Data Processing Agreement DPA

Data Processing Agreement (Business Customers)

Last Updated: June 2026

1. Purpose

This Data Processing Agreement ("DPA") forms part of the agreement between Access Diagnostic Tests UK Ltd ("ADT UK", "Processor") and the customer purchasing products or services from ADT UK ("Customer", "Controller").

This DPA governs the processing of personal data by ADT UK on behalf of the Customer in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Definitions

For the purposes of this Agreement:

  • Controller means the organisation that determines the purposes and means of processing personal data.
  • Processor means the organisation processing personal data on behalf of the Controller.
  • Personal Data has the meaning given in UK GDPR.
  • Processing means any operation performed on personal data, including collection, storage, use, disclosure or deletion.
  • Data Subject means the individual to whom the personal data relates.

3. Scope of Processing

ADTUK may process personal data on behalf of the Customer where necessary to:

  • Supply products and services.
  • Process orders and payments.
  • Provide technical support.
  • Manage customer accounts.
  • Facilitate training or consultation services.
  • Respond to customer enquiries.

Categories of Personal Data

The personal data processed may include:

  • Names
  • Business contact details
  • Email addresses
  • Telephone numbers
  • Delivery addresses
  • Order information
  • Account information

ADTUK does not routinely process employee drug test results or health information on behalf of customers unless specifically agreed in writing.

Categories of Data Subjects

  • Customer employees
  • Customer representatives
  • Account holders
  • Authorised users
  • Delivery recipients

4. Processor Obligations

ADTUK shall:

  • Process personal data only on documented instructions from the Customer.
  • Ensure personnel handling personal data are subject to confidentiality obligations.
  • Implement appropriate technical and organisational security measures.
  • Assist the Customer in fulfilling data subject rights requests where reasonably required.
  • Notify the Customer without undue delay if a personal data breach occurs.
  • Maintain records of processing activities where required by law.
  • Comply with all applicable data protection legislation.

5. Security Measures

ADTUK maintains appropriate security measures including:

  • Secure website hosting.
  • Encrypted transmission of data where appropriate.
  • Access controls and password protection.
  • Restricted access to personal data.
  • Staff training and confidentiality requirements.
  • Regular software and security updates.

6. Sub-Processors

The Customer authorises ADT UK to engage trusted third-party service providers where necessary, including:

  • Payment providers
  • Website hosting providers
  • Courier and delivery companies
  • Cloud service providers
  • IT support providers

ADT UK shall ensure that any authorised sub-processor is subject to appropriate contractual obligations consistent with this DPA.

7. International Transfers

ADTUK shall not transfer personal data outside the United Kingdom unless appropriate safeguards are in place in accordance with UK GDPR requirements.

8. Data Subject Rights

ADTUK shall, taking into account the nature of processing, assist the Customer where reasonably possible in responding to requests relating to:

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Portability
  • Objection to processing

9. Personal Data Breaches

ADT UK shall notify the Customer without undue delay after becoming aware of a personal data breach affecting personal data processed on behalf of the Customer.

The notification shall include available information regarding:

  • Nature of the breach
  • Categories of affected data
  • Likely consequences
  • Mitigation measures taken

10. Audit Rights

Upon reasonable written request, the Customer may request information demonstrating ADT UK's compliance with this DPA.

Any audit request must:

  • Be reasonable and proportionate.
  • Be conducted during normal business hours.
  • Not compromise the confidentiality of other customers.

11. Data Retention and Deletion

ADTUK shall retain personal data only for as long as necessary to fulfil contractual, legal, regulatory and accounting obligations.

Upon termination of services, personal data shall be deleted or anonymised unless retention is required by law.

12. Liability

Each party shall be responsible for its own compliance with applicable data protection laws.

Nothing in this DPA limits liability where such limitation is prohibited by law.

13. Governing Law

This Agreement shall be governed by and construed in accordance with the laws of England and Wales.

Any disputes arising from this Agreement shall be subject to the exclusive jurisdiction of the courts of England and Wales.

14. Contact Information

Access Diagnostic Tests UK Ltd
Unit 15 & 19 Aylsham Business Estate
Dunkirk
Aylsham
Norfolk
NR11 6SZ
United Kingdom

Email: support@adtuk.co.uk

By purchasing products or services from ADTUK, the Customer acknowledges and agrees to the terms of this Data Processing Agreement where applicable.

Privacy Policy

This Data Processing Agreement should be read alongside ADTUK's Privacy Policy, which explains how we collect, use, store and protect personal data when acting as a Data Controller.

View our GDPR Privacy Policy 

Related Policies

For additional information, please refer to:

These documents explain how ADTUK manages personal information, website usage, orders, and customer relationships in compliance with UK law.