Auto Trader Connect: Vehicle Check - Additional Terms and Conditions (Integrators) Terms & Conditions

Terms and Conditions

Auto Trader Connect: Vehicle Check - Additional Terms and Conditions (Integrators)

Last Updated: 2 April 2024

Auto Trader Connect: Vehicle Check is a product which allows automotive retailers and/or automotive manufacturers to run vehicle history checks for vehicles they are looking to buy or take in part-exchange, and provides a vehicle check summary on the product page of vehicles advertised on Auto Trader’s platforms.

These additional terms and conditions apply to integrator customers of Auto Trader who have entered into an Auto Trader API licence agreement with Auto Trader and who subsequently integrate with Auto Trader's systems to facilitate access to Auto Trader Connect: Vehicle Check data by automotive retailer/manufacturer customers of Auto Trader through the integrator's own dealer/stock management system software or software with similar functionality. The use of such Auto Trader Connect: Vehicle Check data is restricted solely to the use by such automotive retailer/manufacturer customers under the terms of their agreement with Auto Trader, and the integrator customer shall not be permitted to use or access such Auto Trader Connect: Vehicle Check data for any other purpose.

These additional terms and conditions do not apply to automotive retailer/manufacturer customers who have entered into an Auto Trader API licence agreement with Auto Trader and who subsequently integrate with Auto Trader's systems to directly access to Auto Trader Connect: Vehicle Check data themselves. Such automotive retailer/manufacturer customers shall instead be bound by the terms and conditions for Auto Trader's 'Vehicle Check' retailer product. 'Vehicle Check' retailer product.

DVLA TERMS AND CONDITIONS

To the extent that you are receiving products/services via API pursuant to an Auto Trader API licence agreement with Auto Trader which include the Auto Trader Connect: Vehicle Check data, you agree to comply with the additional terms and conditions in the Appendix below.

The additional terms and conditions in the Appendix below shall apply to the use of any data contained within the Auto Trader Connect: Vehicle Check data which has been supplied by the Driver and Vehicle Licensing Agency ("DVLA"), and such data is defined below as the "Data".

The DVLA has stipulated that the terms and conditions in the Appendix below shall apply to all usage of the Data and any third party who receives the Data must agree to such terms and conditions. The terms and conditions in the Appendix below have been imposed by the DVLA and Auto Trader does not have any authority or ability to agree any amendments.

For the purposes of the Appendix below, the terms and conditions shall apply to you as though you are “the Customer”, unless expressly stated otherwise. Whilst the DVLA terms and conditions below occasionally refer to “Intermediaries” and “Third Party Customers”, this is non-negotiable standard DVLA wording and, for the avoidance of doubt, you are not permitted to transfer the Data to “Third Party Customers” or “Requestors” unless expressly permitted by Auto Trader pursuant to an Auto Trader API licence agreement between you and Auto Trader.

Any rights or remedies available to a party below are without prejudice to the rights and remedies available to a party under the Auto Trader API licence agreement between you and Auto Trader.

Whilst the contents of the Appendix below form part of the binding legal agreement between Auto Trader and you, the DVLA is also entitled to enforce the terms of this Appendix in accordance with this Contracts (Rights of Third Parties) Act 1999.

APPENDIX

Definitions:

The following definitions apply to this Appendix:

DefinitionMeaning"Caching"means the process of storing Data in a temporary storage area (a “Cache”) for further use within a defined period of time. A Cache is a hardware or software component that stores Data so that future requests for that Data can be served faster."Commercial Manager"shall have the meaning given in paragraph 3 of Part 2 of this Appendix."Contract"means this written agreement between Auto Trader and the Customer including the Rules and this Appendix.“Controller”, “Processor”, “Processing”, “Data Protection Officer” (DPO), “Data Subject”, “Personal Data”, and “Personal Data Breach”shall have the meanings prescribed under Data Protection Legislation.“Conviction”means, other than for minor road traffic offences, any previous or pending prosecutions, convictions, cautions and binding-over orders (including any spent convictions as contemplated by section 1(1) of the Rehabilitation of Offenders Act 1974 (as amended) by virtue of the exemptions specified in Part II of Schedule 1 of the Rehabilitation of Offenders Act 1974 (Exemptions) Order 1975 (SI 1975/1023) (as amended) or any replacement or amendment to that Order, or being placed on a list kept pursuant to the safeguarding of Vulnerable Groups Act 2006 (as amended).“Crown”means the government of the United Kingdom (including the Northern Ireland Executive Committee and Northern Ireland Departments, the Scottish Executive and the National Assembly for Wales), including, but not limited to, government ministers, government departments, government and particular bodies and government agencies.“Data”means DVLA data that is to be provided to the Customer in connection with this Contract.“Data Loss Event”means any event that results, or may result, in unauthorised access to Personal Data held by the Customer under this Agreement, and/or actual or potential loss and/or destruction of Personal Data in breach of this Agreement, including any Personal Data Breach.“Data Manager”shall have the meaning given in paragraph 3 of Part 2 of this Appendix.“Data Protection Legislation”means: (i) All applicable UK law relating to the Processing of Personal Data and privacy, including but not limited to the UK GDPR and the Data Protection Act 2018 to the extent that it relates to Processing of Personal Data and privacy; and (ii) (to the extent that it may be applicable) the EU GDPR.“Data Subject Request”means a request made by, or on behalf of, a Data Subject in accordance with rights granted pursuant to the Data Protection Legislation.“Days”means calendar days, save where the context otherwise requires.“Default”means any breach of the obligations of the relevant party (including but not limited to fundamental breach or breach of a fundamental term) or any other default, act, omission, negligence or negligent statement of the relevant party or the Staff in connection with or in relation to the subject matter of this Contract and in respect of which such party is liable to the other.“DPA 2018”means Data Protection Act 2018 as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regs 2019 (as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regs 2020.“DVLA”means the Secretary of State for Transport, his Department, Executive Agencies of the Department and persons authorised to act on his behalf.“EU GDPR”means the General Data Protection Regulation (Regulation (EU) 2016/679)“European Commission”means the executive branch of the European Union (EU), responsible for proposing legislation, enforcing EU laws and directing the European Union’s administrative operations.“Equipment”means the Customer’s equipment, plant, materials and such other items used by the Customer in the performance of its obligations under this Contract, or otherwise used to access or store Data.“Force Majeure”means any cause affecting the performance by a party of its obligations arising from acts, events, omissions, happenings or non-happenings beyond the reasonable control of the party concerned and which is not attributable to any act or failure to take preventative action by that party. Such causes include fire; flood; violent storm; earthquake; pestilence; explosion; malicious damage; riots; war or armed conflict; acts of terrorism; nuclear, biological or chemical warfare; or any other disaster, natural or man-made.“Fraud”means any offence under Laws creating offences in respect of fraudulent acts or at common law in respect of fraudulent acts in relation to this Contract or defrauding or attempting to defraud or conspiring to defraud the Crown.“Industry Best Practice”means at any time the exercise of that degree of skill, care, diligence, prudence, efficiency, foresight, standards, practices, methods, procedures and timeliness which would be expected at such time from a leading and expert company within the industry, such company seeking to comply with its contractual obligations in full and complying with all applicable Laws.“Information Commissioner’s Office (ICO)”means the UK’s independent regulatory authority set up to uphold information rights in the public interest promoting openness by public bodies and data privacy for individuals.“Intermediary”means an organisation who receives the Data from the Customer and uses it to provide products and services to other organisations (to be referred to as “Third Party Customers”) that demonstrate Reasonable Cause in accordance with this Contract.“Key Staff”means those persons listed in Part 4 of this Appendix completed by the Customer in accordance with paragraph 3 of Part 2 of this Appendix.“Law”means any law, subordinate legislation within the meaning of Section 21(1) of the Interpretation Act 1978, bye-law, enforceable right within the meaning of Section 2 of the European Communities Act 1972, regulation, order, regulatory policy, mandatory guidance or code of practice, judgment of a relevant court of law, or directives or requirements with which the Customer is bound to comply.“Malicious Software”means any software program or code intended to destroy, interfere with, corrupt, or cause undesired effects on program files, Data or other information, executable code or application software macros, whether or not its operation is immediate or delayed, and whether the malicious software is introduced wilfully, negligently or without knowledge of its existence.“Material Breach”means a breach (including an anticipatory breach) which is not minimal or trivial in its consequences to the other party. In deciding whether any breach is material no regard shall be had to whether it occurs by some accident, mishap, mistake or misunderstanding.“Premises”means the location where the Data is to be supplied to the Customer, or accessed, stored or destroyed by the Customer.“Reasonable Cause”means the purpose for which the Data is provided by the DVLA to the Customer via the Data service as stated in paragraph 2 of Part 2 of this Appendix.“Requestor”means a person who is making an enquiry for Data about a particular vehicle, using products or services provided by the Customer or an Intermediary or a Third Party Customer in accordance with this Contract.“Related Persons”means the Customer, its directors, the Commercial Manager, the Data Manager and the other Key Staff.“Relevant Conviction”means a Conviction which the Customer, acting reasonably and in accordance with Industry Best Practice, deems to preclude a person from being involved in any way with use of the Data.“Removable Media”means all physical items and devices that can carry and transfer electronic information. Examples include but are not limited to DVDs, CD-ROMs, floppy disks, portable hard disk drives, USB memory sticks, flash drives, portable music and video players including mobile phones, handheld devices such as smartphones and personal digital assistants.“Staff”means all persons employed by a party to perform its obligations under this Contract together with the party’s servants, agents, suppliers and Sub-Contractors used in the performance of its obligations under this Contract.“Standard Contractual Clauses” (SCCs)mean a standard set of data protection clauses that are adopted by the European Commission in accordance with Article 46(c) of EU GDPR.“Sub-Contracting”means, where permitted in this Contract, the Customer appointing a third party to provide services on behalf of the Customer providing an appropriate Sub-Contracting agreement is in place. The Customer will retain Controller responsibilities while the Sub-Contractor is a Processor. The Customer shall be responsible for the acts and omissions of its Sub-Contractors as though they are its own.“Sub-Contractor(s)”means a third party appointed by the Customer to provide services on behalf of the Customer, providing an appropriate Sub-Contracting agreement is in place. The Customer will retain Controller responsibilities for the Data while the Sub-Contractor is a Processor.“Third Party Customer”means any organisation that: (i) is not an Intermediary; and (ii) receives Data from the Customer or an Intermediary providing Reasonable Cause can be demonstrated, in accordance with this Contract.“UK GDPR”means the UK General Data Protection Regulation based on the EU GDPR and given effect by Part 2 of the DPA 2018, as amended by The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2020.“VIN”means Vehicle Identification Number.“VRN”means Vehicle Registration Number.“Working Day”means a day (other than a Saturday or Sunday) on which banks are open for general business in the City of London.

PART 1 - MINIMUM DATA SECURITY REQUIREMENTS

The Customer shall comply with the requirements of this Part 1:

Data Security Requirements
1. The Customer will comply with the minimum security requirements as follows:
  1. Data, including back-up data, must be retained in secure premises and locked away;
  2. The Data supplied may only be copied for back-up and for the purposes of Processing the Data. Copies must be erased immediately thereafter and they must not be otherwise duplicated;
  3. The Customer will retain the Data only for as long as necessary with reference to the Reasonable Cause for which it was shared in accordance with the Data Protection Legislation;
  4. The Customer, in accordance with Data Protection Legislation, should dispose of the Data where there is no business need to retain it;
  5. Data, including back-up Data, must be protected from unauthorised access, release or loss;
  6. A User ID and a robust password must be required to enter all databases on which the Data is stored;
  7. The password for the encrypted CD-ROM must be stored separately from the CD-ROM itself.
  8. A unique User ID and password must be attributable to an individual and must be allocated to each person with access to the Data;
  9. User IDs and passwords must not be shared between the Customer’s Staff;
  10. Access to the Data must be minimised so that only where necessary are individuals given the following levels of access:
    1. ability to view material from single identifiable records;
    2. ability to view material from many identifiable records; or
    3. functional access, including: searching, amendment, deletion, printing, downloading or transferring information;
  11. The Data must not then be copied onto or stored on Removable Media. Laptops may be used but only if the device has full disk encryption installed in line with Industry Best Practice and the devices are securely protected when not in use;
  12. Data must be used only for the Reasonable Cause for which it was obtained;
  13. Paper records must be destroyed by incineration, pulping or shredding finely so that reconstruction is unlikely;
  14. Electronic Data must be securely destroyed or deleted in accordance with current guidance from the Information Commissioner’s Office as soon as it is no longer needed;
  15. All premises and buildings in which the Data is stored must be secure;
  16. The Customer must be registered with the Information Commissioner’s Office and the permission must cover all activities actually carried out;
  17. Information must not be passed to third parties except with the prior written approval of the DVLA;
  18. Transfer of the Data to third parties (where approval has been granted by DVLA) must be in accordance with the principles of Data Protection Legislation. Any other conditions required by the DVLA in giving permission for disclosure to third parties must be satisfied;
  19. Caching of Data by the Customer (and, only where permitted by Auto Trader in writing, any Intermediaries or Third Party Customer) must be in accordance with Part 2 of this Appendix below; and
  20. The Customer must implement sufficient reporting on Data disclosed by the Customer (only where such disclosure is permitted by Auto Trader in writing) to Intermediaries, Third Party Customers and Requestors to ensure auditability of any enquiries or other activity relating to the Data. In such circumstances, the Customer must be able to trace any disclosure of Data to a specific Intermediary, Third Party Customer or Requestor.
Minimum Requirements for the Customer’s Staff Vetting and Disciplinary Procedures
1. The Customer will comply with the minimum requirements for the Customer’s Staff vetting procedures as follows:
  1. The Customer shall confirm the identity of its entire new Staff.
  2. The Customer shall require all persons who are to have access to the Data to complete and sign a written declaration of any unspent criminal Convictions.
  3. The Customer shall not allow any person with unspent criminal convictions to have access to the Data, except with the prior written permission of the DVLA.
  4. The Customer shall ensure that no person who discloses that he or she has a Relevant Conviction, or who is found by the Customer to have any Relevant Conviction is allowed access to the Data.
  5. The Customer shall require that each person who has access to the Data shall sign a document confirming that the person shall use the Data only in accordance with the Customer’s procedures and only for the Reasonable Cause.
  6. The Customer shall ensure that each person who has access to the Data shall act with all due skill, care and diligence and shall possess such qualifications, skills and experience as are necessary for the proper use of the Data.
  7. The Customer shall ensure that each person who has access to the Data is appropriately trained in and aware of his or her duties and responsibilities under the Data Protection Legislation and this Contract.
  8. The Customer shall create and maintain a unique user account ID for each person who has access to the Data.
  9. The Customer shall maintain a procedure for authorising the creation of user accounts and for the prompt deletion of accounts that are no longer required. The Customer must ensure that the person or persons carrying out this work are appropriately trained and that their duties are separate from that of a normal user account. A normal user must not be able to manage their own account.
  10. The Customer’s disciplinary policy shall state that misuse of the Data by any person shall constitute gross misconduct and may result in summary dismissal of that person. The Customer shall notify such misuse to Auto Trader and the DVLA and the person involved shall be refused all future access to DVLA Data.
  11. System administrators must receive appropriate training.
  12. The system administration role must be separated from any other role to ensure a separation of duties.

The Customer shall, upon Auto Trader’s and/or the DVLA’s written request, provide written confirmation that these procedures are followed, along with any reasonable supporting evidence that Auto Trader and/or the DVLA may require.

PART 2 - REQUIREMENTS IN RELATION TO INTERMEDIARIES, THIRD PARTY CUSTOMERS AND REQUESTORS

If the Customer is an Intermediary (which shall be determined by Auto Trader at its sole discretion), the provisions of this Appendix form part of this Contract. In addition, the Customer shall also include the provisions in this Appendix in its contracts with Third Party Customers, where they have been permitted by Auto Trader, with references to Auto Trader in that contract being replaced with references to the Customer and references to the Customer being replaced with references to the Third Party Customer. Notwithstanding the foregoing, regardless of whether or not the Customer is an Intermediary, it shall comply with the terms of this Appendix on its own behalf.

The Customer shall comply with the requirements of this Part 2:

Customer Status:
1. At all times during the term of this Contract the Customer shall be an independent customer and nothing in this Contract shall create a contract of employment, a relationship of agency or partnership or a joint venture between the parties or between the Customer and the DVLA and accordingly neither party nor the DVLA shall be authorised to act in the name of, or on behalf of, or otherwise bind any other party save as expressly permitted by the terms of this Contract.
2. The Customer must not misrepresent their relationship with the DVLA. The Customer must not produce any publicity material of any kind that implies that there is DVLA endorsement of, or association with, the Customer’s business, products, or services. The Customer can contact the DVLA for advice on how this relationship should be represented.
Purpose For Which Data Is Provided
1. The Customer will provide Auto Trader and the DVLA with a statement detailing the type of business it conducts and a description of products or services it offers to its customers that involve the use of DVLA Data.
2. Applications to access the Data via the DVLA’s bulk data service will only be considered for organisations that can demonstrate a Reasonable Cause for access to the Data. Organisations that cannot prove a Reasonable Cause will not be considered further.
3. Categories of business that may meet this Reasonable Cause pre-requisite include, but may not be limited to, vehicle checking companies. In order to demonstrate Reasonable Cause, products or services delivered by any entity using the Data must have benefit to one or more of the following:
  1. Improving vehicle and road safety
  2. Reducing vehicle crime
  3. Consumer Protection
  4. Environmental impact (greener transport)
  5. Facilitating best practice and due diligence compliance
4. The Customer will notify Auto Trader and the DVLA of any changes to their business need for access to the Data.
5. The requirements of paragraph 12.4 below apply to the Customer’s backup or disaster recovery sites.
6. The Customer will not sell or permit the Data to be sold to any third party as an entire data set.
7. The Customer shall hold the Data on only one database and shall not copy the Data nor link it to another database without the prior written permission of the DVLA.
The Customer’s Key Staff
1. The Customer shall complete the list at Part 4 of this Appendix of the individuals who have direct responsibilities for the use of the Data and for the Customer’s other obligations under this Contract, giving their names and business addresses and other contact details and specifying the capacities in which they are concerned with the Data.
2. As a minimum, the list shall include details of the Customer’s registered office, as recorded by Companies’ House and:
  1. the Commercial Manager who shall be responsible for the Customer’s general contractual matters and shall receive notices sent to the Customer’s registered office (as identified at Part 4 of this Appendix); and
  2. the manager who is responsible for the management of the Data once in the hands of the Customer, to be referred to in this Contract as the Data Manager (as identified at Part 4 of this Appendix).
3. The Customer shall inform Auto Trader immediately of any changes in personnel listed in Part 4 of this Appendix or their business contact details.
4. Failure to do so may result in delayed communications between the Customer and Auto Trader and/or the DVLA.
Statutory Obligations
1. Prevention of Corruption
  1. The Customer shall not offer or give, or agree to give, to the DVLA or any other public body or person employed by or on behalf of the DVLA or any other public body any gift or consideration of any kind as an inducement or reward for doing, refraining from doing, or for having done or refrained from doing, any act in relation to the obtaining or execution of this Contract or any other contract with the DVLA or any other public body, or for showing or refraining from showing favour or disfavour to any person in relation to this Contract or any such contract
  2. If the Customer, its Staff or anyone acting on the Customer’s behalf, engages in conduct prohibited by clause F1.1 or the Bribery Act 2010 (as amended) the DVLA may:
    1. terminate and recover from the Customer the amount of any loss suffered by the DVLA resulting from the termination; or
    2. recover in full from the Customer any other loss sustained by the DVLA in consequence of any breach of that clause.
2. Prevention of Fraud
  1. The Customer shall take all reasonable steps, in accordance with Industry Best Practice, to prevent Fraud by the Customer’s Staff and the Customer (including its shareholder, members, and directors) in connection with the receipt of the Data.
  2. The Customer shall notify the DVLA immediately, within a maximum of 24 hours of becoming aware, if it has reason to suspect that any Fraud has occurred or is occurring or is likely to occur.
  3. If the Customer or its Staff commits Fraud in relation to this or any other contract with the Crown (including the DVLA) the DVLA may:
    1. terminate this Contract (or require Auto Trader to terminate this Contract) and recover from the Customer the amount of any loss suffered by the DVLA resulting from the termination; or
    2. recover in full from the Customer any other loss sustained by the DVLA in consequence of any breach of this clause.
3. Discrimination
  1. The Customer must not unlawfully discriminate either directly or indirectly or by way of victimisation or harassment against a person on such grounds as age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, colour, ethnic or national origin, sex or sexual orientation, and without prejudice to the generality of the foregoing the Customer must not unlawfully discriminate within the meaning and scope of the Equality Acts 2006 and 2010 (as amended), the Human Rights Act 1998 (as amended) or other relevant or equivalent legislation, or any statutory modification or re-enactment thereof.
  2. The Customer shall take all reasonable steps to secure the observance of paragraph 4.3.1 by all of its Staff.
4. The Contracts (Rights of Third Parties) Act 1999
  1. A person who is not a party to this Contract shall have no right to enforce any of its provisions which, expressly or by implication, confer a benefit on them, without the prior written agreement of both parties. This clause does not affect any right or remedy of any person which exists or is available apart from this under the Contracts (Rights of Third Parties) Act 1999 (as amended) and does not apply to the Crown. Notwithstanding the foregoing, the DVLA is also entitled to enforce the terms of this Appendix.
5. Health & Safety
  1. The Customer shall promptly notify the DVLA of any health & safety hazards which may arise in connection with the performance of its obligations under this Contract, including but not limited to, on inspection by the DVLA.
  2. While on the Customer’s Premises, the DVLA shall comply with any health and safety measures implemented by the Customer in respect of its Staff and other persons working there.
  3. The DVLA shall notify the Customer immediately in the event of any incident occurring in the performance of its obligations under this Contract on the Premises where that incident causes any personal injury or damage to property which could give rise to personal injury.
  4. The Customer must comply with the requirements of the Health & Safety at Work etc. Act 1974 (as amended) and any other acts, orders, regulations and codes of practice relating to health & safety, which may apply to the Customer’s Staff and other persons working on the Premises in the performance of its obligations under this Contract.
Publicity and Media
1. The Customer shall notify the DVLA immediately if any circumstances arise which could result in publicity or media attention to the Customer which could adversely reflect on the DVLA and/or the Data.
2. The Customer shall not use the DVLA logo or create or approve any publicity implying or stating that the DVLA has a connection with any service provided by the Customer without the prior written approval of the DVLA. Prior written approval of the DVLA shall be obtained for each individual piece of publicity.
Transfer and Sub-Contracting
1. The Customer shall not assign, Sub-Contract or in any other way dispose of this Contract or any part of it without the prior written permission of Auto Trader (which may be given, refused and withdrawn at the absolute discretion of Auto Trader).
2. Sub-Contracting any part of this Contract shall not relieve the Customer of any of its obligations or duties under this Contract. The Customer shall be responsible for the acts and omissions of its Sub-Contractors as though they are its own. Where Auto Trader has given approval to the placing of sub-contracts, copies of each sub- contract shall, at the request of Auto Trader, be sent by the Customer to Auto Trader as soon as reasonably practicable.
Insolvency
1. The Customer shall notify Auto Trader immediately in writing where the Customer is a company and in respect of the Customer:
  1. a proposal is made for a voluntary arrangement within Part 1 of the Insolvency Act 1986 (as amended) or of any other composition scheme or arrangement with, or assignment for the benefit of, its creditors; or
  2. a shareholders’ meeting is convened for the purpose of considering a resolution that it be wound up or a resolution for its winding-up is passed (other than as part of, and exclusively for the purpose of, a bona fide reconstruction or amalgamation); or
  3. a petition is presented for its winding up (which is not dismissed within 14 Days of its service) or an application is made for the appointment of a provisional liquidator or a creditors’ meeting is convened pursuant to section 98 of the Insolvency Act 1986 (as amended); or
  4. a receiver, administrative receiver or similar officer is appointed over the whole or any part of its business or assets; or
  5. an application order is made either for the appointment of an administrator or for an administration order, and administrator is appointed, or notice of intention to appoint an administrator is given; or
  6. it is or becomes insolvent within the meaning of section 123 of the Insolvency Act 1986 (as amended); or
  7. being a “small company” within the meaning of section 247(3) of the Companies Act 1985 (as amended), a moratorium comes into force pursuant to Schedule 1A of the Insolvency Act 1986 (as amended); or
  8. any event similar to those listed in this clause occurs under the law of any other jurisdiction.
2. The Customer shall notify Auto Trader immediately in writing where the Customer is an individual and:
  1. an application for an interim order is made pursuant to sections 252-253 of the Insolvency Act 1986 (as amended) or a proposal is made for any composition scheme or arrangement with, or assignment for the benefit of, the Customer’s creditors; or
  2. a petition is presented and not dismissed within 14 Days or order made for the Customer’s bankruptcy; or
  3. a receiver, or similar officer is appointed over the whole or any part of the Customer’s assets or a person becomes entitled to appoint a receiver, or similar officer over the whole or any part of his assets; or
  4. the Customer is unable to pay his debts or has no reasonable prospect of doing so, in either case within the meaning of section 268 of the Insolvency Act 1986 (as amended); or
  5. a creditor or encumbrancer attaches or takes possession of, or a distress, execution, sequestration or other such process is levied or enforced on or sued against, the whole or any part of the Customer’s assets and such attachment or process is not discharged within 14 Days; or
  6. suspends or ceases, or threatens to suspend or cease, to carry on all or a substantial part of their business.
Change of Control
1. The Customer shall seek the prior written agreement of Auto Trader to any change of control within the meaning of section 450 of the Corporation Taxes Act 2010 (as amended) (“Change of Control”). Where Auto Trader has not given its written agreement before the change of control, Auto Trader may terminate this Contract by notice in writing with immediate effect within 26 weeks of:
  1. being notified that that change of control has occurred; or
  2. where no notification has been made, the date that Auto Trader becomes aware of that change of control.
Consequences of Suspension and Termination
1. After the Data service has been suspended or this Contract has been terminated or both, the Customer shall continue to comply with its obligations under this Contract and under Data Protection Legislation in relation to the Data which it holds, including as to the proper use of the Data, retention of the Data and secure destruction of the Data.
Accuracy of the Data
1. The DVLA shall take all reasonable steps to ensure that the Data is accurate and up to date before it is transmitted to the Customer, however, DVLA cannot warrant the accuracy of the Data provided. The DVLA does not accept any liability for any inaccurate information supplied to it by the keeper of the vehicle or any other source beyond its control.
Reviews and Meetings
1. The Customer shall upon receipt of reasonable notice and during normal office hours attend all meetings arranged by Auto Trader and/or the DVLA for the discussion of matters connected with the performance of this Contract.
2. Without prejudice to any other requirement in this Contract, the Customer shall provide such reports on the performance of this Contract or any other information relating to the Customer’s requests for and use of the Data as Auto Trader and/or the DVLA may reasonably require.
3. The DVLA reserve the right to review this Contract with the Customer at any time. Where required by Auto Trader and/or the DVLA, the parties shall meet in person or via video or telephone conference to review:
  1. the ongoing need for the Data as defined and any consequential variation to the terms of this Contract;
  2. the Reasonable Causes for which the Data is provided;
  3. the performance of the Data service;
  4. the security arrangements governing the Customer’s safe receipt of the Data and the Customer’s further use of the Data;
  5. the arrangements that the Customer has in place relating to the retention and secure destruction of the Data;
  6. any audits that have been carried out that have relevance to the way that the Customer is Processing the Data;
  7. any security incidents or Data Loss Events that have occurred with the Data;
  8. the continued registration of the Customer’s company under the same registered number; and
  9. the training and experience of the Customer’s Staff in their duties and responsibilities under the Data Protection Legislation.
Data Protection
1. The Data Protection Legislation
  1. The parties shall comply with the requirements of Data Protection Legislation and subordinate legislation made under it, or any legislation which may supersede it, together with any relevant guidance and/or codes of practice issued by the Information Commissioner. All these requirements are referred to in this Contract as “Data Protection Legislation”.
  2. The parties agree that the Data constitutes Personal Data as they relate to a living individual who can be directly or indirectly identified from the Data.
  3. It is the duty of the Controller to comply with Data Protection Legislation. Unless expressly agreed otherwise in writing with Auto Trader, the Customer, separately from the DVLA, shall be the Controller of each item of Data received from the DVLA from the point of receipt of that Data by the Customer and shall be responsible for complying with data protection principles in relation to its further Processing of that Data.
  4. The Customer shall (and shall ensure that each member of the Customer’s Staff) comply with Data Protection Legislation and will duly observe all their obligations under Data Protection Legislation which arise in connection with this Contract.
  5. The DVLA is satisfied that providing the Data to the Customer for the Reasonable Causes is compliant with Data Protection Legislation.
  6. The Customer will answer any Data Subject Requests that it receives for the Data and for which it is the Controller.
  7. The Customer will instruct the Data Subject to contact DVLA where the Data Subject Request is pursuant to DVLA’s activities as a Controller.
  8. The Customer shall notify DVLA immediately if it received a request from any third party for disclosure of the Data where compliance with such request is required or purported to be required by Law.
  9. The parties agree to take into account any guidance issued by the Information Commissioner’s Office. DVLA may, amend this Contract to ensure that it complies with any guidance issued by the Information Commissioners Office on no less than 30 Working Days’ notice to the Customer.
2. Data Security
  1. Both parties shall ensure the safe transportation/transmission of the Data in accordance with the appropriate technical and organisational measures, the requirements of the Data Protection Legislation and His Majesty’s Government Security Policy Framework.
  2. The Customer shall ensure the Data is processed in accordance with Data Protection Legislation guidance and codes of practice.
  3. The Customer shall comply with all the security requirements of the DVLA, including as a minimum those set out in Part 1 of this Appendix and any other requirements that the DVLA shall make from time to time.
  4. The Customer shall notify the DVLA immediately, within a maximum of 24 hours of becoming aware of any failure to comply with the requirements set out in Part 1 of this Appendix.
  5. The Customer shall not transfer or in any way make Data available to third parties unconnected with the Reasonable Causes.
3. Malicious Software
  1. The Customer shall, as an enduring obligation throughout the term of this Contract, use the latest versions of anti-virus software available from an industry accepted anti-virus software vendor to check for and remove Malicious Software from the ICT Environment.
  2. Notwithstanding paragraph 12.3.1, if Malicious Software is found, the parties shall co-operate to reduce the effect of the Malicious Software and, particularly if Malicious Software causes loss of operational efficiency or loss or corruption of Data, assist each other to mitigate any losses and to restore the Data service to their desired operating efficiency.
  3. 1. by the Customer or its Sub-Contractor where the Malicious Software originates from the Customer’s or Sub-Contractor’s software, any third party software or the Customer’s data;
    2. by the DVLA if the Malicious Software originates from the DVLA’s software or the Data.
4. 1. 1. the destination country has been recognised as adequate by the UK government in accordance with Article 45 UK GDPR or section 74 of the DPA 2018;
    2. the Customer has provided appropriate safeguards in relation to the transfer (whether in accordance with UK GDPR Article 46 or section 75 DPA 2018);
    3. the Data Subject has enforceable rights and effective legal remedies;
    4. the Customer complies with its obligations under Data Protection Legislation by providing an appropriate level of protection to any Personal Data that is transferred;
    5. the Customer complies with any reasonable instructions notified to it in advance by the DVLA with respect to the Processing of Personal Data; and
    6. ensure that transfers of Personal Data from the EEA to the UK comply with the EU GDPR and, where the transfer is safeguarded by Standard Contractual Clauses as issued by the European Commission, the conditions set down in those clauses are fully met;
  2. Where the DVLA gives the prior and express written approval referred to in paragraph 12.4.1, the Customer shall disclose the Data only to the extent agreed and in accordance with any conditions attached to the giving of that approval.
5. 1. 1. with the prior written approval of Auto Trader (which may be given, refused and withdrawn at the absolute discretion of Auto Trader), to an Intermediary or Third Party Customer, with whom the Customer shall have entered into a written contract, that requires that Intermediary or Third Party Customer to abide by the requirements in Part 1, Part 2 and Part 3 of this Appendix, and the Data is only released on a case-by-case basis where Reasonable Cause can be demonstrated; or
    2. with the prior written approval of the DVLA (which may be given, refused and withdrawn at the absolute discretion of the DVLA), providing the Data is released in accordance with Part 1, Part 2 and Part 3 of this Appendix, and the Data is only released on a case-by-case basis where Reasonable Cause can be demonstrated; or
    3. if required to do so by Law.
6. 1. In accordance with the Data Protection Legislation, the Customer shall retain each item of Data only for as long as is necessary with reference to the Reasonable Cause for which it was shared.
  2. The Customer shall arrange for the secure destruction or deletion of each item of Data, in accordance with the requirements of the Data Protection Legislation, as soon as it is no longer necessary to retain it.
  3. The Customer shall retain for two years after Processing of the Data, to allow inspection by the DVLA, the evidence that the Customer relies on to show its compliance with the requirements of this Contract. There is no need, for DVLA’s inspection purposes, for the Data to be retained as part of this requirement. The Data must be disposed of in accordance with the provision of paragraph 12.6.2 above.
7. 1. The Customer shall maintain policies for vetting, hiring, training and disciplining the Customer’s Staff and shall comply with these in respect of each person who has access to the Data. The minimum requirements for such vetting procedures are set out in Part 1 of this Appendix.
8. 1. The Customer shall ensure that its business processes, records of customer interactions and transactions, audit procedures on business activities and financial reporting are appropriate and effective to ensure proper use of the Data in compliance with this Contract and the requirements of the Data Protection Legislation. The minimum requirements for such internal compliance are set out in Part 1 of this Appendix.
  2. The Customer shall carry out its own internal compliance checks at least annually and shall, upon the request of Auto Trader provide details of the outcome of such checks upon Auto Trader’s request.
9. 1. The Customer shall share with Auto Trader the outcome of any other checks, audits or reviews that have been carried out on its activities as a Controller that are relevant to the Processing of the Data.
  2. The Customer shall notify Auto Trader immediately, within a maximum of 24 hours of becoming aware of any audits that are being carried out by the Information Commissioner’s Office under Data Protection Legislation that are relevant to the Processing of the Data.
10. 1. The Customer acknowledges that the DVLA has a continuing interest in the security of the Data that it shares and in knowing about any Data Loss Event that may occur whilst the Data is being processed by the Customer.
  2. The Customer shall notify Auto Trader immediately of any Data Loss Event involving the Data that meets the criteria for notification to the Information Commissioner’s Office or affected Data Subjects. The Customer will notify Auto Trader periodically of Data Loss Events that do not meet these criteria.
  3. The Customer understands that as the relevant Controller it shall be responsible for notifying the incident to the Information Commissioner’s Office and, where appropriate, Data Subjects, and to do so within the time limits required by Data Protection Legislation, and also for taking such action as is necessary to resolve the incident.
11. 1. The DVLA and/or Auto Trader or an agent acting on their behalf reserves the right to carry out an inspection at any time of the Customer’s compliance with the terms of this Contract. Where possible, the DVLA and/or Auto Trader (as applicable) shall give the Customer 7 Days’ written notice of any such inspection.
  2. The Customer agrees to co-operate fully with any such inspection and to allow the DVLA and/or Auto Trader or an agent acting on their behalf access to its Premises, Equipment, evidence and the Customer’s Staff for the purposes of the inspection.
  3. The Customer will respond as required to the findings and recommendations of any DVLA and/or Auto Trader inspection and will provide updates as required on the implementation of any required actions.
  4. 1. any member of the Customer’s Staff; or
    2. any person employed or engaged by any member of the Customer’s Staff;
  5. The decision of the DVLA as to whether any person is to be forbidden from accessing the Data and as to whether the Customer has failed to comply with this clause shall be final and conclusive.
  6. The DVLA will be entitled to be reimbursed by the Customer for all DVLA’s reasonable costs incurred in the course of the inspection.
12. 1. Where a complaint is received about the Customer or a Third Party Customer (where applicable), which relates to any matter connected with the performance of the Customer’s obligations under this Contract or the use of Data, the DVLA and/or Auto Trader may investigate the complaint.
  2. The Customer shall provide any information relating to the Customer’s requests for and use of the Data, or the Third Party Customer’s use of the Data, as the DVLA and/or Auto Trader may reasonably require as part of any DVLA or Auto Trader investigation. The DVLA may, in its sole discretion, acting reasonably, uphold the complaint and take further action in accordance with paragraph 14 of this Appendix.
Caching of Data
1. 1. For a limited period of 24 hours to allow multiple hits against a single record as part of continuous enquiry (e.g. multiple insurance quotes from a website or call centre);
  2. The Cache is protected from unauthorised access by way of encryption in accordance with Industry Best Practice;
  3. The Customer must ensure that Intermediaries and Third Party Customers are made aware that they must not use the Data to fulfil further enquiries or transactions on that Intermediary’s or Third Party Customer’s behalf or from Requestors or any other actual or potential customers of the Intermediary or Third Party Customer, nor to fulfil multiple enquiries such as insurance or financial quotes after the 24 hour period permitted above has expired; and
  4. The Customer must make Intermediaries and Third Party Customers aware of the above and that storage of the Data for future use/to create an alternative database is not permitted. In addition, the Customer’s attention is drawn to the requirements of Part 3 of this Appendix.
Defaults, Disruption, Suspension and Termination
1. 1. Without prejudice to any other rights or remedies that the parties may have, the DVLA and/or Auto Trader may terminate this Contract by giving the Customer at least 28 Days’ notice in writing.
2. 1. A party may terminate this Contract with immediate effect by written notice to the other party on or at any time after the occurrence of an event specified in paragraph 14.2.2.
  2. 1. The Customer commits any three or more Defaults, whether simultaneously or singly at any time during the operation of this Contract, irrespective of whether any or all of such breaches is minimal or trivial in nature;
    2. The Customer commits a Material Breach of any other term of this agreement which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 26 weeks after being notified in writing to do so.
  3. For the purposes of the above, a Material Breach is remediable if time is not of the essence in performance of the obligation and if in the reasonable opinion of the DVLA the Material Breach is capable of remedy within the 26 week period. A party’s rights in this Appendix are without prejudice to any other rights or remedies a party may have under the Rules.
3. 1. If it comes to the attention of the DVLA that the Customer has committed any Default (including Material Breaches and all other Defaults), the DVLA and/or Auto Trader may suspend the Data service without further notice and with immediate effect and investigate the nature and effect of the breach. The length of the suspension period will be at the DVLA’s and/or Auto Trader’s discretion.
  2. The DVLA may from time to time issue guidance on its principles on suspending the Data service and terminating contracts to supply Data using the bulk service. The guidance may include guidance concerning: types of Defaults which the DVLA may consider to be Material Breaches; guidance as to specific types of breach that the DVLA will consider to be remediable; how such breaches may be remedied; how long suspension may last; and guidance as to which types of breach the DVLA may consider to be irremediable.
4. 1. If the DVLA and/or Auto Trader suspends the Data service at any time, the Customer shall co-operate with any further investigation, audit or review that the DVLA and/or Auto Trader requires to be carried out in relation to the Data provided to the Customer.
  2. The DVLA and/or Auto Trader may refuse to resume the Data service until the Customer provides assurances that the matter resulting in the suspension has been resolved to the satisfaction of the DVLA and/or Auto Trader and takes specified actions within a reasonable period set by the DVLA and/or Auto Trader.
  3. The DVLA and/or Auto Trader may require that an inspection is carried out after the Data service is resumed, to check the Customer’s compliance with this Contract and Data Protection Legislation.
  4. The Customer shall reimburse the DVLA for all DVLA’s cost and expenses incurred in relation to the DVLA’s rights under this Appendix to carry out an inspection, investigation, audit or review of the Customer.
5. 1. Where the DVLA is notified in writing of any of the circumstances listed in paragraph 7 (Insolvency), the DVLA and/or Auto Trader may suspend the Data service without further notice and with immediate effect and investigate further whether any of the Customer’s directors or any liquidator, receiver, administrative receiver, administrator, or other officer is capable of ensuring that the provisions of this Contract and of Data Protection Legislation are complied with. If the DVLA is not satisfied that any such person shall ensure such compliance, the DVLA and/or Auto Trader may terminate this Contract by written notice with immediate effect.
6. 1. 1. fails to co-operate with any investigation, audit or review;
    2. fails to provide any assurances or take any actions within the reasonable period set by the DVLA under paragraph 14.4.2; or
    3. fails to provide assurances that satisfy the DVLA (acting reasonably) that the Customer has complied and shall continue to comply with the requirements of this Contract and of Data Protection Legislation.
  2. The DVLA and/or Auto Trader may terminate this Contract by written notice with immediate effect if the Customer is found to be in breach of any aspect of the Law that could, in the reasonable opinion of the DVLA, bring the DVLA into disrepute.
  3. The DVLA and/or Auto Trader may terminate this Contract by written notice with immediate effect if the Customer is an individual and he has died or is adjudged incapable of managing his affairs within the Mental Capacity Act 2005 (as amended).
7. 1. After the Data service has been suspended or this Contract has been terminated or both, the Customer shall continue to comply with its obligations under this Contract and under Data Protection Legislation in relation to the Data which it holds, including as to the proper use of the Data, retention of the Data and secure destruction of the Data.
  2. After the Data service has been suspended or this Contract has been terminated or both, the Customer will no longer have the right to use the Data already supplied by DVLA.
  3. During the suspension period, the Customer is not permitted to process or transfer the Data received prior to suspension.
  4. 1. termination of this Contract shall be without prejudice to any rights, remedies or obligations accrued under this Contract prior to termination or expiration and nothing in this Contract shall prejudice the right of either party to recover any amount outstanding at such termination or expiry; and
    2. termination of this Contract shall not affect the continuing rights, remedies or obligations of the DVLA or the Customer under any provision of this Contract which expressly or by implication is intended to come into or to continue in force on or after termination of this Contract.
8. 1. If it comes to the attention of the DVLA that the Customer committed any Default in its obligations in relation to the Data prior to termination of this Contract, or if the DVLA has reason to believe that the Customer did not comply with its duties in relation to the Data under Data Protection Legislation, the DVLA shall reserve the right to refuse to provide any further Data by any means to the Customer, its directors or to any other Company with which those directors are associated, for up to 12 months, starting on the date of termination of this Contract.
  2. Where DVLA has terminated this Contract, the Customer will no longer be permitted to process or transfer the Data received prior to termination where that Data has not already been processed and transferred to an Intermediary or Third Party Customer. This shall not apply where such Processing or transfer is a Data portability right under Data Protection Legislation.
9. 1. The DVLA shall immediately inform the Customer of any actual or potential industrial action, whether such action is taken by their own employees or others, which affects or might affect its ability at any time to perform its obligations under this Contract.
  2. The DVLA shall not be liable to the Customer for any additional expense or loss incurred by the Customer as a result of such disruption.
  3. The Customer shall immediately inform the DVLA of any actual or potential industrial action, whether such action is taken by their own employees or others, which affects or might affect its ability at any time to perform its obligations under this Contract.
  4. In the event of industrial action by the Customer’s Staff, the Customer shall seek the prior written approval of the DVLA to its proposals to continue to perform its obligations under this Contract.
  5. If the Customer’s proposals referred to in paragraph 14.9.4 are considered insufficient or unacceptable by the DVLA acting reasonably, then this Contract may be terminated with immediate effect by the DVLA by notice in writing.
10. 1. Neither party shall be liable to the other party for any delay in performing, or failure to perform, its obligations under this Contract (other than a payment of money) to the extent that such delay or failure is a result of Force Majeure. Notwithstanding the foregoing, each party shall use all reasonable endeavours to continue to perform its obligations under this Contract for the duration of such Force Majeure. However, if such Force Majeure prevents either party from performing its material obligations under this Contract for a period in excess of 26 weeks, either party may terminate this Contract with immediate effect by notice in writing.
  2. Any failure or delay by either party in performing its obligations under this Contract which results from any failure or delay by an agent, Sub-Contractor or supplier shall be regarded as due to Force Majeure only if that agent, Sub-Contractor or supplier is itself impeded by Force Majeure from complying with an obligation to the party.
  3. If either party becomes aware of Force Majeure which gives rise to, or is likely to give rise to, any failure or delay on its part as described in this clause it shall immediately notify the other by the most expeditious method then available and shall inform the other of the period for which it is estimated that such failure or delay shall continue.
  4. If the Customer is unable to perform any of its Data protection obligations under this Contract as a result of Force Majeure, it shall ensure its Data protection obligations are fulfilled by alternative means and shall notify the DVLA immediately, within a maximum of 24 hours of becoming aware, giving detailed information as to how it shall ensure that the Data is protected.
General
1. 1. at all times maintain a written contract with the Intermediary or Third Party Customer that includes all the obligations and rights required to be included under this Contract;
  2. audit every Intermediary or Third Party Customer at least once in the first calendar year during which the Customer discloses Data to each Intermediary or Third Party Customer, and annually thereafter, and make evidence of such audits available to the DVLA upon request;
  3. notify the DVLA immediately of any Defaults that the Customer considers to have been committed by the Intermediary or Third Party Customer, whether discovered on audit by the Customer or at any other time; and
  4. take any additional action the Customer considers reasonable to ensure that the Intermediary or Third Party Customer shall comply with all of the user obligations.
Conditions on the Use of VRN as Search Criteria
1. 1. The VRN relates to a vehicle where the Requestor is either owner or registered keeper of that vehicle; or
  2. The VRN relates to a vehicle that is being or intended to be marketed or offered for sale; or
  3. The Requestor has a genuine and legitimate interest in determining the provenance, status or technical specification of that vehicle; or
  4. Where confirmation of the vehicle identity is a pre-requisite for the Data being accessed by the Requestor.
  5. 1. Has sold, repaired, modified, or serviced that vehicle;
    2. Is providing an insurance quotation or vehicle finance for that vehicle;
    3. Is involved in reducing crime for that vehicle.
Restrictions on Free Disclosure of The Data
1. In order to restrict excessive amounts of Data from being disclosed to Third Party Customers, Intermediaries or Requestors (where applicable and permitted in accordance with this Appendix), the Customer is only permitted to disclose the following Data fields free of charge and free of any conditions:
  - Make
  - Model
  - Colour
  - Date of First Registration
  - Body Type
  - Fuel Type
  - Engine Capacity
  - CO2
  - Year of Manufacture
  - Export Marker
  - Vehicle Type Approval
  - Wheelplan
  - Vehicle/Revenue Weight

PART 3 - RESTRICTIONS ON DISCLOSURE OF VEHICLE IDENTIFICATION NUMBER (VIN)

Introduction
1. It is necessary to have key identifying criteria and references (such as a serial number) for most assets. The main identifiers for a motor vehicle are the VRN (Vehicle Registration Number) and the VIN (Vehicle Identification Number). As the VRN is only applicable once the vehicle is registered and can be transferred to another vehicle, the most reliable identifier has become the VIN.
2. Within the automotive sector, correctly identifying a vehicle is vital in order to ensure the correct details are recorded and disclosed during the life of that vehicle. This applies in particular when specific events occur such as registration, secured finance, resale, repair, cherished plate transfer process, future finance applications and insurance application/renewal.
3. To address this market need, where applicable and permitted in accordance with this Appendix, the Customer can release the full VIN in certain circumstances, to agreed trade sectors, in accordance with Reasonable Cause as described in this Contract, and subject to specified conditions.
4. The table in paragraph 2 below sets out the specified conditions for disclosure of the full VIN. The full VIN must only be released where absolutely essential and where this is not necessary VIN confirmation or partial VIN release should be the preferred solution.
5. Paragraph 4 below sets out conditions on disclosure of the partial VIN.
Market Sectors Where Disclosure of Full VIN is Permitted
Market Sectors Where Disclosure of Full VIN is Not Permitted
1. 1. Consumers
  2. Marketing Companies (other than those working on behalf of approved trade sector clients in respect of their core activities under permitted uses)
  3. Companies, Partnerships and Sole Traders who do not meet the criteria set out in the table in paragraph 2 above.
2. Where there is a requirement to disclose the full VIN to new market sectors or for new purposes other than those set out in the table above in paragraph 2, the Customer must detail this in writing and obtain formal written approval from DVLA. The Customer shall not disclose the full VIN to any additional market sectors or for any new purposes without a formal contract variation, and formal written approval from DVLA.
Conditions on Disclosure of Partial VIN
1. The Society of Motor Manufacturers and Traders (SMMT) has informed DVLA that the release of the end characters of a VIN (so a partial VIN) may lead to the ability to uniquely identify a vehicle in a very limited range of circumstances.
2. Where there are fewer than 500 vehicles of a particular type registered in a year, only the last three characters are needed to uniquely identify a vehicle, assuming that the make and model of that vehicle is known.
3. Where Reasonable Cause cannot be demonstrated to allow a Requestor, Intermediary or Third Party Customer to identify a unique vehicle (in accordance with this Appendix), and where there are fewer than 500 vehicles of a particular vehicle type registered in one year, where applicable and permitted in accordance with this Appendix, the Customer must only disclose the final two characters of the VIN.

PART 4 - CUSTOMER’S KEY STAFF WITH DIRECT RESPONSIBILITIES FOR THE DATA AND FOR THE OTHER OBLIGATIONS UNDER THE CONTRACT

The contact details of the Customer’s Key Staff with responsibility for the Data and the performance of this Contract, as referred to in paragraph 3 of Part 2 of this Appendix, are set out in this Part 4.
1. The contact details of the Commercial Manager referred to in paragraph 3 of Part 2 of this Appendix are:
2. The contact details of the Data Manager referred to in paragraph 3 of Part 2 of this Appendix are:
3. The contact details of any other Key Staff, who are responsible for the Data or for supervision of the Staff with access to the Data, should be provided below.
4. The contact details for the Customer Data Protection Officer (DPO) where applicable:

DVLA TERMS AND CONDITIONS

APPENDIX

PART 1 - MINIMUM DATA SECURITY REQUIREMENTS

Data Security Requirements

Minimum Requirements for the Customer’s Staff Vetting and Disciplinary Procedures

PART 2 - REQUIREMENTS IN RELATION TO INTERMEDIARIES, THIRD PARTY CUSTOMERS AND REQUESTORS

Customer Status:

Purpose For Which Data Is Provided

The Customer’s Key Staff

Statutory Obligations

Publicity and Media

Transfer and Sub-Contracting

Insolvency

Change of Control

Consequences of Suspension and Termination

Accuracy of the Data

Reviews and Meetings

Data Protection

Caching of Data

Defaults, Disruption, Suspension and Termination

General

Conditions on the Use of VRN as Search Criteria

Restrictions on Free Disclosure of The Data

PART 3 - RESTRICTIONS ON DISCLOSURE OF VEHICLE IDENTIFICATION NUMBER (VIN)

Introduction

Market Sectors Where Disclosure of Full VIN is Permitted

Market Sectors Where Disclosure of Full VIN is Not Permitted

Conditions on Disclosure of Partial VIN

PART 4 - CUSTOMER’S KEY STAFF WITH DIRECT RESPONSIBILITIES FOR THE DATA AND FOR THE OTHER OBLIGATIONS UNDER THE CONTRACT