Standard Terms of Business for Charles Taylor Adjusting Limited

including its trading divisions and affiliates 

1.    The Engagement

1.1.    The Engagement Terms – In these terms of business: 

1.1.1.    “the Client” means the person or party specified in the acceptance of instruction correspondence issued by CTA in relation to its engagement by the Client or with whom CTA has otherwise contracted to provide its services (“the Engagement”) in respect of the relevant matter, incident, loss or accident (the “Matter”). 

1.1.2.     “CTA” means Charles Taylor Adjusting Limited and any of its trading divisions or affiliates instructed by, or on behalf of, the Client, including any CTA personnel (as defined in clause 6.5) involved in the Engagement.  

Unless otherwise agreed, these terms of business supersede any other agreement or arrangement (whether written or oral) previously agreed between CTA and the Client in relation to the Matter.  In the case of a conflict between these terms of business and any other terms agreed with the Client, these terms of business will prevail.

1.2.    The CTA Team – CTA will make reasonable efforts to ensure that those of its personnel notified to the Client are available to work for the Client on the Engagement.  CTA will endeavour to give the Client reasonable notice of any necessary change in such personnel and provide details of their proposed replacements.

1.3.    Timetable – CTA will make reasonable efforts to adhere to any timetable agreed in writing with the Client.  For the avoidance of doubt, time is not of the essence to CTA's performance of the Engagement, unless CTA has expressly agreed otherwise in writing.

1.4.    Reporting – CTA will report to the Client with appropriate information on the progress of the Engagement as regularly as may be appropriate for the Engagement or as otherwise agreed with the Client.  CTA will send its reports to the Client at the address notified to CTA by the Client from time to time or, where clause 1.5 applies, to the relevant broker or other third party.

1.5.    Instructions via third parties – Unless otherwise instructed by the Client, where CTA is instructed by a broker or other third party on behalf of the Client, CTA shall be entitled to accept and rely on instructions from such broker or third party as if those instructions were given by the Client and the Client hereby expressly authorises CTA to liaise and share information (including any of its reports relating to the Matter) with any such broker or third party. For the avoidance of doubt, where CTA provides a report to a broker or third party pursuant to this clause, it shall be deemed to have provided such report to the Client.

1.6.    CTA Sub-Contractors – The Client agrees that CTA may engage or use contractors, sub-contractors or other persons to provide the services for which it has been engaged by the Client. 

1.7.    Third Party Experts – Where the Client appoints third party experts in connection with the Engagement (a “Third Party Expert”), or requests CTA to appoint such a Third Party Expert on its behalf, the Client hereby expressly authorises CTA to instruct, liaise and share information with any such Third Party Expert to the extent CTA considers it reasonably necessary in connection with the Engagement.

2.    The Client’s Responsibilities

2.1.    Support – If CTA is required to work at the Client’s or any third party premises, the Client will obtain all consents and / or approvals required for CTA personnel to access such premises and shall ensure that CTA’s personnel are provided with such facilities and equipment as are reasonably necessary to enable them to perform the Engagement efficiently and in safety.

2.2.    Information – The Client will give CTA all information, instructions and assistance reasonably necessary to enable CTA to perform the Engagement and the Client will ensure that its appropriate personnel are available to CTA for such purposes.  The Client hereby acknowledges that CTA will rely on such information, instructions and assistance when performing the Engagement.

2.3.    Payment – The Client will pay CTA’s fees, disbursements, expenses and applicable local taxes including value added tax (VAT) where appropriate (hereinafter "applicable taxes") in respect of the Engagement in accordance with clause 3 below or as otherwise agreed with the Client. 

3.    Fees and Payment

3.1.    Method of Calculation – Unless otherwise agreed in writing, CTA’s fees will be charged to the Client on a time basis at the applicable hourly rates plus applicable taxes for all CTA personnel working on the Engagement.  Such fees may include, without limitation, time spent by such CTA personnel in connection with the Engagement on travelling, attending meetings and interviews, research, investigation and forensics, working on and preparing reports and associated papers, correspondence and telephone calls.

3.2.    Disbursements – CTA’s fees will exclude any fees payable by the Client for any Third Party Experts which the Client agrees will, unless otherwise agreed, be payable directly by the Client to the relevant Third Party Expert.  Upon receipt of an invoice, the Client agrees to pay all disbursements and expenses incurred by CTA in connection with the Engagement including charges for travel, subsistence, accommodation and out of office or on site expenses such as telephone calls and photocopying on an at cost plus applicable taxes basis.

3.3.    Estimates – Any estimate of fees or of the time likely to be involved in performing the Engagement will be given by CTA in good faith to the Client for planning or other purposes only and the estimate will not be contractually binding on either party.

3.4.    Payments on Account – CTA reserves the right to require the Client to pay CTA funds in advance on account of its fees and to enable CTA to pay the disbursements and expenses described in clause 3.2 above (payable either in advance on account or periodically as they become due for payment).  CTA may apply such funds paid in advance generally to pay its fees, disbursements and expenses for the Engagement upon delivery of its invoice or other written notification of its fees, disbursements and expenses to the Client. Further, CTA may apply any such funds to the settlement of any fees due to CTA in respect of the Engagement which remain outstanding beyond the due date for payment of such fees.

3.5.    Taxes including VAT – Insofar as any fees, disbursements and expenses are liable to any applicable taxes which CTA may be liable under applicable local law to pay or collect in respect of the Engagement, the Client agrees to pay all such taxes and reimburse CTA accordingly upon receipt of CTA's invoice in respect of such taxes. 

3.6.    Fee Changes – CTA may vary its hourly rates as applicable from time to time including, without limitation, in the event of promotion of CTA personnel or as a result of any periodic review of such rates by CTA.

3.7.    Billing – Unless otherwise agreed, CTA normally renders interim invoices on a quarterly basis and a final invoice on completion of the Engagement.  Each invoice will attach details of the work undertaken and copies of any other invoices for significant disbursements and expenses described in clause 3.2 above.  Notwithstanding the foregoing, CTA reserves the right to issue interim invoices on a more frequent or some other basis for work performed to date. Unless otherwise agreed, all CTA's invoices will be addressed to the Client. 

3.8.    Payment – All CTA's invoices (whether interim or final) are due for payment in full on receipt by the Client as stipulated on the invoice and the Client is liable for their payment to CTA.  If payment in full is not received by CTA within 30 (thirty) days of the Client’s receipt of an invoice, CTA will have the right, in addition to any statutory rights available to it (including the right to charge statutory interest at 8% above the current base rate of the Bank of England in terms of the Late Payments of Commercial Debts (Interest) Act 1998 as amended by the Late Payment of Commercial Debts Regulations 2013), to suspend the provision of its services and / or to terminate its Engagement in accordance with clause 4.3.1 below and / or to exercise a lien in accordance with clause 4.4.2 below, regardless of whether the Engagement has been terminated or not.

If arrangements are made for a third party to pay any of CTA’s fees or disbursements, the Client shall remain primarily responsible for the payment of any remaining fees or disbursements and any charges that CTA may incur to the extent that the third party does not pay CTA’s invoice in full, or CTA is unable to accept payment from it.

3.9.    Client Funds – Where CTA receives funds from or for the Client, it shall hold such funds as agent of the Client. CTA will retain any interest earned on such funds held on the Client’s behalf, unless otherwise agreed with the Client. 

4.    Termination

4.1.    Duration – The Engagement will terminate when all amounts invoiced to the Client in connection with CTA's Engagement have been received by CTA, unless the Engagement is terminated earlier in accordance with clause 4.2 or 4.3 below.

4.2.    The Client’s Right to Terminate – The Client may terminate the Engagement at any time by giving not less than 30 (thirty) days’ notice in writing to CTA.

4.3.    CTA’s Right to Terminate – CTA may terminate the Engagement immediately by giving written notice to the Client if:–

4.3.1.    the Client fails to pay any of CTA’s invoices when due or fails to advance to CTA any funds requested by CTA in accordance with clause 3.4 above;

4.3.2.    the Client is unable to pay its debts or has a receiver, administrator or liquidator appointed;

4.3.3.    any conflict of interest arises in accordance with clause 5 below; 

4.3.4.    CTA is prohibited from performing the Engagement due to applicable laws and regulations, including sanctions; or 

4.3.5.    the Client is in breach of any of these terms of business and having received written notice from CTA to such effect requiring the Client to remedy such breach within the time reasonably specified in such notice, the Client has failed to remedy such breach in such time.

4.4.    Costs and Lien – On termination of the Engagement for any reason:

4.4.1.    the Client shall pay to CTA forthwith all fees, disbursements and expenses due to CTA up to and including the day of termination incurred in connection with the Engagement upon delivery of CTA's invoice to the Client; and

4.4.2.    until CTA has received payment in full for such invoice, CTA shall have a lien over and be entitled to retain all the Client's money, records, documents, deeds, storage media, books, papers and any other information in hard copy or stored electronically in CTA's possession relating to the Matter and the Engagement or otherwise in CTA's control.

5.    Conflicts of Interest

5.1.    Possible Termination – In circumstances where there is or may be a conflict of interest between CTA and another party involved in the Matter, CTA may be precluded from acting or may have to cease acting for the Client unless all parties involved in the Matter agree in writing that CTA shall continue acting in connection with the Matter.  CTA will make every reasonable effort to identify any such conflict and advise the Client accordingly prior to accepting an Engagement or if identified subsequently, then immediately. In the event that CTA subsequently discovers a conflict and is obliged to withdraw from acting for the Client, CTA shall be entitled to invoice the Client and be paid in full by the Client for any fees, disbursements, expenses and applicable taxes incurred in the Engagement prior to such withdrawal.  In the event that such conflict arises in respect of a Client (re)insured and a Client (re)insurer CTA will offer to continue acting for the Client (re)insurer who will become solely responsible for payment of such prior fees, disbursements, expenses and applicable taxes.

5.2.    Acting for Other Clients – CTA will not be prevented or restricted by anything contained in these terms of business from acting for other clients in connection with the Matter, unless otherwise agreed in writing with the Client.

6.    Limitation of Liability

6.1.    Skill and Care – CTA will exercise reasonable care and skill in the performance of the Engagement.  All other such warranties and representations, whether express or implied by law, are excluded to the extent permitted by law.

6.2.    Limit of Liability – CTA's liability to the Client in respect of any claim for breach of contract, negligence, breach of trust or statutory duty or any other claim made against CTA or its personnel in connection with the Engagement is limited as follows: 

6.2.1.    in respect of any claim for personal injury or death caused by CTA’s negligence, no limit shall apply;

6.2.2.    in respect of any claim which results from any fraudulent act (including theft or conversion) by CTA, no limit shall apply;

6.2.3.    in respect of any other claim, CTA’s total liability in respect of all liability arising in connection with the Engagement shall be limited in the aggregate to the lesser of £1,000,000 (One Million Pounds) or 10 (ten) times the value of CTA's fees excluding disbursements, expenses and applicable taxes incurred in respect of the Engagement, and

6.2.4.    in any claim made against CTA where parties other than CTA also share liability for such claim, CTA's liability for such claim shall be limited to that proportion of any loss or damage so claimed for which it would be just and equitable for CTA to contribute having regard to the extent of CTA’s factual responsibility for such loss or damage, on the basis that those parties shall be deemed to have provided an undertaking in terms no less onerous than this clause. 

6.3.    Excluded Liability:  Subject to the application of clauses 6.2.1 and 6.2.2 above CTA shall have no liability for:-

6.3.1.    any indirect or consequential loss or damage including, without limitation, loss of profits, loss of revenue, loss of opportunity and loss of contracts;

6.3.2.    any claim for breach of contract, negligence, breach of trust or statutory duty or other claim in respect of any delay or failure by CTA to perform any of its obligations under these terms of business or the Engagement where such failure results directly or indirectly from any negligent or wilful act of the Client or a third party;

6.3.3.    any loss or damage arising from CTA's reliance on any information, instruction or assistance given by the Client or resulting from the Client’s failure to give any relevant information, instructions or assistance in connection with the Engagement;

6.3.4.    any and all claims the Client may have against CTA in respect of which proceedings are not brought within 12 (twelve) months of the date when the Client's cause of action arose.

6.4.    Liability for Third Party Experts – CTA will have no liability to the Client or any third party either for the instructing or performance of, or any opinions, statements, acts or omissions of, any Third Party Expert, nor in respect of its own opinions, statements, acts or omissions insofar as these depend upon, are based upon, are derived from or are a consequence of opinions, statements, acts or omissions of any such Third Party Expert. Further, CTA makes no representation or recommendation to the Client as to any Third Party Expert’s experience, suitability or competence.

6.5.    Liability of CTA Personnel – The Client acknowledges that CTA has an interest in limiting the liability of all its personnel involved in the Engagement. Accordingly, the Client agrees not to bring any claim of any kind in connection with the Engagement against any individual employee of CTA, any person seconded to CTA or any agent, correspondent, subcontractor or self-employed consultant engaged by CTA (together "personnel").

6.6.    Force Majeure – Neither CTA nor the Client will be liable to the other for their failure to fulfil their respective obligations under these terms of business or the Engagement caused by circumstances outside their reasonable control.

6.7.    Reasonableness – The Client agrees that the foregoing limitations and exclusions of CTA's potential liability are reasonable based on:-

6.7.1.    the amount of any likely liability to the Client if a breach by CTA occurs

6.7.2.    the current and future availability and cost to CTA of professional indemnity insurance

6.7.3.    the amount of fees payable to CTA, and

6.7.4.    the level of risk assumed by CTA in connection with its obligations

in connection with the Engagement.  Should any limitation or provision contained in this clause 6 be held to be invalid under any applicable statute or rule of law, it shall only to that extent be deemed omitted from the terms of business and all other limitations and provisions of such terms shall remain in force.

6.8.    Claims – If a claim is made against the Client as a result of, or in connection with, a liability incurred to, or a dispute with, any third party, CTA will give the Client all reasonable facilities and co-operation to investigate such claim and will provide the Client with such information and assistance as the Client may reasonably require in connection with such claim, liability or dispute.

6.9.    Indemnity – Unless the subject matter of the indemnity provided for by this clause 6.9 has been caused by CTA’s breach of these terms of business, the Client undertakes to indemnify CTA and keep it indemnified fully at all times against all liability that may arise from time to time, and against all claims, demands, actions, proceedings, damages, losses, costs and expenses which are made, brought or claimed against or incurred by CTA in connection with the Engagement.

7.    Miscellaneous

7.1.    Compliance with Applicable Laws – Both parties will comply with all legal and regulatory requirements applicable to them and/or their activities in the jurisdictions in which they operate, including without limitation, any laws or regulations relating to data protection, data privacy, financial crime, bribery and corruption, sanctions and anti-trust. Further, both parties shall maintain adequate policies and procedures to prevent breaches of any such applicable laws or regulations by their employees, representatives and agents. The Client warrants to CTA that it has obtained and will maintain throughout the Engagement, all requisite legal, regulatory or other authorisations and approvals to operate in the relevant territory (including via CTA) and to appoint CTA to perform the services pursuant to the Engagement and that such appointment is compliant with all Applicable Laws. 

7.2.    The Client acknowledges that CTA is an ultimate subsidiary of a US parent company. Consequently, CTA is subject to US (OFAC), UK (HMT), EU and UN sanctions lists. 

CTA has a responsibility to ensure that the Client meets its corporate standards in respect of international sanctions. 

The Client represents and warrants that:

  • in appointing CTA to perform the services pursuant to the Engagement, it will not do anything which does or may place CTA in breach of any sanctions that are or may be applicable to CTA.
  • it is not on the U.S. Government’s List of Specially Designated Nationals and Blocked Persons (“SDN List”) or owned 50% or more in the aggregate or individually by persons or entities on the SDN List.

The Client shall ensure that it has appropriate systems, procedures, controls and training in place to allow it to comply with sanctions provisions and restrictions applicable to CTA and that its employees, agents and contractors receive adequate training on this.

CTA reserves the right to screen new and existing insureds, beneficiaries or payees against sanction-related lists promulgated from time to time by the US, the UK, the EU and the UN  as may be required by the CTA’s sanctions program from time to time.  The Client acknowledges that CTA shall have no obligation to accept any appointment that would expose CTA to any sanction, prohibition or restriction, and shall have the right to block, freeze or reject any instruction in order for CTA to meet its legal and/or internal compliance requirements. In the event that Client’s appointment is blocked, frozen or rejected, CTA shall promptly inform the Client of the circumstances that led to the block, freeze or rejection. 

7.3.    Third Parties – The terms of business set out the rights and obligations of the Client and CTA only. For the purpose of the Contracts (Rights of Third Parties) Act 1999, nothing in the terms of engagement other than clause 6.5 above shall confer or purport to confer any benefit or right to enforce any of the terms of business on a third party.

7.4.    Confidentiality – CTA will keep confidential all information obtained from the Client, except insofar as CTA is required by law, regulation, a court of competent jurisdiction or any regulatory or governmental authority to disclose such information.  This clause does not apply to documents or information which CTA obtains or develops independently of the Engagement or other work done for the Client, which it receives from a third party which as far as it is aware is not under a duty of confidentiality to the Client or which are already in the public domain.

7.5.    Waiver and Amendment – No waiver of or amendment to any of these terms of business will be effective unless it is made or confirmed in writing and signed by both CTA and the Client.

7.6.    Soliciting Personnel – Without CTA’s approval, the Client shall not, during the Engagement or within six months after its termination or expiry, offer employment to or otherwise solicit any CTA personnel involved in the Matter.

7.7.    Record Retention – Unless the Client instructs otherwise in writing beforehand, CTA will be at liberty to destroy all records, files and papers including electronic records, to the extent technically and legally permissible, but excluding title deeds relating to the Matter and/or the Engagement, following expiry of 6 (six) years from the end of the Engagement.

7.8.    E-mail and the Internet – CTA and the Client recognise that e-mail transmissions and the Internet cannot be guaranteed as a 100% secure or error-free communications medium, as information may be intercepted, corrupted, lost, destroyed, arrive late, be incomplete, or contain viruses or other malware.  CTA monitors the contents of e-mails sent and received via its network for viruses or other malware and unauthorised use of email is controlled through access and delegation controls.  E-mail messages sent to or from CTA’s systems are not confidential to any named individual at CTA and CTA reserves the right to read them without prior notice.  CTA recommends that recipients should also check e-mail messages for viruses or other malware in accordance with good IT practice.

7.9.    Data Protection – The handling of personal data by CTA and the Client shall be in accordance with Schedule 1.    

7.10.    Software – All software programs used by CTA, or made available to the Client by CTA, in the course of the Engagement (including any modifications, enhancements or upgrades thereto) shall remain at all times the property of CTA. To the extent that Client provides CTA with access to any of its software programs in the course of the Engagement, these shall remain at all times the property of the Client.

7.11.    Complaints Procedure – If the Client has any complaint to make about CTA’s performance of the Engagement, the Client should first raise it with its primary CTA contact and, if the complaint is still not resolved to the Client’s satisfaction, with CTA’s Chief Executive Officer at Charles Taylor Adjusting Limited, The Minster Building, 21 Mincing Lane, London EC3R 7AG, United Kingdom (e-mail: who will investigate the complaint and seek to resolve it with the Client.

7.12.    Governing Law and Jurisdiction – These terms of business (and any non-contractual obligations arising out of or in connection with them) will be governed by and interpreted in accordance with the laws of England and Wales and the parties to such terms agree that any unresolved dispute or difference arising in connection with these terms of business (and any non-contractual obligations arising out of or in connection with them) will be subject to the exclusive jurisdiction of the Courts of England and Wales.

© Charles Taylor Adjusting Limited 2020
Registered Office: The Minster Building
21 Mincing Lane
London EC3R 7AG
United Kingdom

Telephone +44 20 7623 1819
Facsimile +44 20 7623 1817

Registered in England under # 01994696. VAT Registration # GB577566485 

Schedule 1

Processing of Personal Data

1.    Definitions and interpretation

1.1    “Data Protection Legislation” means all applicable data protection and privacy laws, legislations and regulations relating to the processing of personal data and privacy in force applying to CTA and the Client or as amended, re-enacted, replaced or superseded from time to time, including where applicable, the mandatory guidance and mandatory codes of practice issued by the relevant national data protection authorities in the jurisdictions in which they operate. 

1.2    “Data Subject” means the individual to whom the Personal Data relates.

1.3    “Notifiable” means where, in the opinion of CTA acting reasonably, a security breach is sufficiently serious to merit notification to either the Data Subject or the Regulator.

1.4    “Personal Data” means any information relating to an identified or identifiable Data Subject. An identifiable Data Subject is one who can be identified, directly or indirectly (including in combination with other information), including whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.

1.5    “Process” or “Processing” means any operation or set of operations that is performed upon Personal Data, whether or not by automatic means, such as access, collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, return or destruction.

1.6    “Regulator” means a “supervisory authority” as defined under the General Data Protection Regulation 2016/679 (“GDPR”), and/or outside the EEA the relevant regulatory authority with regard to Data Protection Laws.

1.7    “Sub-processor” means any third party appointed by or on behalf of CTA to Process Personal Data on behalf of the Client in connection with the Engagement. 

1.8    “Security Breach” means any notifiable loss, unauthorised or unlawful destruction, alteration, or unauthorised disclosure of, or access to the Personal Data (accidental or otherwise) and/or any other notifiable irregularity in processing the Personal Data.

2.    Obligations of the Client

2.1    The Client warrants that, at the point of provision of the Personal Data under this Schedule it has all the necessary consents and legal bases for processing in respect of all Data Subjects whose Personal Data will be processed by CTA under this Schedule.

2.2    The Client further warrants that it has, where necessary, provided information to all relevant Data Subjects as to how their Personal Data is to be processed.

2.3    The Client shall immediately (and, in any event, without undue delay) notify CTA in the event that it becomes aware of any issues relating to the accuracy of the Personal Data.

2.4    The Client indemnifies CTA in respect of any and all claims, complaints and/or regulatory intervention arising as a result of any breach in respect of 2.1 to 2.3 above or the Data Protection Legislation on the part of the Client.

3.    Obligations of CTA

3.1    CTA shall:

3.1.1    comply with all applicable Data Protection Legislation in relation to the Processing of Personal Data; and, where acting as a data processor, clauses 3.1.2 to 12 below shall apply.

3.1.2    not Process Personal Data other than on the relevant Client’s documented instructions unless Processing is required by applicable laws, in which case CTA shall to the extent permitted by applicable laws inform the Client of that legal requirement before the relevant Processing of that Personal Data. 

3.1.3    ensure that all persons authorised by CTA to process the Personal Data have been informed of the confidential nature of the Personal Data provided and are contractually committed to comply with the obligations of confidentiality of CTA or are otherwise under a statutory obligation of confidentiality under applicable law.

3.1.4    maintain and provide to the Client on demand records of all Data Processing activities undertaken under this Schedule.

4.    Sub-processing

4.1    CTA shall not sub-contract without the prior specific written authorisation of the Client. Such written instructions shall include a requirement that the sub-contractor shall be instructed pursuant to a contract containing equivalent data protection obligations as provided for in this Schedule. 

4.2    The Client grants CTA a general authorisation to engage sub-processors for the purposes of providing local assistance to CTA in the management of claims. Any sub-processor engaged pursuant to this general authorisation will be subject to a contract providing equivalent data protection obligations as provided for in this Schedule.

5.    Security

5.1    Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, CTA and the Client shall implement appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.

6.    Data Subject Rights

6.1    Taking into account the nature of the Processing, CTA shall assist the Client by implementing appropriate technical and organisational measures, to enable the Client to respond to requests to exercise Data Subject rights under the Data Protection Legislation.

6.2    CTA shall:

6.2.1    promptly notify Client if it receives a request from a Data Subject under the Data Protection Legislation in respect of Personal Data; and

6.2.2    not respond to that request except on the documented instructions of the Client.

7.    Enquiries from a Regulatory Body

7.1    CTA will fully co-operate with and promptly respond to all enquiries from a Regulator so that the Client can respond promptly to any enquiry made in respect of the Personal Data. In the event that CTA is directly contacted by a Regulator in respect of its services provided to the Client, CTA undertakes to promptly inform the Client of all details relating to the same, unless prohibited from doing so by any applicable legal obligation.

8.    Personal Data Breach

8.1.    If CTA suspects or becomes aware of a notifiable Security Breach, it shall:

8.1.1    Without undue delay (and in any event within forty-eight (48) hours of becoming aware) notify the Client;

8.1.2    Provide the Client (as soon as is possible, and in no circumstance more than 72 hours after becoming aware) with:

  • the date and time of when the Security Breach occurred;
  • if known, a detailed description of how and when the Security Breach occurred including where possible, the categories and approximate number of Data Subjects concerned and the measures in place to prevent or mitigate the effect of such Security Breach;
  • the names and contact details of a contact point within the Data Sub Processor where more information may be obtained;
  • a detailed description of how and when the Security Breach was identified;
  • the likely consequences of the Security Breach;
  • the type of data that was the subject of the Security Breach; 
  • whether steps had been taken to encrypt the data which was the subject of the Security Breach; 
  • the identity of each affected Data Subject that has been identified to date;
  • any notifications made to Regulators or Data Subjects about the Security Breach; and
  • information about any action already taken or proposed to be taken to address the Security Breach, including measures to mitigate the Security Breaches' possible adverse effects;

as soon as such information can be collected or otherwise becomes available (as well as periodic updates to this information and any other information that the Client may reasonably request relating to the Security Breach);

9.    Rights of audit

9.1    CTA shall submit and contribute to inspections and audits undertaken by the Client, any agent appointed by the Client and/or any Governmental or supervisory body in relation to its data processing activities. This includes providing access (subject to the appropriate security controls) to any premises (on reasonable notice (except in the case of an emergency or crisis situation in which case CTA must provide immediate access) and during normal working hours) under its control where processing under this Schedule is undertaken.  

10.    Compliance 

10.1    CTA shall notify the Client immediately upon it becoming aware that it is or is likely to become unable to comply with either its obligations under this Schedule or Data Protection Legislation, and/or the Client’s requirements or instructions (whether specific or general) regarding the processing of the Personal Data.

11.    Deletion or return of Personal Data

11.1    Upon termination of the Agreement, CTA shall return all Personal Data obtained pursuant to this Schedule to the Client save for one complete copy of the Personal Data which CTA shall be entitled to retain subject to clauses 11.2 to 11.5 below, unless CTA is authorised to retain the Personal Data by law.

11.2    The Personal Data retained by CTA post termination of this Agreement shall be retained on an archived basis only and shall not be held as an active record. The data shall be encrypted with strictly limited access to the information.  

11.3    The Personal Data retained by CTA post termination of this Agreement shall not be processed by CTA (other than continued archive retention) unless CTA becomes aware that it is, or is to be, subject to a claim or any other action resultant upon its processing operations under this Agreement.

11.4    In the event that further processing pursuant to 11.3 above is required, CTA will be entitled to process the Personal Data solely for the purposes of defending itself against any claim or complaint brought.

11.5    CTA undertakes to permanently delete any retained Personal Data upon the expiry of a term of 7 years commencing on the date of the last activity undertaken in relation to that Personal Data, unless any applicable legal obligation upon CTA means that retention of a copy of said data is necessary.

12.    International Transfer of Personal Data

12.1    It is acknowledged by both the Client and CTA that there may be occasions where Personal Data (including Special Categories of Personal Data) will be required to be transferred outside of its country of origin in order to perform the Engagement. Where such a transfer is required, it is conditional upon CTA and/or the Client taking such steps to ensure there is adequate protection for such Personal Data in accordance with applicable Data Protection Legislation, which may include CTA (or, where applicable, CTA’s affiliate, sub-processor or other relevant third party) and/or the Client entering into, with the recipient of the Personal Data, the standard contractual clauses set out in (i) the European Commission’s Decision 2004/915/EC of 27 December 2004 for the transfer of Personal Data to Controllers established in third countries or (ii) the European Commission’s Decision 2010/87/EU of 5 February 2010 for the transfer of Personal Data to Processors established in third countries.

Details of Processing of Client Personal Data

Subject matter and duration of the Processing of Personal Data

The subject matter and duration of the Processing of the Personal Data are set out in these terms of business and this Schedule.

The nature and purpose of the Processing of Personal Data

This personal data is processed for the purposes of performing the Engagement.

The types of Personal Data to be Processed

  • Names, contact details, dates of birth, sex and marital status.
  • Employment details including employer (current and former), NI number and salary
  • Insurance policy and claim details.
  • Financial information including financial position and bank details. 
  • Special category personal data including, potentially, medical history, race, ethnicity, sexual orientation, religious beliefs, trade union membership, genetic and biometric data, political opinions, and any other physical or mental health details including injury details. 

The categories of Data Subject to whom the Personal Data relates

  • The Client’s officers and employees
  • Where the Client is an insurer or reinsurer:
    • The Client’s policyholders 
    • Individuals making claims against the Client’s policyholders or other claimants
  • Witnesses
  • Experts

The obligations and rights of the Client 

The obligations and rights of Client are set out in these terms of business and this Schedule.