.2. Clause, schedule, and paragraph headings shall not affect the interpretation of this Data Sharing Agreement.
1.3. A person includes a natural person, corporate or unincorporated body (whether or not having separate legal personality) and that person's successors and permitted assigns.
1.4. The schedules form part of this Data Sharing Agreement and shall have effect as if set out in full in the body of this Data Sharing Agreement. Any reference to this Data Sharing Agreement includes the Schedules.
1.5. Words in the singular shall include the plural and vice versa, where the context permits.
1.6. A reference to a statute or statutory provision is a reference to it as it is in force for the time being, taking account of any amendment, extension, or re-enactment and includes any subordinate legislation for the time being in force made under it.
1.7. Where the words “include(s)”, “including” or “in particular” are used in this Data Sharing Agreement, they are deemed to have the words without limitation following them. Where the context permits, the words “other” and “otherwise” are illustrative and shall not limit the sense of the words preceding them.
1.8. Any obligation in this Data Sharing Agreement on a person not to do something includes an obligation not to agree, allow, permit or acquiesce in that thing being done.
1.9. References to sections, clauses, schedules, appendices or annexures are to the Sections, Clauses, Schedules, Appendices or Annexures of this Data Sharing Agreement.
2.1 Each of the Parties to this Data Sharing Agreement is an independent entity and nothing contained in this Data Sharing Agreement shall be construed to imply that there is any relationship between the Parties of partnership or of principal/agent or of employer/employee nor are the Parties hereby engaging in a joint venture and accordingly, neither of the Parties shall have any right or authority to act on behalf of the other nor to bind the other by contract or otherwise, unless expressly permitted by the terms of this Agreement;
2.2 Each Party to this Data Sharing Agreement is an independent Controller of the Personal Data it discloses or makes available to the other Party and will process that Personal Data as a separate and independent Data Controller (Controller-in-common) for the Agreed purposes under Applicable Data Protection Law and will individually determine the purposes and means of its processing of Personal Data. It is specifically noted that the other than may be specified elsewhere in the Agreement, the Parties are not Joint Controllers, nor is either Party a Data Processor of the other;
2.3 In respect of any Personal Information which may be contained within any Parcel or Freight, Client remains the Data Controller and Fastway is neither Data Controller nor Data Processor as Fastway has no knowledge or control over the content of such personal data and is a mere conduit between the Consignor and the Consignee;
3. DATA LAW COMPLIANCE
3.1 Each Party shall be individually and separately responsible for complying with the obligations that apply to it as a Data Controller under any applicable Data Protection Laws in relation to the Personal Data Processed;
3.2 A Party shall immediately notify the other in writing if such Party, acting reasonably, believes (a) it has been provided with any Personal Data in breach of Data Protection Legislation; or (b) it cannot comply, or has reason to suspect it will not be able to comply, with any of the conditions in this Agreement or any additional safeguards put in place or (c) laws applicable to the territory in which Personal Data is processed will undermine the protections provided to Personal Data by virtue of Data Protection Legislation in the UK and EEA;
4. DATA SHARING
4.1 Each Party acknowledges that one Party (referred to in this clause as the Data Discloser) will regularly disclose to the other Party, Shared Personal Data collected by the Data Discloser for the Agreed Purposes.
4.2 Each Party shall:
4.2.1 Ensure that it has all necessary notices and consents in place to enable lawful transfer of the Shared Personal Data to the Permitted Recipients for the Agreed Purposes;
4.2.2 give full information to any Data Subject whose Personal Data may be processed under this Agreement of the nature such processing. This includes giving notice that, on the termination of this Agreement, Personal Data relating to them may be retained by or, as the case may be, transferred to one or more of the Permitted Recipients, their successors and assignees;
4.2.3 not disclose or allow access to the Shared Personal Data to anyone other than the Permitted Recipients;
4.2.4 ensure that all Permitted Recipients are subject to written contractual obligations concerning the Shared Personal Data (including obligations of confidentiality) which are no less onerous than those imposed by this Agreement;
4.3 In the event of either Party receiving an objection or a complaint from a Data Subject in respect of such Data Sharing, it shall immediately notify the other Party of such complaint or objection and cease all further sharing until the matter has been resolved. In such instance, the Parties agree to provide to each other such cooperation and assistance as may be required in order to ensure that any objection or complaint from a Data Subject to the Personal Data sharing is appropriately managed and that the Data Subject’s rights are at all times upheld.
5. DATA ITEMS TO BE SHARED
5.1 No Special Category Personal Data shall be shared between the Parties. Shared Personal Data shall be confined to the information relevant to the Consignor for the purpose of giving effect to the Agreement and Consignee information required for the Services. This includes :
• Contact name
• Phone number
• Address and Eircode
• Parcel tracking
• Proof of delivery signatures
• Any correspondence relevant to the Services which may be required to be shared
5.2 In the event that either Party requires access to, or identifies a need to process any, other Personal Data in order to give effect to the Primary Agreement or for any other purpose whatsoever, or requires to share any other Personal Data with the other Party to give effect to the Primary Agreement or for any other purpose whatsoever, it shall notify the other Party in writing of this requirement;
5.3 Where the Parties agree to such further data sharing, this Data Sharing Agreement shall be amended as required, prior to the sharing of such additional Personal Data;
6. PURPOSE AND OBJECTIVES OF THE INFORMATION SHARING
Data shared pursuant to the terms of this Agreement will be done so in order to give effect to the terms set forth in the Agreement for Services. For clarity, this includes but is not limited to courier and related services, customs clearance, parcel management and tracking, claims and returns, complaints and compliments management, performance management and general service review, all related administration, to give effect to any legal or regulatory requirements, to defend Fastway’s rights should this be necessary or where the legitimate interests of Fastway may require processing.
7. DATA MINIMISATION
7.1 Personal Data will be shared on a strict need to know basis only, and will only comprise the Personal Data necessary to give effect to the Services Agreement;
7.2 The sharing of the Personal Data is both necessary and proportionate in order to give effect to the Services Agreement;
7.3 To ensure the Shared Personal Data is not irrelevant or excessive for the Agreed Purposes, Personal Data to be shared shall be limited to that which is necessary to give effect to the Services Agreement, and shall not be held for longer than is permitted by applicable Data Protection Legislation.
8. LAWFUL BASIS
8.1 The Parties shall share the Personal Data on the following Article 6(1) GDPR basis:
a) Consent: the data subjects have provided clear and explicit consent to process their personal data for a specific purpose
b) Contract: the processing is necessary for the performance of a contract
c) Legal obligation: the processing is necessary to comply with the law (not including contractual obligations)
d) Vital interests: the processing is necessary to protect someone’s life.
e) Legitimate interests: the processing is necessary for the legitimate interests of the Parties or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests
9. SPECIAL CATEGORIES OF PERSONAL DATA (ARTICLE 9 GDPR)
9.1 Processing of Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation is only permitted under certain circumstances;
9.2 Special Category Personal Data is not typically shared, and in the unlikely instance where this is required, will only be used and shared where one or more of the following Article 9(2) GDPR exceptions apply:
a) Explicit consent: the data subject has given explicit consent to the processing of personal data for one or more specified purposes;
b) Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the Controller or of the Data Subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the Data Subject;
c) Vital interests: processing is necessary to protect the vital interests of the Data Subject or of another natural person where the Data Subject is physically or legally incapable of giving consent;
b) processing relates to Personal Data which are manifestly made public by the Data Subject;
c) Legal claims or judicial acts: processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
d) Reasons of substantial public interest (with a basis in law): (which shall be proportionate to the purpose and, respect the essence of the right to data protection)
e) Health or social care (with a basis in law): processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services;
f) Public health (with a basis in law): processing is necessary for reasons of public interest in the area of public health, such as protecting against serious internal or cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices
g) Archiving, research and statistics (with a basis in law): processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes)
10. METHOD OF DATA SHARING
The Personal Data will be shared as agreed in the Services agreement; Where this may involve a risk to the rights and freedoms of the data subjects, appropriate data processing impact and data processing transfer assessments will be done prior to any data sharing
11. FREQUENCY OF DATA SHARING
The Personal Data will be shared as frequently as is required for the purposes of giving effect to the Services Agreement
12. SECURITY OF DATA SHARING
The security measures in respect of the Data Sharing, and the responsibility in respect of this is the responsibility of each of the parties, and each Party agrees that it shall have the necessary organisational and technological measures in place for this
13. ACCURACY OF THE DATA BEING SHARED
13.1 Each Party shall ensure that the personal data is accurate and, where necessary, kept up to date. The data importer shall take every reasonable step to ensure that personal data that is inaccurate, having regard to the purpose(s) of processing, is erased or rectified without delay;
13.2 If one of the Parties becomes aware that the personal data it has transferred or received is inaccurate, or has become outdated, it shall inform the other Party without undue delay;
13.3 The Parties shall use compatible technology for the processing of Shared Personal Data to ensure that there is no lack of accuracy resulting from Personal Data transfers;
13.4 The Parties shall ensure that any inaccurate data that has been shared or data that has been identified as inaccurate after sharing shall be rectified and the other Party notified of such rectification without delay
14. DATA TRANSFER OUTSIDE OF THE EUROPEAN UNION AND UNITED KINGDOM (ARTICLE 44 GDPR)
14.1 Each Party shall not transfer any Personal Data received from the Data Discloser outside the EEA or UK unless the transferor complies with Applicable Law, including ensuring that it:
14.1.1 complies with the provisions of Articles 26 of the GDPR (in the event the third party is a joint controller); and
14.1.2 ensures that (i) the transfer is to a country approved by the European Commission as providing adequate protection pursuant to Article 45 of the GDPR; or (ii) there are appropriate safeguards in place pursuant to Article 46 GDPR; or (iii) Binding corporate rules are in place or (iv) one of the derogations for specific situations in Article 49 GDPR applies to the transfer;
14.2 In respect of any transfer of Personal Data outside the UK and/or EEA (as applicable) or to a third country or an international organisation, the Parties shall prior to such transfer:
14.2.1 implement appropriate safeguards to protect such Personal Data, which may include executing the European Union’s standard contractual clauses for exporting Personal Data to a Processor or Controller located outside the UK and/or EEA in the required form and format (including any UK amended versions of such standard contractual clauses);
14.2.2 undertake, complete and review of any transfer impact assessment(s) in respect of the relevant transfer; and
14.2.3 implement enforceable data subject rights and effective legal remedies for Data Subjects as required by Data Protection Legislation including supplementary measures taking into account the circumstances of the transfer including the law of the third country and guidance from the European Data Protection Board, the UK’s Information Commissioner’s Office and/or any other supervisory authority or Data Protection Authority of competent jurisdiction from time to time in order to ensure the third country guarantees an adequate level of protection for the transfer;
14.3 Where either of the Parties to this Agreement are not based in the European Union, the United Kingdom or a country which is deemed adequate by the European Union, the Model Clauses attached shall have application and shall form part of this Data Sharing Agreement
15. DURATION OF THE PROCESSING
The Parties shall Process the Personal Data for so long as Processing is required in terms of the Services Agreement, in terms of this Data Sharing Agreement or as otherwise permitted in terms of Data Protection Legislation.
16. DATA SECURITY
Each Party shall:
16.1 implement Appropriate Technical And Organisational Measures to ensure the security of Personal Data against unauthorised or unlawful processing and accidental loss, destruction, or damage, and a level of security appropriate to the data security risks presented by processing such personal data; and taking into account the data protection by design and data protection by default principles under the Data Protection Legislation, shall ensure that the Processing of such Personal Data will meet the requirements of the Data Protection Legislation and protect the rights of the Data Subjects; and
16.2 regularly review, test, assess, analyse and update the Technical and Organisational Measures implemented in order to demonstrate that the processing of the Personal Data is performed in accordance with the Data Protection Legislation.
Each Party shall make secure back-up copies of the Personal Data in line with best industry practice on a regular basis to ensure that, without prejudice to any of its obligations under the Services Agreement, in the event of any corruption or loss of Personal Data howsoever caused, it is in a position to restore or procure the restoration of the Personal Data to its state immediately prior to the said corruption or loss.
18. INDIVIDUAL RIGHTS AND PREFERENCES
27.1 Each Party shall ensure that it has the systems, processes and resources to ensure that the rights of Data Subjects are at all times maintained. This includes ensuring the following Data Subject rights:
a) The right to be informed:
b) The right of access:
c) The right to rectification:
d) The right to erasure:
e) The right to restrict processing:
f) The right to portability:
g) The right to object:
h) Rights in relation to automated decision-making (profiling).
19.1 Each Party may appoint such Data Processors and Sub-Processors as required for the Processing of the Personal Data, and shall remain solely responsible for the acts and omissions of such Processor or Sub-Processor, and for ensuring compliance with applicable Data Protection Legislation, including but not limited to Article 28 of the GDPR and Section 80 of the Data Protection Act;
20. BREACH MANAGEMENT
20.1 Each Party shall implement appropriate data breach identification and management processes in compliance with applicable Data Protection Legislation;
20.2 Each Party agrees to immediately notify the other Party without undue delay, and in any event within eight hours upon becoming aware of the same, if it becomes aware of any breach or potential breach of this Agreement or if it otherwise has reason to consider that there has been a Personal Data Breach which impacts upon the other Party in terms of this Agreement, and shall provide the other Party with all such details of the breach as are required by the other Party, and fully cooperate with the other Party and take all action it may deem necessary in respect of any breach or potential breach and all measures to be taken in response to it, including providing such assistance as the other Party may require to allow it to inform a regulatory authority (including the European Data Protection Board, the UK’s Information Commissioner’s Office (in the case of the United Kingdom) and/or any other supervisory authority or data protection authority or any other Regulator) or Data Subject of such Personal Data Breach where this is required by applicable Data Protection Legislation.
21. MUTUAL ASSISTANCE
21.1 Each Party shall assist the other in complying with all applicable requirements of applicable Data Protection Legislation. In particular, each Party shall:
21.1.1 consult with the other Party about any notices given to Data Subjects in relation to the Shared Personal Data;
21.1.2 promptly inform the other Party about the receipt of any Data Subject Access Request or objection from a Data Subject relating to the Personal Data which forms the subject of this Agreement (including requests for access to personal data; rectification or erasure of personal data; restrictions of processing personal data; and portability of personal data), and shall provide such reasonable assistance as the other Party may require, and shall have appropriate technical and organisational measures in place, to allow the other Party to respond to and facilitate any such request and objection;
21.1.3 provide reasonable assistance to the other Party with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which such Party may reasonably consider to be required by Article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in relation to Processing the Personal Data;
21.1.4 assist the other Party, at the cost of the other Party, in ensuring compliance with its obligations under applicable Data Protection Legislation with respect to security, personal data breach notifications and consultations with supervisory authorities or regulators;
21.1.5 notify the other Party without undue delay on becoming aware of any breach of Data Protection Legislation;
21.1.6 assist the other Party where possible in respect of any complaint, notice or communication which relates directly or indirectly to the Data sharing which forms the subject of this Agreement, or to either Party’s compliance with the Data Protection Legislation, including from the European Data Protection Board, the UK’s Information Commissioner’s Office (in the case of the United Kingdom) and/or any other supervisory authority or data protection authority or any other Regulator, and shall provide full cooperation to the other Party in connection with any such complaint, notice or communication
22. CHANGE OF LAW
22.1 If there are any changes to any Applicable Law (including the Data Protection Legislation) or updates in applicable guidance or codes of practice, after the date of this Agreement which (a) require any additional or alternative documentation or safeguards to be put in place regarding the transfer of Personal Data outside the UK and / or EEA (as applicable), then the parties shall promptly put such documentation or safeguards in place; or (b) require or make it desirable for any other changes to be made to this Agreement, then the Parties shall discuss such changes in good faith and document any agreed changes in writing;
22.2 It is agreed that each Party shall bear its own costs of any changes made in accordance with this clause, including the costs of complying with any additional or alternative obligations.
Each Party shall appoint a single point of contact (SPoC) who will work together to reach agreement with regards to any issues arising from the data sharing and to actively improve the effectiveness of the data sharing initiative.
24.1 Without prejudice to any other indemnity contained in the Primary agreement, each Party shall indemnify the other against all liabilities, costs, expenses, damages and losses (including but not limited to any interest, penalties and legal costs (calculated on a full indemnity basis) and all other reasonable professional costs and expenses) suffered or incurred by the indemnified Party arising out of or in connection with the breach of applicable Data Protection Legislation by the indemnifying Party, its employees or agents, provided that the indemnified Party gives to the indemnifier prompt notice of such claim, full information about the circumstances giving rise to it, reasonable assistance in dealing with the claim and sole authority to manage, defend and/or settle it.
24.2 Notwithstanding the liability set out in this Agreement, neither Party shall be liable for any indirect or consequential damages of the other Party, such as (but not limited to) indirect loss of revenue, indirect loss of profit, indirect loss of opportunity, indirect loss of goodwill;
24.3 The rights and remedies provided under this Agreement are in addition to, and not exclusive of, each other and/or any rights or remedies provided by law;
24.4 No limitation of liability shall apply in case of gross negligence or wilful intent.
25. DISPUTE PROCEDURES
Subject to the Parties’ respective rights to apply to the courts upon any cause of action at any time, the Parties shall seek to amicably resolve any disputes between them, arising out of or relating in any way to the issues covered by this Data Sharing Agreement.
26. ENDING THE AGREEMENT
26.1 This Data Sharing Agreement will automatically terminate simultaneously with the termination of the Services Agreement;
26.2 Notwithstanding Clause 26.1 above;
26.2.1 The information sharing can be terminated by either Party on written notice of 30 (thirty) days;
26.2.2 Any material breach of this Data Sharing Agreement, or Applicable Data Protection Legislation by one Party shall, if not remedied within 10 (ten) days of written notice from the other Party, give grounds to the other Party to terminate this Agreement with immediate effect;
26.3 The terms of this Data Sharing Agreement remain binding on any information shared and retained throughout its lifecycle, irrespective of whether the Party remains a current signatory to this Data Sharing Agreement;
26.4 Notwithstanding the termination or expiry of this Data Sharing Agreement, each Party shall procure the due and timely performance of all obligations assumed by it prior to such termination or expiry;
26.5 Termination of this Data Sharing Agreement for any cause shall not release either Party from any liability which at the time of termination has already accrued to the other Party or which thereafter may accrue in respect of any act or omission prior to such termination and shall not affect any antecedent and accrued rights, obligations or liabilities of either Party;
27.1 Any notice or other communication required to be given under this Data Sharing Agreement shall be in writing addressed to the relevant Party at the address set out in any Services Agreement for such Party and may be sent by prepaid registered post, email, or facsimile transmission. Any such notice or other communication will be deemed to have been duly served or given:
27.1.1 if posted by registered post at the expiration of forty-eight (48) hours after the envelope containing the same was delivered into the custody of the postal authorities (and not returned undelivered);
27.1.2 if personally delivered, at the time of delivery; or
27.1.3 if sent by email, on the first day following successful transmission.
27.2 If notice is not given or served during usual business hours on a day other than a Saturday or Sunday or a statutory or public holiday in Ireland it will be deemed to have been given or served on the next day which is not a Saturday or Sunday or a statutory or public holiday.
If any Term or provision herein is found to be illegal or unenforceable, then such Term or provision shall be deemed severed and all other terms and provisions shall remain in full force and effect.
No failure or delay by a Party to exercise any right or remedy provided under this Data Sharing Agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of any right or remedy shall prevent or restrict the further exercise of that or any other right or remedy and no waiver in respect of any breach will operate as a waiver in respect of any subsequent breach.
This Data Sharing Agreement shall ensure for the benefit of and be binding upon the respective Parties hereto and their respective heirs, administrators, successors and permitted assigns.
31. ENTIRE AGREEMENT
This Data Sharing Agreement constitutes the entire agreement and undertaking of the Parties, and replaces and supercedes any and all previous agreements, arrangements and understandings (whether written or oral) between the Parties with regard to the subject matter of this Data Sharing Agreement and shall apply to the exclusion of and prevail over any express terms contained in any standard documentation of either Party (including but not limited to any pre-printed standard terms and conditions) or the Services Agreement;
32. REVIEW OF THE AGREEMENT
This Data Sharing Agreement and initiative shall be regularly reviewed to ensure it meets regulatory requirement and best practice, however any variation or amendment to this Data Sharing Agreement will not be binding on the Parties unless set out in writing, expressed to amend this agreement and signed by an authorised representative of each Party
33. GOVERNING LAW AND CHOICE OF JURISDICTION
This Data Sharing Agreement shall in all aspects be governed by and construed in accordance with the laws of Ireland and the Parties hereby agree that the courts of Ireland have exclusive jurisdiction to hear and determine any disputes arising out of or in connection with this Data Sharing Agreement.
The Parties acknowledge that they have not entered into this Data Sharing Agreement in reliance upon any statement, representation, assurance or warranty which is not set out in this Data Sharing Agreement
[lo1]I suggest the inclusion of the definition of processing as well.