Low Value Provision terms and conditions
Updated 13 March 2024
© Crown copyright 2024
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/low-value-provision-lvp-online-application-and-guidance/low-value-provision-terms-and-conditions
DWP terms and conditions for the supply of low value welfare to work training (Dynamic Purchasing System)
1. Definitions
1.1. “Authority” means the Secretary of State for Work and Pensions.
1.2. “Contract” means the arrangement between the Authority and the Contractor, comprising the Purchase Order and these terms and conditions.
1.3. “Contractor” means the economic operator (person, firm or company) with whom the authority enters into the Contract.
1.4. “Controller” and “Data” means as it is defined in GDPR.
1.5. “Data Loss Event” means any event that results, or may result, in unauthorised access to Personal Data held by the Contractor under this Contractor, and/or actual or potential loss and/or destruction of Personal Data in breach of this Contract, including any Personal Data Breach.
1.6. “Data Protection Impact Assessment” means an assessment by the Authority of the impact of the envisaged processing on the protection of Personal Data.
1.7. “Data Protection Legislation” means the GDPR and any applicable national implementing laws as amended from time to time; the DPA 2018 to the extent that it relates to the processing of Personal Data and privacy; and all applicable law about the processing of Personal Data and privacy.
1.8. “Data Subject” has the meaning given in the DPA 2018.
1.9. “Data Subject Request” means a request made by, or on behalf of, a Data Subject in accordance with rights granted pursuant to the Data Protection Legislation to their Personal Data.
1.10. “DPA 2018” means the Data Protection Act 2018.
1.11. “GDPR” means the General Data Protection Regulation (EU) 2016/679.
1.12. “Good Industry Practice” means standards, practices, methods and procedures conforming to the Law and the degree of skill and care, diligence, prudence and foresight which would reasonably and ordinarily be expected from a skilled and experienced person or body engaged in a similar type of undertaking under the same or similar circumstances.
1.13. “Intellectual Property Rights” means patents, inventions, trademarks, trade marks, service marks, logos, design rights (whether registerable or otherwise), applications for any of the foregoing, copyright, database rights, domain names, trade or business names, moral rights and other similar rights or obligations whether registerable or not in any country (including but not limited to the UK) and the right to sue for passing off.
1.14. “Participants” means the persons directly receiving the Service specified in the Purchase Order.
1.15. “Party” means a party to the Contract.
1.16. “Personal Data” has the meaning given in the GDPR.
1.17. “Personal Data Breach” has the meaning given in the GDPR.
1.18. “Protective Measures” means appropriate technical and organisational measures which may include: pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the such measures adopted by it.
1.19. “Purchase Order” means the Authority’s commercial document showing the agreed type, quantity and price of Service the Contractor will supply to the Authority.
1.20. “Relevant Conviction” means a conviction that is relevant to the nature of the Service (or as listed by the Authority and/or relevant to the work of the Authority).
1.21. “Service” means the service to be supplied as specified in the Purchase Order.
1.22. “Staff” means all persons employed by the Contractor to perform its obligations under the Contract together with the Contractor’s servants, agents, suppliers and sub-contractors used in the performance of its obligations under the Contract.
2. Contractor obligations
2.1. The Contractor shall promptly and efficiently provide the Service in accordance with:
2.1.1. the Purchase Order
2.1.2. Good Industry Practice
2.1.3. all applicable Laws
2.2. The Contractor shall (at no additional cost to the Authority) throughout the term of this Contract make all necessary changes to the service to take account of and remain compliant with all applicable changes in Law.
2.3. Contractor shall comply with the requirements of the Welsh Language Act and the Department for Work and Pensions (DWP) Welsh Language Scheme in relation to those services which it delivers in Wales under this Contract.
2.4. The Contractor shall in the performance of this Contract:
2.4.1. not unlawfully discriminate either directly or indirectly, or by way of victimisation or harassment, against any person on such grounds as race, colour, ethnic or national origin, disability, sex or sexual orientation, gender re-assignment, marital or civil partnership status, religion or belief, or age and without prejudice to the generality of the foregoing the Contractor shall not unlawfully discriminate within the meaning and scope of the Equality Act 2010, the Human Rights Act 1998 or other relevant or equivalent legislation, or any statutory modification or re-enactment thereof;
2.4.2. take all reasonable steps to secure observance of clause 2.4.1 by all Staff.
And any breach by the Contractor of Clauses 2.4.1 to 2.4.2 above shall be a breach for the purposes of Clause 20.
2.5. The Contractor shall comply with all relevant requirements contained in or having effect under the legislation relating to health, safety and welfare at work.
2.6. The Contractor shall comply with the provisions of the National Minimum Wage Act 1998 and the Working Time Regulations 1998.
2.7. The Contractor shall comply with the provisions of the Human Rights Act 1999.
2.8. In carrying out this Contract, the Contractor shall maintain in existence throughout the term of the Contract a registration with the Information Commissioner appropriate to the performance of this Contract pursuant to the Data Protection Legislation and shall comply with all relevant requirements of the said Act and shall be liable for and shall indemnify the Authority against any expense, liability, loss, claims or proceedings arising as a result of or in connection with any breach of this clause.
2.9. The Contractor further undertakes to use any information or other material disclosed to it solely for the purpose for which such information or other material was disclosed to it.
2.10. If the Contractor has reason to reschedule delivery of the Service the Authority would expect the Participant to receive as much notice as possible of the rescheduling and that the Authority is also informed at the same time. The Contractor will offer acceptable alternative course dates or a full refund to the Authority of fees paid.
2.11. If the Contractor has reason to cancel delivery of the Service, the Authority would expect the Participant to receive not less than 24 hours notice of the cancellation and that the Authority is also informed at the same time. In the event of cancellation, the Contractor will offer a full refund to the Authority all fees paid.
2.12. If the participant is unable to attend on the agreed dates, and sufficient notice was given to the Contractor, the Authority would expect the Contractor to offer a transfer to a later scheduled course at no additional charge or if this is not possible, a full refund of any fees where no expense had been incurred by the Contractor. Where the Contractor has incurred expenses, following agreement with the Authority, these maybe deducted from any refund of fees due to the Authority.
2.13. The Contractor shall not be liable to the Authority if it is unable to perform its obligations in whole or in part due to circumstances beyond its reasonable control. If it is so affected the Contractor will work with the Authority to ensure the continuity of the service in whatever way is possible. Where the service is not delivered in whole or in part, the Contractor shall agree with the Authority an appropriate refund of any fees paid.
2.14. If so stated on the Purchase Order, payment may be made in advance of the Service start date and in this situation where the Service is not delivered for any reason, any such fees should be refunded to the Authority in accordance with Clause 2.12.
3. The authority’s obligations
3.1. The Authority shall pay the Contractor on the basis stated on the Purchase Order. Unless otherwise stated therein, the Authority shall pay the Contractor the agreed price within 30 days of receipt of a valid invoice, provided that the Contractor has provided full and proper delivery of the Service, supported by full and accurate information and documentation to the satisfaction of the Authority.
3.2. Either Party to this Contract can recover any monies paid by them to the other Party which are found not to be due by deducting sums from any subsequent payment due to the other. The right of deduction extends to any agreement between any part of His Majesty’s Government and the Contractor. The Authority shall notify the Contractor before making any deductions.
4. Volumes
4.1. The Contractor acknowledges and has submitted its application to supply low value welfare to work training (dynamic purchasing system) on the understanding that no guarantee whatsoever is given by the Authority in respect of the number or volume of Participants participating in the Service during the term of this Contract.
5. Contractor’s staff
5.1. The Contractor shall be responsible for ensuring that Staff are not claiming any state benefit, where payment of that benefit is precluded due to earnings. The Contractor shall further use all reasonable endeavours to ensure that Staff who are not EC nationals are legally entitled to be resident in the United Kingdom and have a work permit, where applicable. The Contractor shall at all times take reasonable steps to ensure compliance with this Clause 5.1.
5.2. The Contractor shall satisfy itself that staff are suitable in all respects to provide the Service.
5.3. The Authority may require the Contractor to ensure that any Staff employed in the provision of the Service has undertaken a Disclosure and Barring Service (DBS) check. The Contractor shall ensure that no staff who disclose that he/she has a Relevant Conviction, or is found by the Contractor to have a Relevant Conviction (whether as a result of a police check or through the DBS check or otherwise) is employed or engaged in the provision of any part of the Service.
6. Assignment and sub-contracting
6.1. The benefit and burden of this Contract may not be assigned or sub-contracted in whole or in part by the Contractor without the prior written consent of the Authority. Such consent may be given subject to any conditions which the Authority considers necessary.
7. Intellectual property rights and intellectual property rights indemnity
7.1. Both parties to this contract acknowledge that all Intellectual Property Rights owned at the date of this Contract by the Authority shall remain so owned and all Intellectual Property Rights owned at the date of this Contract by the Contractor shall remain so owned.
7.2. The Contractor shall indemnify the Authority against all claims, demands, actions, costs, (including legal costs and disbursements on a solicitor and client basis), and losses arising from or incurred by reason of any infringement or alleged infringement in the UK of any Intellectual Property Right in connection with provision of the Service by the Contractor.
8. Status of contractor
8.1. In carrying out its obligations under this Contract the Contractor agrees that nothing in the Contract shall create a contract of employment, a relationship of agency or partnership or a joint venture between the Parties. The Contractor shall not say or do anything that may lead any other person to believe that the Contractor is acting as the agent of the Authority.
9. Reputation and public service considerations
9.1. In providing the Service the Contractor shall pay the utmost regard to the standing and reputation of the Authority and shall not do (by act or omission) anything that may bring the standing or reputation of the Authority into disrepute or attract adverse publicity to the Authority or which may harm the confidence of any of the public in the Authority.
9.2. The Contractor shall at all times provide the Service with due regard to the need for those in a public service environment to observe the highest standards of efficiency, economy, courtesy, consideration and hygiene.
10. Warranties
10.1. The Contractor warrants and represents to the Authority that:
10.1.1. any goods supplied by the Contractor pursuant to the delivery of any part of the Service shall be of satisfactory quality and fit for their purpose and shall be free from defects in design, material and workmanship and that any software and/or firmware supplied by it and/or used by it to provide the Service will be Euro Compliant
10.1.2. the Contractor has full capacity and authority and all necessary licences, permits and consents to enter into and to perform this Contract and that this Contract is executed by a duly authorised representative of the Contractor
10.1.3. the provision of the Service and the Authority’s and each Participant’s use thereof, shall not infringe any third party Intellectual Property Rights
10.1.4. the Contractor will not do anything (and shall ensure that none of its Staff do anything) which constitutes an offence under the Computer Misuse Act 1990, and that it has appropriate security measures in place to prevent/detect unlawful use of its IT systems
10.1.5. it is not, and has not been, in default of any obligations to which it is subject to by reason of membership of any association or body
10.1.6. the Contractor will make all reasonable endeavours to ensure that the information contained in the Contractor’s quotes is true and accurate
10.1.7. no claim is being asserted and no litigation, arbitration or administrative proceeding is presently in progress or, to the best of its knowledge and belief, pending or threatened against it or any of its assets which will or might have a material adverse effect on its ability to perform its obligations under the Contract
10.1.8. it is not subject to any contractual obligation, compliance with which is likely to have a material adverse effect on its ability to perform its obligations under the Contract
10.1.9. no proceedings or other steps have been taken and not discharged (nor, to the best of its knowledge, are threatened) for the winding up of the Contractor or for its dissolution or for the appointment of a receiver, administrative receiver, liquidator, manager, administrator or similar officer in relation to any of the Contractor’s assets or revenue
11. Indemnity and liability
11.1. Neither Party excludes or limits its liability to the other for death, personal injury, fraudulent misrepresentation or any breach of any obligations implied by Section 12 of the Sales of Goods Act 1979 or Section 2 of the Supply of Goods and Services Act 1982.
11.2. Responsibility for the control, management and supervision of all Participants shall rest entirely with the Contractor subject to the Participant complying with all reasonable instructions and directions which the Contractor may issue to the Participant from time to time. The Authority shall not be liable for any personal injury, disease or death, or loss or damage whatsoever caused, by any act or omission of a Participant, except to the extent (if any) that it was also caused or contributed to by the negligent act or omission or wilful Default of some other person acting as a servant or agent of the Authority.
12. Insurance
12.1. The Contractor shall ensure that it shall have at all times in force adequate and suitable insurance to cover all claims referred to in Clause 11 (Indemnity and Liability).
12.2. Where the Contractor is a person or body exempted from the obligations of the Employers Liability (Compulsory Insurance) Act 1969, the Contractor shall not be required to carry insurance for which it is exempted by the said Act if alternative arrangements for meeting such liabilities are made to the satisfaction of the Authority.
12.3. The Contractor, when requested, shall produce to the Authority certificates of insurance showing the actual coverage in force at the time of the request and shall give the Authority written notice before any such insurance is altered or cancelled.
13. Records and other documents
13.1. The Contractor shall maintain such records and other documents as the Authority may reasonably require throughout the period of this Contract and for a period of six (6) years from the end of the financial year in which the last payment is made by the Authority under the terms of this Contract. In particular the Contractor acknowledges that the keeping of such records is necessary for the Authority to verify the Contractor’s entitlement to payment under this contract.
13.2. During the period(s) referred to above, the Contractor shall make the records and documents available for auditing purposes upon reasonable request by the Authority.
14. Health and safety
14.1. The Contractor shall take all necessary steps to ensure the health, safety and welfare of all Participants to the same extent and in the same manner as an employer is required to do in relation to employees by or under the relevant legislation for the time being in force in that part of the UK where the Contractor is providing the Service.
14.2. The Contractor shall inform the Authority immediately, in the case of a death, and as soon as is reasonably practicable in any case of serious injury or serious illness occurring to a Participant that arises as a result of the provision of the Service.
15. Fraud
15.1. The Authority places the utmost importance on the need to prevent fraud and irregularity in the delivery of this Contract. Contractors are required to:
15.1.1. have an established system that enables Contractor staff to report inappropriate behaviour by colleagues in respect of contract performance claims
15.1.2. ensure that Contractor systems do not encourage individual staff to make false claims regarding contract performance
15.1.3. where possible ensure a segregation of duties within the Contractor’s operation between Staff directly involved in delivering the Service and those reporting achievement of contract performance to the Authority
15.1.4. ensure that an audit system is implemented to provide periodic checks, as a minimum at 6 monthly intervals, to ensure effective and accurate recording and reporting of contract performance
15.2. The Contractor shall use its best endeavours to safeguard the Authority’s funding of the Service against fraud generally and, in particular, fraud on the part of the Contractor’s directors or Staff. The Contractor shall pay the utmost regard to safeguarding public funds against misleading claims for payment and shall notify the Authority immediately if it has reason to suspect that any serious irregularity or fraud has occurred or is occurring.
15.3. If the Contractor or its Staff commits fraud in relation to this contract the Authority may:
15.3.1. terminate the Contract and recover from the Contractor the amount of any loss suffered by the Authority resulting from the termination, including the cost reasonably incurred by the Authority of making other arrangements for the supply of the Services, or
15.3.2. recover in full from the Contractor any other loss sustained by the Authority in consequence of any breach of this clause
16. Prevention of corruption
16.1. The contractor shall not (and it is a condition of this Contract that in entering into this contract it did not) offer or give or agree to give, to any member, employee or representative of the Authority any gift or consideration of any kind as an inducement or reward for doing or refraining from doing, or having done or refrained from doing, any act in relation to the execution of this or any other contract with the Authority or for showing or refraining from showing favour or disfavour to any person in relation to this or any such contract.
16.2. The attention of the Contractor is drawn to the Bribery Act 2010. Any offence committed by the Contractor, its Staff, subcontractors or by anyone acting on its behalf under the Bribery Act 2010, in relation to this or any other Contract with the Crown shall entitle the Authority to terminate the Contract and recover from the Contractor the amount of any Loss resulting from such termination and/or recover from the Contractor the amount or value of any gift, consideration or commission.
17. Confidentiality
17.1. The Contractor shall take all necessary precautions to ensure that all confidential information obtained from the Authority under or in connection with the Contract:
17.1.1. is given only to such of the Staff and professional advisors or consultants engaged to advise it in connection with the Contract as is strictly necessary for the performance of the Contract and only to the extent necessary for the performance of the Contract
17.1.2. is treated as confidential and not disclosed (without prior approval) or used by any Staff or such professional advisors or consultants otherwise than for the purposes of the Contract
17.2. The Contractor shall not use any confidential information it receives from the Authority otherwise than for the purposes of this Contract.
18. Protection of personal data
18.1. With respect to the Parties’ rights and obligations under this Contract, the Parties agree that the Authority is the Controller and that the Contractor is the Processor. The only processing that the Contractor is authorised to do is listed in the Annex to this Contract and shall not be determined by the Contractor.
18.2. The Contractor shall:
18.2.1. Process the Personal Data only in accordance with the Annex to this Contract and other documented instructions from the Authority (which may be specific instructions or instructions of a general nature as set out in this Agreement or as otherwise notified by the Authority to the Contractor during the Term), unless the Contractor is required to do otherwise by law. If it is so required the Contractor shall promptly notify the Authority before processing the Personal Data unless prohibited by law;
18.2.2. Provide all reasonable assistance to the Authority in the preparation of any Data Protection Impact Assessment prior to commencing any processing;
18.2.3. ensure that it has Protective Measures in place (including such measures required by the DWP Security Policy for Contractors), which the Authority may reasonably reject (but failure to reject shall not amount to approval by the Authority of the adequacy of the Protective Measures);
18.2.4. ensure that:
18.2.4.1. Staff do not process Personal Data except in accordance with this Contract and the Annex;
18.2.4.2. it takes all reasonable steps to ensure the reliability and integrity of any Staff who have access to the Personal Data and ensure that they are subject to appropriate confidentiality undertakings and do not publish, disclose or divulge any of the Personal Data to any third party unless directed in writing to do so by the Authority or as otherwise permitted by this Contract;
18.2.5. not process Personal Data outside of the United Kingdom unless the prior written consent of the Authority has been obtained and:
18.2.5.1. the Contractor has provided appropriate safeguards in relation to the transfer as determined by the Authority;
18.2.5.2. the Contractor complies with its obligations under the Data Protection Legislation; and
18.2.5.3. the Contractor complies with any reasonable instructions notified to it in advance by the Authority with respect of the processing of the Personal Data;
18.2.6. at the written direction of Authority, delete or return Personal Data (and any copies of it) to Authority on termination of this Contract unless the Contractor is required by law to retain the Personal Data;
18.2.7. notify the Authority immediately if it:
18.2.7.1. receives a Data Subject Request (or purported Data Subject Request);
18.2.7.2. receives a request to rectify, block or erase any Personal Data;
18.2.7.3. receives any other request, complaint or communication relating to either Party’s obligations under the Data Protection Legislation;
18.2.7.4. receives any communication from the Information Commissioner or any other regulatory authority in connection with Personal Data processed under this Contract;
18.2.7.5. receives a request from any third party for disclosure of Personal Data where compliance with such request is required or purported to be required by law; or
18.2.7.6. becomes aware of a Data Loss Event;
18.2.8. provide the Authority with reasonable assistance in relation to either Party’s obligations under Data Protection Legislation and any complaint, communication or request made under Clause 18.2.7 (and insofar as possible within the timescales reasonably required by the Authority) including by promptly providing:
18.2.8.1. the Authority with full details and copies of the complaint, communication or request;
18.2.8.2. such assistance as is reasonably requested by the Authority to enable it to comply with a Data Subject Request within the relevant timescales set out in the Data Protection Legislation;
18.2.8.3. the Authority, at its request, with any Personal Data it holds in relation to a Data Subject;
18.2.8.4. assistance as requested by the Authority following any Data Loss Event; and/or
18.2.8.5. assistance as requested by the Authority with respect to any request from the Information Commissioner’s Office, or any consultation by the Authority with the Information Commissioner’s Office.
18.2.9. maintain complete and accurate records and information to demonstrate its compliance with this Clause 18 and allow for audits of its data processing activity by the Authority or the Authority’s designated auditor;
18.2.10. designate a Data Protection Officer if required by the Data Protection Legislation.
18.2.11. not permit any subcontractor to process any Personal Data related to this Agreement unless the prior written consent of the Authority has been obtained and:
18.2.11.1. the Contractor provides to the Authority such information regarding the proposed subcontractor as the Authority may reasonably require;
18.2.11.2. the Contractor enters into a written agreement with the subcontractor which give effect to the terms set out in this Clause 18 such that they apply to the subcontractor; and
18.2.11.3. the Contractor remains fully liable for all acts or omissions of each of its subcontractor.
19. Freedom of information
19.1. The Contractor acknowledges that the Authority is subject to the requirements of the Freedom of Information Act 2000 (FOIA) and the Environmental Information Regulations and shall assist and cooperate with the Authority (at the Contractor’s expense) to enable the Authority to comply with these information disclosure requirements.
19.2. The Provider acknowledges that (notwithstanding the provisions of Clause 20) the Authority may, acting in accordance with the Department of Constitutional Affairs’ Code of Practice on the Discharge of the Functions of Public Authorities under Part 1 of the Freedom of Information Act 2000 (“the Code”), be obliged under the FOIA, or the Environmental Information Regulations to disclose information concerning the Provider or the Services:
19.2.1. in certain circumstances without consulting the Contractor, or
19.2.2. following consultation with the Contractor and having taken their views into account
20. Termination / breach
20.1. The Authority may terminate this contract any time by giving the Contractor at least 1 calendar month notice in writing without the need to give any reason for the termination or other such period as may be agreed between the Parties. In that event neither party shall have any right or rights against the other arising out of or as a consequence of such termination.
20.2. In the event of any breach of the Contract by either party, the other party may serve notice on the party in breach requiring the breach to be remedied within a reasonable period specified in the notice, not being longer than 28 days. If the breach is not capable of remedy or has not been remedied before the expiry of the specified period, the party not in breach may terminate the Contract with immediate effect by notice in writing.
21. Euro
21.1. During the term of this contract, any legislative requirement to account for the payment of services in the Euro, instead of and / or in addition to Sterling, shall be implemented at nil charge to the Authority.
22. Law and jurisdiction
22.1. The formation, interpretation and operation of this Contract and any disputes arising under or in any way connected with the subject matter of this Contract (whether of a contractual or tortuous nature or otherwise) shall be subject to English law.
DWP security policies for contractors
The Department for Work and Pensions treats its information as a valuable asset and considers that it is essential that information must be protected, together with the systems, equipment and processes which support its use. These information assets may include data, text, drawings, diagrams, images or sounds in electronic, magnetic, optical or tangible media, together with any Personal Data for which the Department for Work and Pensions is the Controller.
In order to protect Departmental information appropriately, our suppliers must provide the security measures and safeguards appropriate to the nature and use of the information. All suppliers of services to the Department for Work and Pensions must comply, and be able to demonstrate compliance, with the Department’s relevant policies and standards.
The Chief Executive or other suitable senior official of each supplier must agree in writing to comply with these policies and standards. Each supplier must also appoint a named officer who will act as a first point of contact with the Department for security issues. In addition all staff working for the supplier and where relevant sub-contractors, with access to Departmental IT Systems, Services or Departmental information must be made aware of these requirements and must comply with them.
All suppliers must comply with the relevant Standards from the DWP Information Systems Security Standards. The Standards are based on and follow the same format as International Standard 27001, but with specific reference to the Department’s use.
The following are key requirements and all suppliers must comply with relevant DWP policies concerning:
Personnel Security
- staff recruitment in accordance with government requirements for pre-employment checks
- staff training and awareness of Departmental security and any specific contract requirements
Secure Information Handling and Transfers
- physical and electronic handling, processing and transferring of DWP Data, including secure access to systems and the use of encryption where appropriate
Portable Media
- the use of encrypted laptops and encrypted storage devices and other removable media when handling Departmental information
Offshoring
- the Department’s Data must not be processed outside the United Kingdom without the prior written consent of DWP and must at all times comply with the Data Protection Legislation.
Premises Security
- security of premises and control of access
Security Incidents
- includes identification, managing and agreed reporting procedures for actual or suspected security breaches. All suppliers must implement appropriate arrangements which ensure that the Department’s information and any other Departmental assets are protected in accordance with prevailing statutory and central government requirements. These arrangements will clearly vary according to the size of the organisation.
It is the supplier’s responsibility to monitor compliance of any sub-contractors and provide assurance to DWP.
Failure to comply with any of these Policies or Standards could result in termination of current contract.
Annex: Processing personal data
1. The Contractor shall comply with any further written instructions with respect to processing by the Authority.
2. Any such further instructions shall be incorporated into this Annex.
| Description | Details |
|---|---|
| Subject matter of the processing | For the purposes of providing the Services to the Authority in accordance with the Contract and any Purchase Order. |
| Duration of the processing | For the duration of the Contract. |
| Nature and purposes of the processing | For the purposes of providing the Services to the Authority in accordance with the Contract and any Purchase Order. |
| Type of Personal Data | Data that identifies individuals, including Participants, any prospective Participants, or any other person which the Authority and Contractor share with each other and/or which they are able to access from a database to which both parties have access for the purposes of the delivery of the Service. By way of illustration, Joint Personal Data may include Personal Data: 1. which the Contractor is able to access by means of the Authority ICT system; 2. by confidential referral form, specifically for the purposes of the referral by the Authority to the Contractor, including those Participants who have been granted special client status by the Authority; 3. which either party may share with each other for the purposes of notifying either party of a change of a Participant’s circumstances; 4.which is held within a separate and secure database within the Contractor’s system for access by the Authority for its audit purposes in connection with the Services delivered by the Contractor. |
| Categories of Data Subject | Participants, Authority employees, Contractors and Sub-Contractors and their Staff, suppliers, service providers. The Service will be provided to Participants as referred by the Authority. |
| Plan for return and destruction of the data once the processing is complete UNLESS there is a requirement under union or member state law to preserve that type of data | Destroyed or returned to the Authority in accordance with clause 18.2.6. |