Skip to content Skip to footer

Privacy Policy

Full Circle Merchandise Data Processing Addendum

This Addendum is subject to and forms part of the Conditions of Service agreed between Customer and Full Circle Merchandise  (as defined in those Conditions of Service).
Part A
1 Definitions
1.1 In this Addendum:
Controller, has the meaning given in applicable Data Protection Laws from time to time;Data Protection Laws
means, as binding on either party or the Services:
(a) the GDPR;
(b) the Data Protection Act 2018;
(c) any laws which implement any such laws; and
(d) any laws that replace, extend, re-enact, consolidate or amend any of the foregoing;


Data Subject has the meaning given in applicable Data Protection Laws from time to time;
GDPR means the General Data Protection Regulation, Regulation (EU) 2016/679;
International Organisation has the meaning in applicable Data Protection Laws from time to time;
Personal Data has the meaning given in applicable Data Protection Laws from time to time;
Personal Data Breach has the meaning given in applicable Data Protection Laws from time to time;
Processing has the meaning given in applicable Data Protection Laws from time to time (and related expressions, including process, processed, processing, and processes shall be construed accordingly);
Processor has the meaning given in applicable Data Protection Laws from time to time;
Protected Data means Personal Data received from or on behalf of the Customer in
connection with the performance of Full Circle Merchandise ’s obligations under
this Agreement; and Sub-Processor means any agent, subcontractor or other third party (excluding its employees) engaged by Full Circle Merchandise  for carrying out any processing activities on behalf of the Customer in respect of the Protected Data.
2 Customer’s compliance with data protection laws
The parties agree that the Customer is a Controller and that Full Circle Merchandise  is a Processor for the purposes of processing Protected Data pursuant to this Agreement. The Customer shall at all times comply with all Data Protection Laws in connection with the processing of Protected Data. The Customer shall ensure all instructions given by it to Full Circle Merchandise  in respect of Protected Data (including the terms of this Agreement) shall at all times be in accordance with Data Protection Laws.
3 Supplier’s compliance with data protection laws
Full Circle Merchandise  shall process Protected Data in compliance with the obligations placed on it under Data Protection Laws and the terms of this Agreement.
4 Instructions
4.1 Full Circle Merchandise  shall only process the Protected Data in accordance with Part B of this Addendum and this Agreement (and not otherwise unless alternative processing instructions are agreed between the parties in writing) except where otherwise required by applicable law (and shall inform the Customer of that legal requirement before processing, unless applicable law prevents it doing so on important grounds of public interest).
4.2 Without prejudice to paragraph 2 above, if Full Circle Merchandise  believes that any instruction received by it from the Customer is likely to infringe the Data Protection Laws it shall promptly inform the Customer and be entitled to cease to provide the relevant Services until the parties have agreed appropriate amended instructions which are not infringing.
5 Security
Taking into account the state of technical development and the nature of processing, Full Circle Merchandise  shall implement and maintain the technical and organisational measures set out in Part B of this Addendum to protect the Protected Data against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access.
6 Sub-processing and personnel
6.1 Full Circle Merchandise  shall:
6.1.1 not permit any processing of Protected Data by any agent, subcontractor or other third party (except its or its Sub-Processors’ own employees in the course of their employment that are subject to an
enforceable obligation of confidence with regards to the Protected Data) without the written authorisation of the Customer;
6.1.2 prior to the relevant Sub-Processor carrying out any processing activities in respect of the Protected Data, appoint each Sub-Processor under a written contract containing materially the same obligations as under this Addendum that is enforceable by Full Circle Merchandise  and ensure each such Sub-Processor complies with all such obligations;
6.1.3 remain fully liable to the Customer under this Agreement for all the acts and omissions of each Sub- Processor as if they were its own; and
6.1.4 ensure that all persons authorised by Full Circle Merchandise  or any Sub-Processor to process Protected Data are subject to a binding written contractual obligation to keep the Protected Data confidential.
7 List of authorised sub-processors
The Customer authorises the appointment of the following Sub-Processors: DHL, DPD, Fedex, Full Circle Merchandise  Ltd, Norsk Global, UK Mail, UPS and Yodel (for courier services); MintSoft Ltd (for provision of the Web Tools, as defined in the Conditions of Service)
8 Assistance
8.1 Full Circle Merchandise  shall (at the Customer’s cost) assist the Customer in ensuring compliance with the Customer’s obligations pursuant to Articles 32 to 36 of the GDPR (and any similar obligations under applicable Data Protection Laws) taking into account the nature of the processing and the information available to Full Circle Merchandise .
8.2 Full Circle Merchandise  shall (at the Customer’s cost) taking into account the nature of the processing, assist the Customer (by appropriate technical and organisational measures), insofar as this is possible, for the fulfilment of the Customer’s obligations to respond to requests for exercising the Data Subjects’ rights under Chapter III of the GDPR (and any similar obligations under applicable Data Protection Laws) in respect of any Protected Data.
9 International transfers
Full Circle Merchandise  shall not process and/or transfer, or otherwise directly or indirectly disclose, any Protected Data in or to countries outside the United Kingdom or to any International Organisation without the prior written consent of the Customer.
10 Audits and processing
Full Circle Merchandise  shall, in accordance with Data Protection Laws, make available to the Customer such information that is in its possession or control as is necessary to demonstrate Full Circle Merchandise ’s compliance with the obligations placed on it under this Addendum and to demonstrate compliance with the obligations on each party imposed by Article 28 of the GDPR (and under any equivalent Data Protection Laws equivalent to that Article 28), and allow for and contribute to audits, including inspections, by the Customer (or another auditor mandated by the Customer) for this purpose (subject to a maximum of one audit request in any 12 month period under this paragraph 10).
11 Breach
Full Circle Merchandise  shall notify the Customer without undue delay and in writing on becoming aware of any Personal Data Breach in respect of any Protected Data.
12 Deletion/return and survival
On the end of the provision of the Services relating to the processing of Protected Data, at the Customer’s cost and the Customer’s option, Full Circle Merchandise  shall either return all of the Protected Data to the Customer or securely dispose of the Protected Data (and thereafter promptly delete all existing copies of it) except to the extent that any applicable law requires Full Circle Merchandise  to store such Protected Data.
Part B
Data processing and security details
Section 1—Data processing details
Processing of the Protected Data by Full Circle Merchandise  under this Agreement shall be for the subject-matter, duration, nature and purposes and involve the types of Personal Data and categories of Data Subjects set out in this Section 1 of this Part B.
1 Subject-matter of processing:
Full Circle Merchandise ’s wholesale fulfilment and e-commerce service
2 Duration of the processing: For the length of contract
3 Nature and purpose of the processing:
To enable Full Circle Merchandise  to pick, pack, process and deliver (or facilitate delivery of) orders.
4 Type of Personal Data:
Name, delivery address, email address and phone number
5 Categories of Data Subjects:
Those that have ordered goods via an e-commerce contract Those that have ordered goods via a wholesale contract.
Section 2—Minimum technical and organisational security measures
1 Full Circle Merchandise  shall implement and maintain the following technical and organisational security measures to protect the Protected Data:
1.1 In accordance with the Data Protection Laws, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of the Protected Data to be carried out under or in connection with this Agreement, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons and the risks that are presented by the processing, especially from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Protected Data transmitted, stored or otherwise processed, Full Circle Merchandise  shall implement appropriate technical and organisational security measures appropriate to the risk, including as appropriate those matters mentioned in Articles 32(1)(a) to 32(1)(d) (inclusive) of the GDPR.