AGREEMENT BETWEEN () AND BALKAN HOLIDAYS LIMITED/ ATOL 0252 APPOINTING () AS BALKAN HOLIDAYS LIMITED/ ATOL 0252 AGENT PURSUANT TO ATOL REGULATIONS 12 AND 22 ON 12 Dec 2018.
The definitions used in this agreement have the same meaning as those used in the ATOL Regulations 2012 (as amended).
Additionally, ‘Licensable Transaction’ means an offer made by a consumer (or their agent) to purchase flight accommodation for one or more persons on a flight which is accepted by an air travel organiser and constitutes an activity in respect of which that air travel organiser is required to hold an ATOL.
Duration of Agreement Agency Terms 3, 5, 8, 9 and 13 remain binding on the agent even if the principal ATOL holder has failed.
Extent of obligations
The obligations of all parties to this agreement extend only to the parties’ conduct in respect of licensable transactions.
Priority of Agency terms published by CAA Pursuant to AST 2.2 and Agency Term 1 no agency term negotiated between the principal ATOL holder and the agent may contradict or purport to contradict the CAA’s mandated terms and any that do so will be void.
Agency Term 1
By making available flight accommodation to consumers in the capacity of an agent, in accordance with ATOL Regulations 9, 10 and 12 the agent is deemed to have agreed to the terms of the written agency agreement between the principal ATOL holder and its agent.
The terms of the agency agreement include terms mandated by the CAA to be agreed between principal ATOL holders and agents for principal ATOL holders making available flight accommodation as agents of that principal ATOL holder.
Principal ATOL holders and agents cannot agree, whether in writing, by conduct or otherwise, any terms which contradict, or purport to contradict the terms mandated by the CAA. The agent must keep a copy of this agency agreement for the period it is in force and for 12 months after it expires or is terminated.
Agency Term 2.1
Agents must comply with ATOL Standard Term 1 as if they applied directly to the agent (as applicable) and any requirements to set out the principal ATOL holder’s name and number should be read as requirements to set out the agent’s principal’s name and ATOL number.
For the avoidance of doubt, agents are not permitted to use the ATOL logo without the permission of the CAA.
Agency Term 2.2
The agent must at all times identify the selling, protecting principal ATOL holder on all publicity material (including websites and brochures) that identify a flight or flight inclusive package which the agent is holding out it can make available to consumers.
Agency Term 2.3
Where the agent produces a receipt for money paid by a consumer the agent must identify which part of that money is protected by the principal ATOL holder’s ATOL and which, if any, is not.
Agency Term 3
The agent will, if requested by the CAA, report to the principal ATOL holder the unique reference number of each ATOL Certificate supplied by it, along with the corresponding ATOL holder’s reference number, where it acts as agent for the principal ATOL holder and where the transaction with the consumer was a Flight-Only or a package. If requested to do so by the CAA at any time, and including after the failure of the principal ATOL holder, the agent will provide this information to the CAA.
Agency Term 4
The agent will provide any information requested by the principal ATOL holder necessary to enable the principal ATOL holder to comply with the ATOL Standard Terms or any term of its ATOL.
Agency Term 5
Any payment received by the agent from consumers, for services owed by the principal ATOL holder to the consumer, is received and held by the agent on behalf of and for the benefit of the Trustees of the Air Travel Trust but subject to the agent’s right and obligation to make payment to the principal ATOL holder for so long as the principal ATOL holder does not fail. If the principal ATOL holder fails the agent confirms it will continue to hold consumer payments on behalf of the Trustees of the Air Travel Trust and without any right or obligation to pay the same to the principal ATOL holder.
Agency Term 6.1
Where an agent makes available flight accommodation as the agent of a principal ATOL holder, the agent must ensure an ATOL Certificate is supplied to the consumer immediately and in accordance with ATOL Regulation 17, regardless of whether the ATOL Certificate is produced by the principal ATOL holder or produced by the agent on behalf of the principal ATOL holder.
However, if an agent organises a package which includes that flight accommodation, the agent must immediately supply a package ATOL Certificate to the consumer in the agent’s own name.
Agency Term 6.2
Where an agent makes available a package as agent of a principal ATOL holder, the agent must additionally obtain a Confirmation (see AST 1.11) from the ATOL holder and, once obtained, pass it immediately to the consumer by the method set out below.
Where an agent receives any revised Confirmation from the principal ATOL holder, it will immediately pass it to the consumer by the method set out below.
Note: The method for the supply of a Confirmation means:
a) in the case of a consumer who is present at the time the agent receives the Confirmation, immediately handing it to that consumer or sending it to that consumer by electronic communication;
b) in the case of a consumer who is not present at the time the agent receives the Confirmation, immediately sending it to that consumer by electronic communication or by post.
Agency Term 7
When accepting payments in respect of transactions the agent would need an ATOL to transact if the agent were not the agent of the principal ATOL holder, agents may only accept payment from consumers as defined in the ATOL Regulations 2012.
Agency Term 8
Immediately upon the failure of the principal ATOL holder, the agent will provide the CAA with information on:
a) money paid to it by consumers, in respect of services to be provided for future travel by the principal ATOL holder to consumers; and
b) the ATOL Certificate unique reference numbers issued by that agent which apply to that failed ATOL holder, in a form acceptable to the CAA.
Agency Term 9
The rights of the CAA and the Trustees of the Air Travel Trust to enforce any obligations under this agreement on either party are not excluded. For the avoidance of doubt, they may be enforced by the CAA and the Trustees of the Air Travel Trust.
Agency Term 10
The agent is not permitted to appoint a sub-agent to perform its obligations as an agent of the principal ATOL holder on the agent’s behalf.
Agency Term 11
If a new or revised Schedule of Agency Terms is published by the CAA in its Official Record Series 3 those new or revised terms will immediately take effect and must be included in the terms of the agency agreement between the principal ATOL holder and the agent within 3 calendar months of the publication date.
Agency Term 12
If the principal ATOL holder fails to comply with its obligations to a consumer and by reason thereof the agent incurs a liability or obligation to the consumer, the agent shall be indemnified by the principal ATOL holder against all consequences following from such a failure.
Agency Term 13
If requested by the CAA the agent will provide any information regarding the principal ATOL holder referred to in AST 4 which it holds to the CAA on demand.
DATA PROTECTION AGENCY AGREEMENT
1.1 In this clause the following definitions apply:
(a) Agreed Purposes: means the agreed purposes to enable the parties to fulfil their respective obligations under the terms of this Agreement and all connected activities relating to the same [i.e. perform the Client holiday contract;
(b) Controller, data controller, processor, data processor, data subject, personal data, processing and appropriate technical and organisational measures: have the same meaning as set out in the Data Protection Legislation in force at the time;
(c) Data Protection Legislation: (i) the Data Protection Act 1998, until the effective date of its repeal (ii) the General Data Protection Regulation ((EU) 2016/679) (GDPR) and any national implementing laws, regulations and secondary legislation, for so long as the GDPR is effective in the UK, and (iii) any successor legislation to the Data Protection Act 1998 and the GDPR, in particular the Data Protection Bill 2017-2019, once it becomes law;
(d) Permitted Recipients: means the parties to this agreement, the employees of each party, any third parties engaged to perform obligations in connection with this agreement (including suppliers of travel arrangements);
(e) Shared Personal Data: means the personal data to be shared between the parties under clause 1.2 of this agreement to enable the parties to fulfil their obligations under the terms of this Agreement.
1.2 Shared Personal Data
This clause sets out the framework for the sharing of personal data between the parties as data controllers. Each party acknowledges that one party (the Data Discloser) will regularly disclose to the other party (the Data Recipient) Shared Personal Data collected by the Data Discloser for the Agreed Purposes.
1.3 Effect of non-compliance with Data Protection Legislation
Each party shall comply with all the obligations imposed on a controller under the Data Protection Legislation and, not by any act or omission, put the other party in breach of them in connection with this Agreement. Any material breach of the Data Protection Legislation by one party shall, if not remedied within 30 days of written notice from the other party, give grounds to the other party to terminate this agreement with immediate effect.
1.4 Particular obligations relating to data sharing
Each party shall:
(a) ensure that it has all necessary notices and consents in place to enable lawful transfer of the Shared Personal Data to the Permitted Recipients for the Agreed Purposes;
(b) give full information of the nature of such processing to any data subject whose personal data may be processed under this agreement. This includes giving notice that, on the termination of this agreement, personal data relating to them may be retained by or, as the case may be, transferred to one or more of the Permitted Recipients, their successors and assignees;
(c) process the Shared Personal Data only for the Agreed Purposes and shall not retain or process the Shared Personal Data for longer than is necessary to carry out the Agreed Purposes;
(d) not disclose or allow access to the Shared Personal Data to anyone other than the Permitted Recipients;
(e) ensure that all Permitted Recipients are subject to written contractual obligations concerning the Shared Personal Data (including obligations of confidentiality) which are no less onerous than those imposed by this agreement;
(f) ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the other party, to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
(g) not transfer any personal data received from the Data Discloser outside the EEA unless the transferor: (i) complies with the provisions of Articles 26 of the GDPR (in the event the third party is a joint controller); and (ii) ensures that (i) the transfer is to a country approved by the European Commission as providing adequate protection pursuant to Article 45 GDPR; or (ii) there are appropriate safeguards in place pursuant to Article 46 GDPR; or (iii) one of the derogations for specific situations in Article 49 GDPR applies to the transfer.
1.5 Mutual assistance
Each party shall assist the other in complying with all applicable requirements of the Data Protection Legislation. In particular, each party shall:
(a) consult with the other party about any notices given to data subjects in relation to the Shared Personal Data;
(b) promptly (and at the latest within 7 days of receipt) inform the other party about the receipt of any data subject access request;
(c) provide the other party with reasonable assistance in complying with any data subject access request;
(d) not disclose or release any Shared Personal Data in response to a data subject access request without first consulting the other party wherever possible;
(e) assist the other party, at the cost of the other party, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
(f) notify the other party without undue delay on becoming aware of any breach of the Data Protection Legislation, and provide assistance in relation to managing/dealing with the breach;
(g) at the written direction of the Data Discloser, delete or return Shared Personal Data and copies thereof to the Data Discloser on termination of this agreement unless required by law to store the personal data;
(h) use compatible technology for the processing of Shared Personal Data to ensure that there is no lack of accuracy resulting from personal data transfers;
(i) maintain complete and accurate records and information to demonstrate its compliance with this clause;
(j) provide the other party with contact details of at least one employee as point of contact and responsible manager for all issues arising out of the Data Protection Legislation, including the joint training of relevant staff, the procedures to be followed in the event of a data security breach and the regular review of the parties' compliance with the Data Protection Legislation.
Each party shall indemnify the other against all liabilities, costs, expenses, damages and losses (including but not limited to any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal costs (calculated on a full indemnity basis) and all other [reasonable] professional costs and expenses) suffered or incurred by the indemnified party arising out of or in connection with the breach of the Data Protection Legislation by the indemnifying party, its employees or agents, provided that the indemnified party gives to the indemnifier prompt notice of such claim, full information about the circumstances giving rise to it, reasonable assistance in dealing with the claim and sole authority to manage, defend and/or settle it.