RBR TERMS AND CONDITIONS FOR SERVICE AND GOODS
RBR Engineering Solutions Limited trading as 3D printing and engineering (“3DPE”) a business registered in England number 09418298 whose registered address is at 138-144 London Road, Wheatley, Oxford, OX33 1JH (the “Provider”) provides 3D printing goods, advice, and works to business clients. The Provider has reasonable skill, knowledge and experience in that field. These Terms and Conditions shall apply to the provision of goods, advice, and works by the Provider to its clients.
1 Definitions and Interpretation
In these Terms and Conditions, unless the context otherwise requires, the following expressions have the following meanings:
means the Quotation entered into by the Provider and the Client and signed by both Parties’ duly authorised representatives and which will impliedly incorporate these Terms and Conditions (or any variation agreed in writing by both Parties) which shall govern provision of the works (as defined below);
means, any day (other than Saturday or Sunday) on which ordinary banks are open for their full range of normal business in England;
means the party procuring the works from the Provider which must be a business and shall be identified in the Agreement;
means the date on which provision of the works will commence, as defined in the Quotation
means, in relation to either Party, information which is disclosed to that Party by the other Party pursuant to or in connection with the Agreement (whether orally or in writing or any other medium, and whether or not the information is expressly stated to be confidential or marked as such);
“Data Protection Legislation”
means 1) unless and until EU Regulation 2016/679 General Data Protection Regulation (“GDPR”) is no longer directly applicable in the UK, the GDPR and any national implementing laws, regulations, and secondary legislation (as amended from time to time), in the UK and subsequently 2) any UK Data Protection legislation which succeeds the GDPR;
means any and all sums due, as specified in the Agreement, written Quotation, or Invoice.
“Intellectual Property Rights”
means (a) any and all rights in any patents, trademarks, service marks, registered designs, applications (and rights to apply for any of those rights) trade, business and company names, internet domain names and e-mail addresses, unregistered trademarks and service marks, copyrights, database rights, know-how, rights in designs and inventions;
(b) rights under licences, consents, orders, statutes or otherwise in relation to a right in paragraph (a);
(c) rights of the same or similar effect or nature as or to those in paragraphs (a) and (b) which now or in the future may subsist; and
(d) the right to sue for past infringements of any of the foregoing rights;
means the quotation delivered by the Provider to the Client, and which specifies the works, minimum term, timescales, and which, together with these terms and conditions forms the entire Agreement between the Parties.
means the work to be provided by the Provider to the Client in accordance with the Agreement, as fully defined in the Agreement and any specification set out in the quotation or elsewhere and agreed in writing between the Parties to this Agreement, and subject to the terms and conditions of the Agreement, and
means the term of the Agreement as defined in it.
Unless the context otherwise requires, each reference in these Terms and Conditions to:
“writing”, and any cognate expression, includes a reference to any communication effected by electronic transmission;
a statute or a provision of a statute is a reference to that statute or provision as amended or re-enacted at the relevant time;
“these Terms and Conditions” is a reference to these Terms and Conditions as amended or supplemented at the relevant time;
a Clause or paragraph is a reference to a Clause of these Terms and Conditions or to a Clause of the Agreement, as appropriate; and
a "Party" or the "Parties" refer to the parties to the Agreement.
The headings used in these Terms and Conditions are for convenience only and shall have no effect upon the interpretation of these Terms and Conditions.
Words imparting the singular number shall include the plural and vice versa.
References to any gender shall include the other gender.
References to persons shall include corporations.
2 Provision of the works
a) With effect from the Commencement Date, the Provider shall, throughout the Term of the Agreement, provide the works to the Client.
b) The Provider shall provide the works with reasonable skill and care, commensurate with prevailing standards in the industry.
c) The Provider shall act in accordance with all reasonable instructions given to it by the Client provided such instructions are compatible with the specification of works provided in the Agreement.
d) The Provider shall use reasonable endeavours to ensure that it complies with all statutes, regulations, byelaws, standards, codes of conduct and any other rules relevant to the provision of the works.
e) The Provider may, in relation to certain specified matters related to the works, act on the Client’s behalf. Such matters shall not be set out in the Agreement but shall be agreed between the Parties as they arise from time to time.
f) The Provider shall use all reasonable endeavours to accommodate any reasonable changes in the works that may be requested by the Client, subject to the Client’s acceptance of any related reasonable changes to the Fees that may be due as a result of such changes.
g) The Client accepts that by placing an order with the Provider, and subsequently accepting in writing the Quotation it is bound by these terms and conditions without variation, unless such variation is agreed in writing by a Director of the Provider.
3 Intellectual Property Rights
The Provider shall retain the ownership of any and all Intellectual Property Rights that may subsist in anything produced by the Provider in the course of providing the works. Throughout the Term of the Agreement, the Provider shall be deemed to automatically grant a royalty-free, exclusive licence of any and all such rights to the Client to use the same in accordance with the terms of the Agreement and the works.
4 Client’s Obligations
a) The Client shall use all reasonable endeavours to provide all pertinent information to the Provider that is necessary for the Provider’s provision of the works.
b) The Client may, from time to time, issue reasonable instructions to the Provider in relation to the Provider’s provision of the works. Any such instructions should be compatible with the specification of the works provided in the Agreement.
c) If the Provider requires the decision, approval, consent or any other communication from the Client in order to continue with the provision of the works or any part thereof at any time, the Client shall provide the same in a reasonable and timely manner.
d) If any consents, licences or other permissions are needed from any third parties, it shall be the Client’s responsibility to obtain the same in advance of the provision of the works (or the relevant part thereof).
Ie. f the nature of the works requires that the Provider has access to the Client’s premises or any other location, access to which is lawfully controlled by the Client, the Client shall ensure that the Provider has access to the same at the times to be agreed between the Provider and the Client as required.
f) Any delay in the provision of the works resulting from the Client’s failure or delay in complying with any of the provisions of this Clause 4 of the Agreement shall not be the responsibility or fault of the Provider.
g) The Client shall ensure that they have the right to use any and all information, specifications, drawings, materials and indemnify the Provider against any and all actions which may arise
h) From time to time the Provider may enter into agreements with customers active in the FIA Formula One World Championship not to engage in activities which may be considered to be in competition with that customer. The Provider will make all reasonable endeavours to ensure that it complies fully with these agreements. However in certain circumstances the Provider is not aware that a customer is reselling its products and services. Therefore if you are reselling the Provider’s products and services to a customer active in the FIA Formula One World Championship you are required to notify the Provider so that it can comply with its agreements. If you fail to notify the Provider then you will fully indemnify the Provider in relation to any and all claims and direct consequential losses arising from your failure.
5 Fees, Payment and Records
a) The Client shall pay the Fees to the Provider in accordance with the provisions of the Agreement. The Provider reserves the right to request stage payments.
b) The Provider shall invoice the Client for Fees due upon completion in accordance with the provisions of the Agreement and this may require stage payments.
c) All payments required to be made pursuant to the Agreement by the Client shall be made on receipt by the Client of the relevant invoice.
d) All payments required to be made pursuant to the Agreement by the Client shall be made in Sterling in cleared funds to such bank as the Provider may from time to time nominate, without any set-off, withholding or deduction except such amount (if any) of tax as the Client is required to deduct or withhold by law.
e) Where any payment pursuant to the Agreement is required to be made on a day that is not a Business Day, it may be made on the next following Business Day.
f) Any sums which remain unpaid following the expiry of seven days of the delivery of the invoice shall incur interest on a daily basis at eight percentage points above the base rate of The Bank of England from time to time until payment is made in full of any such outstanding sums.
g) The Provider shall be entitled to choose whether to claim interest at the rate specified in the immediately preceding Clause or to rely on the interest (and compensation) payable under the Late Payment of Commercial Debts (Interest) Act 1998.
6 Liability, Indemnity and Insurance
a) The Provider shall ensure that it has in place at all times suitable and valid professional indemnity insurance and public liability insurance.
b) The Provider’s total liability for any loss or damage caused as a result of its negligence or breach of the Agreement shall be limited to the sum defined as payable for the Works and shall not include consequential losses.
c) The Provider shall not be liable for any loss or damage suffered by the Client that results from the Client’s failure to follow any instructions given by the Provider.
d) Nothing in these Terms and Conditions nor in the Agreement shall limit or exclude the Provider’s liability for death or personal injury.
e) The Provider shall not be obliged to indemnify the Client against any costs, liability, damages, loss, claims or proceedings arising out of the Provider’s breach of the Agreement.
f) The Client agrees to take out appropriate insurance cover to protect itself against all risks, and to be responsible for the payment of the premiums, and to ensure that the payment of the premiums does not lapse.
g) The Client shall indemnify the Provider against any costs, liability, damages, loss, claims or proceedings arising from loss or damage to any equipment (including that belonging to any third parties appointed by the Provider) caused by the Client or its agents or employees.
h) Neither Party shall be liable to the other or be deemed to be in breach of the Agreement by reason of any delay in performing, or any failure to perform, any of that Party’s obligations if the delay or failure is due to any cause beyond that Party’s reasonable control.
The Provider will use its reasonable endeavours to ensure that the goods will be free from any and all defects for a period of three months from the date of delivery.
The Client accepts that it shall have no remedy against the Provider where the Works have been carried out using reasonable skill and care, and in accordance with industry standard criteria.
The Client accepts that is shall have no remedy against the Provider where the Works have not been stored and or used in the manner intended in the Agreement or where the Agreement states no Guarantee is provided due to the trial and or prototype nature of the Works.
8 Romalpa Clause
Title and ownership of any goods shall only pass to the Client upon full payment of the agreed sum to the Provider. Until title and ownership passes to the Client it should not make use of advice, goods, services and Works unless agreed in writing by the Provider.
a) Each Party shall undertake that, except as required by Statute or as authorised in writing by the other Party, it shall, at all times during the continuance of the Agreement and for three years after its termination:
i. keep confidential all Confidential Information;
ii. not disclose any Confidential Information to any other party;
iii. not use any Confidential Information for any purpose other than as contemplated by and subject to the terms of the Agreement;
iv. not make any copies of, record in any way or part with possession of any Confidential Information; and
v. ensure that none of its directors, officers, employees, agents, sub-contractors or advisers does any act which, if done by that Party, would be a breach of the provisions of any part of Clause 10 off this Agreement.
b) Either Party may disclose any Confidential Information to: any sub-contractor or supplier of that Party; any governmental or other authority or regulatory body; or any employee or officer of that Party or of any of the aforementioned persons, parties or bodies; to such extent only as is necessary for the purposes contemplated by the Agreement (including, but not limited to, the provision of the works), or as required by law.
c) In each case of a disclosure required under Statute each Party shall first inform the person, party or body in question that the Confidential Information is confidential.
d) The provisions of this Clause shall continue in force in accordance with its terms, notwithstanding the termination of the Agreement for any reason.
10 Force Majeure
a) No Party to the Agreement shall be liable for any failure or delay in performing their obligations where such failure or delay results from any cause that is beyond the reasonable control of that Party. Such causes include, but are not limited to: power failure, internet Provider failure, industrial action, civil unrest, fire, flood, storms, earthquakes, acts of terrorism, acts of war, governmental action or any other event that is beyond the control of the Party in question.
b) In the event that a Party to the Agreement cannot perform their obligations hereunder as a result of force majeure for a continuous period of sixty days, the other Party may at its discretion terminate the Agreement by written notice at the end of that period. In the event of such termination, the Parties shall agree upon a fair and reasonable payment for all works provided up to the date of termination. Such payment shall take into account any prior contractual commitments entered into in reliance on the performance of the Agreement.
11 Term and Termination
The Agreement shall begin on the Commencement Date (as specified in the Quotation) and shall continue for the Term specified in the Quotation from that date, subject to the provisions of Clause 9 and 10 of these terms and conditions.
Either Party shall have the right, subject to the agreement and consent of the other Party and exercisable by giving not less than fourteen days written notice to the other at any time prior to the expiry of the Term specified in this Clause of the Agreement (or any further period for which the Agreement is extended) to extend the Agreement for a further period of thirty days.
Either Party may terminate the Agreement by giving to the other not less than thirty days written notice, to expire on or at any time after the minimum term of the Agreement (which shall be defined in the Quotation.
Either Party may immediately terminate the Agreement by giving written notice to the other Party if:
any sum owing to that Party by the other Party under any of the provisions of the Agreement is not paid within seven Business Days of the due date for payment;
the other Party commits any other breach of any of the provisions of the Agreement and, if the breach is capable of remedy, fails to remedy it within fourteen Business Days after being given written notice giving full particulars of the breach and requiring it to be remedied;
an encumbrancer takes possession, or where the other Party is a company, a receiver is appointed, of any of the property or assets of that other Party;
the other Party makes any voluntary arrangement with its creditors or, being a company, becomes subject to an administration order (within the meaning of the Insolvency Act 1986);
the other Party, being an individual or firm, has a bankruptcy order made against it or, being a company, goes into liquidation (except for the purposes of bona fide amalgamation or re-construction and in such a manner that the company resulting therefrom effectively agrees to be bound by or assume the obligations imposed on that other Party under the Agreement);
anything analogous to any of the foregoing under the law of any jurisdiction occurs in relation to the other Party;
the other Party ceases, or threatens to cease, to carry on business; or
control of the other Party is acquired by any person or connected persons not having control of that other Party on the date of the Agreement.
For the purposes of this Clause 11, “control” and “connected persons” shall have the meanings ascribed thereto by Sections 1124 and 1122 respectively of the Corporation Tax Act 2010.
For the purposes of this Clause, a breach shall be considered capable of remedy if the Party in breach can comply with the provision in question in all respects.
The rights to terminate the Agreement shall not prejudice any other right or remedy of either Party in respect of the breach concerned (if any) or any other breach, save as provided for in this Agreement.
12 Effects of Termination
Upon the termination of the Agreement for any reason:
any sum owing by either Party to the other under any of the provisions of the Agreement shall become immediately due and payable;
all Clauses which, either expressly or by their nature, relate to the period after the expiry or termination of the Agreement shall remain in full force and effect;
termination shall not affect or prejudice any right to damages or other remedy which the terminating Party may have in respect of the event giving rise to the termination or any other right to damages or other remedy which any Party may have in respect of any breach of the Agreement which existed at or before the date of termination;
subject as provided for in the Confidentiality clause of this Agreement and except in respect of any accrued rights neither Party shall be under any further obligation to the other;
each Party shall immediately cease to use, either directly or indirectly, any Confidential Information, and shall immediately return to the other Party any documents in its possession or control which contain or record any Confidential Information; and
the Intellectual Property Rights licence granted under this Agreement shall terminate and the Client shall forthwith cease to use, either directly or indirectly, any such Intellectual Property Rights, and shall forthwith return to the Provider any such material in its possession or control.
13 Data Protection
All personal information that the Provider may use will be collected, processed, and held in accordance with the provisions of EU Regulation 2016/679 General Data Protection Regulation (“GDPR”) and any subsequent Data Protection legislation from time to time in force in the United Kingdom.
14 Data Processing
Both Parties shall comply with all applicable data protection requirements set out in the Data Protection Legislation. Neither this Clause nor the Agreement shall relieve either Party of any obligations set out in the Data Protection Legislation and shall not remove or replace any of those obligations.
For the purposes of the Data Protection Legislation and for this Clause and the Agreement, the Provider is the “Data Processor” and the Client is the “Data Controller”.
The type(s) of personal data, the scope, nature and purpose of the processing, and the duration of the processing may, if the Parties agree, be set out in a Schedule to the Agreement.
The Data Controller shall ensure that it has in place all necessary consents and notices required to enable the lawful transfer of personal data to the Data Processor for the purposes described in these Terms and Conditions AND/OR the Agreement and to any Schedule to the Agreement if such exists.
The Data Processor shall, with respect to any personal data processed by it in relation to its performance of any of its obligations under these Terms and Conditions AND/OR the Agreement:
Process the personal data only on the written instructions of the Data Controller unless the Data Processor is otherwise required to process such personal data by law. The Data Processor shall promptly notify the Data Controller of such processing unless prohibited from doing so by law.
Ensure that it has in place suitable technical and organisational measures (as specified by the Data Controller) to protect the personal data from unauthorised or unlawful processing, accidental loss, damage or destruction. Such measures shall be proportionate to the potential harm resulting from such events, taking into account the current state of the art in technology and the cost of implementing those measures. Measures to be taken shall be agreed between the Data Controller and the Data Processor and set out by the Data Controller in the Agreement AND/OR a Schedule to the Agreement.
Ensure that any and all staff with access to the personal data (whether for processing purposes or otherwise) are contractually obliged to keep that personal data confidential;
Not transfer any personal data outside of the European Economic Area without the prior written consent of the Data Controller and only if the following conditions are satisfied;
The Data Controller and/or the Data Processor has/have provided suitable safeguards for the transfer of personal data;
Affected data subjects have enforceable rights and effective legal remedies;
The Data Processor complies with its obligations under the Data Protection Legislation, providing an adequate level of protection to any and all personal data so transferred; and
The Data Processor complies with all reasonable instructions given in advance by the Data Controller with respect to the processing of the personal data.
Assist the Data Controller at the Data Controller’s cost, in responding to any and all requests from data subjects in ensuring its compliance with the Data Protection Legislation with respect to security, breach notifications, impact assessments, and consultations with supervisory authorities or regulators (including, but not limited to, the Information Commissioner’s Office);
Notify the Data Controller without undue delay of a personal data breach;
On the Data Controller’s written instruction, delete (or otherwise dispose of) or return all personal data and any and all copies thereof to the Data Controller on termination of the Agreement unless it is required to retain any of the personal data by law; and
Maintain complete and accurate records of all processing activities and technical and organisational measures implemented necessary to demonstrate compliance with this Clause
The Data Processor may sub-contract any of its obligations with respect to the processing of personal data under this Clause 15 AND/OR the Agreement.
Subject to any provisions to the contrary each Party shall pay its own costs of and incidental to the negotiation, preparation, execution and carrying into effect of the Agreement.
The Client shall not be entitled to set-off any sums in any manner from payments due in respect of any claim under the Agreement.
17 Assignment and Sub-Contracting
The Agreement shall be personal to the Parties. Neither Party may assign, mortgage, charge (otherwise than by floating charge) or sub-licence or otherwise delegate any of its rights thereunder, without the written consent of the other Party, such consent not to be unreasonably withheld.
The Provider shall be entitled to perform any of the obligations undertaken by it through associates or through suitably qualified and skilled sub-contractors. Any act or omission of such other member or sub-contractor shall not, for the purposes of the Agreement, be deemed to be an act or omission of the Provider if this act or omission is a breach of the contract between the Provider and the sub-contractor.
The times and dates referred to in the Agreement shall be for guidance only and shall not be of the essence of the Agreement and may be varied by mutual agreement between the Parties evidenced in writing.
19 Relationship of the Parties
Nothing in the Agreement shall constitute or be deemed to constitute a partnership, joint venture, agency or other fiduciary relationship between the Parties other than the contractual relationship expressly provided for in the Agreement.
Neither Party shall, for the Term of the Agreement and for a period of two years after its termination or expiry, employ or contract the works of any person who is or was employed or otherwise engaged by the other Party at any time in relation to the Agreement without the express written consent of that Party.
Neither Party shall, for the Term of the Agreement and for a period of two years after its termination or expiry, solicit or entice away from the other Party any customer or client where any such solicitation or enticement would cause damage to the business of that Party without the express written consent of that Party.
21 Third Party Rights
No part of the Agreement shall confer rights on any third parties and accordingly the Contracts (Rights of Third Parties) Act 1999 shall not apply to the Agreement.
The Agreement shall continue and be binding on the transferee, successors and assigns of either Party as required.
All notices under the Agreement shall be in writing and be deemed duly given if signed by, or on behalf of, a duly authorised officer of the Party giving the notice.
Notices shall be deemed to have been duly given:
when delivered, if delivered by courier or other messenger (including registered mail) during normal business hours of the recipient; or
when sent, if transmitted by e-mail and a successful transmission report or return receipt is generated; or
on the fifth business day following mailing, if mailed by national ordinary mail, postage prepaid; or
on the tenth business day following mailing, if mailed by airmail, postage prepaid.
In each case notices shall be addressed to the most recent address, or e-mail address, notified to the other Party, and in any event, if an incorporated entity, to its registered office.
23 Entire Agreement
This Agreement contains the entire agreement between the Parties with respect to its subject matter and may not be modified except by an instrument in writing signed by the duly authorised representatives of the Parties.
Each Party shall acknowledge that, in entering into the Agreement, it does not rely on any representation, warranty or other provision except as expressly provided in the Agreement, and all conditions, warranties or other terms implied by statute or common law are excluded to the fullest extent permitted by law.
The Agreement may be entered into and by the Parties to it on separate counterparts each of which when so executed and delivered shall be an original, but the counterparts together shall constitute one and the same instrument.
In the event that one or more of the provisions of the Agreement and/or of these Terms and Conditions is found to be unlawful, invalid or otherwise unenforceable, that / those provision(s) shall be deemed severed from the remainder of the Agreement and/or these Terms and Conditions. The remainder of the Agreement and/or these Terms and Conditions shall be valid and enforceable.
26 Law and Jurisdiction
The Agreement and these Terms and Conditions (including any non-contractual matters and obligations arising therefrom or associated therewith) shall be governed by, and construed in accordance with, the laws of England and Wales.
Any dispute, controversy, proceedings or claim between the Parties relating to the Agreement or these Terms and Conditions (including any non-contractual matters and obligations arising therefrom or associated therewith) shall fall within the jurisdiction of the courts of England and Wales.
RBR (“we”) is committed to protecting the rights and freedoms of data subjects and safely and securely processing their data in accordance with all our legal obligations.
We hold personal data about our employees, participants, Associates, Partners, suppliers and other individuals for a variety of business purposes.
RBR is fully committed to ensuring continued and effective implementation of this policy.
1. GDPR The EU Regulation 2016/679, and any subsequent data protection legislation which may apply either in the United Kingdom, or worldwide.
2. RBR RBR Engineering Solutions Limited trading as 3D printing and engineering ("3DPE") a business registered in England number 09418298 whose registered address is at 138-144 London Road, Wheatley, Oxford, OX33 1JH
3. “Associate” Any third party whether personal or corporate, with whom RBR has an express or implied contract or any form of legal relationship e.g. consultants, research bodies, and investors/directors
4. Business purposes
The purposes for which personal data may be used by us:
Personnel, administrative, financial, regulatory, payroll and business purposes.
Business purposes include the following:
- Fulfilling our contractual obligations
- Improving services
- Compliance with our legal, regulatory and corporate governance obligations and good practice
- Gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests
- Ensuring business policies are adhered to (such as policies covering email and internet use)
- Operational reasons, such as recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information, security vetting,
- Investigating complaints
- Checking references, ensuring safe working practices, monitoring and managing staff access to systems and facilities and staff absences, administration and assessments
- Monitoring staff conduct, disciplinary matters
- Marketing our business
5. Personal data
This is any information that relates to the data subject. Your name, your address, your age, your date of birth, your postcode, your telephone number, your email, just any data that is personal to you.
Personal data we gather may include: individuals' name, phone number, email address, financial and pay details, details of certificates and diplomas, education and skills, marital status, nationality, and job title.
6. Special categories of personal data
Special categories of personal data include information about an individual's racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings, and genetic and biometric information —any use of special categories of personal data should be strictly controlled in accordance with this policy.
7. Data controller
RBR is a Data controller. ‘Data controller’ means the person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by law.
8. Data processor
RBR staff and associates are Processors. ‘Processor’ means a person, agency or other body which processes personal data on behalf of the controller.
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
PII stands for Personally Identifiable Information, it is information by which a data subject can be identified directly or indirectly. If RBR has information about a data subject in its systems that may be used to identify it, RBR will ensure that how it stores and processes the information is compliant with the GDPR
11. Supervisory authority
This is the national body responsible for data protection. The supervisory authority for our organisation is the Information Commissioners Office (ICO) www.ico.org.uk
Any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement on the Processing of Personal Data relating to him or her.
RBR complies with the Principles of data protection contained in the GDPR. The GDPR approach views the data subject as the owner of the data, and the data controller and processor as the data’s guardians. Therefore, we will make every effort possible in everything we do to comply with the GDPR principles. The Principles are:
Lawful, fair and transparent
Data collection must be fair, for a legal purpose and we must be open and transparent as to how the data will be used.
Limited for its purpose
Data can only be collected for a specific purpose.
Any data collected must be necessary and not excessive for its purpose.
The data we hold must be as accurate and kept up to date as possible.
We cannot store data longer than necessary.
Integrity and confidentiality
The data we hold must be kept safe and secure.
Accountability and transparency
We will ensure accountability and transparency in all our use of personal data. We will show how we comply with each Principle. We are responsible for keeping a written record of how all the data processing activities we are responsible for comply with each of the Principles. This will be kept up to date and must be approved by the Data controller.
To comply with data protection laws and the accountability and transparency Principle of GDPR, we will demonstrate compliance. We are responsible for understanding our particular responsibilities to ensure that we meet the following data protection obligations:
Fully implement all appropriate technical and organisational measures
Maintain up to date and relevant documentation on all processing activities
Conducting Data Protection Impact Assessments as deemed necessary
Implement measures to ensure privacy by design and default, including:
Creating and improving security and enhanced privacy procedures on an ongoing basis
Fair and lawful processing
We will process personal data fairly and lawfully in accordance with individuals’ rights under the first Principle. This generally means that we should not process personal data unless the individual whose details we are processing has consented to this happening.
If we cannot apply a lawful basis (explained below), our processing does not conform to the first principle and will be unlawful. Data subjects have the right to have any data unlawfully processed erased.
Lawful basis for processing data
We will establish a lawful basis for processing data. At least one of the following conditions will apply whenever RBR processes personal data:
We hold clear, explicit, and defined consent for the individual’s data to be processed for a specific purpose.
The processing is necessary to fulfil or prepare a contract for the individual.
We have a legal obligation to process the data (excluding a contract).
Processing the data is necessary to protect a person’s life or in a medical situation.
Processing necessary to carry out a public function, a task of public interest or the function has a clear basis in law.
The processing is necessary for our legitimate interests. This condition does not apply if there is a good reason to protect the individual’s personal data which overrides the legitimate interest.
We will also ensure that, if your data is being processed by us, you are informed of the lawful basis for processing, as well as the intended purpose. This will occur via a privacy notice. This applies whether we have collected the data directly from you, or from another source.
Special categories of personal data
What are special categories of personal data?
Previously known as sensitive personal data, this means data about an individual which is more sensitive, so requires more protection. This type of data could create more significant risks to a person’s fundamental rights and freedoms, for example by putting them at risk of unlawful discrimination. The special categories include information about an individual’s:
biometrics (as used for ID purposes)
In most cases where we process special categories of personal data we will require your explicit consent to do this unless exceptional circumstances apply or we are required to do this by law (e.g. to comply with legal obligations to ensure health and safety at work). Any such consent will need to clearly identify what the relevant data is, why it is being processed and to whom it will be disclosed.
Accuracy and relevance
We will ensure that any personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this or would otherwise reasonably expect this.
Individuals may ask that we correct inaccurate personal data relating to them. If we believe that information is inaccurate you should record the fact that the accuracy of the information is disputed.
We will keep personal data secure against loss or misuse.
Where other organisations process personal data as a service on our behalf, we will establish what, if any, additional specific data security arrangements need to be implemented in contracts with those third-party organisations.
Storing data securely
In cases when data is stored on printed paper, it will be kept in a secure place where unauthorised personnel cannot access it.
Printed data will be shredded when it is no longer needed.
Data stored on a computer will be protected by strong passwords that are changed regularly. We encourage all staff to use a password manager to create and store their passwords.
Data stored on CDs or memory sticks will be encrypted or password protected and locked away securely when they are not being used.
Servers containing personal data must be kept in a secure location, away from general office space
Data will be regularly backed up in line with the organisation’s backup procedures.
All servers containing data will be protected by security software.
All possible technical measures will be put in place to keep data secure.
We will retain personal data for no longer than is necessary. What is necessary will depend on the circumstances of each case, considering the reasons for which the personal data was obtained.
Transferring data internationally
We will ensure that if we move data outside the EU it will be processed in a way that is compliant with GDPR. This includes cloud-based storage.
Rights of individuals
Individuals have rights to their data which we respect and comply with to the best of our ability. We ensure individuals can exercise their rights in the following ways:
Right to be informed
Providing privacy notices which are concise, transparent, intelligible and easily accessible, free of charge, that are written in clear and plain language.
Keeping a record of how we use personal data to demonstrate compliance with the need for accountability and transparency.
Right of access
Enabling individuals to access their personal data
Allowing individuals to be aware of and verify the lawfulness of the processing activities
Right to rectification
We will rectify or amend your personal data if requested because it is inaccurate or incomplete.
This will be done without delay, and no later than one month after we receive your request.
Right to erasure
We will delete or remove an individual’s data if requested and if there is no compelling legal reason for its continued processing.
Right to restrict processing
We will comply with any request to restrict, block, or otherwise suppress the processing of personal data.
We are permitted to store personal data if it has been restricted, but not process it further.
Right to data portability
We will provide you with your data if you ask us to, so that you can reuse it for your own purposes or across different services.
We will provide it in a commonly used, machine-readable format, and send it directly to another controller if requested.
Right to object
We will respect your right to object to data processing based on legitimate interest or the performance of a public interest task.
We will respect your right to object to direct marketing, including profiling (e.g. segmentation of data).
We will respect your right to object to processing your data for scientific and historical research and statistics.
Rights in relation to automated decision making and profiling
We will respect your rights in relation to automated decision making and profiling.
You retain their right to object to automated processing, to have the rationale explained to you, and to request human intervention.
Subject Access Requests
What is a subject access request?
You have the right to receive confirmation that your data is being processed, access to your personal data and supplementary information which means the information which should be provided in a privacy notice.
How we deal with subject access requests
We will provide you with a copy of the information that has been requested, free of charge. This will occur without delay, and within one month of receipt. We endeavour to provide data subjects access to their information in commonly used electronic formats.
We will provide the data requested in a structured, commonly used and machine-readable format. This would normally be a CSV file, although other formats are acceptable. We will provide this data either to the individual who has requested it, or to the data controller they have requested it be sent to.
If complying with the request is complex or numerous, our Data controller can authorise extending the deadline by two months, but you must be informed within one month.
We can refuse to respond to certain requests, and can, in circumstances of the request being manifestly unfounded or excessive, charge a fee. If the request is for a large quantity of data, we can request that you specify the information you are requesting. For more information about how to make a Subject Access Request please visit ico.org.uk
Right to Erasure
1 What is the right to erasure?
You have a right to have your data erased and for processing to cease in the following circumstances:
Where the personal data is no longer necessary in relation to the purpose for which it was originally collected and / or processed
Where consent is withdrawn
Where you object to processing and there is no overriding legitimate interest for continuing the processing
The personal data was unlawfully processed or otherwise breached data protection laws
To comply with a legal obligation
The processing relates to a child
2 How we deal with the right to erasure
We can only refuse to comply with a right to erasure in the following circumstances:
To exercise the right of freedom of expression and information
To comply with a legal obligation for the performance of a public interest task or exercise of official authority
For public health purposes in the public interest
For archiving purposes in the public interest, scientific research, historical research or statistical purposes
The exercise or defence of legal claims
If personal data that needs to be erased has been passed onto other parties or recipients, they must be contacted and informed of their obligation to erase the data. If the individual asks, we must inform them of those recipients.
The right to object
Individuals have the right to object to their data being used on grounds relating to their particular situation. We must cease processing unless:
We have legitimate grounds for processing which override the interests, rights and freedoms of the individual.
The processing relates to the establishment, exercise or defence of legal claims.
We will always inform you of your right to object at the first point of communication, i.e. in the privacy notice. We must offer you a way to object online.
The right to restrict automated profiling or decision making
We may only carry out automated profiling or decision making that has a legal or similarly significant effect on you in the following circumstances:
It is necessary for the entry into or performance of a contract.
Based on the individual’s explicit consent.
Otherwise authorised by law.
In these circumstances, we must:
Give you detailed information about the automated processing.
Offer simple ways for you to request human intervention or challenge any decision about you.
Using third party controllers and processors
As a data controller [(and/or) data processor], we will have written contracts in place with any third party [data controllers (and/or) data processors] that we use. The contract must contain specific clauses which set out our and their liabilities, obligations and responsibilities.
As a data controller, we will only appoint processors who can provide sufficient guarantees under GDPR and that the rights of data subjects will be respected and protected.
As a data processor, we must only act on the documented instructions of a controller. We acknowledge our responsibilities as a data processor under GDPR and we will protect and respect the rights of data subjects.
Our contracts will comply with the standards set out by the ICO and, where possible, follow the standard contractual clauses which are available. Our contracts with data controllers and/or data processors must set out the subject matter and duration of the processing, the nature and stated purpose of the processing activities, the types of personal data and categories of data subject, and the obligations and rights of the controller.
Regular data audits to manage and mitigate risks will inform the data register. This contains information on what data is held, where it is stored, how it is used, who is responsible and any further regulations or retention timescales that may be relevant.
If you have any questions or concerns about anything in this policy, do not hesitate to contact our Data Controller.
While we have made every attempt to ensure that the information contained in this Site has been obtained from reliable sources, RBR Engineering Solutions Ltd is not responsible for any errors or omissions, or for the results obtained from the use of this information. All information in this Site is provided “as is”, with no guarantee of completeness, accuracy, timeliness, or of the results obtained from the use of this information, and without warranty of any kind, express or implied, including, but not limited to, warranties of performance, merchantability, and fitness for a particular purpose.
Nothing herein shall to any extent substitute for the independent investigations and the sound technical and business judgment of the reader. In no event will RBR Engineering Solutions Ltd, or its members, employees, or agents, be liable to you or anyone else for any decision made or action taken in reliance on the information in this Site, or for any consequential, special, or similar damages, even if advised of the possibility of such damages.
Certain links in this Site connect to other Web Sites maintained by third parties over whom the RBR Engineering Solutions Ltd has no control. RBR Engineering Solutions Ltd makes no representations as to the accuracy or any other aspect of information contained in other Web Sites.
RBR Engineering Solutions Ltd trading as 3D Printing Engineering is registered in England, number 09418298, and whose registered office is 138-144 London Road, Wheatley, Oxford, OX33 1JH
The information contained in this Site is intended solely to provide general guidance on matters of interest for the personal use of the reader, who accepts full responsibility for its use. The application and impact of laws can vary widely based on the specific facts involved. Given the changing nature of laws, rules and regulations, and the inherent hazards of electronic communication, there may be delays, omissions, or inaccuracies in information contained in this Site. Accordingly, the information on this Site is provided with the understanding that the authors and publishers are not herein engaged in rendering professional advice or services. As such, it should not be used as a substitute for consultation with professional or other competent advisers.
Before making any decision or taking any action, you should consult a director of RBR Engineering Solutions Ltd or other qualified professional.