Terms and Conditions of Hire
Northgate Vehicle Hire Ireland - Terms and Conditions of Hire
Please read this Agreement carefully. It tells you who we are, how we will provide our vehicles and services and to you, how we charge you, how you and we may change or terminate the Agreement, what to do if there is a problem and other important information.
(A) Northgate Vehicle Hire (Ireland) Limited with company number 333586 and registered offices at Suite 3, One Earlsfort Centre, Lower Hatch Street, Dublin 2, Ireland (“we”, “us” or “our”); and
(B) The customer specified in Item A (Customer Details) of the New Account Application Form with the address specified in Item A (Customer Details) of the New Account Application Form (“you” or “your”).
1 Agreement and Term
1.1 We agree to supply Vehicles and other services to you, and you agree to acquire them from us, at the prices and on the terms of this Agreement.
1.2 The Vehicles and other services must be booked, delivered and billed against the nominated accounts specified in this Agreement or otherwise agreed in writing by the parties.
1.3 This Agreement commences and has legal effect on the Agreement Effective Date and continues in full force and effect until it is terminated in accordance with its terms (“Term”).
1.4 When you or your authorised representative signs the New Account Form you unconditionally accept all of the terms in this Agreement.
1.5 You agree that during the Term:
(A) at our request, you will verify the information you have provided to us in your New Account Form or in a Booking, and provide us with any additional information that we reasonably require; and
(B) you must immediately notify us:
(1) if your financial circumstances change and this will affect or may affect your ability to pay the Charges, or
(2) if you are a sole trader or partnership that decides to incorporate your business and we may require you to sign a New Account Application Form that is suitable for use by incorporated entities.
1.6 You acknowledge and agree that the person in possession of a Vehicle shall be the “Owner” for purposes of the Road Safety Authority Acts 2006 and 2012.
2 Making a Booking
2.1 You may request to hire a vehicle by e-mailing us, telephoning us, by visiting a Northgate branch or through a third party booking platform (“Booking Request”).
2.2 On receipt of a Booking Request from you, we may accept the Booking Request by issuing a booking reservation number to you.
2.3 Nothing in this Agreement requires us to accept any Booking Request.
2.4 The terms of this Agreement are automatically incorporated into every Booking and you acknowledge and agree that all Bookings are subject to and governed by this Agreement to the exclusion of any other terms and conditions which you may purport to apply.
2.5 This Agreement prevails over, supersedes and excludes any terms or conditions contained in or referred to in any correspondence or documentation which you generate, provide to us or otherwise reference (including those set out on your website).
3 Vehicle On-Hire and Delivery
3.1 You shall in accordance with the Booking, take the Vehicle On-hire on the Booking Start Date.
3.2 Before On-hire, you or your authorised representative may be asked to sign an electronic device or document to confirm the condition of the Vehicle (“Vehicle Condition Report”). You acknowledge and agree that any of your personnel are authorised to sign a Vehicle Condition Report on your behalf.
4 Vehicle Return
4.1 You remain liable for all Vehicles and must comply with this Agreement until the procedure for Off-hiring the Vehicle set out in this clause 4 has been completed.
4.2 Unless otherwise agreed in advance by us, you must return the Vehicle on the Return Date.
4.3 If you fail to return the Vehicle at the agreed time on the Return Date, the Rental Charges payable shall be recalculated to include Additional Charges in respect of the number of Rental Days between the Return Date and the Off-hire date.
4.4 To take the Vehicle Off-hire you must either:
(A) return the Vehicle on the Return Date during Business Hours to such location identified in the Booking, or otherwise agreed by us; or
(B) contact us to arrange for us to collect the Vehicle on the Return Date and make such Vehicle available for collection.
In each case the Off-hire will be effected when the keys for the Vehicle have been handed to our representative and the individual returning the Vehicle signs the Off-hire form (except that the Off-hire form does not need to be signed if clause 4.6 applies).
4.5 For the avoidance of doubt, if, during the Rental Period, an Authorised Officer or CVR Inspector serves a direction to you or your driver that the Vehicle cannot be driven in a public place until the Vehicle has been tested or a Vehicle defect has been rectified, you will:
(A) be unable to take the Vehicle Off-hire until the direction has been complied with; and
(B) continue to be liable for applicable Charges until the Vehicle can be driven in a public place.
4.6 If you return a Vehicle to any of our premises outside Business Hours, the Vehicle will be your responsibility (and therefore your obligation to insure the Vehicle continues) until the time at which the delivery location agreed by us opens for business and you are liable to us for any and all losses we suffer during this time. If this clause applies you must leave the keys for the relevant Vehicle in such location as is approved by us in advance (although such Vehicle remains at your risk despite our agreement to the location of the keys of the Vehicle).
4.7 At Off-hire, we will examine the condition of the Vehicle and compare it to the Vehicle Condition Report.
4.8 If at Off-hire we believe the Vehicle is not in the same condition as was identified in the Vehicle Condition Report (fair wear and tear excepted) and in our reasonable opinion:
(A) the Vehicle is economical to repair, we will recalculate the Charges payable to include, where applicable, the expenses for repair, the time of repair and the time to obtain authorisation for such repair and where:
(1) the cost of the repair is under €1,000 excluding VAT, the time of repair charge will be calculated based on the Rental Charge for the estimated number of labour days the repairs will take; or
(2) the cost of repair is over €1,000 excluding VAT, the time of repair charge will be calculated as set out in clause 4.8(A)(1) with the addition of the Rental Charges for the number of days you take to authorise the repair in accordance with clause 8 (Damage, Fault and Theft),
and in any event, the charges set out in this clause 4.8(A) will not exceed the Rental Charges for 28 days; or
(B) the Vehicle is beyond economic repair you will be liable to pay the market value of replacement of the Vehicle less any salvage value where applicable (notified to you by us) (“Market Value”), and the Rental Charge, which is payable from the date of return of the Vehicle until the earlier of:
(1) the date we receive from you payment of the Market Value; or
(2) 28 days after the date of return of the Vehicle by you to us.
4.9 If you fail to return the Vehicle on the Return Date due to theft of the Vehicle and the Vehicle is not recovered, you will be liable to pay us the Charges until settlement in full is received from you for the Replacement Cost up to a maximum of 28 days.
4.10 If at Off-hire we are required to remove materials or equipment from a Vehicle you are responsible for the costs and expenses associated with this removal (including the Charges for any days or part of days on which the Vehicle cannot reasonably be hired to a third party due to the materials or equipment needing to be removed) and any subsequent cleaning of the Vehicle.
4.11 Without limiting our rights under clause 18 (Termination), we may demand the return of a Vehicle at any time and you must return the Vehicle to us within the period of time specified by us in such demand notice.
4.12 If you do not comply or we believe you may not comply with any demand under clause 4.11 we may repossess the Vehicle and terminate the Agreement and any Booking without any liability for any loss or damage which you may sustain as a result of such demand and termination or repossession.
4.13 Where we demand the return of a Vehicle pursuant to clause 4.11 due to:
(A) our desire to sell the Vehicle; or
(B) any other reason and we elect to replace the Vehicle,
we will provide you with a replacement of the Vehicle on a like for like basis.
5.1 At Off-hire you must return the Vehicle with a full fuel-tank. The fuel level will be recorded at the point you return the Vehicle to one of our branches, or the point we collect the Vehicle.
5.2 If you fail to comply with clause 5.1 you must pay the cost of filling the fuel-tank of the Vehicle (such cost to be calculated using the latest AA Ireland Fuel Prices (avg. retail price per litre) less VAT) plus an administration charge of 20% per cent of the cost of the additional fuel plus VAT.
6 Your General Obligations
6.1 During the Rental Period you must, and must procure that your personnel:
(A) keep the Vehicle free from legal process or lien, fully insured with fully comprehensive insurance, protected and secured;
(B) if applicable, pay for any toll charges which may apply in accordance with applicable laws and Regulations;
(C) check on a daily basis the engine oil level, water level in radiator, washers and wipers, lights, wheel nuts and brake fluid level, tread depth and inflation on all tyres;
(D) ensure the Vehicle is driven using reasonable skill and care and in accordance with any applicable road use rules (including the Rules of the Road 2013 and other applicable laws and Regulations);
(E) ensure that no smoking is carried out in the Vehicle; and
(F) if requested by us on reasonable notice make the Vehicle available for inspection, service or repair work.
6.2 During the Rental Period you must not, and must procure that your personnel do not, use the Vehicle:
(A) for the carriage of passengers for hire or reward;
(B) for any illegal purpose or in contravention of any Regulations affecting the Vehicle, its use or construction;
(C) if the Vehicle exceeds 3.5 tonnes gross vehicle weight unless you have obtained a valid Operator’s Licence in accordance with the Road Transport Act 2011;
(D) for any off-road driving;
(E) for competitive racing of any nature or for any ‘track days’; and
(F) to propel or tow any other vehicle or trailer unless the Vehicle is properly equipped to tow in which case towage weights must be adhered to at all times. It is your responsibility to ensure any such towing is appropriate and undertaken with due skill and care to ensure no damage is caused to the Vehicle or to the trailer being towed. We shall have no liability for the insurance of, or any damage to, any towed trailer howsoever caused.
6.3 You must ensure that the Vehicle is not driven by any driver who does not hold a valid driving licence for the class of vehicle to which the Vehicle belongs.
6.4 You must not, and must procure that your personnel do not, modify or alter the Vehicle in any way without our prior written consent and you shall be liable for any and all costs and expenses incurred by us to reverse such modifications.
6.5 You must notify us immediately if:
(A) an Insolvency Event occurs in relation to you;
(B) an Authorised Officer or CVR Inspector inspects the Vehicle;
(C) an Authorised Officer serves any or all of the following directions to you or one of your drivers:
(1) that the vehicle not be driven in a public place until it has been tested in accordance with the Regulations;
(2) that the vehicle is CVR tested by a specific date or at such times or regular intervals as the Authorised Officer, acting reasonably, may direct; or
(3) that the Owner carry out planned routine maintenance, carry out routine vehicle safety checks (including daily and weekly walk-around checks on vehicles), or put in place systems for recording and reporting maintenance activity, rectification of vehicle defects and training of staff;
(D) a CVR Inspector or Authorised Officer serves any or all of the following directions to you or one of your drivers:
(1) that a Vehicle defect be rectified;
(2) that the Vehicle not be driven in a public place until the Vehicle defect has been rectified; or
(3) that the Vehicle be submitted for CVR testing by a specified date;
(E) the Vehicle is detained, immobilised, stored or disposed of; and
(F) the Road Safety Authority assigns a Risk Rating to a Vehicle, you or your driver(s).
6.6 You shall not dispose of the Vehicle at any time during the Rental Period.
6.7 Before you use or transport a Vehicle outside the Republic of Ireland you must:
(A) notify us in advance of your intent to take the Vehicle outside the Republic of Ireland or Northern Ireland and obtain our written consent;
(B) pay any additional charge for such use notified to you by us on receipt of the Booking Request;
(C) provided us with written proof of insurance cover for use of the Vehicle outside the Republic of Ireland, including international breakdown coverage; and
(D) pay any fees associated with the repatriation of the Vehicle into the Republic of Ireland.
7 Routine Maintenance
7.1 If during the Rental Period a service of the Vehicle becomes due because either the date for service is in less than two weeks or the Vehicle mileage at which a service is required is within 1,000 kilometres (each of which is identified in the window of the Vehicle) you must contact us to arrange a service of the Vehicle.
7.2 If you fail to contact us to arrange a service under clause 7.1 we reserve the right to recover from you any costs and expenses we incur which are caused by the failure to carry out the service at the time it was due.
7.3 In addition to the service requirements set out above, each party shall be required to notify the other in relation to the additional maintenance elements set out below:
Northgate to contact you
You must contact Northgate
Service due based on kilometres
Service due based on time
Commercial Vehicle Roadworthiness Testing (CVRT) due
Tail lift inspection due
Tachograph inspection due
Any damage (for example to the body, tyres, glass)
Worn tyres (at 3mm or less)
Road traffic accident
8 Damage, Fault and Theft
8.1 You must immediately:
(A) inform us if any Vehicle is Damaged, a fault develops in any Vehicle or a Vehicle is otherwise lost or stolen and inform your insurance company;
(B) supply us with a Garda crime reference number if a Vehicle is stolen or otherwise involved in a criminal act;
(C) at our request:
(1) carry out all acts and things as may be reasonably required by us for the purpose of repairing or recovering a Vehicle;
(2) enforce any rights or remedies against or obtain relief from other parties;
(3) deliver to us every document of any kind received by you relating to any claim involving the Vehicle where an accident or theft has occurred; and
(4) provide all assistance as is reasonably required by us in relation to the defence or investigation of any claim involving the Vehicle where an accident or theft has occurred including not aiding or abetting any claim against us; and
(D) ensure all information you provide in connection with a Vehicle or this Agreement is accurate, complete and not misleading.
8.2 You are responsible for the cost of repairing any Damage and hereby authorise us to carry out any repairs and invoice you for the same up to a maximum of €1,000 excluding VAT.
8.3 You are responsible for the full market value of the Vehicle in the event that the Vehicle is disposed of pursuant to applicable Regulations during the time of the Rental Period, except where the Vehicle was disposed of with our prior written consent.
8.4 If the cost of repairing any Damage exceeds €1,000 excluding VAT we will notify you (including providing a claim pack which includes all relevant information) and you shall have seven days from the point of receipt of the notice to involve your insurers (if applicable) and give us approval to proceed before we commence repairs. If we do not receive a response within seven days you will be deemed to have consented to the repairs and we will instruct repairs and invoice you for these costs.
8.5 We may, at our option, elect not to repair Damage, but if we elect not to carry out such repairs at that time we reserve the right to charge you an amount equal to the cost of the repair works that would otherwise be required and which we may carry out in the future.
8.6 You acknowledge and agree that you and you personnel:
(A) shall not without our prior consent incur any liability for repairs to the Vehicle in excess of €15;
(B) shall not without our prior written consent engage any third party to carry out repairs on a Vehicle which we have not approved in writing;
(C) are not our servant or agent for any purpose and shall not hold yourself out as such; and
(D) are not entitled to make any claim against us for loss of or damage to any property left stored or transported in or upon the Vehicle.
8.7 Where applicable, the protection of data held in the Vehicle’s tachograph is solely your responsibility and we are not liable in any way whatsoever if you have not taken appropriate steps to protect the data.
8.8 If any act or omission or failure to comply with the Agreement by you or your personnel causes or contributes to the invalidation of the manufacturer’s warranty of the Vehicle you will be responsible for any and all costs and expenses incurred by us that are associated with this invalidation.
9 Loss of Use
9.1 In addition to the cost of repairing any Damage as set out in the Agreement, you will also be liable to pay the Rental Charges:
(A) for the period during which the Vehicle is not allowed to be driven in a public place at the direction of an Authorised Officer or CVR Inspector;
(B) for the period during which the Vehicle is being repaired; or
(C) for the period between a Vehicle being stolen and, if applicable, returned to us,
to reflect the loss of use of the Vehicle (up to a maximum of the Rental Charges for a period of 28 days) in accordance with clauses 4.8(A)(1) and 4.8(A)(2).
9.2 If you request a replacement Vehicle from us during any period under this Agreement in which a Vehicle is being repaired by us or the period during which a Vehicle is stolen, you shall be responsible for the Rental Charges in respect of that replacement Vehicle, in addition to the charges identified at clauses 4.8(A)(1), 4.8(A)(2), 8.2, 8.4 and 8.5, and 9.1.
10 Fines and Penalty Charges
10.1 We will pay any penalty charges that are notified to us by the relevant issuing authority (which shall include private parking companies), including parking fines, bus lane fines, toll charges and fines relating to toll charges.
10.2 We will invoice you and you will pay us for any penalty charges we pay in accordance with clause 10.1 plus an additional administration charge as set out in the Agreement or as otherwise notified to you in writing by us.
10.3 To the extent that we are notified of any penalty charges or other offences which require driver details we will supply your details to the issuing authority who will contact you directly in relation to the fine or notice. We will charge an administration fee in respect of the processing of these penalty charge notices as set out in the Agreement or as otherwise notified to in writing by us.
11.1 You must ensure during the relevant Rental Period that:
(A) all Vehicles hired to you, including any replacement vehicles, are covered by a fully comprehensive insurance policy (“Policy”) for the Rental Period and until completion of the Off-hire in accordance with clause 4.4;
(B) you notify your insurers that you are neither the registered owner nor keeper of the Vehicle;
(C) the Policy is valid and applicable while any CVR Inspector is driving the Vehicle;
(D) you comply with the requirements of the Policy and procure that any drivers you permit to use a Vehicle also comply with the terms of the Policy;
(E) any driver using a Vehicle(s) will hold and will not have been disqualified from holding or obtaining a driving licence valid for the relevant Vehicle(s); and
(F) you will notify us in writing as soon as reasonably practicable of any change to your Policy including but not limited to changes in terms, excesses or insurance company.
11.2 We shall not be under any obligation to supply a Vehicle to you unless and until we have received copies of:
(A) the relevant certificate of motor insurance covering the Vehicle being hired; and
(B) the applicable renewal certificates as soon as reasonably practicable after the relevant renewal date.
11.3 If your insurers fail to provide cover or grant an indemnity under the Policy in respect of any claim made under the Policy by you, a third party or any official organisation concerned in settlement procedures under the Road Traffic Acts 1961 to 2015, in respect of any loss or damage to the Vehicle or other parties costs, you shall indemnify us against all liabilities, costs, expenses, damages and losses (including but not limited to any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal costs (calculated on a full indemnity basis) and all other reasonable professional costs and expenses) suffered by us arising out of or in connection with any and all loss and Damage to any Vehicle hired by you (including replacement vehicles), up to a maximum amount equal to the value of such Vehicle (as determined by us acting reasonably).
12 Payment and Invoicing
12.1 You must pay to us in accordance with this Agreement:
(A) the Rental Charges;
(B) any Additional Charges; and
(C) any other amount due to us by you under the Agreement,
(together the “Charges”).
12.2 All payments shall be made in euro, unless otherwise notified by us.
12.3 You consent to us conducting any credit checks on you that we believe are necessary. For the avoidance of doubt, where we are not satisfied with any credit checks which we undertake, we will notify you of the payment terms that shall apply in writing.
12.4 Subject to the completion by us of satisfactory credit checks, we may agree for you to pay all Charges on a monthly basis in arrears and, if we so agree, you agree to pay all Charges on a monthly basis in arrears.
12.5 We will issue invoices in respect of all Charges incurred in a month before the last day of the relevant month and payment shall be due by direct debit on the last working day of the month after the month in which the invoice is dated.
12.6 We shall have a right of set off against any amount due from you to us or any member of our Group, any sum or sums which at the date of set off are due and owing to you from us or any member of our Group.
12.7 If you genuinely dispute an amount invoiced to you, you need not pay the disputed amount until the dispute is resolved. However, you must pay all undisputed amounts by the due date.
12.8 Despite any agreed period of credit, if any invoice is overdue for payment the balance of the account becomes immediately due and payable.
12.9 If you do not pay any Charges due under this Agreement on time, we may, without prejudice to any of our other rights or remedies:
(A) charge interest on such overdue sums on a day to day basis from the original due date until paid in full at a rate of 8% above the then current base lending rate of the ECB; and/or
(B) demand the return of a Vehicle on 5 days prior written notice and you must return the Vehicle to us within the period of time specified by us in such demand notice.
12.10 If you do not comply or we believe you may not comply with any demand under clause 12.9 we may, without prejudice to any of our other rights or remedies, repossess the Vehicle and terminate the Agreement and any Booking without any liability for any loss or damage which you may sustain as a result of such demand and termination or repossession.
13 Additional Charges
13.1 If we attempt to deliver a Vehicle to a location specified by you at the start of the Rental Period or attempt to collect a Vehicle from you at the end of the Rental Period and you are not available to receive the Vehicle or return the Vehicle (as applicable) we reserve the right to charge you for all costs and expenses incurred in the failed delivery or collection and any Rental Charges for each Rental Day (or part day) on which you retain possession of the Vehicle after the date we attempted to collect the Vehicle at the end of the Rental Period.
13.2 If the actual mileage carried out by any Vehicle is more than 10% greater than the mileage identified in the Booking Request or set out in this Agreement (if any) we reserve the right to vary this Agreement or the Booking to reflect your increased mileage. We also reserve the right to raise an invoice in respect of the difference between the original Rental Charge and the revised Rental Charge calculated in accordance with this clause 13.2 for the part of the Rental Period that has already expired prior to the revision of the Rental Charge in accordance with this clause 13.2.
13.3 If the keys to any Vehicle are lost during the Rental Period, we may need to replace the full lock set in the Vehicle for security reasons. In such circumstances you will be responsible for the cost of doing so which may include an administration charge as set out in the Agreement or as otherwise agreed in writing by us.
13.4 If we are required to attend an event relating to a Vehicle (including if a misfuelling happens, the Vehicle lights are left on, a puncture occurs, a Vehicle is damaged or an accident occurs) we may make a charge for doing so.
13.5 If any additional equipment has been requested this shall be specified in the Booking Request and you shall be responsible for paying the cost of the additional equipment.
13.6 We may, in our sole discretion, agree that you can return a Vehicle before the Return Date. If we agree that you can return a Vehicle before the Return Date, we may charge you in respect of the early return in accordance with the Booking as set out in the Agreement or as otherwise agreed in writing by us.
14.1 Nothing this Agreement operates to exclude or limit the liability of either party for:
(A) death or personal injury resulting from negligence;
(B) fraud or fraudulent misrepresentation; and
(C) any other liability which cannot, as a matter of law, be excluded.
14.2 We are not liable to you for:
(A) any indirect, special or consequential loss of any nature whatsoever; or
(B) loss of profit, loss of anticipated savings or interest, loss of earnings, loss of margin, loss of use, loss of contract, loss of goodwill or loss of reputation.
14.3 If a Vehicle breaks down through no fault of you or your personnel, your sole and exclusive remedy is for us to repair or replace the Vehicle at our option as soon as reasonably practicable.
14.4 We are not liable to you for any loss of or damage to property left stored or transported in or upon a Vehicle.
14.5 All express or implied guarantees, warranties, representations, or other terms and conditions relating to this Agreement or its subject matter, not contained in this Agreement, are excluded to the maximum extent permitted by law.
14.6 Without limiting clause 10 (Fines and Penalty Charges) you are liable for any charges or fines incurred during the Rental Period due to your or your personnel’s acts or omissions and agree to indemnify us against the consequences of any claims which may be made against us including:
(A) any parking, lighting, loading or unloading offence;
(B) any breach of the Road Vehicles (Registration and Licensing) Regulations 1992 to 2014;
(C) any excess charge incurred under the Road Traffic Acts 1961 to 2015 or other applicable legislation;
(D) any charges made by any statutory or regulatory body as a result of seizure of the Vehicle together with any loss of rental income arising whilst the Vehicle is seized;
(E) where applicable liability arising under any other Regulation where liability is imposed on the owner; and
(F) any breach of any road traffic related legislation.
14.7 Subject to clauses 14.1 to 14.6 and to the maximum extent permitted by law, our maximum aggregate liability under this Agreement:
(A) subject to paragraph 14.7(C), for all claims arising out of or in connection with a Booking will not exceed €50,000 per claim or series of related claims;
(B) subject to paragraph 14.7(C), for all claims arising out of or in connection with the supply of any Telematics Device and/or the Telematics Reporting Services will not exceed €500 per claim or series of related claims; and
(C) for all claims arising under or in connection with this Agreement in aggregate, is limited to €150,000 in any 12 month period.
14.8 The limitations of liability in this clause 14 apply regardless of the basis on which such liability arises, whether in contract, breach of warranty, tort (including negligence), in equity, under statute or on any other basis.
15.1 You indemnify us against all liabilities, damages or losses suffered or incurred by us due to:
(A) a breach of the Agreement by you or your personnel;
(B) any act or omission by you or your personnel;
(C) the loss of or damage to any property of yours or your personnel left stored or transported in or upon a Vehicle; or
(D) any claims brought against us by any third party arising out of or in connection with the Agreement.
16 Force Majeure
16.1 Neither party will be in breach of the Agreement or a Booking, or liable for delay in performing, or failure to perform, any of its obligations under the Agreement or a Booking if such delay or failure results from events, circumstances or causes beyond its reasonable control.
16.2 In such circumstances the time for performance shall be extended by a period equivalent to the period during which performance of the obligation has been so delayed or failed to be performed.
16.3 If the period of delay or non-performance continues for three months the party not affected may terminate the Agreement or applicable Booking by giving 30 days' written notice to the affected party.
17 Cancelling a Booking
17.1 You may cancel any Booking in writing on or before the Booking Start Date.
17.2 Where you cancel any Booking under clause 17.1 we will not charge you in respect of that Booking unless:
(A) at your request we installed any specialist or customised equipment in the Vehicle before the Booking Start Date;
(B) the Vehicle was subject to special terms agreed between you and us which involved us incurring costs in relation to the Vehicle before the Booking Start Date; or
(C) we were en route to deliver the Vehicle to you and notify you of this fact,
in which case we may charge you in respect of the services we have performed prior to cancellation and removal costs for any specialist or customised equipment we have installed in relation to the Booking.
18.1 Either party may terminate this Agreement or any Booking immediately if an Insolvency Event occurs in relation to the other party.
18.2 Either party may terminate this Agreement or a Booking if the other party commits a material breach of the Agreement or Booking and, if capable of remedy, such breach is not remedied within 30 days of the non-breaching party notifying the other of the breach. For the purposes of this clause 18.2, a failure by you to pay us in accordance with the terms of the Agreement or a Booking shall be treated as a material breach that is not capable of remedy.
18.3 We may, at our option for any reason terminate this Agreement or a Booking, in whole or in part, on 14 days’ prior written notice to you, without having to show cause.
18.4 Upon termination or expiry of:
(A) a Booking, you must immediately return the Vehicle or Vehicles to which the Booking relates to us or our duly authorised agent at such place as we may appoint; and
(B) the Agreement, you must immediately return all Vehicles to us or our duly authorised agent at such place as we may appoint.
18.5 Termination or expiry of the Agreement or Booking does not affect:
(A) the rights or liabilities of the parties under this clause 18 (Termination) or which have accrued on or before termination; and
(B) the continuance in force of clauses 11 (Insurance), 12 (Payment), 14 (Liability), 15 (Indemnity), 19 (Confidentiality) and 20 (Privacy) which survive termination or expiry of the Agreement or any Booking.
19.1 You and we undertake to the other that we shall not at any time disclose to any person any confidential information (including as to the level of charges paid for a Vehicle) concerning the business, affairs, customers, clients or suppliers of the other, except as permitted by clause 19.2.
19.2 You and we may each disclose the other's confidential information:
(A) to our employees, officers, representatives or advisers who need to know such information for the purposes of carrying out our obligations under this agreement. You and we will each ensure that our employees, officers, representatives or advisers to whom we disclose the other's confidential information comply with this clause 19; and
(B) as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority.
19.3 Neither of you or we will use the other's confidential information for any purpose other than to perform our respective obligations under the Agreement.
20.2 You must ensure that any personal data that is disclosed to us in connection with this Agreement is disclosed in compliance with Data Protection Legislation.
20.3 You indemnify us against any and all liabilities, penalties, costs, expenses, damages, claims and/or losses (including management time) suffered or incurred by us arising out of or in connection with your breach of clause 20 (Privacy), 21 (Telematics Reporting) or Schedule 1 (Telematics Reporting Services).
Northgate Telematics Device
21.1 You agree that we may provide you with, or install, a hardware device in a Vehicle that contains software which monitors, records and transmits data to us about how, where and when the Vehicle car is driven and any incident data (“Telematics Device”). Ownership of the Telematics Device remains with us at all times.
21.3 In connection with a Telematics Device you must take such steps as we may require from time to time to enable us to comply with our obligations under the Data Protection Legislation, including:
(A) notifying all drivers that a Telematics Device is installed in the Vehicle;
(C) obtaining all necessary consents from drivers in accordance with the requirements of the Data Protection Legislation for the processing of their personal data;
(D) immediately notifying us in writing of:
(1) any complaint, notice, request (including a subject access request), investigation or communication which relates directly or indirectly to the processing of the personal data or to your or our compliance with the Data Protection Legislation;
(2) any incident which gives rise to a risk of the unauthorised disclosure, loss, destruction or alternation of the personal data collected through a Telematics Device; or
(3) if the personal data collected through a Telematics Device is processed in breach of this Agreement;
(E) providing us with such co-operation and assistance as we may require with respect to any of the foregoing events; and
(F) not doing, or permitting another to do, any act or omission that puts us in breach of applicable Data Protection Legislation.
21.4 You must comply with our instructions from time to time regarding installation, use, storage, maintenance and repair of the Telematics Device.
21.5 You must not, and must not permit any person or organisation to:
(A) remove or attempt to remove a Telematics Device from a Vehicle;
(B) tamper with, disable, reverse engineer, alter or dismantle (or attempt to do any of these things to) a Telematics Device;
(C) copy the Telematics Device software in whole or in part;
(D) introduce any virus, code or software into the Telematics Device software; or
(E) interfere with the Global Positioning System (GPS) signal received or the mobile phone network signal sent or received by the Telematics Device.
21.6 If the Telematics Device becomes defective, damaged, or where its repair would be uneconomic you must allow us or our approved installer prompt access to the Vehicle to repair or replace the device. We may charge you for the replacement or repair of a Telematics Device where the defect or damage is due to an act or omission of you or your personnel.
Optional Telematics Reporting Services
21.7 You may acquire the following optional Telematics Reporting Services from us:
(A) Vehicle monitoring - provides you with reporting of Vehicle use, including Vehicle mileage and location information; and/or
(B) Driver behaviour - provides you with reporting on driver behaviour, including the way a Vehicle is driven.
The New Account Application Form will indicate the Telematics Reporting Services you agree to acquire from us.
22.1 We may change this Agreement or any policies, pricing schedules or other terms referenced in or incorporated into this Agreement by providing you with 30 days’ prior notice.
22.2 If we make changes pursuant to clause 22.1 we will provide notice on www.northgatevehiclehire.ie or send an e-mail to you at the e-mail address you provided to us in the New Account Application Form.
22.3 If we have made a major change or a lot of minor changes in any one year, we will give you a copy of your new Agreement and/or a summary of the changes.
22.4 If you are do not agree with a major change, you can terminate this Agreement by providing written notice to us. If you do not contact us about terminating the Agreement by the end of any notice period set out above, or continue to use our Vehicles and other services following notice of the changes to the Agreement, this constitutes your acceptance of our amended Agreement.
23.1 Except you and we otherwise agree in writing with respect to a particular Vehicle, the Agreement and the documents referred to in them constitute the entire agreement and understanding of you and us and supersede any previous agreement between us relating to the subject matter of the Agreement and any prior promises, representations and misrepresentations (whether oral or written) relating to the subject matter of the Agreement. Nothing in this clause shall operate to limit or exclude any liability for fraud or fraudulent misrepresentation.
23.2 Except as permitted under clause 22 (Amendments), any amendment to this Agreement is ineffective unless it is in writing and is executed by both you and us.
23.3 Except as provided in the Agreement, the Agreement does not create, confer or purport to confer any benefit or right enforceable by any person except you and us.
23.4 You shall, at our request and your cost, execute all deeds and other documents and do all things that we may require (acting reasonably) in order to give effect to the terms of the Agreement.
23.5 Any notice to be given by either of us to the other under the Agreement must be in writing (which shall for this purpose include e-mail) and addressed to that other party at its registered office or principal place of business or such other address or electronic mail address as may have been notified for these purposes. Notices shall be delivered personally, sent by first class post or by e-mail. A notice is deemed to have been received if sent by prepaid first class post, on the second working day after posting (excluding the day of posting). Any notice sent by e-mail will be effective only when actually received in readable form and service shall be deemed to be effected on the same day it is sent. In proving service of the notice, it shall be sufficient to show that delivery by hand was made, that the envelope containing the notice was properly addressed and posted as a first class pre-paid letter or to prove that the e-mail was correctly addressed.
23.6 Any failure or neglect by either you or us to enforce any of the provisions of the Agreement shall not be construed nor deemed to be a waiver of that party’s rights and does not affect the validity of the whole or part of the Agreement nor prejudice that party’s rights; any waiver by either you or us of our respective rights under the Agreement does not operate as a waiver in respect of any subsequent breach.
23.7 If any provision of the Agreement is held to be illegal, invalid or unenforceable in whole or part, that provision shall to that extent be deemed not to form part of the Agreement and the legality, validity and enforceability of the remainder of the Agreement shall be unaffected.
23.8 You shall not without our prior written consent assign, transfer, charge, dispose of, deal with or subcontract your rights or obligations under the Agreement provided that nothing in this clause shall operate to prevent you from hiring any Vehicles to third parties. For the avoidance of doubt, you will remain liable to us under the Agreement in respect of the use of any Vehicles by third parties as though such use were by you.
23.9 Nothing in the Agreement or any arrangement contemplated by it shall constitute either you or us as a partner, agent, fiduciary or employee of the other party.
23.10 This Agreement and all non-contractual obligations arising from or connected with them shall be governed by and construed in accordance with, and all disputes or issues between the parties arising out of or in any way relating to this Agreement or any disputes between the parties in any way connected with the subject matter of this Agreement (whether contractual or non-contractual) shall be governed by, the laws of Ireland. Each of the parties hereby submits to the exclusive jurisdiction of the Irish Courts. Nothing contained in this clause 23.10 shall limit our right to bring enforcement proceedings in another jurisdiction on foot of an Irish Order or to seek interim, protective or provisional relief in the courts of another jurisdiction.
24 Definitions and Interpretation
24.1 In this Agreement unless otherwise stated:
Agreement has the meaning given in Item C of the New Account Application Form.
Agreement Effective Date has the meaning given in Item B of the New Account Application Form.
Additional Charges means the charges set out at clause 13 (Additional Charges) and such other additional charges specified in the Agreement and any other charges as may be agreed in writing by us;
Booking means a Booking Request which has been accepted by us in accordance with clause 2 (Making a Booking) and this Agreement and “Bookings” will be construed accordingly;
Booking Request has the meaning given in clause 2.1 (Making a Booking);
Booking Start Date means the expected date of On-hire, as set out in the Booking or as otherwise agreed between you and us;
Business Hours means the hours during which the relevant Northgate premises in Ireland are open for business. Our current opening hours are specified on www.northgatevehiclehire.ie;
Charges has the meaning given to it in clause 12.1 (Payment);
Damage means any and all damage to a Vehicle, excluding:
(A) a mechanical fault or failure which is not caused or contributed to by you or your personnel; and
(B) any damage identified in the Vehicle Condition Report,
and “Damaged” shall be construed accordingly;
Data Protection Legislation means all applicable laws relating to privacy and data protection including the Data Protection Acts 1988 and 2003 and, on and after 25 May 2018, the General Data Protection Regulation (GDPR) (EU) 2016/679;
Group means in relation to any person, a subsidiary of that person or a holding company of that person or any other subsidiary of that holding company;
Insolvency Event means if a party has a petition presented for its winding up, has a liquidator appointed to it or has an administrator, receiver or an examiner appointed to it or over part or all of its assets or enters into a composition with its creditors (save for the purposes of a bona fide reconstruction or amalgamation on terms approved by us in advance), and/or the party is unable to pay its debts as they fall due within the meaning of section 570 of the Companies Act 2014 or the party is declared bankrupt (or any event similar to the foregoing occurs in any jurisdiction);
Market Value has the meaning given to it in clause 4.8(B).
New Account Application Form means the application form called ‘New Account Application Form’ that you complete, sign and return to us.
Off-hire means the return of a Vehicle to us in accordance with clause 4.4 and “Off-hiring” will be interpreted accordingly;
On-hire means the collection of a Vehicle by you from us or the delivery of a Vehicle by us to you;
Policy has the meaning given to it in clause 11.1(A) (Insurance);
Regulations means applicable legislation and legally binding rules or regulations of any kind (including orders, instructions or directions of a competent authority);
Rental Charges means the hire charges for the Rental Period calculated in accordance with the Agreement, or such other rate notified by us in writing;
Rental Day means the 24 hour period commencing at the time of the Booking Start Date or On-hire, whichever is earlier, and each subsequent 24 hour period;
Rental Period means the period from the Booking Start Date or On-hire, whichever is earlier, to the Return Date or Off-hire, whichever is later;
Replacement Cost means the pre-accident value of a Vehicle;
Return Date means the expected date on which the Vehicle is due to be returned, as set out in the Booking or as otherwise agreed between you and us;
Vehicle means a vehicle that is:
(A) described in any Booking; and
(B) within the definition of ‘CVR vehicle’ under the Road Safety Authority (Commercial Vehicle Roadworthiness) Act 2012.
All accessories we provide with the vehicle, including the spare wheel and tools, are considered part of the vehicle; and
Vehicle Condition Report has the meaning given to it in clause 3.2.
24.2 In this Agreement, unless otherwise stated:
(A) the terms “Authorised Officer”, “CVR Vehicle” “CVRT”, “CVR Inspector”, “Owner” and “Risk Rating” shall have the meaning given to them in the Road Safety Authority (Commercial Vehicle Roadworthiness) Act 2012;
(B) the terms “personal data”, “data subject”, “processing”, “data controller” and “data processor” have the meaning given to them in Data Protection Legislation;
(C) each reference to “includes” or “including” shall be construed without limitation;
(D) “subsidiary” and “holding company” shall have the meanings given to them by sections 7 and 8 of the Companies Act 2014;
(E) the headings in this Agreement have been inserted for convenience only and shall not affect its construction;
(F) a statutory provision includes a reference to any modification, consolidation or re-enactment of the provision from time to time in force and all subordinate instruments, orders or regulations made under it except that, as between the parties, no modification, consolidation or re-enactment shall apply for the purposes of the Agreement to the extent that it would impose any new or extended obligation, liability or restriction on, or otherwise adversely affect the rights of, either party;
(G) unless the context otherwise requires, words importing the singular include the plural and vice versa, words importing the masculine include the feminine and vice versa and words importing persons include corporations and vice versa; and
(H) a reference to “indemnify” or “indemnifies” means to indemnify and keep indemnified, and hold harmless, the party to be indemnified on demand on an after tax basis.
SCHEDULE 1 – TELEMATICS REPORTING SERVICES
1.1 In this Schedule, unless otherwise stated:
has the meaning given to it in paragraph 3.1 below.means the proprietary software in machine readable object code form, provided to you as part of the Telematics Reporting Services.
means the charges payable by you for the Telematics Reporting Services under the Agreement or as is otherwise determined in writing by us.
has the meaning given to it in paragraph 2.2 below.
has the meaning given to it in clause 21.1 of the Agreement.
Telematics Reporting Services
means the provision by us of the telematics fleet reporting services through the Telematics Device and Software.
has the meaning given to it in paragraph 2.3 below.
2 Telematics Reporting
2.1 Subject to the payment of the Telematics Charges when due, we will supply, and you will accept and pay for, the Telematics Reporting Services.
2.2 The parties acknowledge and agree that the Telematics Reporting Services provide use, disclosure of, or access to the following personal data:
(A) Vehicle location information;
(B) operational condition, mileage, diagnostic and performance reporting of Vehicles; and
(C) Vehicle incident notification and related incident data (“Telematics Data”), as permitted by law.
2.3 As part of the Telematics Reporting Services, during the Licence Term, we will provide you with access to a website to view, in either an online or downloadable format, real time and archived Telematics Data about the Vehicle to which the Telematics Reporting Services apply (“Telematics Website”).
2.4 All aspects of the Telematics Reporting Services will be delivered remotely and we are not required to provide any aspect of the Telematics Reporting Services at your premises.
2.5 We are entitled to determine the manner in which the Telematics Reporting Services are performed.
3 Licence Term
3.1 The supply of the Telematics Reporting Services begins on the Booking Start Date for the relevant Vehicle and, subject to earlier termination in accordance with its terms, continues until Off-hire (“Licence Term”).
3.2 Unless otherwise agreed in writing by us, all dates or other times for delivery of the Telematics Reporting Services agreed in writing by us are estimates only, except that we shall use our reasonable endeavours to deliver the Telematics Reporting Services no later than the date or time stated, and in default of a date or time being agreed in writing, the Telematics Reporting Services shall be delivered from the Booking Start Date.
3.3 You may not postpone or cancel performance of the Telematics Reporting Services or any part of them except with our prior written consent or in accordance with the termination provisions in paragraph 10 of this Schedule.
4 Supply of Telematics Reporting Service
4.1 We will supply the Telematics Reporting Services:
(A) in accordance with the Agreement; and
(B) using reasonable care and skill.
4.2 We give no guarantee or warranty as to the availability of the Telematics Reporting Services.
4.3 You acknowledge and agree that were we provide you with a temporary loan vehicle as a substitute for a Vehicle (for example, where a Vehicle is being serviced or repaired) the Telematics Reporting Services may not be available with the temporary loan vehicle hire.
4.4 We are discharged from performing our obligations under this Schedule where, to the extent, and for so long as the following circumstances affect performance:
(A) we have been provided with inaccurate, incomplete or misleading information; and/or
(B) you or your personnel are in breach of the Agreement.
4.5 Where paragraph 4.4 of this Schedule applies:
(A) we shall notify you as soon as reasonably practicable, and shall use our reasonable endeavours to continue to perform the Agreement but shall not be liable for any failure to do so (including any delayed or defective performance); and
(B) you shall reimburse us on demand in respect of all incremental costs and expenses incurred by us in performing our obligations under the Agreement as a result.
4.6 If you can demonstrate that the Telematics Reporting Services do not comply with the requirements of paragraph 4.1, we shall re-perform the Telematics Reporting Services within a reasonable period of time.
4.7 Paragraph 4.6 is your only remedy in respect of a breach of paragraph 4.1 of this Schedule or otherwise in respect of the provision of the Telematics Reporting Service by us.
5 Telematics Website
Supply of Telematics Reporting Services
5.1 We will provide you with up to five login accounts to access the Telematics Website.
5.2 If you require more than five login accounts for the Telematics Website, an additional per login charge shall be levied, which shall be payable in accordance with clause 12 of the Terms and Conditions of Hire.
5.3 If there is a fault with the Telematics Website we will endeavour to rectify the fault as soon as possible but exclude any responsibility for rectifying such faults or liability for any loss, damage, cost and expense where the fault arises out of or in connection with:
(A) a problem with the mobile network through which the information is transmitted; or
(B) the hosting of the website by a third party on our behalf.
6 Telematics Charges
6.1 You must pay the Telematics Charges in accordance with the Agreement or as otherwise agreed in writing by us without set-off or counterclaim in respect of any liability of ours and paid in accordance with clause 12 of the Terms and Conditions of Hire.
6.2 Any amount due to us under this Schedule is not taken to have been made or received for the purposes of this Schedule unless and until the amount is received by us in cash, or cleared funds made by direct credit for same day value to the bank account nominated by us from time to time.
6.3 The Telematics Charges are exclusive of value added tax, which shall be added to the Telematics Charges, and paid by you in accordance with this paragraph 6.
6.4 If you fail to pay the Telematics Charges by the due date, we may suspend the Telematics Reporting Services until payment, plus any interest charged by us in addition in accordance with clause 12 of the Agreement, is made or received.
7 Your Obligations
7.1 Without limiting your obligations under clause 21 (Telematics) of the Agreement, you must not, except to the extent permitted by applicable law:
(A) access all or any part of the Telematics Reporting Services or Telematics Devices in order to build a product or service which competes with the Telematics Reporting Services or Telematics Devices;
(B) attempt to obtain or assist third parties in obtaining, access to the Telematics Reporting Services or Telematics Devices;
(C) copy the Software in whole or in part;
(D) introduce any virus, code or software into the Software; or
(E) use the Software otherwise than in accordance with this Agreement.
7.2 You will use reasonable endeavours to prevent any act or omission which gives rise to, or gives rise to a risk of, unauthorised access to, or unauthorised use, alteration, disabling or destruction of, the Telematics Reporting Services or Telematics Devices and notify us promptly of any such incident.
7.3 References in paragraph 7.2 of this Schedule to the doing of any act includes any attempt to do so, or to cause or permit any third party to do, or to attempt, the act in question.
7.4 You must not cause or permit the Telematics Reporting Services or Telematics Devices to be used by any person who is not your employee unless we expressly authorise it in writing or under this Agreement.
8.1 You acknowledge and agree that we may, at our discretion, change the functionality or features of the Telematics Reporting Services providing that change does not have a material detrimental impact on the functionality or features of the Telematics Reporting Services.
8.2 Any new feature, improvement or modification implemented by us into the Telematics Reporting Services which are more generally available to all of our customers shall be included in the Telematics Reporting Services.
8.3 We reserve the right to suspend the Telematics Reporting Services by reasonable notice to you in order to undertake maintenance work or carry out improvements.
9 Data Protection
9.1 You acknowledge and agree that to the extent we transfer, provide or otherwise make Telematics Data available to you in connection with the Telematics Reporting Services, you are a data controller in relation to that Telematics Data and you are responsible for your compliance with all applicable Data Protection Legislation.
9.2 To the extent that we process Telematics Data controlled by you, we will:
(A) only process that Telematics Data in compliance with, and subject to, the instructions received from you; and
(B) ensure that the Telematics Data is secure from damage, theft, accidental loss and that no unauthorised person has access to the data.
9.3 You must take such steps as we may require from time to time to enable us to comply with our obligations under the Data Protection Legislation, including:
(A) notifying all drivers that a Telematics Device is installed in the Vehicle and that the Telematics Reporting Services will be used;
(B) providing all drivers with prior information relating to any purposes for which you use Telematics Data collected using a Telematics Device;
(C) obtaining all necessary consents from drivers in accordance with the requirements of the Data Protection Legislation for the processing of Telematics Data;
(D) immediately notifying us in writing of:
(1) any complaint, notice, request (including a subject access request), investigation or communication which relates directly or indirectly to the processing of the Telematics Data or to your or our compliance with the Data Protection Legislation;
(2) any incident which gives rise to a risk of the unauthorised disclosure, loss, destruction or alternation of the Telematics Data collected through a Telematics Device; or
(3) if the Telematics Data collected through a Telematics Device is processed in breach of this Agreement; and
(E) providing us with such co-operation and assistance as we may require with respect to any of the foregoing events.
9.4 You must not, and must not permit, any act or omission in connection with the Telematics Reporting Service that puts us in breach of applicable Data Protection Legislation.
9.5 We will ensure that the Software and Telematics Data are hosted in the European Economic Area and are only transferred outside the European Economic Area in accordance with applicable Data Protection Legislation.
10.1 We may terminate the supply of the Telematics Reporting Services and require the return of the Telematics Device on one calendar months’ notice to you in writing, or as otherwise provided in accordance with clause 18 of the Terms and Conditions of Hire.
10.2 For the avoidance of doubt, the Telematics Reporting Services automatically terminate when the Agreement or applicable Booking is terminated.
10.3 We will promptly delete, and you will lose access to, all Telematics Data relating to a specific Vehicle at the earlier of the time that Vehicle is Off-hired and the termination of this Agreement.
SCHEDULE 2 - DATA PROCESSING ADDENDUM
This Data Processing Addendum forms part of, and is incorporated into, the Agreement between Northgate Vehicle Hire (Ireland) Limited and the Customer.
1 How this DPA applies
1.1 This DPA is an amendment to and is incorporated into the Agreement. Except for changes made by this DPA, the Agreement remains unchanged and in full force and effect. If there is a conflict between any provision in this DPA and any provision in the Agreement, this DPA controls and takes precedence. This DPA is a part of the Agreement for the purposes of the entire agreement clause set out in the Agreement.
1.2 The parties have entered into this DPA in consideration of their respective rights and obligations under the Agreement and this DPA and other good and valuable consideration (the receipt and sufficiency of which both Northgate and the Customer acknowledge and confirm).
2 Details of the processing activities
2.1 The parties agree, with respect to personal data processed by the Customer under this DPA that:
(A) Northgate is, depending on the relevant personal data, either the data controller or, where another entity is the data controller to which Northgate either directly or indirectly provides services, the data processor or subprocessor of the personal data processed by the Customer under this DPA;
(B) the data controller determines the purposes for which the personal data are or will be processed; and
(C) the Customer is engaged by Northgate as data processor or subprocessor with respect to all personal data processed by the Customer under this DPA.
The Customer acknowledges that Northgate is entitled to identify and determine, in a given case, which entities are data controllers with respect to the personal data processed under this DPA.
2.2 Northgate’s obligations and rights are as outlined in the Agreement and this DPA. Northgate is responsible for issuing instructions to the Customer and complying with its other obligations in the Agreement.
2.3 The subject-matter and duration of the processing carried out by the Customer on behalf of Northgate, the nature and purpose of the processing, the type of personal data and categories of data subjects are described in Appendix 1.
3.1 The Customer confirms that it shall implement and maintain appropriate technical and organisational measures in such a manner that the processing of any personal data will meet the requirements of the GDPR and ensure the protection of the rights of data subjects.
4 Protection of personal data
4.1 In discharging its obligations under the Agreement, the Customer is responsible for and shall comply with Data Protection Law. The Customer shall perform the services and discharge its obligations under the Agreement in such a way that Northgate and any Northgate customers comply with, and do not breach, their obligations under Data Protection Law.
4.2 The Customer shall process the personal data only to the extent necessary to perform its obligations under the Agreement and for no other purpose.
4.3 The Customer shall treat the personal data as confidential information for the purposes of the Agreement.
4.4 Without limiting or affecting the other provisions in this clause 4, the Customer shall:
(A) process the personal data only on written instructions from Northgate (which may, in particular, be given electronically or through the functionality of the service), including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by European Union or Member State law to which the Customer is subject; in such a case, the Customer shall inform Northgate of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
(B) ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality, even after the end of their employment contract or at the end of their assignment or engagement;
(C) takes all measures required pursuant to Article 32 of the GDPR;
(D) taking into account the nature of the processing, assist Northgate and Northgate’s customers by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of Northgate's and Northgate’s customers’ obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR;
(E) assist Northgate and Northgate’s customers in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of processing and the information available to the Customer;
(F) in accordance with clause 8, at the choice of Northgate, delete or return all the personal data to Northgate (and/or Northgate’s customers) after the end of the provision of services relating to processing, and delete existing copies unless European Union or Member State law requires storage of the personal data; and
(G) make available to Northgate all information necessary to demonstrate compliance with the obligations laid down in this DPA and Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by Northgate and Northgate’s customers or another auditor mandated by Northgate or Northgate’s customers.
5 Keep Northgate informed
5.1 The Customer shall, without undue delay (and in any event within two (2) days):
(A) inform Northgate of any investigation, inspection, audit, administrative sanction or fine by a data protection or other authority or any claim, proceedings or complaint by a data subject which is relevant to the personal data or processing activities under this Agreement;
(B) notify Northgate in writing of any request received from an authority (including a law enforcement agency or government agency) for disclosure of or access to personal data, including (insofar as the Customer can do so):
(1) the scope of the request
(2) the reason for the request;
(3) the form of the disclosure or access requested;
unless, in a given case, European Union or Member State law prohibits it from doing so on important grounds of public interest in which case Customer shall use reasonable efforts to request the authority to direct the request directly to Northgate;
(C) notify Northgate in writing of any request, inquiry or similar made by any of Northgate’s customers in connection with any personal data processed by the Customer under the Agreement;
(D) inform Northgate if it cannot comply with this DPA (including, where they apply pursuant to clause 13, the Standard Contractual Clauses) in which case Northgate, at its discretion, may suspend any processing (in whole or in part) and/or terminate the Agreement (in whole or in part) and/or services (in whole or in part); and
(E) upon request, co-operate in good faith with, and promptly provide Northgate with all reasonable information it requests, in connection with the personal data and/or processing activities undertaken by the Customer pursuant to the Agreement (including, in particular, in connection with any investigation, audit or queries of a data protection or other authority).
5.2 The Customer shall not respond to any request of the type described in clause 5.1(B) unless and until it receives documented instructions from Northgate, unless required to do so under European Union or Member State law to which the Customer is subject; in such a case, the Customer shall inform Northgate of that legal requirement before processing unless that law prohibits such information on important grounds of public interest.
6 Data subject rights
6.1 The Customer confirms and agrees that:
(A) it has designed its services and functionality; and
(B) has put and shall maintain in place appropriate technical and organisational measures,
so that Northgate and Northgate’s customers can fully and properly respond to and address any data subject requests under and in compliance with Chapter III of the GDPR or the withdrawal of any consent by a data subject.
6.2 The Customer shall inform Northgate in writing promptly and without delay (and, in any event, within no more than two (2) days) if Customer receives a request or a notice of withdrawal of consent from a data subject in respect of such data subject’s personal data. The Customer shall not respond to any such data subject request or otherwise correct, amend, delete, block or provide access to or a copy of the data subject’s personal data without Northgate’s documented instructions.
6.3 To the extent Northgate, in its use and administration of the services under the Agreement, does not have the ability to fully and properly respond to and address a data subject’s request under and in compliance with Chapter III of the GDPR or a withdrawal of consent by a data subject, the Customer shall promptly use all reasonable endeavours to enable Northgate or Northgate’s customers to do so by the Customer undertaking such actions and steps and providing such assistance and information as are necessary in such regard. This does not limit or affect clause 4.4(D)
7 Data protection impact assessments
7.1 The Customer shall provide reasonable assistance to Northgate and Northgate’s customers with any data protection impact assessments, and prior consultations with any data protection supervisory authorities, which Northgate reasonably considers to be required to enable Northgate and/or Northgate’s customers to comply with their obligations under Articles 35 and 36 of the GDPR, but only in connection with the processing of personal data by, and taking into account the nature of the processing and information available to, the Customer and its permitted subprocessors.
8 Deletion and Return
8.1 Subject to clause 8.2, the Customer shall promptly and in any event within ten business days of the Cessation Date, securely irrevocably delete and procure the secure irrevocable deletion of all copies of the personal data.
8.2 Northgate is entitled by written notice to the Customer within ten business days of the Cessation Date to require the Customer to:
(A) at Northgate’s choice, give Northgate a reasonable opportunity to retrieve the personal data or return a complete copy of all personal data to Northgate by secure file transfer in such format as is reasonably notified by Northgate to the Customer; and
(B) securely irrevocably delete and procure the secure irrevocable deletion of all other copies of the personal data processed by Customer and any permitted subprocessor in accordance with recognised industry standards to achieve secure deletion.
Customer shall comply with any such written request within ten business days of the request.
8.3 The Customer and any permitted subprocessor may retain personal data to the extent required by European Union or Member State law but only to the extent and for such period as required by European Union or Member State law. This is provided that Customer and any permitted subprocessor ensure the confidentiality of all such personal data and ensure that such personal data is only processed as necessary for the purpose specified in the European Union or Member State law requiring its storage and for no other purpose.
9.1 The Customer shall regularly monitor and periodically audit its compliance with the technical and organisational security measures it implements and maintains with respect to the personal data pursuant to this Agreement.
9.2 The Customer shall:
(A) implement and maintain the technical and organisational measures set out in Appendix 2;
(B) comply with all security policies (and amendments to them) of Northgate notified by Northgate to the Customer from time to time;
(C) ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services and of the personal data;
(D) ensure access to personal data within the Customer and, if applicable, any permitted subprocessors is limited to that which is necessary;
(E) keep personal data logically separate, with adequate logical separate security controls, from other data and information held by Customer and any permitted subprocessors;
(F) log all access to and use of the personal data by Customer and any permitted subprocessors and make such logs available to Northgate promptly upon request; and
(G) implement and maintain policies and measures to detect, respond to and record personal data breaches.
9.3 Without limiting or affecting clause 9.2, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Customer shall implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
(A) the pseudonymisation and encryption of personal data;
(B) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(C) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
(D) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
9.4 In assessing the appropriate level of security, the Customer shall take account in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
9.5 The Customer shall take steps to ensure that any natural person acting under the authority of the Customer who has access to personal data does not process them except on instructions from Northgate, unless he or she is required to do so by European Union or Member State law.
9.6 The Customer shall:
(A) maintain security practices and policies in place for the protection of personal data (that policy being an “Information Security Policy”); and
(B) promptly make the Information Security Policy available to Northgate, along with descriptions of the organisational and technical security controls, practices and measures in place with respect to the personal data and other information reasonably requested by Northgate regarding Customer’s security practices and policies.
9.7 The Customer shall, upon Northgate’s written request and subject to the confidentiality obligations set forth in the Agreement, make available to Northgate the Customer’s then most recent third-party audits or certifications and related audit, attestation and certification reports. The Customer acknowledges that Northgate may provide a copy of such reports to Northgate’s customers (or their suppliers), subject to confidentiality undertakings from the relevant recipient.
10 Personal Data Breach
10.1 The Customer shall notify Northgate without undue delay and, in any event, within no more than two (2) days, after becoming aware of an actual or suspected personal data breach. The Customer shall assist Northgate and Northgate’s customers in fulfilling their respective obligations under Articles 33 and 34 of the GDPR and otherwise to notify the relevant supervisory authority and data subjects of a personal data breach.
10.2 The Customer shall, as soon as possible, provide Northgate with the following information with respect to any actual or suspected personal data breach:
(A) a description of the cause and nature of the breach including the categories and approximate numbers of data subjects concerned and the categories and approximate number of personal data records concerned;
(B) the measures being taken to contain, investigate and remediate the personal data breach;
(C) the likely consequences and risks for Northgate, Northgate’s customers, organisations and data subjects as a result of the personal data breach;
(D) any mitigating actions taken; and
(E) a proposed plan to mitigate any risks for data subjects, Northgate’s customers and/or Northgate as a result of the personal data breach.
10.3 The Customer shall, in connection with any actual or suspected personal data breach:
(A) quickly and without delay, take such steps as are necessary to contain, remediate, minimise any effects of and investigate any actual or suspected personal data breach (and without destroying any evidence) and to identify its cause;
(B) maintain records of all information relating to the personal data breach, including the results of its own investigations and authorities’ investigations as well as remedial actions taken;
(C) co-operate with Northgate (and, upon request by Northgate, Northgate’s customers) and provide Northgate (and, upon request by Northgate, Northgate’s customers) with such assistance and information as it may reasonably require in connection with the containment, investigation, remediation and/or mitigation of the personal data breach;
(D) maintain strict confidentiality;
(E) not make any public statements or engage or communicate with Northgate’s customers without Northgate’s prior written approval;
(F) immediately notify Northgate in writing of any request, inspection, audit or investigation by a data protection or other authority or any request by Northgate’s customers;
(G) without limiting or affecting clause 10.3(H)), provide a copy of all proposed written communications with a data protection or other authority or any of Northgate’s customers so that Northgate has a reasonable opportunity to comment in such respect and have due and proper regard to all comments or concerns of Northgate in such respect;
(H) not communicate with any data protection or other authority or any of Northgate’s customers without Northgate’s prior written permission, except to the extent required to do so by applicable law to which the Customer is subject in which case the Customer shall inform Northgate in writing as soon as possible of any communications with the relevant authority or Northgate’s customers (and shall provide a copy or detailed minute of all such communications);
(I) permit and enable Northgate to attend all calls, video conferences, site visits, inspections, audits, meetings and other communications with any data protection or other authority or any of Northgate’s customers, except to the extent restricted from doing so by applicable law to which the Customer is subject (and promptly provide, upon request, a copy or detailed minute of all such engagement and communications); and
(J) where required to do so by Northgate, provide notifications (in a form approved by Northgate) to affected data subjects, Northgate’s customers, other affected entities and/or organisations and relevant data protection and other authorities.
10.4 The Customer shall do all that is necessary to recover, restore, rebuild, repair and/or recreate any personal data, databases and/or files affected by a personal data breach. If the Customer does not do so (or indicates that it will not do so) within a reasonably quick period, Northgate is entitled to do so itself (or using a third party) in which case the Customer shall promptly pay Northgate in full any costs and expenses its incurs in such regard as a debt.
10.5 The Customer shall fully and effectively indemnify Northgate in respect of any losses, liabilities, demands, damages, costs, claims, expenses, awards and/or fines suffered or incurred or paid out by Northgate and/or any of Northgate’s customers and/or any Customers to which Northgate provides services arising out of or in connection with any actual or suspected personal data breach and/or its consequences (including any arising out of or in connection with the containment, investigation, remediation and mitigation of the personal data breach and its consequences, engagement with any data protection or other authorities and correspondence with, and mitigation measures (such as two (2) years credit monitoring services) for, Northgate’s customers, impacted data subjects, entities and organisations and the recovery or reconstruction of any affected personal data and related files and data).
11.1 The Customer shall maintain all records required by Article 30(2) of the GDPR and shall, to the extent relevant to the processing of personal data on behalf of Northgate, promptly provide a copy of them to Northgate, Northgate’s customers and/or any data protection supervisory authority on request by Northgate. The Customer shall immediately notify Northgate in writing if it receives any such request from a data protection supervisory authority.
11.2 The Customer shall promptly provide Northgate with such information as Northgate and/or Northgate’s customers may reasonably require in order to create or update any records which Northgate is required to maintain by Article 30(1) of the GDPR.
12.1 The Customer shall not engage a subprocessor to process any personal data unless Northgate in writing approves the use of the subprocessor concerned in which case the Customer shall comply with clause 12.2 in such regard.
12.2 The Customer shall, where it engages any subprocessor in accordance with clause 12.1 (whether an existing or new subprocessor):
(A) carry out appropriate due diligence on the subprocessor prior to engaging it to verify that it is capable of complying with the data protection obligations under this DPA and the Agreement, to the extent applicable to the services it is to perform (and shall document such due diligence and provide a copy of such to Northgate promptly on request);
(B) only use a subprocessor that has provided sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR and the Agreement and ensure the protection of the rights of the data subject; and
(C) impose, through a legally binding contract between the Customer and subprocessor that is governed by Irish or Member State law, the same data protection obligations as set out in the Agreement (including this DPA and, where they apply pursuant to clause 13, the Standard Contractual Clauses) on the subprocessor, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR.
12.3 The Customer shall, upon request by Northgate, promptly provide Northgate with the identity and location of each subprocessor and a description of the processing being subcontracted to each subprocessor, together with a copy of the data protection related provisions in the agreement between the Customer and subprocessor.
12.4 The Customer acknowledges and agrees that if any subprocessor fails to fulfil its obligations in the agreement between the Customer and subprocessor, the Customer shall remain fully liable to Northgate for the performance of the subprocessor’s obligations.
13.1 The Customer shall not transfer any personal data to, or grant access to any personal data to, any recipient (including the Customer) in a country or territory outside the European Economic Area unless either:
(A) the personal data is transferred to or accessed by the recipient in an Adequate Country; or
(B) if the personal data is transferred to or accessed by the recipient in a country or territory which is not an Adequate Country:
(1) Appropriate Safeguards are in place in respect of the processing of the personal data by the recipient; or
(2) if the recipient is the Customer, the Customer has entered into the Standard Contractual Clauses with Northgate in accordance with clause 15.2.
13.2 The Customer and Northgate hereby enter into the Standard Contractual Clauses with respect to a Restricted Transfer. For these purposes:
(A) the Standard Contractual Clauses apply from the commencement of the Restricted Transfer and form a part of, and are incorporated into, this DPA on and from that date;
(B) the Customer agrees to the third party rights granted to data subjects under the Standard Contractual Clauses;
(C) Northgate is the “data exporter” and the Customer is the “data importer” as those terms are defined in the Standard Contractual Clauses;
(D) Appendix 1 and Appendix 2 of this DPA operate as, respectively, Appendix 1 and Appendix 2 of the Standard Contractual Clauses;
(E) the governing law of the Standard Contractual Clauses shall be Irish law;
(F) if there is a conflict between any provision in this DPA and any provision in the Standard Contractual Clauses, the Standard Contractual Clauses control and take precedence; and
(G) the execution of this DPA by the Customer and Northgate constitutes the execution of the Standard Contractual Clauses by the Customer and Northgate.
13.3 If and to the extent that the Customer or a permitted subprocessor is relying, for the purposes of clause 13.2, upon Privacy Shield for the purposes of transfers of personal data to, or access of personal data from, the United States of America, the Customer, warrants and confirms that:
(A) each Privacy Shield Entity is and will remain a certified member of the Privacy Shield under a registration and shall maintain such registration;
(B) the registration of each Privacy Shield Entity covers and shall cover all personal data processed by it under this DPA and the Agreement;
(D) each Privacy Shield Entity does and shall process personal data at all times in accordance with the Privacy Shield.
13.4 The Customer agrees and warrants that each Privacy Shield Entity does, and shall continue to comply with, the Privacy Shield principles with respect to any transfers of personal data to, or access of personal data from, the United States of America under this DPA and Agreement.
13.5 If a Privacy Shield Entity’s Privacy Shield registration expires, lapses, is revoked or otherwise ceases to meet the adequacy requirements set out under Data Protection Laws or should Privacy Shield otherwise cease to provide a valid legal basis to transfer personal data to the United States of America (each a "notifiable event") then the Customer shall:
(A) notify Northgate in writing as soon as possible; and
(1) the Customer is the Privacy Shield Entity, clause 13.2 shall automatically apply with effect on and from the Notifiable event; and
(2) a subprocessor is the Privacy Shield Entity, stop the processing of the personal data (and procure the return of the personal data to the EEA) by the subprocessor unless agreed otherwise by Northgate.
13.6 If the Standard Contractual Clauses cease to meet the adequacy requirements set out under Data Protection Laws or should the Standard Contractual Clauses otherwise cease to provide a legal basis to transfer personal data to outside the European Economic Area, the Customer shall stop the processing of any personal data transferred previously under the Standard Contractual Clauses (and procure the return of the personal data to the EEA) unless agreed otherwise by Northgate. In such case, the parties shall work and engage together promptly and in good faith in order to promptly agree and implement an alternative to provide for the legitimate transfer of the personal data to outside the EEA or alternative arrangements in respect of the services (without any impact on service standards or continuity).
14.1 In this DPA, the following terms have the meanings given to them below:
“Adequate Country” means a country or territory in respect of which the European Commission, in accordance with Data Protection Law, has declared there is an adequate level of protection for personal data, provided and only for so long as such decision of the European Commission remains in force and the recipient of the personal data satisfies the relevant Adequacy Conditions under that decision.
“Adequacy Conditions” means any qualifications, conditions or requirements of or under the relevant adequacy decision of the European Commission which must be met by the relevant recipient in order for the adequacy decision to apply in respect of any processing of personal data by the recipient.
“Agreement” means the agreement between Northgate and the Customer which is more particularly described in clause 1 of this DPA and which, in accordance with the provisions of this DPA, incorporates this DPA (including, where they apply pursuant to clause 13.2, the Standard Contractual Clauses entered into by Northgate and the Customer).
“Appropriate Safeguards” means appropriate safeguards in respect of the processing of the personal data and on condition that enforceable data subject rights and effective legal remedies for data subjects are available with respect to any processing of personal data, in each case within the meaning of, and as determined by, Article 46 of the GDPR.
“Approved Non-EEA Subprocessor” means a subprocessor of the Customer that is:
(A) established in a country or territory other than the European Economic Area or an Adequate Country; and
(B) is identified, by reference to the subprocessor’s specific name, by Northgate in writing as an Approved Non-EEA Subprocessor for the purposes of clause 13.5 in response to a request to that effect by the Customer.
“Cessation Date” means the date of cessation of any services involving the processing of personal data.
“Customer” means the entity identified as the “Customer” in clause 1.1 of this DPA and which is a party to the Agreement.
“delete” means securely and irrevocably remove or destroy so that the personal data is removed or obliterated such that it cannot be recovered or reconstructed.
“Data Protection Law” means all data protection, security and privacy laws and regulations applicable in Ireland including, on and from 25 May 2018, the GDPR.
“DPA” or “Data Processing Addendum” means this Data Processing Addendum including Appendices 1 and 2 and, where they apply pursuant to clause 13.2, the Standard Contractual Clauses entered into by Northgate and the Customer.
“GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
“Member State” means a member state of the European Union.
“Northgate” means the entity identified as “Northgate” in clause 1.3 of this DPA and which is a party to the Agreement.
“personal data” means any personal data, as that term is defined in the GDPR, that is processed by the Customer or its subprocessors in the performance of the services and its other obligations under the Agreement.
“Privacy Shield” means the Privacy Shield programs established by the European Commission and Switzerland and the United States Department of Commerce.
“Privacy Shield Entity” means the Customer or a permitted subprocessor which is relying, for the purposes of clause 13.1, upon Privacy Shield for the purposes of transfers of personal data to, or access of personal data from, the United States of America.
“Restricted Transfer” means the transfer of personal data to the Customer, or access of personal data by the Customer, in a country or territory outside the European Economic Area except if and to the extent that:
(A) the personal data is transferred to or accessed by the Customer in or from an Adequate Country; or
(B) if the personal data is transferred to or accessed by the Customer in a country or territory which is not an Adequate Country, Appropriate Safeguards (other than the Standard Contractual Clauses that would otherwise apply between Northgate and the Customer pursuant to clause 13.2 of this DPA) are in place in respect of the processing of the personal data by the Customer.
“Standard Contractual Clauses” means the standard contractual clauses for the transfer of personal data to data processors established in third countries adopted by the European Commission decision (C(2010)593) of 5 February 2010.
14.2 In addition, the terms “data controller”, “data processor”, “data subject”, “personal data breach”, “process”, “processing”, “processor” and “subprocessor” having the meanings given to them in the GDPR (and reference to requirements or provisions of the GDPR apply on and from the date of this GDPR as if they were applicable under the GDPR, even if the DPA predates 25 May 2018).
14.3 The word "include" means “without limitation” and cognate terms are construed accordingly.
15 Governing Law and Jurisdiction
15.1 Despite any governing law or jurisdiction clause in the Agreement, this DPA (including, where they apply pursuant to clause 13.2, the Standard Contractual Clauses entered into by Northgate and Customer) and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter, existence, formation, interpretation, repudiation or termination are governed by, and construed in accordance with, the law of Ireland and the parties irrevocably agree that the courts of Ireland have exclusive jurisdiction to settle any such dispute or claim.
Details of the Processing Activities
The subject matter of the processing is the provision of the services and performance of the Customer’s other obligations under the Agreement.
Type of personal data, special categories of data, and categories of data subjects
The types of personal data and the special categories of data processed by the Customer, and the categories of data subjects are all data and categories of data subject that are provided for in and are transferred under the Agreement.
These categories can include name, email, telephone number, and vehicle registration number.
Nature and purpose of processing / processing operations
The Customer will process personal data as necessary to perform the services and its other obligations under the Agreement and to comply with Northgate’s instructions.
Duration of Processing
The duration of the processing operations are the term of the Agreement.
The data exporter, where applicable, is Northgate.
The data importer, where applicable, is the Customer.
Technical and organisational security measures
1 Core technical and organisational security measures
1.1 The following is a description of the minimum core technical and organisational security measures implemented by the Customer.
1.2 In the performance of the services under the Agreement, the Customer shall secure all personal data provided by Northgate to the Customer through the use of reasonable operating standards and physical and technical security measures specified, including, but not limited to, network security and encryption technologies.
1.3 In connection with the performance of the services under the Agreement, Northgate requires that the Customer shall implement and maintain safeguards in compliance with the following security requirements:
(A) Minimum Technical Safeguards. The Customer shall protect all data and information obtained under the terms of the Agreement from unauthorised access, destruction, use, modification, or disclosure by means of reasonable and appropriate administrative, physical and technical safeguards.
(B) Data Transfer. The Customer shall ensure that applications and systems used to collect, store, process or otherwise handle Northgate data and information are designed in accordance with industry accepted security standards and shall comply with applicable regulatory and business requirements.
(C) Encryption. The Customer shall use open encryption methodologies to protect Northgate personal data and information, when infrastructure components need to transfer Northgate data or information over public networks (including an Internet-based replication of data from one environment to another). The Customer will ensure all connections into the Customer’s application are encrypted.
(D) Restricted Access. The Customer shall restrict access to Northgate data and information stored on Customer computers with access permissions only granted on a “need to know” basis and shall conform to “least privilege” security principles.
(E) Storage; Physical Security. Where the Customer stores, processes, transfers or retains Northgate data or information, the Customer shall store such Northgate data or information, including that contained on back up media, in a secure environment, physically protected from unauthorised access, modification, theft, interference, misuse and destruction, with appropriate environmental and perimeter controls. The protection provided should be commensurate with the identified risks. The Customer shall not allow electronic files containing Northgate data or information to be stored on personal desktops, laptops, servers, or removable data storage devices.
(F) Malware Protection. The Customer shall ensure that antivirus/malware programs being used are capable of detecting, removing, and protecting against all known types of malicious or unauthorised software with daily updates.
(G) Vulnerability Management. With regards to the handling of Northgate data or information, the Customer shall establish and maintain mechanisms for vulnerability and patch management, ensuring that application, system, and network device vulnerabilities are evaluated and supplier-supplied security patches are applied in a timely manner taking a risk-based approach for prioritising critical patches.
(H) Security Procedures, Policies and Logging. If access to Northgate’s systems is required in connection with the services under the Agreement, such systems shall be operated in accordance with the following procedures (in addition to those specified elsewhere in the Agreement) to enhance security:
(1) any passwords shall be stored appropriately and shall never be transmitted unencrypted; and
(2) passwords shall not be logged under any circumstances.
(I) Security Awareness and Training. A security awareness and training program for all members of the Customer’s workforce (including management) shall be put in place, which includes training on how to implement and comply with its Information Security Program and the disciplinary consequences of non-compliance.