1. Definitions
ADD means the Access to Driver Data made available through the DVLA;
Check Frequency means the frequency in which the Data Subject Access Request is to be carried out as set out in the Order.
Commencement Date has the meaning given in Condition 2.6;
Conditions: these Conditions and conditions as amended from time to time in accordance with Condition 6.30;
Contract: the contract between the RAM and Customer as set out in Condition 2.1;
Conviction means, other than for minor road traffic offences, any previous or pending prosecutions, convictions, cautions and binding-over orders (including any spent convictions as contemplated by section 1(1) of the Rehabilitation of Offenders Act 1974 (as amended) by virtue of the exemptions specified in Part Il of Schedule 1 of the Rehabilitation of Offenders Act 1974 (Exemptions) Order 1975 (Sl 1975/1023) (as amended) or any replacement or amendment to that Order, or being placed on a list kept pursuant to the safeguarding of Vulnerable Groups Act 2006 (as amended);
Customer: means the customer named on the Order Form;
Data means the Driver data that is to be provided to the Customer pursuant to this Contract;
Data Protection Declaration means the driving licence information fair processing declaration form (D906/ADD or D906), to be used by the Customer as Evidence that the Driver is fully aware that information from their driver record is to be obtained by the Customer from DVLA through RAM;
Data Protection Legislation means the "GDPR", and any applicable national implementing Laws as amended from time to time; the Data Protection Act 2018 to the extent that it relates to Processing of personal data and privacy; all applicable Law about the Processing of Personal Data and privacy;
Data Subject has the meaning given to that term in Data Protection Legislation, means an identified or identifiable natural person through Personal Data
Data Subject Access Request means a request made by, or on behalf of, a Data Subject in accordance with rights granted pursuant to the Data Protection Legislation to access their Personal Data;
Default means any breach of the obligations of the relevant Party (including but not limited to fundamental breach or breach of a fundamental term) or any other default, act, omission, negligence or negligent statement of the relevant Party or the Staff in connection with or in relation to the subject matter of the Contract and in respect of which such Party is liable to the other;
Driver means the person against whom the Data Request is made, who must be a driver connected to the Customer in accordance with the terms of Condition 3;
DVLA means the Driver and Vehicle Licensing Agency;
Evidence means the Customer's proof that the Driver has confirmed his understanding as to the purposes and limitations of the enquiry and does not object to his personal data being processed for these purposes (to be made via a signed data protection declaration);
Industry Best Practice means at any time the exercise of that degree of skill, care, diligence, prudence, efficiency, foresight, standards, practices, methods, procedures and timeliness which would be expected at such time from a leading and expert company within the industry, such company seeking to comply with its contractual obligations in full and complying with all applicable Laws.
“Loss” means any instance where the Data has been lost, compromised, misplaced or destroyed, where unauthorised persons have gained or been allowed access to the Data, or where, due to the breakdown of, or failure to comply with protective scurity policies or measures including technical and procedural measures, there is a potential that unintended or unauthorised access to the Data may be possible;
Order: the Customer's written acceptance of RAM's quotation or where the Customer completes the online order process for the Services;
Permitted Purpose means the purpose for which the data is provided to the Customer, which must relate to the need to check driving entitlements, endorsements and disqualifications for a legitimate business purpose, as described in Condition 3.
Portal means the cloud based access portal provided by RAM for the Customer to request and to download the Driver Data;
RAM means Remote Asset Management Limited, registered in England and Wales (company number 5224605) of Intell House Madison Court, George Mann Road, Leeds S10 1DX or its successor or assigns;
Service Access Credits means the credits to be purchased and used by the Customer against a Driver Data search, each Service credit allowing one Data request.
Services means the ADD Driver Data information service provided by RAM to the Customer;
Special Categories of Personal Data has the meaning given to that term in Data Protection Legislation, means the Processing of Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the Processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
Staff means all persons employed by the Customer to perform its obligations under the Contract together with the Party's servants, agents, suppliers and sub-contractors used in the performance of its obligations under the Contract.
Term means as described in Condition 2.3.
2. Basis of contract
2.1 The Contract will commence when RAM has received and accepted the Customer’s completed application to receive the Services. Acceptance is subject to authorisation by, and may be delayed by the DVLA. Acceptance may be evidenced by way of written notification to the Customer or commencement of providing the Services (whichever is earlier).
2.2 The Customer authorises RAM to provide details of the Customer to the DVLA in order to obtain authorisation to the provide the Services and Data to the Customer.
2.3 Subject to any extension, or earlier termination in accordance with these Conditions, the Term of the Contract shall be as set out in the acceptance confirmation and where no such Term is set out, the Term shall be three years.
2.4 These Conditions together with the Order constitute the whole agreement between the parties. Where there is any inconsistency between these Conditions and the Order, other than volumes and payment terms, these Conditions shall take precedence.
2.5 The Order constitutes an offer by the Customer to purchase the Services in accordance with these Conditions. The purpose of this Contract is to set out the basis upon which RAM agrees to provide the Services.
2.6 Applications for the Services will only be considered for organisations that can demonstrate the Permitted Purpose for access to the Services.
2.7 For the Customer to access the Services it hereby warrants and separately represents and on the placing of each Driver Data Request, that:
(a) it is either (i) the employer of driver; (ii) it is an insurance company (at point off claim only); (iii) it is a car rental company; (iv) it is a fleet company; and
(b) the Driver is connected to it through such business; and
(c) it has a legitimate business interest in accessing the Driver Data.
(d) It will not sell the Data or permit it to be sold to any Third Party.
2.8 The Customer shall use the Data only to check a Driver’s entitlement to drive for a legitimate business need within the Permitted Purpose as stated in Condition 2.8. Driver
2.9 RAM shall be entitled to require evidence from the Customer that it complies with the terms of this Contract.
2.10 The Customer shall promptly notify RAM (and in any event within 48 hours) of any changes to their legitimate business need for access to the Service, and of changes to its business processes, which may impact how the Service and/or the Data is used.
2.11 The Customer shall notify RAM within 48 hours of a Driver no longer being employed or otherwise associated with the Customer which would affect the Customer’s entitlement to receive the Data for that Driver.
3. Service Access Credits
3.1 The Customer shall at the time of sign up to the Contract purchase the number of Service Access Credits to be utilised by the Customer during the Term and agree the Check Frequency for Driver Data Requests, which shall be set out in the Order. Additional Service Access Credits may be purchased at any time.
3.2 Outside of the Agreed Check Frequency, Service Access Credits can be used during the Term to purchase additional Driver Data Requests and may be used in any combination of multiple Drivers and multiple requests for a particular Driver.
3.3 Service Access Credits are not transferrable, but may, with the written agreement of RAM, be carried over into any extended or new Contract Term which carries on in continuation of the Term for which they were purchased.
3.4 The Customer will only make enquiries in respect of those Drivers for which RAM is in receipt of a properly completed and signed Data Protection Declaration which remains in force. A Data Protection declaration lasts no longer than three years but may be shortened by DVLA or authority may be withdrawn by the Driver.
3.5 RAM may request the Customer to provide contact details for the Driver in order to obtain directly from the Driver the Data Protection Declaration.
3.6 RAM reserves the right to contact the Driver to confirm that the Data Protection Declaration remains valid and there has not been any change in Driver’s circumstance that would lead to the Driver Data Request being invalid.
4. Driver Data Requests
4.1 The Customer shall place its Driver Data Request through the RAM Portal. Orders placed with RAM before the 25th of the month will be placed with DVLA in the first week of the following month. RAM shall following receipt of Driver Data, make the same available via the Portal.
4.2 In circumstances where DVLA refuses or fails to provide Data, for example, where a Data record is marked as unavailable, RAM will provide confirmation to the Customer through the Portal of such refusal or failure and the Service Access Credit for such Driver Data request shall be re-credited to the Customer’s account. DVLA will not provide reasoning for a refusal and so RAM is unable to confirm why the request has been refused. Recrediting the Service Access Credit shall be the only liability of RAM to the Customer for failing to provide Data.
4.3 The Customer acknowledges that access to the Portal will not be 24/7 and that the Portal and System may be unavailable for periods due to scheduled maintenance, reactive maintenance or as a result of internet access not being available.
4.4 The Driver Data shall consist of (i) licence status codes; (ii) ADD message codes; (iii) entitlement information codes; (iv) endorsement offences codes; (v) licence categories; (vi) licence date formats; (vii) CPC card startlexpiry date; and (viii)Tachograph card status code.
4.5 RAM is a conduit through which Data provided to RAM by DVLA is accessed by the Customer. Neither RAM nor DVLA warrants the accuracy of the Data provided. Neither RAM nor DVLA accepts any liability for any inaccurate information supplied to the Customer.
4.6 The Customer shall take precautions to ensure that the process employed for accessing the Portal does not expose RAM to the risk of viruses, Malicious Software or other forms of interference.
4.7 Driver Data shall be automatically removed from the Portal after 12 months and RAM shall not be liable to the Customer if it has failed to retrieve or to save the Driver Data at the time of removal.
5. Customer Data Access Requirements
5.1 Given the sensitive content of the Data, and the potential inclusion of Special Categories of Personal Data or Conviction Data relating to criminal offences, the Customer should limit those who have who have access to download the Data and to stored Data.
5.2 Where applicable, RAM shall provide the Customer with access codes to the Portal. Each access code shall be specific to a particular individual and must not be shared. It is the Customer’s responsibility to ensure the security and integrity of the access codes. RAM shall not be liable for any breach or destruction of data or other loss arising from unauthorised use of the Portal access codes provided to the Customer. RAM reserves the right to make further charges for additional or replacement access codes.
5.3 The Customer shall be responsible for ensuring it has adequate IT systems to access and store the Data with infrastructure elements configured in accordance with Industry Best Practice.
5.4 Customer staff must not use the Service in order to view their own DVLA driver record. There must be separation of duty between the Data Subject and the Data obtained via the Service.
5.5 Data is supplied on the explicit basis that it should not be used for identity checking of any kind. Data may only used to check entitlement to drive for a legitimate business need. The Driver must be made fully aware of who is accessing his/her information. DVLA must approve any changes to the driver Data Protection Declaration.
5.6 The Customer shall (and shall ensure that each member of the Customer's staff) comply with any notification requirements under the Data Protection Legislation and will duly observe all their obligations under Data Protection Legislation which arise in connection with the Contract.
5.7 The Customer shall use the Data only for the Permitted Purpose for which it was provided and in accordance with its obligations under Data Protection Legislation.
5.8 Before making each request for Data, the Customer shall gather Evidence to demonstrate the Permitted Purpose to request the Data and shall provide such evidence to RAM on request.
5.9 The Customer shall hold the Data on the minimum amount of databases required for the purposes of Processing the Data for the defined Permitted Purpose. This does not apply to the Data stored for backup or disaster recovery purposes.
5.10 The requirements of Condition 6.39 (Transfer of the Data outside the UK) apply to the Customer's backup or disaster recovery sites.
The Customer's Key Staff
5.11 The Customer shall complete the list of the individuals who have direct responsibilities for the use of the Data and for the Customer's other obligations under this Contract. The Customer will provide the individuals names, business addresses and other contact details, specifying the capacities in which they are concerned with the Data.
5.12 As a minimum, the list shall include details of the Customer's registered office, as recorded by Companies' House and:
(a) the manager who shall be responsible for the Customer's general contractual matters and shall receive Notices under Condition 13 (Notices) sent to the Customer's registered office, and who shall be referred to in this Contract as the Commercial Manager; and
(b) the manager who is responsible for the management of the Data once in the hands of the Customer, to be referred to in this Contract as the Data Manager.
5.13 The Customer shall inform RAM immediately of any changes in personnel notified to RAM or their business contact details.
6. Customer obligations required by DVLA
STATUTORY OBLIGATIONS
Prevention of Corruption
6.1 The Customer shall not offer or give, or agree to give, DVLA and RAM or person employed by or on behalf of DVLA or RAM any gift or consideration of any kind as an inducement or reward for doing, refraining from doing, or for having done or refrained from doing, any act in relation to the obtaining or execution of the Contract, or for showing or refraining from showing favour or disfavour to any person in relation to the Contract or any such contract.
6.2 If the Customer, its Staff or anyone acting on the Customer's behalf, engages in conduct prohibited by Condition 6.1 or the Bribery Act 2010 (as amended), RAM may:
(a) terminate and recover from the Customer the amount of any loss suffered by RAM or the DVLA resulting from the termination; or
(b) recover in full from the Customer any other loss sustained by RAM or the DVLA in consequence of any breach of that Condition.
Prevention of Fraud
6.3 The Customer shall take all reasonable steps, in accordance with Industry Best Practice, to prevent Fraud by the Customer's Staff and the Customer (including its shareholder, members, and directors) in connection with the receipt of the Services.
6.4 The Customer shall notify RAM immediately if it has reason to suspect that any Fraud has occurred or is occurring or is likely to occur.
6.5 If the Customer or its Staff commits Fraud in relation to this or any other contract with RAM, RAM may:
(a) terminate the Contract and recover from the Customer the amount of any loss suffered by RAM resulting from the termination; or
(b) recover in full from the Customer any other loss sustained by RAM or the DVLA in consequence of any breach of this Condition.
6.6 If the Customer gives RAM false or inaccurate information and RAM suspects or identifies fraud RAM will record this and may also pass this information to FPAs and other organisations involved in crime and fraud prevention. In the event that the Customer fails to pay any sums under this Contract, RAM may use third parties to help it to trace the Customer and/or to recover payment from you, including through legal proceedings and enforcement. RAM and other organisations may access and use from other countries the information recorded by fraud prevention agencies.
Discrimination
6.7 The Customer must not unlawfully discriminate either directly or indirectly or by way of victimisation or harassment against a person on such grounds as age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, colour, ethnic or national origin, sex or sexual orientation, and without prejudice to the generality of the foregoing the Customer must not unlawfully discriminate within the meaning and scope of the Equality Acts 2006 and 2010 (as amended), the Human Rights Act 1998 (as amended) or other relevant or equivalent legislation, or any statutory modification or re-enactment thereof.
6.8 The Customer shall take all reasonable steps to secure the observance of Condition 6.7 by all of its Staff.
The Contracts (Rights of Third Parties) Act 1999 (as amended)
6.9 A person who is not a Party to the Contract shall have no right to enforce any of its provisions which, expressly or by implication, confer a benefit on him, without the prior written approval of both Parties. This Condition does not affect any right or remedy of any person which exists or is available apart from the Contracts (Rights of Third Parties) Act 1999 (as amended) and does not apply to the Crown.
Health and Safety
6.10 The Customer shall promptly notify the DVLA and or RAM (as applicable) of any health and safety hazards which may arise in connection with the performance of its obligations under the Contract, including but not limited to, on inspection by RAM.
6.11 While on the Customer's Premises, DVLA and RAM (as applicable) shall comply with any health and safety measures implemented by the Customer in respect of its Staff and other persons working there.
6.12 DVLA or RAM (as applicable) shall notify the Customer immediately in the event of any incident occurring in the performance of its obligations under the Contract on the Premises where that incident causes any personal injury or damage to property which could give rise to personal injury.
6.13 The Customer must comply with the requirements of the Health and Safety at Work Act 1974 (as amended) and any other acts, orders, regulations and codes of practice relating to health and safety, which may apply to the Customer's Staff and other persons working on the Premises in the performance of its obligations under the Contract.
Publicity and Media
6.14 The Customer shall notify the DVLA and RAM immediately if any circumstances arise which could result in publicity or media attention to the Customer which could adversely reflect on RAM, the DVLA or the Services.
6.15 The Customer shall not create or approve any publicity implying or stating that the RAM or the DVLA has a connection with or endorses any service provided by the Customer without prior written approval of the applicable party.
DVLA REQUIRED CONTRACTUAL TERMS
6.16 The terms set out in this Condition 6 are in addition to the provision of Schedules 1 to 3 all of which are required by the DVLA.
Intermediaries
6.17 The Customer shall enter into a written contract with a Third Party Customer for whom it intends to act as Intermediary, before acting as an Intermediary for that Third Party Customer.
Accuracy of the Data
6.18 The Customer shall ensure before relying on any item of Data that the Data provided matches the information in the request and that the Data pertains to the licence holder for whom they possess a standard electronic Data Protection Declaration. Any records passed to the Customer from the DVLA or RAM that do not pertain to a Data Protection Declaration held by the Customer must be disregarded and deleted from any systems. The DVLA and RAM service manager must be contacted in this instance.
Reviews and Meetings
6.19 The Customer shall upon receipt of reasonable notice and during normal office hours attend all meetings arranged by either RAM for the discussion of matters connected with the performance of the Contract.
6.20 Without prejudice to any other requirement in this Contract, the Customer shall provide such reports on the performance of the Contract or any other information relating to the Customer's requests for and use of the Data as RAM may reasonably require.
6.21 RAM reserves the right to review the Contract at any time. Where required, RAM and the Customer shall meet in person or via video or telephone conference to review:
(a) the ongoing need for the ADD Service as defined and any consequential variation to the terms of the Contract;
(b) the Permitted Purpose for which the Data is provided;
(c) the performance of the ADD Service;
(d) the volume of Data which RAM is providing to the Customer;
(e) the security arrangements governing the Customer's safe receipt of the Data and the Customer's further use of the Data;
(f) the arrangements that the Customer has in place relating to the retention and secure destruction of the Data;
(g) any audits that have been carried out that have relevance to the way that the Customer is Processing the Data;
(h) any security incidents that have occurred with the Data;
(i) the continued registration of the Customer's company under the same registered number;
(j) the training and experience of the Customer's Staff in their duties and responsibilities under Data Protection Legislation.
Data Protection
6.22 The Parties shall comply with the requirements of Data Protection Legislation and subordinate legislation made under it, or any legislation which may supersede it, together with any relevant guidance and/or codes of practice issued by the Information Commissioner. All these requirements are referred to in this Contract as Data Protection Legislation.
6.23 For the purposes of this section, the terms "Conviction Data", "Data Controlled', "Data Processor", "Data Subject", "Information Commissioned', "Information Commissioners Office", "Personal Data", "Processing" and "Special Categories of Personal Data" shall have the meanings prescribed within Data Protection Legislation.
6.24 The Parties agree that the Data constitutes Personal Data which may include Conviction Data and Special Categories of Personal Data, as they relate to a living individual who can be identified directly or indirectly from the Data.
6.25 It is the duty of the Data Controller to comply with the Data protection principles. The Customer, separately from RAM, shall be the Data Controller of each item of Data received from RAM from the point of receipt of that Data by the Customer or its Sub-Contractor and shall be responsible for complying with Data Protection Legislation in relation to its further Processing of that Data.
6.26 The Customer shall (and shall ensure that each member of the Customer's Staff) comply with Data Protection Legislation and will duly observe all their obligations under Data Protection Legislation which arise in connection with the Contract.
6.27 RAM is satisfied that providing the Data to the Customer for the Permitted Purpose is compliant with Data Protection Legislation.
6.28 The Customer shall ensure that the individual rights of the Data Subject are taken into account in responding to any Data Subject Access Request
6.29 The Customer shall ensure that Third Party Customers and Data Subjects are aware of the legal basis for the release of Data. Data Subjects have rights to restrict the Processing of their Data in accordance with Data Protection Legislation. RAM will provide written notification to the Customer where a Data Subject wishes to invoke this right. In such cases, the Customer must act immediately to ensure enquiries on such records are not submitted following written notification from RAM.
6.30 The parties agree to take account of any guidance issued by the Information Commissioner’s Office. RAM may on not less than 30 working days' notice to the Customer amend this agreement to ensure that it complies with any guidance issued by the Information Commissioners Office.
Data Security
6.31 Both Parties shall ensure the safe transportation/transmission of the Data to the Customer in accordance with appropriate technical and organisational measures, the requirements of the Data Protection Legislation and Her Majesty's Government Security Policy Framework.
6.32 The Customer shall ensure the Data is processed in accordance with Data Protection Legislation guidance and codes of practice.
6.33 The Customer shall comply with all the security requirements of the DVLA, including as a minimum those set out in Schedule 1 (Minimum Data Security Requirements) and any other requirements that the DVLA shall make from time to time.
6.34 The Customer shall notify RAM immediately, within a maximum of 24 hours of becoming aware, of any Default of the security requirements of this Contract.
6.35 The Customer shall not transfer, sell or in any way make the Data available to third parties unconnected with the original purpose of the enquiry.
Malicious Software
6.36 The Customer shall, as an enduring obligation throughout the term of this Contract, use the latest versions of anti-virus software available from an industry accepted anti-virus software vendor to check for and remove Malicious Software from the ICT Environment.
6.37 Notwithstanding Condition 6.36, if Malicious Software is found, the Parties shall co-operate to reduce the effect of the Malicious Software and, particularly if Malicious Software causes loss of operational efficiency or loss or corruption of Data, assist each other to mitigate any losses and to restore the ADD Service to their desired operating efficiency.
6.38 Cost arising out of the actions of the Parties taken in compliance with the provisions of Condition 6.37 shall be borne by the Parties as follows:
(a) by the Customer or it's Sub-Contractor where the Malicious Software originates from the Customer's or it's Sub-Contractor's software, any third party software or the Customer's or it's SubContractor's Data;
(b) by RAM if the Malicious Software originates from RAM's software or the Data.
Transfer of the Data outside the UK
6.39 The Customer shall not transfer Personal Data outside of the EU unless the prior written approval of RAM has been obtained and the following conditions are fulfilled:
(a) RAM or the Customer has provided appropriate safeguards in relation to the transfer (whether in accordance with GDPR Article 46 or LED Article 37) as determined by
(b) the Data Subject has enforceable rights and effective legal remedies;
(c) the Customer complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred (or, if it is not so bound, uses its best endeavours to assist RAM in meeting its obligations); and
(d) the Customer complies with any reasonable instructions notified to it in advance by RAM with respect to the Processing of Personal Data.
Restrictions on Disclosure of the Data
6.40 The Customer shall respect the confidentiality of the Data and shall not disclose it to any person, except in the following circumstances:
(a) to a Sub-Contractor who acts as the Customer's Data Processor, with whom the Customer shall have entered into a written contract that requires the Data Processor to abide by requirements in Schedule 1 (Minimum Data Security Requirements), Schedule 2 (Minimum Requirements for Data Protection Declaration), and the terms for Sub-Contractors set out Schedule 3 (Required Terms for Contracts with Intermediaries and Third Party Subcontactors); or
(b) Where the Customer is acting as an Intermediary to a Third Party Customer and the Customer and the Third Party Customer have entered into an agreement, as per Condition B5 imposing on the Third Party Customer the ADD user obligations listed in paragraph 1 of Schedule 3 (Requirements in relation to Intermediaries and Third Party Customers) and shall reserve to the Intermediary the rights and powers listed in paragraph 3 at Schedule 4 (Requirements in Relation to Intermediaries and Third Party Customers); or
6.41 With the prior written approval of RAM (which may be given or refused at the absolute discretion of the DVLA):
(a) provided that the Customer shall have entered into a written contract which requires the Sub-Contractor to abide by the requirements in Schedule 1 (Minimum data security requirements), Schedule 2 (Minimum Requirements for Data Protection Declaration), and the terms for Sub-contractors set out in Schedule 3 (Required Terms for Contracts with Intermediaries and Third Party Subcontractors); and
(b) in accordance with any other conditions attached to the giving of that approval; or
(c) if required to do so by Law.
Retention of Data and Evidence
6.42 In accordance with Data Protection Legislation the Customer shall retain each item of Data only for as long as is necessary with reference to the Permitted Purpose for which it was shared.
6.43 The Customer shall arrange for the secure destruction or deletion of each item of Data, in accordance with Data Protection Legislation, as soon as it is no longer necessary to retain it.
6.44 The Customer shall retain for a minimum period of 2 years from the date of conclusion or longer period as may be agreed between RAM and the Customer (such agreement to be recorded in writing), full and accurate records of the performance of the ADD Service, including records of all payments made to RAM by the Customer in relation to the Contract.
6.45 The Customer shall retain for a period of 7 years (current year plus 6), from the date of signature the signed Data Protection Declaration. This includes photocopies, fax copies, scanned copies or Data Protection Declaration if used.
6.46 The Customer shall produce such records retained pursuant to Conditions 6.42 to 6.46 as DVLA may reasonably require. This will include, but not limited to, any mis-matched or incorrect enquiries that may have been made in pursuance of the Permitted Purpose. These will be cross referenced to the correct record, enquiry or issue that gave arise to the incorrect enquiry. This will enable RAM and/or the DVLA to establish the enquirer and reason for enquiry.
The Customer's Vetting and Disciplinary Policies
6.47 The Customer shall maintain policies for vetting, hiring, training and disciplining the Customer's Staff and shall comply with these in respect of each person who has access to the ADD Service. The minimum requirements for such vetting procedures are set out in Schedule 1 (Minimum Data Security Requirements).
The Customer's Internal Compliance Checks
6.48 The Customer shall ensure that its business processes, records of customer interactions and transactions, audit procedures on business activities and financial reporting are appropriate and effective to ensure proper use of the Data in compliance with this Contract and the requirements of Data Protection Legislation. The minimum requirements for such internal compliance are set out in Schedule 1 (Minimum Data Security Requirements).
6.49 The Customer shall carry out its own internal compliance checks at least annually and shall notify RAM of such checks by using the Data Governance Assessment Form provided by DVLA.
Audits and Reviews
6.50 The Customer shall share with RAM the outcome of any other checks, audits or reviews that have been carried out on its activities as a Data Controller that are relevant to the Processing of the Data.
6.51 The Customer shall notify RAM immediately, or within a maximum of 24 hours of becoming aware, of any audits that are being carried out by the Information Commissioner's Office under Data Protection Legislation that are relevant to the Processing of the Data.
Incidents
6.52 The Customer shall notify RAM immediately, within a maximum of 24 hours of becoming aware, of any losses, compromise or misuse of the Data or any Personal Data Breach and keep RAM informed of any communications about the incident with; the individuals whose Personal Data is affected; the Information Commissioner's Office; or the media.
Inspection by RAM or agent acting on its behalf
6.53 RAM, or an Agent acting on its behalf reserves the right to carry out an inspection at any time of the Customer's compliance with the terms of this Contract. Where possible, RAM shall give the Customer 7 Days' written notice of any such inspection.
6.54 In exceptional circumstances in relation to abuse of the ADD Service, access to Third Party Customers Premises may be required. Other than in exceptional circumstances, such as a suspected serious breach of Data security, examinations will be by prior contact and RAM will notify the Customer in advance of any third party premises they wish to examine.
6.55 The Customer agrees to co-operate fully with any such inspection and to allow RAM, or an agent acting on its behalf, access to its Premises, Equipment, Evidence and the Customer's Staff for the purposes of the inspection.
6.56 The Customer will respond as required to the findings and recommendations of any RAM inspection and will provide updates as required on the implementation of any required actions.
6.57 RAM may at any time check the electronic trail relating to any activity made by the Customer and contact the person responsible for such activity.
6.58 RAM may, by written notice to the Customer, forbid access to the Data, or withdraw permission for continued access to the Data, to:
(a) any member of the Customer's Staff; or
(b) any person employed or engaged by any member of the Customer's Staff; whose access to or use of the Data would, in the reasonable opinion of RAM, be undesirable.
6.59 The decision of RAM as to whether any person is to be forbidden from accessing the Data and as to whether the Customer has failed to comply with this Condition shall be final and conclusive.
6.60 RAM will be entitled to be reimbursed by the Customer for all RAM's reasonable costs incurred in the course of the inspection.
Action on complaint
6.61 Where a complaint is received about the Customer or the manner in which its services have been supplied or work has been performed or procedures used or about any other matter connected with the performance of the Customer's obligations under the Contract or the use of Data, the DVLA may notify the Customer, and where considered appropriate by the DVLA, investigate the complaint. The DVLA may, in its sole discretion, acting reasonably, uphold the complaint and take further action in accordance with Conditions 6.62 to 6.83 (inclusive) of the Contract.
DEFAULTS, DISRUPTION, SUSPENSION AND TERMINATION
Break
6.62 Without prejudice to any other rights or remedies that the Parties may have, either Party may terminate the Contract by giving the other Party at least 28 Days' notice in writing.
Termination for Material Breach
6.63 RAM may or may be required by the DVLA to terminate the Contract with immediate effect by written notice to the Customer on or at any time after the occurrence of an event specified in Condition 6.64.
6.64 The events are that:
(a) the Customer fails to pay any amount due under this Contract on the due date for payment and remains in default not less than 60 days after being notified in writing to make such payment;
(b) the Customer commits any three or more Defaults, whether simultaneously or singly at any time during the operation of the Contract, irrespective of whether any or all of such breaches is minimal or trivial in nature;
(c) the Customer commits a Material Breach of any other term of this agreement which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 26 weeks after being notified in writing to do so.
6.65 For the purposes of Condition 6.64, a Material Breach is remediable if time is not of the essence in performance of the obligation and if in the reasonable opinion of the DVLA the Material Breach is capable of remedy within the 26 week period.
Suspension of the ADD Service
6.66 If it comes to the attention of the DVLA that the Customer has committed any Default (including Material Breaches and all other Defaults), the DVLA may suspend the ADD Service without further notice and with immediate effect and investigate the nature and effect of the breach.
6.67 The DVLA may from time to time issue guidance on its principles on suspending the ADD Service and terminating contracts to supply Data using the ADD Service. The guidance may include guidance concerning: types of Defaults which the DVLA may consider to be Material Breaches; guidance as to specific
6.68 types of breach that the DVLA will consider to be remediable; how such breaches may be remedied; how long suspension may last; when following any period of suspension the Customer may resume making requests and in relation to which dates of events such requests may be made; and guidance as to which types of breach the DVLA may consider to be irremediable.
Effect of Suspension
6.69 If the DVLA suspends the ADD Service at any time, the Customer shall cooperate with any further investigation, audit or review that the DVLA requires to be carried out in relation to the Data provided to the Customer.
6.70 The DVLA may refuse to resume the ADD Service until the Customer provides assurances that the matter resulting in the suspension has been resolved to the satisfaction of the DVLA, and takes specified actions within a reasonable period set by the DVLA.
6.71 The DVLA may require that an inspection is carried out after the ADD Service is resumed, to check the Customer's compliance with the Contract and Data Protection Legislation.
6.72 During any suspension period, the DVLA shall not provide Data to the Customer through the Business to Business Gateway ADD system. The DVLA may also refuse requests for Data from the Customer through the paper service during this period.
6.73 The Customer shall reimburse the DVLA and or RAM for all DVLA's and RAM’s cost and expenses incurred in relation to the rights under Conditions 6.69 to 6.73 (inclusive) to carry out an inspection, investigation, audit or review of the Customer.
Insolvency
6.74 Where the DVLA is notified in writing of any of the circumstances listed in Condition 6.95 (Insolvency), the DVLA may suspend the ADD Service without further notice and with immediate effect and investigate further whether any of the Customer's directors or any liquidator, receiver, administrative receiver, administrator, or other officer is capable of ensuring that the provisions of this Contract and of Data Protection Legislation are complied with. If the DVLA is not satisfied that any such person shall ensure such compliance, the DVLA may terminate the Contract by written notice with immediate effect.
6.75 RAM shall be entitled to terminate the Contract in the event of any circumstance set out in 6.95.
Other Termination Rights
6.76 The DVLA may terminate the Contract by written notice with immediate effect if in the reasonable view of the DVLA, during any period of suspension of the ADD Service the Customer:
(a) fails to co-operate with any investigation, audit or review:
(b) fails to provide any assurances or take any actions within the reasonable period set by the DVLA under Condition 6.70; or
(c) fails to provide assurances that satisfy the DVLA (acting reasonably) that the Customer has complied and shall continue to comply with the requirements of this Contract and of Data Protection Legislation.
6.77 The DVLA may terminate the Contract by written notice with immediate effect if the Customer fails to pay the DVLA undisputed sums of money when due by variable direct debit in two or more consecutive Months.
6.78 The DVLA may terminate the Contract by written notice with immediate effect if the Customer is found to be in breach of any aspect of the Law that could, in the reasonable opinion of the DVLA, bring the DVLA into disrepute.
6.79 The DVLA may terminate the Contract by written notice with immediate effect if the Customer is an individual and he has died or is adjudged incapable of managing his affairs within the Mental Capacity Act 2005 (as amended).
Consequences of Suspension and Termination
6.80 After the ADD Service has been suspended or the Contract has been terminated or both, the Customer shall continue to comply with its obligations under this Contract and under Data Protection Legislation in relation to the Data which it holds, including as to the proper use of the Data, retention of the Data and secure destruction of the Data.
6.81 After the ADD Service has been suspended or the Contract has been terminated or both, the Customer will no longer have the right to use the Data already supplied by DVLA.
6.82 During the suspension period, the Customer is not permitted to process or transfer the Data received prior to suspension.
6.83 Save as otherwise expressly provided in the Contract:
(a) termination of the Contract shall be without prejudice to any rights, remedies or obligations accrued under the Contract prior to termination
(b) or expiration and nothing in the Contract shall prejudice the right of either Party to recover any amount outstanding at such termination or expiry; and
(c) termination of the Contract shall not affect the continuing rights, remedies or obligations of the DVLA, RAM or the Customer under any provision of this Contract which expressly or by implication is intended to come into or to continue in force on or after termination of this Contract.
Supply of Data to Related Persons After Termination
6.84 If it comes to the attention of the DVLA that the Customer committed any Default in its obligations in relation to the Data prior to termination of the Contract, or if the DVLA has reason to believe that the Customer did not comply with its duties in relation to the Data under Data Protection Legislation, the DVLA shall reserve the right to refuse to provide any further Data by any means to the Customer, its directors or to any other Company with which those directors are associated, for up to 12 months, starting on the date of Termination of the Contract.
6.85 Where DVLA has terminated this Contract, the Customer will no longer be permitted to process or transfer the Data received prior to termination where that Data has not already been processed and transferred to a Third Party Customer. This shall not apply, where such Processing or transfer, is a Data portability right under Data Protection Legislation.
Disruption
6.86 The DVLA shall immediately inform the Customer of any actual or potential industrial action, whether such action is taken by their own employees or others, which affects or might affect its ability at any time to perform its obligations under the Contract.
6.87 The DVLA shall not be liable to the Customer for any additional expense or loss incurred by the Customer as a result of such disruption.
6.88 The Customer shall immediately inform the DVLA of any actual or potential industrial action, whether such action is taken by their own employees or others, which affects or might affect its ability at any time to perform its obligations under the Contract.
6.89 In the event of industrial action by the Customer's Staff, the Customer shall seek the prior written approval of the DVLA to its proposals to continue to perform its obligations under the Contract.
6.90 If the Customer's proposals referred to in Condition 6.89 are considered insufficient or unacceptable by the DVLA acting reasonably, then the Contract may be terminated with immediate effect by the DVLA by notice in writing.
Force Majeure
6.91 Neither DVLA, RAM or the Customer shall be liable to the other Party for any delay in performing, or failure to perform, its obligations under the Contract (other than a payment of money) to the extent that such delay or failure is a result of Force Majeure. Notwithstanding the foregoing, each Party shall use all reasonable endeavours to continue to perform its obligations under the Contract for the duration of such Force Majeure. However, if such Force Majeure prevents either Party from performing its material obligations under the Contract for a period in excess of 26 weeks, either Party may terminate the Contract with immediate effect by notice in writing.
6.92 Any failure or delay by either Party in performing its obligations under the Contract which results from any failure or delay by an agent, Sub-Contractor or supplier shall be regarded as due to Force Majeure only if that agent, SubContractor or supplier is itself impeded by Force Majeure from complying with an obligation to the Party.
6.93 If either Party becomes aware of Force Majeure which gives rise to, or is likely to give rise to, any failure or delay on its part as described in this Condition it shall immediately notify the other by the most expeditious method then available and shall inform the other of the period for which it is estimated that such failure or delay shall continue.
6.94 If the Customer is unable to perform any of its Data protection obligations under the Contract as a result of Force Majeure, it shall ensure its Data protection obligations are fulfilled by alternative means and shall notify the DVLA immediately, within a maximum of 24 hours of becoming aware, giving detailed information as to how it shall ensure that the Data is protected.
Insolvency
6.95 The Customer shall notify RAM immediately in writing where the Customer is a company and in respect of the Customer:
(a) a proposal is made for a voluntary arrangement within Part 1 of the Insolvency Act 1986 (as amended) or of any other composition scheme or arrangement with, or assignment for the benefit of, its creditors; or
(b) a shareholders' meeting is convened for the purpose of considering a resolution that it be wound up or a resolution for its winding-up is passed (other than as part of, and exclusively for the purpose of, a bona fide reconstruction or amalgamation); or
(c) a petition is presented for its winding up (which is not dismissed within 14 Days of its service) or an application is made for the appointment of a provisional liquidator or a creditors' meeting is convened pursuant to section 98 of the Insolvency Act 1986 (as amended); or
(d) a receiver, administrative receiver or similar officer is appointed over the whole or any part of its business or assets; or
(e) an application order is made either for the appointment of an administrator or for an administration order, and administrator is appointed, or notice of intention to appoint an administrator is given; or
(f) it is or becomes insolvent within the meaning of section 123 of the
(g) Insolvency Act 1986 (as amended); or
(h) being a "small company" within the meaning of section 247(3) of the Companies Act 1985 (as amended); a moratorium comes into force pursuant to Schedule IA of the Insolvency Act 1986 (as amended); or
(i) any event similar to those listed in this Condition occurs under the law of any other jurisdiction.
6.96 The Customer shall notify RAM immediately in writing where the Customer is an individual and:
(a) an application for an interim order is made pursuant to sections 252-253 of the Insolvency Act 1986 (as amended) or a proposal is made for any composition scheme or arrangement with, or assignment for the benefit of, the Customer's creditors; or
(b) a petition is presented and not dismissed within 14 Days or order made for the Customer's bankruptcy; or
(c) a receiver, or similar officer is appointed over the whole or any part of the Customer's assets or a person becomes entitled to appoint a receiver, or similar officer over the whole or any part of his assets; or
(d) the Customer is unable to pay his debts or has no reasonable prospect of doing so, in either case within the meaning of section 268 of the Insolvency Act 1986 (as amended); or
(e) a creditor or encumbrancer attaches or takes possession of, or a distress, execution, sequestration or other such process is levied or enforced on or sued against, the whole or any part of the Customer's assets and such attachment or process is not discharged within 14 Days; or
(f) suspends or ceases, or threatens to suspend or cease, to carry on all or a substantial part of his business.
Change of Control
6.97 The Customer shall seek the prior written approval of RAM to any change of control within the meaning of section 450 of the Corporation Taxes Act 2010 (as amended) ("Change of Control"). Where RAM has not given its written agreement before the Change of Control, RAM may terminate the Contract by notice in writing with immediate effect within 26 weeks of:
(a) being notified that that change of control has occurred; or
(b) where no notification has been made, the date that RAM becomes aware of that change of control.
Consequences of Suspension and Termination
6.98 After the ADD Service has been suspended or the Contract has been terminated or both, the Customer shall continue to comply with its obligations under this Contract and under Data Protection Legislation in relation to the Data which it holds, including as to the proper use of the Data, retention of the Data and secure destruction of the Data.
Legal Basis for Release of Data
6.99 The basis for release of DVLA's driving licence data to the Customer is that it is necessary for the performance of a task carried out in the public interest or the exercise of an official authority vested in DVLA. This is in line with Data Protection Legislation. The requirements for this approval are detailed in Schedule 2 (Minimum Requirements for Data Protection Declaration) of this Contract.
Customer Criteria
6.100 The Customer will provide the DVLA with a statement detailing the type of business it conducts and a description of products/services it offers to its customers that involve the use of DVLA data. Applications to the ADD Service will only be considered for organisations that can demonstrate the Permitted Purpose for access to the ADD Service. Organisations that cannot prove a Permitted Purpose will not be considered further. Categories of business that meet this pre-requisite include:
(a) Employers of drivers;
(b) Auto insurance companies (at point of claim only);
(c) Car rental companies;
(d) Fleet companies;
(e) Taxi Licensing for Local Authorities; and;
(f) Intermediary companies that request the Data to provide services to Third Party Customers that include the above business types.
6.101 The Customer shall use the Data only for its Permitted Purpose as stated in clause 6.100. The Customer will not sell the Data or permit it to be sold to any Third Party.
6.102 The Customer shall provide DVLA with estimated usage of the service, to include volume and frequency information. The Customer shall inform DVLA of any factors that could cause a significant increase or decrease in usage.
6.103 Where there is a change of or additional use of Data from that specified, the Customer is required to detail in writing to the DVLA the proposed use of the Data and to identify customer sectors to whom it will be provided and the media in which it will be made available. All requests are subject to written approval by DVLA.
6.104 The Customer will notify DVLA of any changes to their business need for access to the ADD Service.
6.105 The Customer will inform DVLA of changes to their business processes, which may impact how the ADD Service is used.
6.106 The Customer will only make enquiries on those drivers for which they are in receipt of a signed Data Protection Declaration, as stipulated in Schedule 2 (Minimum Requirements for Data Protection Declaration).
6.107 Consent forms or mandates such as the D796 form or similar paper or electronic forms cannot be used as Evidence to make enquiries from 26 August 2018. The D906/ADD or D906 form shall be used to make all enquiries from the 26 August 2018.
6.108 Staff must not use the ADD Service in order to view their own DVLA driver record. There must be separation of duty between the Data Subject and the Data obtained via the ADD Service.
6.109 Data is supplied on the explicit basis that it should not be used for identity checking of any kind. If agreement is obtained from DVLA to provide Data to a Third Party, it is essential that this Data is only used to check entitlement to drive for a legitimate business need. The driver must be made fully aware of who is accessing his/her information. DVLA must approve any changes to the driver Data Protection Declaration.
6.110 The Customer shall (and shall ensure that each member of the Customer's Staff) comply with any notification requirements under the Data Protection Legislation and will duly observe all their obligations under Data Protection Legislation which arise in connection with the Contract.
6.111 The Customer must be registered with Companies House, Her Majesty's Revenue and Customs (HMRC) and The Charities Commission, where applicable.
7. Audit
7.1 RAM is required by the DVLA to audit the Customer to ensure that the Customer is in compliance with the terms of this Contract and to notify DVLA of any changes to the Customer business, or issues in the Customer’s use of the Data.
7.2 RAM is required by DVLA to, and shall, audit the Customer at least once in the first calendar year during which it acts as Intermediary to that Third Party Customer, and annually thereafter, and make evidence of such audits available to the DVLA at its request;
7.3 The Customer shall allow RAM at all reasonable times and on reasonable notice to access the Customer’s and any third party data storage premises where Data may be held to ascertain and ensure compliance.
7.4 RAM will be entitled to provide the results of any such audit to DVLA.
8. Charges
8.1 Charges shall be payable at the frequency set out in the order and where no frequency is set out quarterly. Charges shall be applied in arrears. Charges shall be based on the cost per Service Access Credit applicable at the time of purchase.
8.2 RAM shall issue an invoice to the Customer at the time that the charges are payable on the purchase which will then provide an account against which Service Access Credits are deducted. The Portal shall show the Customer how many RAM Service Access Credits remain.
8.3 Any Service Access Credit which pertains to a Driver Data Request which is unsuccessful, shall be recredited by RAM.
8.4 All charges shall be subject to VAT at the then prevailing rate. Where any taxable supply for VAT purposes is made under the Contract by RAM to the Customer, the Customer shall, on receipt of a valid VAT invoice from RAM, pay to RAM such additional amounts in respect of VAT as are chargeable on the supply of the Services at the same time as payment is due for the supply of the Services.
8.5 When the Customer wishes to enter into the Contract, RAM will check:
(a) personal and business records at credit reference agencies (“CRAs”). When CRAs receive a search from RAM they will place a search footprint on the Customer ‘s credit file that may be seen by other lenders and companies;
(b) those at fraud prevention agencies (“FPAs”); and
(c) in relation to directors of the Customer, RAM will seek confirmation, from CRAs that the residential address that the directors provide is the same as that shown on the restricted register of directors' usual addresses at Companies House. RAM may also make enquiries with those persons that the Customer has nominated as trade references.
8.6 RAM will make checks such as verifying identities to prevent and detect crime and money laundering. The Customer acknowledges that the use of any personal data in making identity and money laundering checks is in the pursuit of a legitimate interest. The Customer acknowledges that the use of any personal data in the checks referred to at condition 8.6 above is in the pursuit of a legitimate interest.
9. Liability
9.1 In no event shall RAM be liable (whether in contract, tort, including negligence, or otherwise) for any indirect, incidental, consequential, general or exemplary damages, pure economic loss (whether direct or indirect), increased costs, lost revenues, profits, goodwill or data, or damage to property, whether suffered by the Customer or any other person, arising from or related to any act or omission of RAM (whether in connection with this Agreement or otherwise).
9.2 RAM's total liability (whether in contract, tort (including negligence) or otherwise) in respect of all claims for loss, damages or liability, including (but not limited to) claims in connection with the Contract, will not in any circumstances whatsoever exceed an amount equal to the Service Payment(s) plus 10%.
9.3 The Customer agrees to indemnify, and hold RAM harmless, from and against any liability, loss, injury, demand, action, cost, expense or claim arising out of or in connection with the Data including but not limited to the Customer’s access to, use or storage or possession of the Data.
9.4 The limitations contained in this Condition 9 shall not apply to liability for death, personal injury, fraud or any other liability which cannot be limited by law.
10. Termination
10.1 Without limiting or affecting any other right or remedy available to it, either party may terminate the Contract with immediate effect by giving written notice to the other party if:
(a) the other party commits a material breach of any term of the Contract which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 30 days after being notified in writing to do so;
(b) the other party takes any step or action in connection with its entering administration, provisional liquidation or any composition or arrangement with its creditors (other than in relation to a solvent restructuring), applying to court for or obtaining a moratorium under Part A1 of the Insolvency Act 1986, being wound up (whether voluntarily or by order of the court, unless for the purpose of a solvent restructuring), having a receiver appointed to any of its assets or ceasing to carry on business; or
(c) the other party suspends, or threatens to suspend, or ceases or threatens to cease to carry on all or a substantial part of its business.
11. Assignment and other dealings.
11.1 The Customer shall not assign, sub-contract or in any other way dispose of the Contract or any part of it without the prior written approval of RAM.
11.2 Sub-Contracting any part of the Contract shall not relieve the Customer of any of its obligations or duties under the Contract. The Customer shall be responsible for the acts and omissions of its Sub-Contractors as though they are its own. Where the RAM has approved to the placing of sub-contracts, copies of each sub-contract shall, at the request of RAM be sent by the Customer to RAM as soon as reasonably practicable.
12. Governing Law
The Contract shall be governed by the laws of England.
13. Notices
13.1 Any notices given or made pursuant to the Contract shall be in writing.
13.2 Any such notice shall be deemed to have been duly given or made as follows:
(a) If sent by first class post two clear business days after posting;
(b) If sent by facsimile when dispatched; and
(c) If sent by e-mail on the same business day as sent or the next working day if sent
Do you have a question? Ask us anything
