Email issue
We are currently experiencing problems with emails not being sent from forms on the website. We are working on a solution for this.
When taking personal information as part of a booking process, you become a data controller (referred to as a Controller below), and take on legal responsibilities around protecting that data. Use this page to understand the role and the formal agreement you are entering into with Bikeability.
After making a Bikeability cycle training booking, you'll receive an email from the Bikeability Project Manager, confirming the training session dates for your school. You will need to respond by email, confirming your acceptance of the sessions offered. In sending your acceptance, you are entering into the data sharing agreement below. The agreement becomes effective when we receive your confirmation email.
Select any topic to read in detail what is involved.
The First Controller is B&NES Council Bikeability Team and the Second Controller is the school confirming a Bikeability training with B&NES Council Bikeability Team.
The following document reflects the arrangements that have been agreed and are detailed in the terms and conditions of business and the contractual agreement. The following document forms part of this agreement and has been put in place to facilitate the sharing of personal information between the parties.
This agreement allows for data to be shared between the parties and to be processed by the parties for the stated purposes and in accordance with the obligations set out in this agreement. The agreement sets out the framework for the sharing of personal data between the parties as data controllers and defines the principles and procedures that the parties shall adhere to and the responsibilities of the parties to each other. This agreement may be amended from time to time upon written agreement between the parties when deemed necessary.
Under this Agreement, both Parties acknowledge and agree that they will each process personal data independently as separate controllers.
Some terms in this Agreement have very specific meanings, as follows:
Each Party shall nominate a single point of contact within the organisation who can be contacted in respect of queries or complaints, this person being accountable for the processing activities.
First Controller
Role: Bikeability Project Manager at B&NES Council
Contact Details: bikeability@bathnes.gov.uk
Second Controller
Role: Headteacher or Deputy Headteacher
Contact Details: School contact details available on school’s website
When processing personal data, the Parties shall (and shall procure that any of their staff involved in connection with the activities under this Agreement shall) at all times:
comply with the provisions and obligations imposed on them by the Data Protection Laws at all times when processing Personal Data in connection with this Agreement, including all relevant notification requirements contained therein.
If either Party materially breaches the obligations set out in this Agreement, and, if remediable, such breach is not remedied within 30 days, the other Party shall be entitled to terminate this Agreement upon immediate effect.
General Obligations
Neither party shall retain or process Shared Personal Data for longer than is necessary to carry out the Agreed Purposes subject to its obligation to continue to retain Shared Personal Data in accordance with any statutory or industry or professional retention periods applicable under the Data Protection Legislation.
When the Parties are acting as data controllers separately or jointly, and in accordance with relevant Data Protection Laws or any other legislation, each party shall hold the other parties acting a controller of data harmless against any liabilities, losses, damages, costs or expenses: including but not limited to any direct, indirect or consequential losses, loss of profit, loss of or damage to reputation and all interest, penalties and legal costs (calculated on a full indemnity basis) and any other reasonable professional costs and expenses suffered or incurred by the other party to this agreement arising out of or in connection with any claim made against the other party in relation to any breach by other party of the UK GDPR or other obligations under this agreement.
The data discloser and importer shall be jointly responsible for the security of transmission using appropriate technical methods.
Where data is shared by a controller with a data processor or sub-processor (as defined in the UK GDPR Article 4(8)), and where a contract has been made in accordance with Art.28(1-3)(a-h), each of those parties, no matter the number, will be bound by the provision of Data Protection Law and guarantees to implement sufficient technical and organisational measures to protect the data for which the controller or controllers are responsible.
The processor will be liable to the relevant controllers for any losses or damages suffered by any party to this agreement who is acting as a controller of data in accordance with Data Protection Law. It is acknowledged by all parties, including processors and their approved sub-processors, that liability for compensation for an infringement of the regulation is not limited to the controllers and that in accordance with UK GDPR Art.82(4) each party may be held liable for the entire damage to ensure effective compensation.
No failure or delay by either Party in exercising any right or remedy under this Agreement will operate as a waiver of such right or remedy, nor will any single or partial exercise or waiver of any such right or remedy preclude its further exercise or the exercise of any other right or remedy.
Neither Party shall transfer any Personal Data received from the other party to any location which is outside the EEA (unless the recipient is based in a country which the European Commission has decided offers sufficiently adequate protection for personal data when compared with the EU (an “Adequate Country”)) without the other party’s prior written consent. If the other party consents to the transfer of Protected Data to a recipient located outside of the EEA and not in an Adequate Country, the Party transferring the Protected Data shall:
This Agreement shall be governed by and construed in accordance with the laws of England and Wales, and the Parties hereby submit to the exclusive jurisdiction of the courts of England and Wales.
This Agreement together with the Contract/Service Agreement/Funding agreement constitutes the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter.
The Parties acknowledge that the arrangements outlined in this Agreement may need to be changed to comply with any changes in the requirements of the Data Protection Laws. Each Party shall cooperate with the other Party in good faith to review and agree and document appropriate and reasonable changes to this Agreement to ensure that it addresses any change in the Data Protection Laws in accordance with good market practice.
This Agreement shall continue in force until the sooner of the following: