"While we began looking at UUÂãÁÄÖ±²¥ products primarily for cost saving, it quickly became more about customer service, ease of onboarding, ongoing training and breadth of resources available."
Co-Op
Access all documents on Processing
Processing means obtaining, recording, holding, or carrying out any operation on personal data. It includes organisation or alteration; retrieval or use; disclosure and anonymisation, blocking or destruction. Most operations in relation to personal data will constitute processing.
Speed up all aspects of your legal work with tools that help you to work faster and smarter. Win cases, close deals and grow your business–all whilst saving time and reducing risk.
For our full legal glossary and more legal research sources, register for a free Lexis+ trial
Website terms and conditions for supply of services to consumers—checklist This Checklist sets out the essential points that should be considered when drafting or updating online terms and conditions for the supply of services to consumers. It should be used where a lawyer wants to make sure that such terms and conditions comply with consumer protection legislation (and any guidance issued under it). This Checklist should be used in addition to the following: • Key consumer information requirements—checklist • Information requirements under the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013—checklist • Consumer cancellation rights under the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013—Services—Flowchart • General information to be disclosed by e-commerce websites—checklist • Drafting consumer contracts—checklist For a discussion on the key legal issues to consider when designing and developing a business-to-consumer (B2C) e-commerce website for trading with consumers, see Practice Note: Business to consumer e-commerce—legal issues. Introduction Businesses that transact with consumers are subject to more onerous legislative requirements and, consequently, need to pay close...
Planning a digital marketing campaign—checklist This Checklist is for use when planning a digital marketing campaign. The focus is on marketing-specific requirements and the Checklist does not consider general issues in relation to transactional activity (eg contract formation, distance selling). It covers media selection, territorial targeting, agency contracts, data protection, advertising compliance, user-generated content, influencer engagement, prize and price promotions, and behavioural advertising. It also considers compliance with legislative and self-regulatory regime in the UK, including the unfair commercial practices provisions of the Digital Markets, Competition and Consumers Act 2024 (DMCCA 2024) and the UK Code of Non-broadcast Advertising and Direct & Promotional Marketing (CAP Code). Digital marketing can reach consumers at home, at work and, through their mobiles, tablets and video game consoles, virtually everywhere else. Alongside unrivalled potential audience numbers, it offers brands the opportunity to target individuals on the basis of their specific interests, locations or habits. It is no surprise, then, that brands are diverting more and more of their marketing spend from traditional media to...
Discover our 9 Checklists on Processing
Evaluating a data subject access request—flowchart The UK General Data Protection Regulation (UK GDPR) provides a number of rights for data subjects, including providing a right of access to their personal data. Data subjects can make a request to an organisation to exercise their right of access to their personal data (a data subject access request or DSAR) at any time and there are strict time limits for complying with requests made. See Practice Notes: • Data subject rights—access • How to handle data subject requests This Flowchart maps out a process for evaluating DSARs received under the UK GDPR. It reflects the requirements in the UK GDPR and the Data Protection Act 2018 (DPA 2018) together with guidance issued by the Information Commissioner’s Office (ICO). It should be read in conjunction with Practice Note: How to handle data subject requests and Flowchart: Handling data subject requests—flowchart, which covers requirements common to all data subject requests under the UK GDPR. Note 1—notifying the data subject you...
Discover our 1 Flowcharts on Processing
Archived: This Practice Note has been archived and is not maintained.This Practice Note is intended for use where a notification offence was committed before 25 May 2018. Where a notification offence occurred before 25 May 2018, it may still be prosecuted under Data Protection Act 2018 (DPA 1998) despite the fact that the legislation has been repealed. Notification offences under DPA 1998 cannot be committed after 25 May 2018. There are no equivalent notification offences under Data Protection Act 2018 (DPA 2018) so that a notification offence could only have been committed historically and prior to 25 May 2018 when DPA 1998 was in force. For information on the data protection offences created by DPA 2018, see Practice Note: Offences under the Data Protection Act 2018.Notification required under the Data Protection Act 1998Note these offences cannot be committed after 25 May 2018.Failure to notify the Information CommissionerDPA 1998 required data controllers who processed personal data to register their processing with the Information Commissioner for the purposes of the register maintained...
ARCHIVED: This archived Practice Note provides information on the data protection regime before 25 May 2018 and reflects the position under the Data Protection Act 1998 (DPA 1998). This Practice Note is for background information only and is not maintained.Changes as a result of the General Data Protection RegulationThe General Data Protection Regulation, Regulation (EU) 2016/679 (the GDPR) (applicable from 25 May 2018) introduces substantial amendments to EU and UK data protection law and replaces the DPA 1998 and Directive 95/46/EC (the Data Protection Directive) from that date.For further information, see Practice Notes: Introduction to the EU GDPR and UK GDPR and Rights of data subjects.A data subject is a living individual who is the subject of personal data, ie data from which he can be identified. For key definitions under the DPA 1998, see Practice Note: Key definitions under the DPA 1998. For a comprehensive introduction to the GDPR, collating key practical guidance, see: Data protection toolkit.Right of access to personal dataAn individual has a right to be informed...
Discover our 101 Practice Notes on Processing
Consultancy agreement—company and individual—pro-client (short form) [ON HEADED NOTEPAPER OF CLIENT COMPANY] [Insert consultant’s name] [Insert consultant’s address] [Insert date] Dear [insert consultant’s name] [ Consultancy agreement OR Insert name of project ] Further to our recent discussions, I am pleased to confirm the terms of our agreement regarding the provision of your consultancy services to [insert name of client company] (Company). 1 Term 1.1 [Subject to the terms set out in this letter, your engagement [will commence OR commenced] on [insert date] and will continue unless or until either party gives to the other not less than [insert number] [weeks’ OR months’] prior notice in writing. OR 1.2 Your engagement will be for a fixed period of [insert number] months from [insert date], subject to the terms of this letter and subject to the right of either the Company or you to give to the other not less than [number] [weeks’ OR months’] notice in writing during such fixed period terminating the...
External data protection officer (DPO) appointment terms—company to individual—pro-client Delete clause 3.6 of Precedent: Consultancy agreement—company and individual—pro-client and replace it with the following clauses 3.6 and 3.7: 3.6 Your method of work is your own and you will carry out your tasks as data protection officer (DPO) (as set out in the Schedule in an independent manner. You will not receive (and the Company[ and its Group Companies] will not seek to provide you with) any instructions regarding the exercise of those tasks. 3.7 Subject to clause 3.6, you will pay due regard to the reasonable requests of the [Board OR Chief Executive] and will, where possible, work and co-operate with any employee, worker, agent or other consultant of the Company[ or any Group Company] in the provision of the Services. Insert the following provisions in Precedent: Consultancy agreement—company and individual—pro-client as new clauses 3.14 and 3.15. 3.14 You acknowledge that the Company: 3.14.1 has appointed you on the basis of your professional...
Dive into our 100 Precedents related to Processing
If an application for a new lease under the Landlord and Tenant Act 1954 is sent to the court before the expiry of the section 25 notice but not issued before the expiry, is the claim still valid? In accordance with section 29A of the Landlord and Tenant Act 1954 (LTA 1954), following service of an unopposed section 25 notice by the landlord of a commercial lease, either party has until the expiry of the statutory period to make an application to the court to determine the terms of a renewal lease. The end of the statutory period is the date of termination as specified in paragraph 2 of the section 25 notice (or the day before the date for commencement of the new tenancy specified in a Section 26 request). This deadline is of particular importance to the tenant, as a tenant which fails to make an application to the court prior to the expiry of the statutory period loses its right to a renewal lease under LTA 1954...
Is there a publically searchable record of companies which have criminal records? Certain regulators maintain publically searchable databases of companies (and individuals) who have been convicted of certain offences. For example, see: • HSE’s prosecution database • Serious Fraud Office database In addition to this, certain regulators issue press releases on their websites
See the 2 Q&As about Processing
Law360: A patent licensing company suing Google over patents covering image quality data failed to convince Federal Circuit judges on 30 April 2025 that those claims do more than 'organize, alter, or manipulate data'.
The Irish High Court ruled on 21 March 2025 that Virgin Media failed to comply with regulatory obligations regarding contract termination procedures. The Court ordered Virgin Media to revise its practices to prevent disincentivising provider switching, including removing instructions for retention activities against customer wishes and implementing immediate cancellation processing. The company must retrain all agents within 8 weeks and eliminate financial incentives for non-compliant save activities. The Commission for Communications Regulation (ComReg) will update its regulatory guidance accordingly.
Read the latest 27 News articles on Processing
**Trials are provided to all UUÂãÁÄÖ±²¥ content, excluding Practice Compliance, Practice Management and Risk and Compliance, subscription packages are tailored to your specific needs. To discuss trialling these UUÂãÁÄÖ±²¥ services please email customer service via our online form. Free trials are only available to individuals based in the UK, Ireland and selected UK overseas territories and Caribbean countries. We may terminate this trial at any time or decide not to give a trial, for any reason. Trial includes one question to LexisAsk during the length of the trial.
0330 161 1234