Terms and Conditions for the Supply of Goods and Services

19 October 2016

TVC Parts Limited is a company registered in Northern Ireland, no. NI 064740, with its registered address at TVC Parts Limited, 3 Mallusk Rd, Newtownabbey, BT36 4PP. VAT registration no. GB232 1125 65

In this document references to “we”, “us” and “our” relate to TVC Parts Limited and references to “you”, “you” and “your” relate to the Customer.


Any acceptance by us of an order by you is subject to the following conditions. If your order form contains printed conditions such conditions are accepted only in so far as they are not inconsistent with our terms and conditions as set out below. We accept an order by you on the earliest of our written acknowledgement of your order or our delivery of goods to you.


Whilst we endeavour to adhere to our published prices we reserve the right to amend them to those ruling at the date of dispatch. All prices exclude VAT unless otherwise stated. VAT will be charged at the current U.K. rate.


(a) Any application lists, catalogues, descriptions, information or advice provided by us in respect of goods is as accurate as possible although is for illustrative purposes only. In all instances it is your responsibility to assure yourself that the parts supplied are suitable for the application involved.

(b) Goods supplied will conform in all material respects to their description or to any sample or specification provided to and accepted by us. We reserve the right to amend any design or specification without prior notification provided that it does not adversely affect the performance of the goods.


We cannot be held responsible for any infringement of patent or copyright on the part of our suppliers or customers in the event of parts being supplied to their design.


Unless otherwise stated deliveries of orders will be made at no charge.


Whilst we use our best endeavours to fulfil orders made by you, we will not be liable for any failure in the performance of any of our obligations to you caused by factors outside our control including (without limitation) strikes, lockouts, shipping delays, fire, war, etc. In such an event you will have no claim against us for any loss or damage which may result.


Payment is to be made on delivery, unless prior arrangements have been made to open an account authorised by a Director of the company in writing. We reserve the right to charge daily interest on overdue accounts at the rate of 5% a year above the Bank of England base rate from time to time in force and interest will apply from the due date for payment until actual payment in full, whether before or after judgement, plus any legal or other costs incurred in the collection of such outstanding debts.


(a) Goods are delivered to you and at your risk at the earliest of when we physically deliver them to you or make them available to you for collection at a location agreed by us.

(b) Time of delivery will not be of the essence and any delivery date is an estimate only. You will have the right to cancel any order without liability to us if delivery has not taken place more than 30 days late after the time specified by us.

(c) Unless you are a Consumer, any claim that any goods have been delivered damaged or do not materially comply with their description must be notified by you to us and (where appropriate, to the carrier) within 7 days of their delivery. Provided that you return such goods to us within a further 14 days after notification, we will at our sole discretion replace such goods, issue you with a credit note for the price of such goods or refund the price paid for such goods. The provisions of this clause 8(d) set out your sole remedy in such circumstances.

(d) Any claim that goods have not been delivered to you by us must be notified by you to us within 7 days of their expected delivery.

(e) If you fail to take delivery of any goods at the time agreed for delivery then we will be entitled to cancel or suspend such delivery and all other outstanding deliveries and to charge you for the loss suffered. It is your responsibility to provide the means for unloading goods from our vehicles on delivery.

(f) Notwithstanding delivery, title in the goods shall remain ours until we have received payment of the full price of (i) all goods the subject of this contract and (ii) all goods supplied by us to you under any other contract whatsoever.

(g) You shall nevertheless be entitled to deal with goods in which we retain title in the ordinary course of business provided that: (i) any such sale will be a sale of our property on your behalf; (ii) you shall first dispose of the goods that you have paid for and any payments received by us from you shall first be appropriated to goods disposed of by you; (iii) until property in the goods passes to you, you shall hold the goods as bailee for us and shall store the goods in such a way that they are readily identifiable as our property; and (iv) you shall also maintain the goods in satisfactory condition and keep them insured on our behalf.

(h) In the event of an Insolvency Event (as defined herein): (i) all sums payable by you to us under this or any other contract shall become immediately due and payable; (ii) you shall cease to be entitled to sell, use in manufacture or otherwise deal with any goods; (iii) we shall be entitled to recover and resell any goods that we retain title in (without prejudice to our right to damages) and for that purpose you hereby irrevocably grant us our servants or agents the right to enter your premises for the purpose of removing the goods; and, (iv) we shall be entitled to stop all further deliveries of goods to you under this or any other contract.

(i) For the purposes of this clause 8, an Insolvency Event occurs if:

(i) you (being an individual) have a bankruptcy order made against you or make an arrangement or composition with your creditors, or otherwise take the benefit of any statutory provision for the time being in force for the relief of insolvent debtors, or (being a body corporate) convene a meeting of creditors (whether formal or informal), or enter into liquidation (whether voluntary or compulsory) except a solvent voluntary liquidation for the purpose only of reconstruction or amalgamation, or have a receiver and/or manager, administrator or administrative receiver appointed of your undertaking or any part thereof, or a resolution is passed or a petition presented to any court for your winding up or for the granting of an administration order in respect of you, or any proceedings are commenced relating to your insolvency or possible insolvency in any jurisdiction; or,

(ii) you suffer or allow any execution, whether legal or equitable, to be levied on your property or obtained against you, or fail to observe/perform any of your obligations under this contract or any other contract between us and you, or are unable to pay your debts within the meaning of section 103 of the Insolvency (Northern Ireland) Order 1989 or you cease to trade; or (iii) you encumber or in any way charge any goods to which we retain title; or (iv) anything analogous to the foregoing occurs in any jurisdiction.


(a) All products are supplied and guaranteed by the manufacturer in accordance with manufacturer’s specifications. Any item which is proved and admitted by the manufacturer to be defective during the relevant warranty period due to material or structural defect will be replaced free of charge or credited in full at our discretion. Under no circumstances will we accept liability for consequential loss or damage or pay for any repairs or alterations without prior authorisation. In the event of a guarantee claim, notification must be both verbal and written immediately a fault is discovered. You must provide full particulars to enable us to verify the claim. Wherever possible parts are to be returned to us accompanied by the appropriate paperwork, carriage paid, for inspection by us or manufacturer.

(b) Goods sold by us to Consumers must be of satisfactory quality and fit for purpose as required by consumer law.

(c) We shall have no liability to you in respect of any defect arising from wear and tear, wilful damage, negligence, tampering of goods, incorrect fitting or ordering of goods or failing to follow the manufacturer’s instructions.


Complaints and queries: We always try to offer a first-class level of service. If you are not happy with any aspect of our service or if you have any queries or comments then please let us know. You can contact us by e-mailing psandford@tvcparts.com or in writing to TVC Parts Limited, 3 Mallusk Rd, Newtownabbey, BT36 4PPT.


(a) With the exception of electrical goods (which are non-returnable), returns are accepted within two working days of delivery if you change your mind or are not happy with your item for any reason provided that the goods are returned in a resalable condition, clean, undamaged and with the original packaging clean and intact and together with a copy of the delivery note or invoice as proof of purchase.

(b) All credits for returned goods can only be done on return of the original goods to us and will be via your original payment method.

(c) In all cases where an item is to be returned, it will be at your cost unless previously agreed with us. Return postage costs will only be refunded if the return has been made necessary because of an error by us. If you receive an incorrect product from us, please notify us as soon as possible. We will endeavour to replace any incorrect item as fast as possible.

(d) We will not accept responsibility for loss or damage of goods during return transit; please ensure that appropriate insurance cover is selected where possible.

(e) In all cases, refunds can only be issued once we receive the unwanted or faulty goods back. If you wish to return any item then you must return the goods to the branch from which the purchase was made or send the goods to the following address: TVC Parts Limited, 3 Mallusk Rd, Newtownabbey, BT36 4PP

(f) If you are a Consumer and faulty goods have been supplied by us to you, you may ask for a repair or replacement or seek a refund within 30 days of delivery of the faulty goods. You must return the goods to the branch from which you purchased them at your own cost. In this clause 11(f) goods are not considered faulty if the defect was brought to your attention before the sale, if you examined the goods before purchase and the defect was obvious, if you chose the goods for a purposes for which the goods were not suitable and/or where the faults appear as a result of fair wear and tear.

(g) If you are not a Consumer and faulty goods have been supplied by us to you, you may ask for a repair or replacement or seek a refund within 5 days of delivery of the faulty goods. You must return the goods to the branch from which you purchased them at your own cost. In this clause 11(g) goods are not considered faulty if the defect was brought to your attention before the sale, if you examined the goods before purchase and the defect was obvious, if you chose the goods for a purposes for which the goods were not suitable and/or where the faults appear as a result of fair wear and tear


Clause 12 only applies if you are a Consumer AND purchasing goods at a distance i.e. by telephone or by mail order.

(a) You may cancel a contract at any time within 14 days, beginning on the day after you receive the goods (the ‘Cooling-Off Period’). If you want to cancel the contract within this Cooling-Off Period a refund (or, if you require and we facilitate, an exchange or replacement) will be provided.

(b) To cancel an order under this contract, you must: (i) inform us in writing (you may wish to use the Model Cancellation Form which appears at the end of this document); (ii) return the goods to us in the same condition in which you received them with the original packaging and the product documentation, and at your own cost and risk. The goods must not have been used and, where applicable, must not have been removed from the sealed clear packaging; and (iv) provide proof of purchase in the form of our invoice for the original supply of such goods.

(c) Nothing in this clause affects your statutory rights.


INTRODUCTION TVC Parts takes the safeguarding of personal data very seriously. This policy describes how TVC Parts meets its obligations under the General Data Protection Regulation in relation to the processing of personal data.

  1. Interpretation 1.1 Definitions: Automated Decision-Making (ADM): when a decision is made which is based solely on Automated Processing (including profiling) which produces legal effects or significantly affects an individual. The GDPR prohibits Automated Decision-Making (unless certain conditions are met) but not Automated Processing. Automated Processing: any form of automated processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. Profiling is an example of Automated Processing. Consent: agreement which must be freely given, specific, informed and be an unambiguous indication of the Data Subject’s wishes by which they, by a statement or by a clear positive action, signifies agreement to the Processing of Personal Data relating to them. Data Controller: the person or organisation that determines when, why and how to process Personal Data. It is responsible for establishing practices and policies in line with the GDPR. We are the Data Controller of all Personal Data relating to TVC Parts Personnel and Personal Data used in our business for our own commercial purposes. Data Subject: a living, identified or identifiable individual about whom we hold Personal Data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data. Data Privacy Impact Assessment (DPIA): tools and assessments used to identify and reduce risks of a data processing activity. DPIA can be carried out as part of Privacy by Design and should be conducted for all major system or business change programs involving the Processing of Personal Data. Data Protection Compliance Officer (DPCO): DARREN DONAGHY EEA: all EU member states, and Iceland, Liechtenstein and Norway. Explicit Consent: consent which requires a very clear and specific statement (that is, not just action). General Data Protection Regulation (GDPR): the General Data Protection Regulation ((EU) 2016/679). Personal Data is subject to the legal safeguards specified in the GDPR. Personal Data: any information identifying a Data Subject or information relating to a Data Subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data includes Sensitive Personal Data and Pseudonymised Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour. Personal Data Breach: any act or omission that compromises the security, confidentiality, integrity or availability of Personal Data or the physical, technical, administrative or organisational safeguards that we or our third-party service providers put in place to protect it. The loss, or unauthorised access, disclosure or acquisition, of Personal Data is a Personal Data Breach. Privacy by Design: implementing appropriate technical and organisational measures in an effective manner to ensure compliance with the GDPR. Privacy Notices (also referred to as Fair Processing Notices) or Privacy Policies: separate notices setting out information that may be provided to Data Subjects when TVC Parts collects information about them. These notices may take the form of general privacy statements applicable to a specific group of individuals (for example, employee privacy notices or the website privacy policy) or they may be stand-alone, one time privacy statements covering Processing related to a specific purpose. Processing or Process: any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties. Pseudonymisation or Pseudonymised: replacing information that directly or indirectly identifies an individual with one or more artificial identifiers or pseudonyms so that the person, to whom the data relates, cannot be identified without the use of additional information which is meant to be kept separately and secure. Sensitive Personal Data: information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data, and Personal Data relating to criminal offences and convictions. TVC Parts TVC Parts Personnel: all employees, workers, contractors, agency workers, consultants, directors, and others.
  2. Introduction This Policy sets out how TVC Parts (“we”, “our”, “us”) handle the Personal Data of our members, suppliers, employees, workers and other third parties. This Data Protection Policy applies to all Personal Data we Process regardless of the media on which that data is stored or whether it relates to past or present employees, workers, members or supplier contacts, website users or any other Data Subject. This Data Protection Policy applies to all TVC Parts Personnel (“you”, “your”). You must read, understand and comply with this Data Protection Policy when Processing Personal Data on our behalf and attend training on its requirements. This Data Protection Policy sets out what we expect from you in order for TVC Parts to comply with applicable law. Your compliance with this Data Protection Policy is mandatory. Any breach of this Data Protection Policy may result in disciplinary action.
    This Data Protection Policy is an internal document and cannot be shared with third parties, clients or regulators without prior authorisation from the DPCO.
  3. Personal data protection principles We adhere to the principles relating to Processing of Personal Data set out in the GDPR which require Personal Data to be: (a) Processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency). (b) Collected only for specified, explicit and legitimate purposes (Purpose Limitation). (c) Adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed (Data Minimisation). (d) Accurate and where necessary kept up to date (Accuracy). (e) Not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is Processed (Storage Limitation). (f) Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful Processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality). (g) Not transferred to another country without appropriate safeguards being in place (Transfer Limitation). (h) Made available to Data Subjects and Data Subjects allowed to exercise certain rights in relation to their Personal Data (Data Subject’s Rights and Requests). We are responsible for and must be able to demonstrate compliance with the data protection principles listed above (Accountability).

  4. Lawfulness, fairness, transparency 4.1 Lawfulness and fairness Personal data must be Processed lawfully, fairly and in a transparent manner in relation to the Data Subject. You may only collect, Process and share Personal Data fairly and lawfully and for specified purposes. The GDPR restricts our actions regarding Personal Data to specified lawful purposes. These restrictions are not intended to prevent Processing, but ensure that we Process Personal Data fairly and without adversely affecting the Data Subject.
    The GDPR allows Processing for specific purposes, some of which are set out below: (a) the Data Subject has given his or her Consent; (b) the Processing is necessary for the performance of a contract with the Data Subject; (c) to meet our legal compliance obligations.; (d) to protect the Data Subject’s vital interests; (e) to pursue our legitimate interests for purposes where they are not overridden because the Processing prejudices the interests or fundamental rights and freedoms of Data Subjects. The purposes for which we process Personal Data for legitimate interests need to be set out in applicable Privacy Notices or Fair Processing Notices; or You must identify and document the legal ground being relied on for each Processing activity. 4.2 Consent A Data Controller must only process Personal Data on the basis of one or more of the lawful bases set out in the GDPR, which include Consent. A Data Subject consents to Processing of their Personal Data if they indicate agreement clearly either by a statement or positive action to the Processing. Consent requires affirmative action so silence, pre-ticked boxes or inactivity are unlikely to be sufficient. If Consent is given in a document which deals with other matters, then the Consent must be kept separate from those other matters. Data Subjects must be easily able to withdraw Consent to Processing at any time and withdrawal must be promptly honoured. Consent may need to be refreshed if you intend to Process Personal Data for a different and incompatible purpose which was not disclosed when the Data Subject first consented. Unless we can rely on another legal basis of Processing, Explicit Consent is usually required for Processing Sensitive Personal Data, for Automated Decision-Making and for cross border data transfers. Usually we will be relying on another legal basis (and not require Explicit Consent) to Process most types of Sensitive Data. Where Explicit Consent is required, you must issue a Fair Processing Notice to the Data Subject to capture Explicit Consent. You will need to evidence Consent captured and keep records of all Consents so that TVC Parts can demonstrate compliance with Consent requirements. 4.3 Transparency (notifying data subjects) The GDPR requires Data Controllers to provide detailed, specific information to Data Subjects depending on whether the information was collected directly from Data Subjects or from elsewhere. Such information must be provided through appropriate Privacy Notices or Fair Processing Notices which must be concise, transparent, intelligible, easily accessible, and in clear and plain language so that a Data Subject can easily understand them. Whenever we collect Personal Data directly from Data Subjects, including for human resources or employment purposes, we must provide the Data Subject with all the information required by the GDPR including the identity of the Data Controller and DPCO, how and why we will use, Process, disclose, protect and retain that Personal Data through a Fair Processing Notice which must be presented when the Data Subject first provides the Personal Data. When Personal Data is collected indirectly (for example, from a third party or publically available source), you must provide the Data Subject with all the information required by the GDPR as soon as possible after collecting/receiving the data. You must also check that the Personal Data was collected by the third party in accordance with the GDPR and on a basis which contemplates our proposed Processing of that Personal Data.
  5. Purpose limitation Personal Data must be collected only for specified, explicit and legitimate purposes. It must not be further processed in any manner incompatible with those purposes.
    You cannot use Personal Data for new, different or incompatible purposes from that disclosed when it was first obtained unless you have informed the Data Subject of the new purposes and they have consented where necessary.
  6. Data minimisation Personal Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed. You may only Process Personal Data when performing your job duties requires it. You cannot Process Personal Data for any reason unrelated to your job duties. You may only collect Personal Data that you require for your job duties: do not collect excessive data. Ensure any Personal Data collected is adequate and relevant for the intended purposes. You must ensure that when Personal Data is no longer needed for specified purposes, it is deleted or anonymised in accordance with the company’s data retention guidelines.
  7. Accuracy Personal Data must be accurate and, where necessary, kept up to date. It must be corrected or deleted without delay when inaccurate. You will ensure that the Personal Data we use and hold is accurate, complete, kept up to date and relevant to the purpose for which we collected it. You must check the accuracy of any Personal Data at the point of collection and at regular intervals afterwards. You must take all reasonable steps to destroy or amend inaccurate or out-of-date Personal Data.
  8. Storage limitation Personal Data must not be kept in an identifiable form for longer than is necessary for the purposes for which the data is processed. You must not keep Personal Data in a form which permits the identification of the Data Subject for longer than needed for the legitimate business purpose or purposes for which we originally collected it including for the purpose of satisfying any legal, accounting or reporting requirements. The company will maintain retention policies and procedures to ensure Personal Data is deleted after a reasonable time for the purposes for which it was being held, unless a law requires such data to be kept for a minimum time. You will take all reasonable steps to destroy or erase from our systems all Personal Data that we no longer require in accordance with all TVC Parts applicable records retention schedules and policies. This includes requiring third parties to delete such data where applicable. You will ensure Data Subjects are informed of the period for which data is stored and how that period is determined in any applicable Privacy Notice or Fair Processing Notice.
  9. Security integrity and confidentiality 9.1 Protecting Personal Data Personal Data must be secured by appropriate technical and organisational measures against unauthorised or unlawful Processing, and against accidental loss, destruction or damage. We will develop, implement and maintain safeguards appropriate to our size, scope and business, our available resources, the amount of Personal Data that we own or maintain on behalf of others and identified risks (including use of encryption and Pseudonymisation where applicable). We will regularly evaluate and test the effectiveness of those safeguards to ensure security of our Processing of Personal Data. You are responsible for protecting the Personal Data we hold. You must implement reasonable and appropriate security measures against unlawful or unauthorised Processing of Personal Data and against the accidental loss of, or damage to, Personal Data. You must exercise particular care in protecting Sensitive Personal Data from loss and unauthorised access, use or disclosure. You must follow all procedures and technologies we put in place to maintain the security of all Personal Data from the point of collection to the point of destruction. You may only transfer Personal Data to third-party service providers who agree to comply with the required policies and procedures and who agree to put adequate measures in place, as requested. You must maintain data security by protecting the confidentiality, integrity and availability of the Personal Data, defined as follows: (a) Confidentiality means that only people who have a need to know and are authorised to use the Personal Data can access it. (b) Integrity means that Personal Data is accurate and suitable for the purpose for which it is processed. (c) Availability means that authorised users are able to access the Personal Data when they need it for authorised purposes. You must comply with and not attempt to circumvent the administrative, physical and technical safeguards we implement and maintain in accordance with the GDPR and relevant standards to protect Personal Data. 9.2 Reporting a Personal Data Breach The GDPR requires Data Controllers to notify any Personal Data Breach to the applicable regulator and, in certain instances, the Data Subject. We have put in place procedures to deal with any suspected Personal Data Breach and will notify Data Subjects or any applicable regulator where we are legally required to do so. If you know or suspect that a Personal Data Breach has occurred, do not attempt to investigate the matter yourself. Immediately contact the Data Protection Compliance Officer.
  10. Transfer limitation The GDPR restricts data transfers to countries outside the EEA in order to ensure that the level of data protection afforded to individuals by the GDPR is not undermined. You transfer Personal Data originating in one country across borders when you transmit, send, view or access that data in or to a different country.
    You may only transfer Personal Data outside the EEA if one of the following conditions applies: (a) the European Commission has issued a decision confirming that the country to which we transfer the Personal Data ensures an adequate level of protection for the Data Subjects’ rights and freedoms; (b) appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism, a copy of which can be obtained from the DPCO; (c) the Data Subject has provided Explicit Consent to the proposed transfer after being informed of any potential risks; or (d) the transfer is necessary for one of the other reasons set out in the GDPR including the performance of a contract between us and the Data Subject, reasons of public interest, to establish, exercise or defend legal claims or to protect the vital interests of the Data Subject where the Data Subject is physically or legally incapable of giving Consent and, in some limited cases, for our legitimate interest.
  11. Data Subject’s rights and requests Data Subjects have rights when it comes to how we handle their Personal Data. These include rights to: (a) withdraw Consent to Processing at any time; (b) receive certain information about the Data Controller’s Processing activities; (c) request access to their Personal Data that we hold; (d) prevent our use of their Personal Data for direct marketing purposes; (e) ask us to erase Personal Data if it is no longer necessary in relation to the purposes for which it was collected or Processed or to rectify inaccurate data or to complete incomplete data; (f) restrict Processing in specific circumstances; (g) challenge Processing which has been justified on the basis of our legitimate interests or in the public interest; (h) request a copy of an agreement under which Personal Data is transferred outside of the EEA; (i) object to decisions based solely on Automated Processing, including profiling (ADM); (j) prevent Processing that is likely to cause damage or distress to the Data Subject or anyone else; (k) be notified of a Personal Data Breach which is likely to result in high risk to their rights and freedoms; (l) make a complaint to the supervisory authority; and (m) in limited circumstances, receive or ask for their Personal Data to be transferred to a third party in a structured, commonly used and machine readable format. You must verify the identity of an individual requesting data under any of the rights listed above (do not allow third parties to persuade you into disclosing Personal Data without proper authorisation). You must immediately forward any Data Subject request you receive to the Data Protection Compliance Officer.
  12. Accountability 12.1 The Data Controller must implement appropriate technical and organisational measures in an effective manner, to ensure compliance with data protection principles. The Data Controller is responsible for, and must be able to demonstrate, compliance with the data protection principles.
    TVC Parts must have adequate resources and controls in place to ensure and to document GDPR compliance including: (a) implementing Privacy by Design when Processing Personal Data and completing DPIAs where Processing presents a high risk to rights and freedoms of Data Subjects; (b) integrating data protection into internal documents including this Privacy Standard, Related Policies, Privacy Guidelines, Privacy Notices or Fair Processing Notices; (c) regularly training TVC Parts Personnel on the GDPR, this Privacy Standard, and data protection matters including, for example, Data Subject’s rights, Consent, legal basis, DPIA and Personal Data Breaches. TVC Parts must maintain a record of training attendance by company Personnel; and (d) Regularly testing the privacy measures implemented and conducting periodic reviews and audits to assess compliance, including using results of testing to demonstrate compliance improvement effort. 12.2 Record keeping The GDPR requires us to keep full and accurate records of all our data Processing activities in respect of special categories of personal data. These records should include, at a minimum, the name and contact details of the Data Controller and the DPCO, clear descriptions of the Personal Data types, Data Subject types, Processing activities, Processing purposes, third-party recipients of the Personal Data, Personal Data storage locations, Personal Data transfers, the Personal Data’s retention period and a description of the security measures in place. In order to create such records, data maps should be created which should include the detail set out above together with appropriate data flows.

12.3 Training and audit We are required to ensure all TVC Parts Personnel have undergone adequate training to enable them to comply with data privacy laws. We must also regularly test our systems and processes to assess compliance. You must undergo all mandatory data privacy related training and ensure your team undergo similar mandatory training. You must regularly review all the systems and processes under your control to ensure they comply with this Data Protection Policy and check that adequate governance controls and resources are in place to ensure proper use and protection of Personal Data. 12.4 Privacy By Design and Data Protection Impact Assessment (DPIA) We are required to implement Privacy by Design measures when Processing Personal Data by implementing appropriate technical and organisational measures (like Pseudonymisation) in an effective manner, to ensure compliance with data privacy principles. You must assess what Privacy by Design measures can be implemented on all programs/systems/processes that Process Personal Data by taking into account the following: (a) the state of the art; (b) the cost of implementation; (c) the nature, scope, context and purposes of Processing; and (d) The risks of varying likelihood and severity for rights and freedoms of Data Subjects posed by the Processing. Data controllers must also conduct DPIAs in respect to high risk Processing.
You should conduct a DPIA (and discuss your findings with the DPCO) when implementing major system or business change programs involving the Processing of Personal Data including: (e) use of new technologies (programs, systems or processes), or changing technologies (programs, systems or processes); (f) Automated Processing including profiling and ADM; (g) large scale Processing of Sensitive Data; and (h) Large scale, systematic monitoring of a publicly accessible area. A DPIA must include: (i) a description of the Processing, its purposes and the Data Controller’s legitimate interests if appropriate; (j) an assessment of the necessity and proportionality of the Processing in relation to its purpose; (k) an assessment of the risk to individuals; and (l) The risk mitigation measures in place and demonstration of compliance.

12.5 Automated Processing (including profiling) and Automated Decision-Making Generally, ADM is prohibited when a decision has a legal or similar significant effect on an individual unless: (a) a Data Subject has Explicitly Consented; (b) the Processing is authorised by law; or (c) The Processing is necessary for the performance of or entering into a contract. If certain types of Sensitive Data are being processed, then grounds (b) or (c) will not be allowed but such Sensitive Data can be Processed where it is necessary (unless less intrusive means can be used) for substantial public interest like fraud prevention. If a decision is to be based solely on Automated Processing (including profiling), then Data Subjects must be informed when you first communicate with them of their right to object. This right must be explicitly brought to their attention and presented clearly and separately from other information. Further, suitable measures must be put in place to safeguard the Data Subject’s rights and freedoms and legitimate interests. We must also inform the Data Subject of the logic involved in the decision making or profiling, the significance and envisaged consequences and give the Data Subject the right to request human intervention, express their point of view or challenge the decision. A DPIA must be carried out before any Automated Processing (including profiling) or ADM activities are undertaken.

12.6 Sharing Personal Data Generally we are not allowed to share Personal Data with third parties unless certain safeguards and contractual arrangements have been put in place. You may only share the Personal Data we hold with another employee or agent if the recipient has a job-related need to know the information and the transfer complies with any applicable cross-border transfer restrictions. You may only share the Personal Data we hold with third parties, such as our service providers if: (a) they have a need to know the information for the purposes of providing the contracted services; (b) sharing the Personal Data complies with the Privacy Notice provided to the Data Subject and, if required, the Data Subject’s Consent has been obtained; (c) the third party has agreed to comply with the required data security standards, policies and procedures and put adequate security measures in place; (d) the transfer complies with any applicable cross border transfer restrictions; and
(e) A fully executed written contract that contains GDPR approved third party clauses has been obtained.

  1. Changes to this Data Protection Policy

We reserve the right to change this Data Protection Policy at any time without notice to you so please check back regularly to obtain the latest copy of this Policy. We last revised this Data Protection Policy on 01/05/2018.


(a) The following provisions set out the entire financial liability of us (including any liability for the acts or omissions of our employees, agents and sub-contractors) to you arising out of or in any way related to the contract.

(b) Unless you are a Consumer, all warranties, conditions and other terms implied by statute or common law (save for the conditions implied by section 12 of the Sale of Goods Act 1979 (as amended)) are, to the fullest extent permitted by law, excluded from this Contract.

(c) Nothing in these terms excludes or limits our liability for death or personal injury caused by our negligence, for fraud or for fraudulent misrepresentation or for any matter for which it would be illegal for us to exclude, or attempt to exclude, our liability.

(d) Subject to clause 14(c), we will not be liable to you for any indirect or consequential, special or punitive loss, damage, costs or expenses, loss of profit, loss of business, loss of income or revenue, waste of management or office time or depletion of goodwill.

(e) Subject to clause 14(c), our total liability to you under or connected with this contract will not exceed 125% (one hundred and twenty five per cent) of the price payable for the goods for any one event or series of connected events.


(a) These terms are incorporated into the contract between us at the exclusion of all other terms and conditions and supersede all prior dealings between us in relation to the subject matter of the contract.

(b) No variation or amendment of this Contract will be valid unless in writing and signed by you and our authorised representative.

(c) In these terms and conditions references to “Consumer” and “Consumers” are interpreted as referring to an individual or individuals who is not purchasing from us for the purpose of a business or trade.

(d) In these terms and conditions references to “Group Company” means any holding company of TVC Parts Limited or any subsidiary company of TVC Parts Limited or of any such holding company and the expressions “holding company” and “subsidiary company” shall be construed as defined in section 1159 of the Companies Act 2006.

(d) This Contract will be governed by the law of Northern Ireland and any dispute arising out of or in any way connected to it shall be subject to the exclusive jurisdiction of the Courts of Northern Ireland.

© 2016