Terms and Conditions for the Supply of IT Asset Disposal Services

These terms and conditions (as amended under clause 21.2) (“Conditions”) govern the supply of IT Asset Disposal (‘ITAD’) Services by Stone Technologies Limited trading as Stone Group, registered in England and Wales with no. 02658501, with registered address at Granite One Hundred, Acton Gate, Stafford, Staffordshire ST18 9AA (“Stone”) to the person/firm who buys such services (“Customer”). These Conditions apply to the exclusion of any other terms that Customer seeks to impose, or which are implied by trade, custom, practice or course of dealing.

  1. Interpretation

In these Conditions: (i) person includes a natural person, corporate or unincorporated body; (ii) a reference to Stone or Customer includes its personal representatives, successors and permitted assigns; (iii) a reference to a statute or statutory provision is a reference to such statute or statutory provision as amended or re-enacted and includes any subordinate legislation; (iv) any phrase introduced by the terms including or include shall be illustrative and shall not limit the sense of the preceding words;  (v) a reference to writing or written includes emails but excludes faxes; (vi) the terms ‘personal data’, ‘data subject’, ‘processor’, ‘controller’, ‘processing’, ‘personal data breach’ and ‘supervisory authority’ have the meanings set out in Data Protection Legislation; and (vii) the following definitions apply:

Acceptable Use Policy”: the acceptable use policy (if any) applicable to the relevant Services, as detailed in the Order Form, or any other acceptable use policy mandated by Stone from time to time on written notice to the Customer.

“ADISA” Asset Disposal and Information Security Alliance Limited, a trade body administering certification schemes.

Affiliates”: each agent, employee, contractor or sub-contractor of a party or the party's Group.

Applicable Law”: the laws of England and Wales, together with any other mandatory laws, regulations, regulatory policies, guidelines or industry codes which apply to the performance of each party’s obligations under the Contract.

“Appointed Agent”: means any auditor or third party, formally appointed by the Data Controller to perform a range of tasks associated with the validation of the performance of the Data Processor

Business Day”: a day other than a Saturday, Sunday or public holiday in England.

Change Procedure”: the procedure detailed in clause 21.2.2.

“Chargeable ITAD Services” shall constitute any service that Stone notifies to the Customer as being chargeable, including (but not being limited to): collections, where fewer than 25 Qualifying Assets are made available by the Customer, enhanced data erasure and additional work required of Stone as a result of BIOS password(s) not being provided by the Customer.

Charges”: any charges payable by the Customer to Stone, as set out in the Order Form or as otherwise made available by Stone from time to time. 

 “Confidential Information”: information of commercial value, in whatever form or medium, disclosed by a party to the other party, including commercial or technical know-how, technology, information pertaining to business operations and strategies, information pertaining to clients, pricing and marketing information relating to the business of either party, information which is marked as confidential, or information which ought reasonably to be considered confidential in light of the nature of the information and/or circumstances of its disclosure.

 “Contract”: each contract (as defined in clause 2.1) between the Customer and Stone relating to the IT Asset Disposal Services.

“Controller Data”: means all data processed by the Data Processor on behalf of the Data Controller under the terms of this data processing agreement.

Customer Content”: any data, documents, text, drawings, diagrams, images or sounds (together with any database made up of any of these), embodied in any medium, that are provided to Stone by or on behalf of the Customer, in order to perform its obligations pursuant to a Contract.

Customer Materials”: any and all materials, other equipment (including cabling, network interfaces, power and power adapters) and software necessary for Stone to perform its obligations pursuant to a Contract, save to the extent the same is expressed to be supplied by Stone pursuant to the applicable Contract.

Customer Obligations”: the obligations described in clause 3.

Customer Personnel”: employees, directors and agents of the Customer, together with employees, directors and agents of any contractor undertaking activities on behalf of the Customer who are not Stone Personnel.

“Data Controller”: or “Controller” has the meaning set out in the Data Protection Legislation.

Data Processing Particulars”: the following details, as provided in the Order: (i) the subject matter, duration, nature and purpose of the Processing; (ii) the type of Personal Data being Processed; and (iii) the categories of Data Subjects.

“Data Processor”: or “Processor” has the meaning set out in the Data Protection Legislation.

Data Protection Legislation”: any law, statute, regulation, rule or other binding restriction regarding the protection of individuals with regards to the Processing of their Personal Data to which a party is subject, including the DPA and the GDPR (to the extent it remains applicable) and any code of practice or guidance published by the Information Commissioner’s Office from time to time.

“Data Sanitisation Capability Statement”: a document maintained by Stone setting out the current standards to which the business operates with regard to data erasure and destruction, a copy of which is set out in Appendix 1. 

Data Subject”: has the meaning set out in the Data Protection Legislation.

Default”: any act or omission of a party, or failure by a party to perform a relevant obligation under a Contract.

Deliverables”: all software code, documents, products and materials in any form: (i) developed by Stone or its agents, contractors and employees; and/or (ii) licensed by Stone to the Customer and its Affiliates, as part of or in relation to the performance of its obligations under a Contract, including all Intellectual Property Rights as may be embodied therein. “Delivery Location”: the relevant location identified in the Order Form (where applicable).

DPA”: the Data Protection Act 2018.

Effective Date”: in respect of the supply of Goods, the provision of a particular Service or licence of Software, the Effective Date for the same specified in the Order Form, or if none is specified, the effective date for the applicable Contract, or if none is specified, the Start Date of the applicable Contract.

Emergency Maintenance”: maintenance resulting from the identification of an issue requiring urgent resolution for reasons of safety, security, as mandated by Applicable Law or as Stone may otherwise determine using its own skill and judgment.

Goods”: the goods (or any Deliverables forming part of the provision of Services) set out in the Order Form (or any part of them).

Group”: each and every entity that directly or indirectly controls, is controlled by, or is under common control with a party, for so long as such control exists. In the case of companies and corporations, control means beneficial ownership of more than 50% of the voting stock, shares, interest or equity in an entity; in the case of any other legal entity, “control” and “controlled” shall exist through the ability to directly or indirectly control the management and/or business of the legal entity.

GDPR”: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and repealing Directive 95/46/EC (General Data Protection Regulation) OJ L 119/1, 4.5.2016, together with any implementation of the above into UK law. Any reference to “articles” are references to the GDPR.

Initial Services Term”: in respect of any element of the Services, the initial term for such element where specified in the Order Form, otherwise the Initial Term.

Initial Term” the period of time described as such in the Order Form.

Insolvency Event”: (a) the Customer suspends or threatens to suspend payment of its debts or is unable to pay its debts as they fall due or admits inability to pay its debts or is deemed unable to pay its debts under section 123 of the Insolvency Act 1986 or is deemed either unable to pay its debts or as having no reasonable prospect of so doing within the meaning of section 268 of the Insolvency Act 1986 or (if a partnership) has any partner to whom any of the above applies; (b) the Customer starts negotiations with all or any class of its creditors with a view to rescheduling any of its debts, or makes a proposal for/enters into any arrangement with its creditors; (c) a petition is filed, a notice is given, a resolution is passed, or an order is made, for/in connection with the winding up of the Customer; (d) the Customer is the subject of a bankruptcy petition or order; (e) a creditor or encumbrancer of the Customer attaches or takes possession of, or a distress, execution, sequestration or other process is levied or enforced on or sued against, the whole or part of its assets which is not discharged within 14 days; (f) an application is made to court, or an order is made to appoint an administrator, or notice of intention to appoint an administrator is given or an administrator is appointed over the Customer; (g) a floating charge holder over the assets of the Customer becomes entitled to appoint or has appointed an administrative receiver; (h) a person becomes entitled to appoint a receiver over the assets of the Customer or a receiver is appointed over the assets of the Customer; (i) any event analogous to those mentioned in (a)-(h) above in another jurisdiction.

 “Intellectual Property Rights”: patents, utility models, rights to inventions, copyright and related rights, trade marks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off, rights in designs, database rights, rights to use and protect the confidentiality of confidential information (including know-how and trade secrets), and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.

Location”: the location for performance of the applicable Services set out in the Order Form (if any), or any other location agreed between the parties in writing from time to time.

Minimum Spend” the minimum spend detailed in the Order Form either: (i) across all Services provided by Stone; or (ii) with respect to the specific Services to which a minimum spend applies, as stated in the Order Form.

Order”: Customer’s agreement to the terms of an Order Form, which may include a communication from the Customer to Stone agreeing to the terms such as clicking “Place Order” at the end of an email sent by Stone containing/referring to the Order Form or by submission of order details and/or collection request via an online portal.

Order Acceptance”: Stone’s acceptance of an Order, which shall consist of a communication from Stone to the Customer expressly accepting the Order.

Order Form”: In respect of IT Asset Disposal services, the Order Form shall constitute the collection request, whether submitted to Stone in hard copy, by email or via use of online portals, websites or the Stone 360 App.

Permitted Purpose”: the purpose of the Data Processing as set out in more detail in the Data Processing Particulars.

“Persistent Organic Pollutants”, or “POPs” shall refer to the chemicals identified in guidance published by the Environment Agency.

Personal Data”: has the meaning set out in the Data Protection Legislation.

“Personal Data Breach”: has the meaning set out in the Data Protection Legislation.

“Qualifying Asset”: core IT equipment in a working condition that is either a PC base, an All in One PC, a Laptop, a Smart Mobile Phone, a tablet, a Server or a Switch. Additional items may be included as a Qualifying Asset, by agreement, on a case by case basis.

Security Requirements”: the requirements regarding the security of the Personal Data, as set out in the Data Protection Legislation (including, in particular, the seventh data protection principle of the DPA and/or the measures set out in Article 32(1) of the GDPR (taking due account of the matters described in Article 32(2) of the GDPR) as applicable.

Service Credits”: in respect of a Service to be provided by Stone, the sums attributable to a failure of the Service Levels (if any), as set out in the Order Form or added by a change pursuant to Clause 21.2.

Service Credit Limit”: in respect of a Service to be provided by Stone pursuant to a Contract, the limit on the accrual of Service Credits (if any), as set out in the Order Form or added by a change pursuant to Clause 21.2.

Service Levels”: in respect of a Service to be provided by Stone pursuant to a contract, the service levels set out in section 11 of these Conditions.

“Services” shall refer to the IT Asset Disposal Services.

Services Specification”: in respect of the IT Asset Disposal Services, the specification shall be some or all of the services described in section 5 of these Conditions, as indicated on the Order Form.

Service Term”: the term for the provision of the applicable Services (or where different elements of the Services are to be provided for differing terms, the term for that element), as set out in the Order Form.

 “Sourcing Issue”: an inability on the part of Stone to source particular materials or resources (including Stone Personnel) on terms similar or identical to those available at the Effective Date (including due to exchange rate fluctuations, increases in taxes or duties) or a change in Applicable Law.

Standard Rates”: Stone’ standard rates for the ITAD Services as made available by Stone from time to time.

Start Date”: as defined in clause 2.1.

Stone Personnel”: Stone’ employees, directors and agents, together with employees, directors and agents of any contractor undertaking activities on behalf of Stone in relation to the performance of its obligations under the applicable Contract.

Subject Access Request”: an actual or purported subject access request or notice or complaint from (or on behalf of) a Data Subject exercising his rights under the Data Protection Legislation.

Term” the period described as such in clause 14.1.

“Third Party”: means a party who is neither a party to the Contract nor a Controller, Processor or Data Subject as the context dictates.

 “Year”: the period of 12 calendar months from the applicable Effective Date and each 12 calendar month period thereafter.

  1. Basis of Contract
    • Each Order Form constitutes an offer by the Customer to purchase the Services.
    • Each Order Form, in conjunction with these Conditions, shall constitute a Data Processing Agreement pursuant to the Data Processing Legislation.
    • Each Order constitutes an offer by the Customer to purchase the Goods and/or provide Services. Following receipt of an Order, Stone shall submit an Order Acknowledgement to the Customer, which shall form a contract subject to the terms of the applicable Order Form and these Conditions (“Contract”). Should the Order (or any other correspondence from the Customer) contradict in any way the Order Form or any of these Conditions (“Contradictory Terms”), such Contradictory Terms shall not be incorporated unless and to the extent that a revised Order Form is issued incorporating any of the Contradictory Terms. A Contract shall come into existence immediately following the sending of an Order Acknowledgement to the Customer (“Start Date”).
    • After the Start Date, a Contract may not be terminated except in accordance with its terms.
    • Unless expressly stated to the contrary in the relevant Order Form (or otherwise agreed in writing by Stone), each Order Form is only valid for 30 days from its date of issue.
    • If there is an inconsistency between any of the provisions of a Contract, the following descending order of priority shall apply: (i) the Order Form itself; and then (ii) these Conditions.
    • Each party warrants that: (i) it has full capacity to enter into and perform its obligations under a Contract; and (ii) each Contract is executed by a duly authorised representative of that party.
    • The warranties set out at clause 2.7 above are deemed to be repeated by each party in respect of a Contract on the applicable Start Date for the same.
    • In consideration for the payment of the Charges, Stone will provide the Services in accordance with the Contract, from the applicable Effective Date.
  2. CUSTOMER Obligations
    • The Customer shall:
      • provide all necessary co-operation reasonably required in relation to a Contract;
      • provide such assistance from the Customer Personnel as may be reasonably requested by Stone from time to time;
      • ensure that the terms of each Contract (including any specification) are complete and accurate;
      • respond promptly to any request for a decision, guidance, information or instruction which Stone may submit in relation to a Contract from time to time;
      • not to do or permit anything to be done that will or may damage the business, reputation, image and/or goodwill of Stone;
      • comply with the Acceptable Use Policy (if any);
      • only use the Services for lawful purposes and shall not use the Services: (i) in any way that breaches any Applicable Law; (ii) in any way that is unlawful or fraudulent, or has any unlawful or fraudulent purpose or effect; (iii) for the purpose of harming or attempting to harm minors in any way; (iv) to send, knowingly receive, upload, download, use or re-use any material which infringes the copyright, database right or trade mark of any other person, promotes violence or discrimination or otherwise advocates, promotes or assists any unlawful act; (v) to transmit, or procure the sending of, any unsolicited or unauthorised advertising or promotional material or any other form of similar solicitation (spam); (vi) to knowingly transmit any data, send or upload any material that contains Harmful Code; and (vii) to (and shall not attempt to) probe, scan, penetrate or test the vulnerability of any systems or networks of Stone or to breach any of Stone’ security or authentication measures, whether by passive or intrusive techniques, without Stone’ prior written consent;
      • comply with any and all obligations set out in the Order Form, including the applicable Goods Specification/Services Specification;
      • ensure that there are in place all necessary consents, licences and permissions required to permit Stone to access and use all the Customer Content and Customer Materials and any other items as may be appropriate in connection with each and every Contract; and
      • be solely responsible for procuring and maintaining its network connections and telecommunications links from its systems to Stone’ data centres (or, where appropriate, the third-party portal through which Stone provides Services to the Customer).
    • The Customer shall only provide Stone with devices the Customer has legal title to. By including devices in a collection, the Customer is confirming both title to the asset and the data residing on the device. The Customer agrees to indemnify (and keep indemnified) Stone against any losses, liabilities and increased administration, professional and legal costs on a full indemnity basis suffered by Stone (without set-off, counterclaim and/or reduction) arising out of or in connection with any claim by a third party relating to title to either devices or data provided to Stone by the Customer whether or not such losses were foreseeable or foreseen at the date of the Contract.
    • The Customer, acting as Controller, shall instruct Stone in writing using methods as set out in clauses 19.4 and 19.5. If required, the Customer may issue instructions verbally by telephone and Stone will act upon all reasonable instructions received. In such circumstances, the Customer must issue written confirmation of such verbal instructions at the first available opportunity.
    • The Customer accepts that the WEEE Directive confers upon it a Duty of Care for the handling and storage of WEEE that will afford maximum re-use potential as a complete appliance.
    • The Customer will provide, through the on-line collection booking system provided by Stone, accurate counts of assets to be collected, in order that suitable transport be arranged and collection documentation accurately generated. Any additions or alterations must be notified to Stone at least 24 hours prior to the scheduled collection to allow the transport proposed to be re-appraised and consequential documentation changes to be made. Additions will not be accepted without prior notification.
    • The Customer will collect and store notified ssets for collection, in an easily accessible ground floor location that is without any access, parking or loading restrictions. Assets should be stored in a manner conducive with verification counts prior to loading onto Stone vehicles. The Customer must also provide Stone with the name and contact details of an employee duly authorised to sign collection and waste transfer documentation.
    • The Customer must verify with collection staff, the assets which have been transferred to for processing, in order that full traceability of assets can be maintained. This is of legal importance for all assets holding Personal data. Stone accepts no liability for reported differences in asset quantities if these were not verified and agreed at the point of collection.
    • The Customer shall inform Stone if it is not permissible for their collection to be made as a part of a multi-point collection. Stone will ensure that all multi-point collections are clearly segregated in transport.
    • The Customer shall inform Stone if it is not acceptable for the collection to be made by a single driver.
    • Non-standard items (for which no category exists on the Order Form) shall be notified to Stone with as much supporting information as possible to enable Stone to appraise their suitability for collection and processing, Stone will tariff them on a case-by-case basis.
    • The Customer shall remove (if deployed) BIOS Passwords prior to collection or supply Stone with the password; in order that relevant equipment can be accessed for data erasure.
    • The Customer shall ensure that data media such as SD Cards, CDs, USB Sticks & Hard Copy documents; which it intends to retain are removed from assets for collection. Stone will data cleanse or destroy all data bearing media (without further reference to the Customer); found in the collected assets and in accordance with the Data processing agreement.
  3. GENERAL TERMS APPLICABLE TO IT ASSET DISPOSAL Services
    • The terms of this clause 4 apply with respect to any IT Asset Disposal Services supplied pursuant to a Contract.
    • During the applicable Services Term, Stone shall provide the applicable IT Asset Disposal Services to the Customer in accordance with the Services Specification in all material respects.
    • Stone shall use reasonable endeavours to observe all health and safety and security requirements that apply at the Customer's premises and that have been communicated to it in advance of the provision of the ITAD Services, provided that it shall not be liable under the Contract if, as a result of such observation, it is in breach of any of its obligations under the Contract.
    • Stone will use its reasonable endeavours to supply all relevant ITAD Services in accordance with any performance metrics set out in the Order Form in respect of such ITAD Services.
    • In respect of the ITAD Services, Stone shall use reasonable endeavours to meet any performance dates specified in the Services Specification, but any such dates are estimates only and time is not of the essence for the performance of the ITAD Services.
    • Stone shall have the right to make any changes to the ITAD Services which: (i) improve the nature or quality of the ITAD Services; (ii) are necessary to comply with Applicable Law; (iii) result from a Sourcing Issue; or (iv) do not materially negatively affect the nature or quality of the ITAD Services, and Stone shall notify the Customer in any such event. Such notification shall include any variations to the Charges which Stone reasonably considers to be necessary in light thereof.
    • Where there is a Default on the part of the Customer, Stone (without limiting its other rights or remedies) may suspend performance (and is relieved from its performance obligations) until the Customer remedies the same.
  4. IT Asset disposal Services
    • The IT Asset Disposal service provided by Stone shall comprise one or more of the services set out in 5.2 to 5.5 below:
    • Administration
      • Provision of online collection request system
      • Supply of collection notes & transfer of asset ownership forms
      • Supply of relevant waste transfer and/or hazardous consignment notes where applicable
      • Organisation of collections on agreed date(s) from agreed location(s)
      • Issue of Certificate of Disposal
      • Issue of Asset Management Report, when requested by Customer, as a chargeable report.
    • Transport
      • Secure collection and transportation of IT assets
      • Collection drivers background checked and using GPS tracked vehicles fitted with driver panic alarms, deadlocks, CCTV, phones, vehicle immobiliser and alarm
      • Delivery of IT assets to processing facility
    • Data Processing
      • Identification of all data bearing media collected
      • Full traceability of data bearing media throughout process
      • Erasure of data and/or physical destruction of data media collected, as appropriate
      • 25 working day SLA from collection to point of data erasure/media destruction
    • Asset Recycling
      • Refurbishment and repurposing of all viable data cleansed assets
      • Recycling of materials from non-reusable assets
    • POPs (Persistent Organic Pollutants) disposal
      • In accordance with The Persistent Organic Pollutants (Various Amendments) Regulations 2019 and the Environment Agency guidance thereon, any electrical and electronic equipment manufactured prior to 1st January 2009 must be considered as containing POPs.
      • Disposal of waste containing POPs requires a specialist disposal method as defined by the Environment Agency and is therefore a chargeable service.
    • The Asset Management Report will capture the following information unless alternative content is separately agreed between the parties; controller asset tags or other identifying references, equipment make, model, serial number and specification/configuration, hard drive serial number. The Customer shall confirm the Asset Management Report is required by completing the relevant tick box when requesting an IT asset collection.
    • Stone will ensure that all collections are facilitated using a vehicle from its fleet that meets ADISA requirements.
    • The means of data disposal shall vary dependent upon the media type as as detailed in the Data Sanitisation Capability Statement.
    • Standard data cleansing involves a single pass baseline erasure.
    • 6mm shredding of magnetic and solid state hard drives is available on request as a chargeable extra.
    • Personal Data transferred to Stone in relation to the administration of a client’s account will be retained and disposed of as set out in the Privacy Notice, available at https://www.stonegroup.co.uk/privacy-policy/. The Customer is responsible for ensuring Personal Data held on IT assets or media upon which ITAD services will be performed remains confidential by way of data encryption and/or device/media security
    • Transfer of ownership of the assets for disposal shall pass to Stone at the point of collection. All data held on collected assets remains the property of the Customer; who bears legal responsibility for it as the Data Controller, as defined by the Data Protection Legislation.
    • The Customer acknowledges and agrees that assets that fail the data cleansing process may be transferred to either an ADISA or ADISA sanctioned Third Party for repair and subsequent wiping. This may result in an extended SLA for data erasure/destruction.
  5. Charges
    • Stone shall provide the standard IT Asset Disposal service, as described more fully in section 5 of these Conditions, on a cost neutral basis provided that a minimum of 25 Qualifying Assets are made available for collection each time Stone attends a Customer site. Should less than 25 Qualifying Assets be made available, Stone reserves the right to charge the Customer at its Standard Rates.
    • Where no price has been quoted for a Chargeable ITAD Service, it shall be:
      • the price set out in Stone’s published price list as at the date of delivery of the relevant Goods or the Start Date for performance of the relevant Services; or
      • where applicable in respect of Services, on a time and materials basis in accordance with the Standard Rates.
    • If it is reasonably apparent that any of the pricing in the Order Form is incorrect (“Obvious Pricing Error”), the Customer must notify Stone of the same. When Stone becomes aware of an Obvious Pricing Error, it shall promptly notify the Customer of the error together with the correct price (“Correct Price”). Following notification of the Correct Price, such price shall apply in place of the Obvious Pricing Error. If the Customer objects to the Correct Price, it may terminate the relevant Contract on written notice to Stone.
    • Where a failure of the Customer to comply with its obligations in the Contract (including those set out in these terms and conditions as well as the Order Form) results in additional costs for Stone and/or wasted time, Stone may charge the Customer for the same on a time and materials basis. In order to calculate the same, Stone’ Standard Rates shall apply unless other rates are specified in the Order Form.
    • Unless otherwise specified to the contrary in the applicable Order Form, Stone will invoice the Customer monthly in arrears for any chargeable ITAD Services.
    • If Services have not been performed as a result of the acts or omissions of the Customer, Stone may invoice the same on the date upon which delivery/performance was attempted.
    • The Customer shall pay each invoice which is properly due and submitted to it by Stone within 30 days of invoice date to a bank account nominated in writing by Stone. If Stone has not received a payment which is validly due within such period, and without prejudice to any other rights and remedies it may have (but subject to any Applicable Law in force at the time which restrict or exclude the same):
      • Stone may charge interest on a daily basis on such due amounts at an annual rate equal to 4% over the then current base lending rate of Barclays Bank from time to time, commencing on the due date and continuing until fully paid, whether before or after judgment. Such interest shall accrue on a daily basis and be compounded quarterly; and
      • Stone may charge an administrative fee determined according to the value of the payment not received, calculated as follows:

Value of payment not received

Administrative fee

Up to £999.99

£40

£1,000 to £9,999.99

£70

£10,000 or more

£100

  • All Charges stated or referred to in a Contract are exclusive of:
    • value added tax or other sales taxes, which shall be added to Stone’ invoice(s) at the appropriate rate; and
    • all packing, insurance and transport costs, which shall be paid by the Customer (unless the same is expressly stated to be included within the price in the Order Form).
  • Stone may, without limiting its other rights or remedies, set off any amount owing to it by the Customer or any Affiliate against any amount payable by Stone to the Customer.
  1. Intellectual Property
    • Stone warrants that it has, and will continue to have, all necessary rights in and to any and all Intellectual Property Rights that it purports to grant to the Customer pursuant to a Contract. The Customer warrants to Stone that Stone's possession and use in accordance with this agreement of any materials (including third-party materials supplied by the Customer to Stone) shall not cause Stone to infringe the rights, including any Intellectual Property Rights, of any third party.
    • The Customer acknowledges and agrees that Stone and/or its licensors own all Intellectual Property Rights in the ITAD Services.
    • Except as expressly stated herein, these Conditions do not grant the Customer any Intellectual Property Rights or any other rights or licences to, in or in respect of the Goods, Services, Reseller Software or any related documentation.
    • Stone acknowledges and agrees that the Customer and/or its licensors own all Intellectual Property Rights in the Customer Content. Except as expressly stated herein or as is necessary to perform Stone’ obligations under a Contract, these Conditions do not grant Stone any Intellectual Property Rights or any other rights or licences to or in respect of any Customer Content.
    • Nothing in these Conditions shall be construed so as to prevent Stone from using in the furtherance of its own business general know-how or expertise gained in its performance of a Contract, provided that any such use does not constitute or result in a disclosure of any Confidential Information in breach of clause 8 or infringement of any Intellectual Property Rights.
  2. Confidentiality
    • Each party may be given access to Confidential Information from the other party, any member of its Group or any of its Affiliates in order to perform its obligations under a Contract. A party's Confidential Information shall not include information that:
      • is or becomes publicly known other than through any act or omission of the receiving party;
      • was in the other party's lawful possession before the disclosure;
      • is lawfully disclosed to the receiving party by a third party without restriction on disclosure; or
      • is independently developed by the receiving party, which independent development can be shown by written evidence.
    • Subject to clause 4 below, each party shall hold the other's Confidential Information (including any such information originating from any of its Affiliates or any other member of its Group) in confidence and, unless required by law, not make the other's Confidential Information available to any third party, or use the other's Confidential Information for any purpose other than the performance of its obligations under a Contract.
    • Each party shall take all reasonable steps to ensure that the other's Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of these Conditions, save to other members of its Group, its Affiliates, or its professional advisors.
    • A party may disclose Confidential Information to the extent such Confidential Information is required to be disclosed by law, by any governmental or other regulatory authority or by a court or other authority of competent jurisdiction, provided that, to the extent it is legally permitted to do so, it gives the other party as much notice of such disclosure as possible and, where notice of disclosure is not prohibited and is given in accordance with this clause 4, it takes into account the reasonable requests of the other party in relation to the content of such disclosure.
    • Neither party shall be responsible for any loss, destruction, alteration or disclosure of Confidential Information caused by any unconnected third party.
    • Data residing on the assets remains the property of the Customer until such time as the data is securely erased or the data bearing components of the assets are destroyed pursuant to Stone fulfilling its obligations under this Contract.
    • Stone may publicise its involvement with the Customer for its own marketing purposes, and any such publication shall not constitute an unlawful disclosure of Confidential Information for the purposes of this clause 8.
  3. Data Protection Arrangements
    • The parties acknowledge that the factual arrangement between them dictates the classification of each party in respect of the Data Protection Legislation. However, the parties anticipate that the Customer shall act as a Controller and Stone shall act as a Processor and in any such case:
      • Stone shall be a Controller where it is collecting and using Personal Data in relation to administration of the Contract and the management of its Customer accounts; and
      • Stone shall be a Processor where it is Processing Personal Data in relation to the Data Processing Particulars in connection with performing its obligations under a Contract.
    • Stone shall comply with, and shall procure that any Affiliates comply with, the provisions of the Data Protection Legislation in relation to all Personal Data that is Processed by it in connection with a Contract. Any Affiliate acting as a sub-processor on behalf of Stone shall be engaged on terms set out in a written contract setting out the obligations of the respective parties. Stone shall remain responsible to the Data Controller for a sub-processor’s data protection obligations.
    • Stone shall be permitted to appoint Third Party sub-contractors, and to disclose Personal Data to them for Processing in accordance with the relevant Contract, provided always that the sub-contractor's right to Process the Personal Data terminates automatically on expiry or termination (for whatever reason) of the relevant Contract for which the sub-contractor was engaged.
  4. Data Processing Obligations
    • To the extent that Stone is acting as a Processor for and on behalf of the Customer, it shall:
      • Process Personal Data for and on behalf of the Customer for the purposes of performing its obligations under a Contract, and only in accordance with the terms of that Contract and any documented instructions from the Customer;
      • notify the Customer if it becomes aware that any of the Customer's written instructions infringe the Data Protection Legislation;
      • implement and maintain appropriate technical and organisational security measures to guard against the possibility of loss, destruction or unauthorised access to personal data owned by the Customer;
      • take all reasonable steps to ensure the reliability and integrity of any Stone Personnel who shall have access to the Personal Data;
      • ensure that access to the Personal Data is restricted to only those members of Stone’ Personnel who require it in order to discharge Stone’ obligations under a Contract;
      • make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in the Data Protection Legislation and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer, at the Customer’s expense;
    • The parties acknowledge and agree that the nature of the Services provided under a Contract means that any personal data provided to Stone will be corrupted, erased, or otherwise put beyond reasonable recall. As such, Stone shall not be liable for the destruction of any personal data relating to a data subject who has made a request relating to the exercise of his or her legal rights, nor shall Stone be compelled to assist in the reconstitution or retrieval of that personal data.
    • The Processor shall process the Controller Data exclusively on behalf of and on the instruction of the Controller in accordance with the Data Processing Legislation. All processing activities will take place in the United Kingdom.
    • The following sets out the scope and purpose of data processing undertaken by Stone in performing ITAD Services. Should the Customer be aware of any additional categories or purposes, the Customer is required to identify same to Stone in advance of the commencement of delivery of ITAD Services.

Type of Controller Data

Personal data

Data Subject Categories

Employees, public, customers, suppliers, students, children

Purpose of Processing

Secure erasure of data held on IT equipment or media or destruction of equipment or media where erasure is not achievable

Duration of Processing

 Processed within 25 working days of arrival at the processing facility

  • Where Stone becomes aware (or reasonably should have become aware) of an actual or suspected Personal Data Breach, it shall:
    • notify the Customer without undue delay, including details of how the Personal Data Breach occurred and what Personal Data may have been compromised;
    • implement any measures necessary to restore the security of compromised Personal Data; and
    • assist the Customer to make any notifications to the UK Information Commissioner’s Office and affected Data Subjects.
  • Except to the extent required by Applicable Law, upon the termination of a Contract for any reason, or earlier if instructed in writing by the Customer to do so, Stone shall cease Processing all Personal Data and return and/or permanently and securely destroy so that it is no longer retrievable (as directed in writing by the Customer) all Personal Data and all copies in its possession or control (and it shall provide the Customer with a certificate signed by a duly authorised representative confirming it has done so). Where the Customer makes any such request prior to the termination of a Contract, and it serves to hinder or prevent Stone’ obligations thereunder, the Contract shall continue despite such reduced performance, and the Charges which have been paid or which will become payable shall not be affected thereby.
  1. SECURITY OF PROCESSING AND SERVICE LEVELS
    • Stone warrants that it undertakes appropriate technical and organisational measures to ensure a suitable level of protection for the Controller Data corresponding to the risk. This must be in consideration of the state of the art, implementation costs and the type, scope, circumstances, and aims of the processing as well as the varying likelihood of occurrence and severity of the risk to the rights and freedoms of data subjects. These measures include, inter alia, the following:
      • The pseudonymisation and encryption of data;
      • The ability to permanently ensure the confidentiality, integrity and availability of the systems, services and Controller Data in connection with the processing;
      • A process for the regular review, assessment, evaluation and evidence of the effectiveness of the technical and organisational measures for the purposes of ensuring the security of the processing.
    • Stone undertakes that it will, prior to the commencement of the processing of the Controller Data, provide evidence to Controller, upon request, that it has taken the appropriate technical and organisational measures to protect the data which is being processed. This evidence could be the accreditation of its Data Processing Service by an industry recognised accreditation scheme. Stone undertakes to maintain these during the term of the Contract.
    • Stone undertakes that as technology and threats evolve, by means of continual assessment, the technical and organisational measures in place will be assessed for appropriateness. Because of this assessment Stone is permitted to implement alternative, adequate measures, if they do not fall below the security level of the measures agreed at the start of the Contract. Any alternative measures are subject to the prior clauses of this agreement and evidenced to Controller as per 11.1 and 11.2.
    • Stone aims to meet the Service Levels defined below:

Description

Service level

All collection requests acknowledged within 48 hours of receipt

95%

Reply to a standard query within 24 hours

95%

Standard collections to be undertaken within 10 working days

95%

Issue of Certificate of Disposal within 5 working days of disposal

95%

Processing completed within 25 working days of receipt of device at processing facility

95%

Issue of Asset Management Report (when requested) within 5 working days of processing

95%

  • Performance is monitored by Stone in order to ensure its service meets the defined Service Levels. The Customer may request up to one review meeting in each calendar month to review performance.
  • Notification of complaints in respect of Service Levels should in the first instance be raised with the Stone administration contact identified in section 19.
  1. FREEDOM OF INFORMATION ACT
    • If the Customer receives a request under the Freedom of Information Act 2000 (“FOIA”) or any similar legislation which may require the disclosure by it of any information it holds relating to Stone (whether or not such information is Confidential Information), the Customer will immediately notify Stone of:
      • the request;
      • the Customer’s opinion as to whether or not any information relating to Stone might be disclosed;
      • whether (and, if so, when) the Customer intends to make the disclosure. If the Customer does not initially intend to make the disclosure, but later changes its mind, the Customer shall immediately notify Stone.
    • The Customer agrees that it will not disclose any information relating to or provided by Stone where one of the exemptions to the obligations to provide information under FOIA (or any similar legislation) applies.
    • The Customer will provide Stone with at least 10 Business Days’ written notice that it intends to disclose any information, prior to disclosing any information under FOIA (or any similar legislation).
    • The Customer agrees to keep Stone informed as to the progression of any request to which this clause 12 relates.
    • If the Customer requires Stone’s assistance in dealing with a request the Customer may receive under FOIA or any similar legislation, the Customer agrees to pay Stone its reasonable costs incurred in assisting the Customer, including payment for both personnel time spent in providing the assistance and any disbursements and expenses Stone incurs.
  2. Limitation of Liability
    • All representations or warranties (whether written or oral, express or implied by statute, common law or otherwise) apart from those expressly set out in these Conditions are hereby excluded. In particular, but without prejudice to the generality of the foregoing, Stone makes no representation or gives any warranty (whether express or implied, statutory and/or otherwise), and will have no liability, regarding the fitness of the Goods, Services or Licensed Software for any purpose, whether or not such purpose is disclosed to Stone.
    • The following provisions set out the entire financial liability of either party (including any liability for the acts or omissions of its employees, agents and sub-contractors) to the other in respect of:
      • any breach of these Conditions and any Contract howsoever arising; and
      • any representation, misrepresentation (whether innocent or negligent), statement or tortious act or omission (including negligence) arising under or in connection with a Contract.
    • Nothing in these Conditions shall limit or exclude Stone’ or the Customer’s liability for:
      • death or personal injury caused by its negligence, or the negligence of its employees, agents or sub-contractors;
      • fraud or fraudulent misrepresentation; and
      • any other liability which cannot be limited or excluded by Applicable Law.
    • In the event of a Default by Stone, Stone’ liability in respect of loss or damage to tangible property of the Customer shall not exceed £100,000.
    • Subject to clauses 3 and 13.4, Stone’ liability in respect of direct loss or damage under a Contract in any 12 month period shall not exceed the higher of:
      • a sum equal to the total Charges paid and payable to Stone by the Customer under such Contract during the period of 12 months immediately prior to the event giving rise to the claim, or
      • £500,000,

however that liability arises including breach of contract, tort, misrepresentation or breach of statutory duty.

  • Subject to clause 3, in no event will Stone be liable to the Customer (whether in contract, tort, negligence or otherwise):
    • for any loss whatsoever (including loss of data or losses arising from breach of confidentiality) resulting from the performance of the ITAD Services, provided such services have been performed materially in accordance with the Services Specification;
    • for any damage caused by errors or omissions in any information, instructions or scripts provided to Stone by the Customer, or any actions taken by Stone at the Customer's direction;
    • for any loss not flowing directly and naturally in the ordinary course of events from its own act or omission;
    • for any loss of profit, revenue, use, anticipated savings, data, goodwill or opportunity or damage to reputation;
    • for any indirect, special or consequential loss or damage;
    • to the extent that any delay in performing or failure to perform Stone’ obligations is due to a failure by the Customer to perform its own obligations under a Contract or if delay results from a failure by the Customer to comply with reasonable requests by Stone for instructions, information or action required by it to perform its obligations within a reasonable time; or
    • for the consequences of any acts or omissions of the Customer or the Customer Personnel.
  1. Term and Termination
    • Each Contract shall commence on the Effective Date and continue for the duration stated in the relevant Order (or until the delivery of Goods/performance of Services has been completed) (the “Initial Term”) unless terminated in accordance with its terms.
    • Without prejudicing any other right or remedy available to it, either party may terminate the relevant Contract with immediate effect by giving written notice to the other party if:
      • the other party fails to pay any amount due under the Contract on the due date for payment and remains in default not less than 10 Business Days after being notified in writing to make such payment;
      • the other party commits a material breach of any other term of the Contract which breach is irremediable or (if remediable) fails to remedy it within a period of 10 Business Days after being notified in writing to do so (this clause 2.2 only applies if Service Credits are not applicable); or
      • the other party repeatedly breaches any of the terms of the Contract in such a manner as to reasonably justify the opinion that its conduct is inconsistent with it having the intention or ability to give effect to the terms under the Contract.
    • Without prejudicing any other right or remedy available to it, Stone may terminate any Contract should an Insolvency Event occur.
    • Without prejudicing any other right or remedy available to it, Stone may terminate any Contract with immediate effect by giving written notice to the Customer if there is a change of control of the Customer (within the meaning of section 1124 of the Corporation Tax Act 2010).
    • Without prejudicing any right to terminate which Stone may have, Stone will be entitled to suspend any Services without notice if:
      • there is a Default on the part of the Customer; or
      • any of the events set out in clauses 2, 14.3 or 14.4 occur in relation to the Customer.
    • Stone may rely on the suspension to relieve it from the performance of any of its obligations in each case to the extent the suspension prevents or delays the performance by Stone of any of its obligations and Stone shall not be liable for any costs or losses sustained or incurred by the Customer arising directly or indirectly from any failure or delay by Stone to perform any of its obligations as set out in this clause. Stone shall during the period of any suspension be entitled to refuse to release any IP Address used by the Customer allocated by Stone.
    • Where Stone acquires the right to terminate or suspend Services under a Contract pursuant to this clause14, such right shall extend to any other Contracts concluded between the parties incorporating these Conditions, whether prior or subsequent to the Contract under which the right of termination or suspension has arisen.
    • The Customer may terminate the Contract immediately if there is an Obvious Pricing Error as detailed in Clause 3.
  2. Consequences of Termination
    • On termination for any reason:
      • all rights granted to the Customer under the Contract shall cease;
      • for the avoidance of doubt, all rights granted to the Customer under any End-User Agreement shall continue in accordance with the terms of that agreement;
      • the Customer shall cease all activities authorised by the Contract; and
      • the Customer shall immediately pay any sums due to Stone (including sums on a time and materials basis for any work in progress) without set off or deduction.
    • Subject to Stone’ obligations with respect to any other Contract which remains in force:
      • each party shall return and make no further use of any equipment, property, documentation and other items (and all copies of them) belonging to the other party; and
      • provided all sums due to Stone’s Group from Customer’s Group have been paid, Stone shall make available to the Customer via Stone’ FTP site all Customer Materials in a commonly-readable electronic format for a period of no more than 6 days following termination. After such period, Stone may permanently delete all Customer Materials residing on its systems.
  1. use of third parties
    • Stone reserves the right to utilise the services of Third Parties when providing the ITAD Services. Any such Third Parties so utilised will either hold accreditation against the ADISA standards or in the case of non ADISA accredited third parties, their operational procedures will be rigorously audited by Stone and sanctioned by ADISA in order to be included on the approved supplier list.
    • The following are specific areas in which Stone currently utilises Third Parties:

Area

Details

Transport services

In periods of high demand, Stone will utilise the services of a professional transport company operating a fleet of vehicles featuring levels of security commensurate with our own standards.

  • Details of current Third Parties used by Stone in delivering ITAD Services will be provided to the Customer upon request.
  1. assignment
    • Neither party may freely assign, sub-contract, charge or otherwise deal in any other manner with all or any of its rights or obligations under a Contract without the consent of the other party, such consent not to be unreasonably withheld or delayed.
    • The Customer agrees that it shall co-operate and undertake all matters at Stone’s cost and expense that are necessary to novate or assign any Contract or any parts thereof to any third party when requested to do so by the Customer.
  2. Force Majeure
    • Neither party shall be in breach of a Contract nor liable for delay in performing, or failure to perform, any of its obligations under that Contract if such delay or failure results from events, circumstances or causes beyond its reasonable control, including strikes; lock-outs or other industrial disputes (except with respect to that party's own employees); acts of God; war; riot; civil commotion; compliance with any law or governmental order, rule, regulation or direction; accident; fire, flood, storm, epidemic or pandemic. In such circumstances the affected party shall be entitled to a reasonable extension of the time for performing such obligations, provided that if the period of delay or non-performance continues for 2 months, the party not affected may terminate the relevant contract (together with any other Contract between the parties) by giving 10 Business Days' written notice to the other party.
  3. Notices
    • Stone contacts relevant to the ITAD Services are:

Data Protection Officer

Mark Adamson ([email protected])

Commercial Contracts Director and DPO

Recycling Administration

Becky Akers  ([email protected])

Recycling Co-ordinator

  • The Customer should provide contact names and email addresses for equivalent roles to those described above in the Customer’s organisation, with 10 working days of an Order Form being submitted.
  • Any changes to named contacts should be communicated to the other party at the earliest available opportunity.
  • A notice given pursuant to the Contract shall be in writing, addressed to the place of business of the relevant party, directed to the named individuals appropriate to the matter being communicated and shall be: (i) delivered personally; (ii) sent by e-mail; or (iii) sent by pre-paid special delivery.
  • A notice is deemed to have been received:
    • if delivered personally, at the time of delivery;
    • in the case of e-mail, at the time of transmission, provided a delivery notification is obtained evidencing delivery of the email; and
    • in the case of special delivery, the date on which delivery takes place, as evidenced by the acknowledgement from the Royal Mail,

provided that, if receipt is not within Normal Business Hours on a Business Day, delivery shall be deemed to be when business next starts in the place of receipt.

  1. Dispute Resolution
    • If a dispute arises out of or in connection with these Conditions or the performance, validity or enforceability of a Contract (a “Dispute”) then the parties shall follow the procedure set out in this clause 20:
      • either party shall give to the other written notice of the Dispute, setting out its nature and full particulars (a “Dispute Notice”), together with relevant supporting documents. On service of the Dispute Notice, the parties shall attempt in good faith to resolve the Dispute; and
      • if the parties are for any reason unable to resolve the Dispute within 20 Business Days from service of the Dispute Notice, the parties will attempt to settle it by mediation in accordance with the CEDR Model Mediation Procedure. Unless otherwise agreed between the parties, the mediator shall be nominated by CEDR Solve. To initiate the mediation, a party must serve notice in writing (an “ADR Notice”) to the other party to the Dispute, requesting mediation. A copy of the ADR Notice should be sent to CEDR Solve. The mediation will start not later than 10 Business Days after the date of the ADR Notice.
    • If the Dispute is not resolved within 1 month of the mediator’s appointment, then either party may commence Court proceedings, but provided that nothing in this clause 2 shall prevent either party from either continuing with any means of alternative dispute resolution as may be agreed in writing from time to time, or seeking an injunction or other interim relief at any time if it reasonably believes such action is necessary to prevent irreparable damage.
  2. General
    • A natural or legal person who is not a party to the Contract shall have no rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any of its terms. This clause does not alter any right or remedy of any person which exists or is available otherwise than pursuant to that Act.
    • Variations:
      • Except as set out in these Conditions, any variation, including the introduction of any additional terms and conditions, to the Contract shall only be binding when agreed in writing and signed by Stone.
      • A waiver of any right is only effective if it is in writing and shall not be deemed to be a waiver of any subsequent breach or Default. No failure or delay by a party in exercising any right or remedy under the Contract or by law shall constitute a waiver of that or any other right or remedy, nor preclude or restrict its further exercise. No single or partial exercise of such right or remedy shall preclude or restrict the further exercise of that or any other right or remedy. Unless specifically provided otherwise, rights arising under the Contract are cumulative and do not exclude rights provided by law.
    • The construction, validity and performance of each Contract shall be governed by the laws of England and Wales and the parties submit to the exclusive jurisdiction of the English Courts.
    • No delay or omission by the Customer in exercising any of its rights or remedies under a Contract or under any Applicable Law on any occasion shall be deemed a waiver of, or bar to, the exercise of such right or remedy or any other right or remedy upon any other occasion.
    • In the event that any provision of a Contract shall be void or unenforceable by reason of any provision of Applicable Law, it shall be deleted and the remaining provisions hereof shall continue in full force and effect and, if necessary, be so amended as shall be necessary to give effect to the original intent of the Contract so far as possible.
    • Nothing in a Contract is intended to, or shall be deemed to, constitute a partnership or joint venture of any kind between the parties, nor constitute any party the agent of the other party for any purpose. No party shall have authority to act as agent for, or to bind, the other party in any way.
    • Each party undertakes to the other that it will not, and will procure that its employees will not, in the course of performing its obligations under a Contract, knowingly engage in any activity which would constitute a breach of the Bribery Act 2010 and that it has in place a compliance programme designed to ensure compliance with the terms of the Bribery Act 2010 and has and will maintain in place, adequate procedures designed to prevent any of its third party contractors or sub-contractors from undertaking any conduct that would give rise to an offence under the Bribery Act 2010.

 

Appendix 1: Data Sanitisation Capability Statement

In order to remain up to date with technical developments, Stone reserves the right to change the content of this Statement from time to time. The most current version will be available upon request.