TERMS & CONDITIONS
CYBER RISK SCORE LTD – END USER LICENCE AGREEMENT
PLEASE READ CAREFULLY BEFORE ACCESSING or DOWNLOADING ANY SOFTWARE FROM THIS WEBSITE OR OTHERWISE MADE AVAILIBLE TO YOU BY CYBER RISK SCORE OR ITS RESELLERS:
This End User Licence Agreement (Agreement) is a legal agreement between you (Customer or you) and Cyber Risk Score ltd of Lumaneri House, Blythe Gate, Blythe Valley Park, Solihull. B90 8AH, England ( Licensor, us or we) for the provision of the Services.
WEB BROWSER REQUIREMENTS: The following web browsers are supported Google Chrome – 8 or later, Opera 7.0, Mozilla Firefox – 73.0 or later.
BY TAKING AN ACTION TO INDICATE ACCEPTANCE, INCLUDING, BUT NOT LIMITED TO, USING THE SERVICES, YOU ON BEHALF OF THE END USER AGREE TO THE TERMS OF THIS AGREEMENT. IN THE EVENT YOU ARE ENTERING INTO THIS LICENCE ON BEHALF OF A COMPANY, END USER REFERS TO THAT COMPANY, AND YOU CERTIFY THAT YOU ARE AN AUTHORISED REPRESENTATIVE OF THE END USER. IF END USER DOES NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, PLEASE DISCONTINUE THE SET-UP AND INSTALLATION OR DISCONTINUE USE OF THE SERVICES. IF THE TERMS OF THE AGREEMENT ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO THESE TERMS.
1.1The definitions and rules of interpretation in this clause apply in this agreement.
Authorised Users: those employees, agents and independent contractors of the Customer who are authorised by the Customer to use the Services and the Documentation, as further described in clause 2.2.
Business Day: a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business.
Confidential Information: information that is proprietary or confidential and is either clearly labelled as such or identified as Confidential Information in clause 12.5 or clause 12.6 .
Controller, processor, data subject, personal data, personal data breach, processing and appropriate technical and organisational measures: as defined in the Data Protection Legislation.
Customer Data: the data inputted by the Customer, Authorised Users, or the Licensor on the Customer’s behalf for the purpose of using the Services or facilitating the Customer’s use of the Services.
Data Protection Legislation: the UK Data Protection Legislation and any other European Union legislation relating to personal data and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including, without limitation, the privacy of electronic communications); [and the guidance and codes of practice issued by the relevant data protection or supervisory authority and applicable to a party].
Effective Date: the date of this agreement.
Evaluation Product: a release of Software or Plan for purposes of testing and evaluation prior to such Software or Plan being made commercially available. Evaluation Products may still be under development and therefore are subject to the terms of clause 4 (Evaluation Products).
Evaluation Product Test Period: the period during which an End User tests an Evaluation Product. The Evaluation Product Test Period begins on the Effective date and ends upon the earlier of either (i) the date on which Licensor makes the Evaluation Product generally available; or (ii) the date that the Licensor specifies in a notice to the Customer as provided in clause 4.4.
Heightened Cybersecurity Requirements: any laws, regulations, codes, guidance (from regulatory and advisory bodies. Whether mandatory or not), international and national standards, [industry schemes] and sanctions, which are applicable to either the Customer or an Authorised User [(but not the Licensor)] relating to security of network and information systems and security breach and incident reporting requirements, which may include the cybersecurity Directive ((EU) 2016/1148), Commission Implementing Regulation ((EU) 2018/151), the Network and Information systems Regulations 2018 (SI 506/2018), all as amended or updated from time to time.
Initial Subscription Term: 30 days or 12 months according to the Plan purchased. Normal Business Hours: 8.00 am to 6.00 pm local UK time, each Business Day.
Renewal Period: the period described in clause 15.1.
Services: the subscription services provided by the Licensor to the Customer under this agreement via www.cr-score.com, any other website notified to the Customer by the Licensor from time to time or otherwise supplied via one of the Licensor’s partners.
Software: the online software applications provided by the Licensor as part of the Services. Subscription Fees: the subscription fees payable by the Customer to the Licensor for the Plans, as set out on the Licensor’s website or in a Statement of Work. Subscription Term: has the meaning given in clause 15.1 (being the Initial Subscription Term together with any subsequent Renewal Periods).
Subscription Fees: the subscription fees payable by the Customer to the Licensor for the Plans, as set out on the Licensor’s website or in a Statement of Work.
Subscription Term: has the meaning given in clause 15.1 (being the Initial Subscription Term together with any subsequent Renewal Periods).
Plans: the user subscriptions purchased by the Customer pursuant to clause 10.1which entitle Authorised Users to access and use the Services and the Documentation in accordance with this agreement.
Virus: Any thing or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re- arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices.
Vulnerability: a weakness in the computational logic (for example, code) found in software and hardware components that when exploited, results in a negative impact to the confidentiality, integrity, or availability, and the term Vulnerabilities shall be construed accordingly.
1.2 Clause, schedule and paragraph headings shall not affect the interpretation of this agreement.
1.3 A person includes an individual, corporate or unincorporated body (whether or not having separate legal personality) and that person’s legal and personal representatives, successors or permitted assigns.
1.4 A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.
1.5 Unless the context otherwise requires, words in the singular shall include the plural, and in the plural, shall include the singular.
1.6 Unless the context otherwise requires, a reference to one gender shall include a reference to the other genders.
1.7 A reference to a statute or statutory provision is a reference to it as it is in force as at the date of this agreement.
1.8 A reference to a statute or statutory provision shall include all subordinate legislation made as at the date of this agreement under that statute or statutory provision.
1.9 A reference to writing or written includes e-mail.
1.10 References to clauses and schedules are to the clauses and schedules of this agreement; references to paragraphs are to paragraphs of the relevant schedule to this agreement.
2.1 Subject to the Customer purchasing the Plans in accordance with clause 3.3 and clause 10.1, the restrictions set out in this clause 2 and the other terms and conditions of this agreement, the Licensor hereby grants to the Customer a non-exclusive, non-transferable right, without the right to grant sublicences, to permit the Authorised Users to use the Services and the Documentation during the Subscription Term solely for the Customer’s internal business operations.
2.2 In relation to the Authorised Users, the Customer undertakes that:
a.each Authorised User shall keep a secure password for his use of the Services and Documentation, and that each Authorised User shall keep his password confidential; and
b.each Authorised User will use the Services solely in relation to individuals, networks and systems that have given prior written permission to do so.
2.3 The Customer shall not access, store, distribute or transmit any Viruses, or any material during the course of its use of the Services that:
a.is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;
b.facilitates illegal activity; c.depicts sexually explicit images; d.promotes unlawful violence;
e.is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or
f.is otherwise illegal or causes damage or injury to any person or property;
and the Licensor reserves the right, without liability or prejudice to its other rights to the Customer, to disable the Customer’s access to any material that breaches the provisions of this clause.
2.4 The Customer shall not:
a.except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties and except to the extent expressly permitted under this agreement:
i.attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Software and/or Documentation (as applicable) in any form or media or by any means; or
ii.attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Software; or
b.access all or any part of the Services and Documentation in order to build a product or service which competes with the Services and/or the Documentation; or
c.use the Services and/or Documentation to provide services to third parties; or
d.subject to clause 23.1, license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services and/or Documentation available to any third party except the Authorised Users, or
e.attempt to obtain, or assist third parties in obtaining, access to the Services and/or Documentation, other than as provided under this clause 2; or
f.introduce or permit the introduction of, any Virus or Vulnerability into the Licensor’s network and information systems.
2.5The Customer shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Services and/or the Documentation and, in the event of any such unauthorised access or use, promptly notify the Licensor.
2.6The rights provided under this clause 2 are granted to the Customer only, and shall not be considered granted to any subsidiary or holding company of the Customer.
3.1Subject to clause 3.2 and clause 3.3, the Customer may, from time to time during any Subscription Term, purchase additional Plans or upgrade its current Plan and the Licensor shall grant access to the Services and the Documentation to such additional Authorised Users in accordance with the provisions of this agreement.
3.2If the Customer wishes to purchase additional Plans or upgrade its existing Plan, the Customer may do so through the Licensor’s website or through one of its partners subject to payment being made in accordance with clause 10.
3.3If the Licensor approves the Customer’s request to purchase additional Plans, the Customer shall, within 30 days of the date of the Licensor’s invoice, pay to the Licensor the relevant fees for such additional Plans as set out on the Licensor’s website. If such additional Plans are purchased by the Customer part way through the Initial Subscription Term or any Renewal Period (as applicable), such fees shall be pro-rated from the date of activation by the Licensor for the remainder of the Initial Subscription Term or then current Renewal Period (as applicable).
4.1 From time to time, the Customer may wish to evaluate an Evaluation Product on a temporary basis for non-commercial use. If the Licensor agrees to such evaluation, subject to the terms and conditions of this agreement, the Licensor grants to the End User during the Evaluation Product Test Period, a cost-free, non-sublicensable, non-transferable, non- assignable and non-exclusive, revocable license to use the Evaluation Product, solely at the location identified in writing by the Customer and solely for the Customer’s internal evaluation of the Evaluation Product. End User may only grant access to the Evaluation Product to employees, contractors, agents or consultants who are bound to confidentiality and non-use obligations no less protective of the Licensor’s proprietary rights than this Agreement. Notwithstanding anything to the contrary as stated in this Agreement, all worldwide right, title and interest to the Evaluation Product, and all Intellectual Property Rights in and to them, are and will remain the exclusive property of the Licensor.
4.2 Unless otherwise agreed to by the parties in writing or terminated earlier in accordance with this Agreement, the Evaluation Product Test Period shall commence upon delivery of the Evaluation Product and continue up to thirty days thereafter. Upon the expiration or termination of the Evaluation Period
(i) all licenses granted under this clause 4 shall cease, and
(ii) the Customer’s licence to use the Evaluation Product will be revoked with immediate effect.
4.3 Notwithstanding anything to the contrary as contained in this Agreement, the Licensor acknowledges and agrees that the Evaluation Product is provided for evaluation “AS-IS” and make no representations or warranties of any kind, express or implied, with respect to the Evaluation Product, including, without limitation, any implied warranties of merchantability, title, fitness for a particular purpose, informational content, system integration, enjoyment, noninfringement or any other warranties arising out of course of dealing, usage or trade.
4.4 Notwithstanding other notice provisions set forth in this Agreement, the Licensor reserves the right to end the Evaluation Product Test Period at any time and for any reason upon notice by email to the person the Customer designates as a contact for the Evaluation Product. Upon the termination of the Evaluation Product Test Period, all licenses granted under this clause 4 will cease, and the Licensor may make a Plan available to the Customer.
5.1 The Licensor shall, during the Subscription Term, provide the Services and make available the Documentation to the Customer on and subject to the terms of this agreement.
5.2 The Licensor shall use commercially reasonable endeavours to make the Services available 24 hours a day, seven days a week, with a guarantee of 99.5% uptime, except for:
a. planned downtime (which Licensor shall not schedule, to the extent practicable, during Normal Business hours; and
b. emergency maintenance which may occur inside or outside Normal Business at Licensor’s discretion
5.3 The Licensor will, as part of the Services and at no additional cost to the Customer, provide the Customer with the Licensor’s standard customer support services during Normal Business Hours. The Customer may purchase enhanced support services separately at the Licensor’s then current rates.
6.1 The Customer shall own all rights, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of all such Customer Data.
6.3 Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 6 is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under the Data Protection Legislation.
6.4 The parties acknowledge that:
a. if the Licensor processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the Customer is the controller and the Licensor is the processor for the purposes of the Data Protection Legislation.
b. Schedule 1 sets out the scope, nature and purpose of processing by the Licensor, the duration of the processing and the types of personal data and categories of data subject.
c. the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Licensor’s other obligations under this agreement.
6.5 Without prejudice to the generality of clause 6.4, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the personal data to the Licensor for the duration and purposes of this agreement so that the Licensor may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer’s behalf.
6.6 Without prejudice to the generality of clause 6.4, the Licensor shall, in relation to any personal data processed in connection with the performance by the Licensor of its obligations under this agreement:
a. process that personal data only on the documented written instructions of the Customer unless the Licensor is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Licensor and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where the Licensor is relying on Applicable Laws as the basis for processing personal data, the Licensor shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Licensor from so notifying the Customer;
b. not transfer any personal data outside of the European Economic Area and the United Kingdom unless the following conditions are fulfilled:
i. the Customer or the Licensor has provided appropriate safeguards in relation to the transfer;
ii. the data subject has enforceable rights and effective legal remedies;
iii. the Licensor complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and
iv. the Licensor complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data;
c. assist the Customer, at the Customer’s cost, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
d. notify the Customer without undue delay on becoming aware of a personal data breach;
e. at the written direction of the Customer, delete or return personal data and copies thereof to the Customer on termination of the agreement unless required by Applicable Law to store the personal data (and for these purposes the term “delete” shall mean to put such data beyond use); and
f. maintain complete and accurate records and information to demonstrate its compliance with this clause 6 and immediately inform the Customer if, in the opinion of the Licensor, an instruction infringes the Data Protection Legislation.
6.7 Each party shall ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the other party, to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it).
6.8 The Customer consents to the Licensor appointing third party entities as third-party processors of personal data under this agreement. The Licensor confirms that it has entered or (as the case may be) will enter with any applicable third-party processor into a written agreement incorporating terms which are substantially similar to those set out in this clause 6 and in either case which the Licensor undertakes reflect and will continue to reflect the requirements of the Data Protection Legislation. As between the Customer and the Licensor, the Licensor shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this clause 6.
6.9 Either party may, at any time on not less than 30 days’ notice, revise this clause 6 by replacing it with any applicable controller to processor standard clauses or similar terms forming part of an applicable certification scheme (which shall apply when replaced by attachment to this agreement).
7.Third party providers
8.1 The Licensor undertakes that the Services will be performed substantially in accordance with the Documentation and with reasonable skill and care.
8.2 The undertaking at clause 8.1 shall not apply to the extent of any non-conformance which is caused by use of the Services contrary to the Licensor’s instructions, or modification or alteration of the Services by any party other than the Licensor or the Licensor’s duly authorised contractors or agents. If the Services do not conform with the foregoing undertaking, Licensor will, at its expense, use all reasonable commercial endeavours to correct any such non- conformance promptly, or provide the Customer with an alternative means of accomplishing the desired performance. Such correction or substitution constitutes the Customer’s sole and exclusive remedy for any breach of the undertaking set out in clause 8.1.
8.3 The Licensor:
a. does not warrant that:
i. the Customer’s use of the Services will be uninterrupted or error-free; or
ii. that the Services, Documentation and/or the information obtained by the Customer through the Services will meet the Customer’s requirements; or
iii. the Software or the Services will be free from Vulnerabilities; or
iv. the Software, Documentation or Services will comply with any Heightened Cybersecurity Requirements.
b. is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Services and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities.
8.4 This agreement shall not prevent the Licensor from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under this agreement.
8.5 The Licensor warrants that it has and will maintain all necessary licences, consents, and permissions necessary for the performance of its obligations under this agreement.
9.1 The Customer shall:
a. provide the Licensor with:
i. all necessary co-operation in relation to this agreement; and
ii. all necessary access to such information as may be required by the Licensor; and in order to provide the Services, including but not limited to Customer Data, security access information and configuration services;
b. without affecting its other obligations under this agreement, comply with all applicable laws and regulations with respect to its activities under this agreement;
c. carry out all other Customer responsibilities set out in this agreement in a timely and efficient manner. In the event of any delays in the Customer’s provision of such assistance as agreed by the parties, the Licensor may adjust any agreed timetable or delivery schedule as reasonably necessary;
d. ensure that the Authorised Users use the Services and the Documentation in accordance with the terms and conditions of this agreement and shall be responsible for any Authorised User’s breach of this agreement;
e. obtain and shall maintain all necessary licences, consents, and permissions necessary for the Licensor, its contractors and agents to perform their obligations under this agreement, including without limitation the Services;
f. ensure that its network and systems comply with the relevant specifications provided by the Licensor from time to time; and
g. be, to the extent permitted by law and except as otherwise expressly provided in this agreement, solely responsible for procuring, maintaining and securing its network connections and telecommunications links from its systems to the Licensor’s data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer’s network connections or telecommunications links or caused by the internet.
10.Charges and payment
10.1 The Customer shall pay the Subscription Fees to the Licensor for the Plans in accordance with this clause 10.
10.2 The Customer shall on the Effective Date provide to the Licensor valid, up-to-date and complete credit card details or approved purchase order information acceptable to the Licensor and any other relevant valid, up-to-date and complete contact and billing details and, if the Customer provides:
a. its credit card details to the Licensor, the Customer hereby authorises the Licensor to bill such credit card:
i. on the Effective Date for the Subscription Fees payable in respect of the Initial Subscription Term; and
ii. subject to clause 15.1, on each anniversary of the Effective Date for the Subscription Fees payable in respect of the next Renewal Period;
b. its approved purchase order information to the Licensor, the Licensor shall invoice the customer:
i. on the Effective Date for the Subscription Fees payable in respect of the Initial Subscription Term; and
ii. subject to clause 15.1, at least 30 days prior to each anniversary of the Effective Date for the Subscription Fees payable in respect of the next Renewal Period, and the Customer shall pay each invoice within 30 days after the date of such invoice.
10.3 Customers may be invited to trial any Plan for 7 days during which time the Customer can cancel the Plan without charge and without incurring any liability. Once the 7 days has expired the Customer will be charged at the rate set for the chosen Plan in accordance with clause 10.2 above.
10.4 If the Licensor has not received payment within 30 days after the due date, and without prejudice to any other rights and remedies of the Licensor:
a. the Licensor may, without liability to the Customer, disable the Customer’s password, account and access to all or part of the Services and the Licensor shall be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid; and
b. interest shall accrue on a daily basis on such due amounts at an annual rate equal to 8% over the then current base lending rate of the base rate of the Bank of England from time to time, commencing on the due date and continuing until fully paid, whether before or after judgment.
10.5 All amounts and fees stated or referred to in this agreement:
a. shall be payable in pounds sterling;
b. are, subject to clause 14.3(b), non-cancellable and non-refundable;
c. are exclusive of value added tax, which shall be added to the Licensor’s invoice(s) at the appropriate rate.
10.6 The Licensor shall be entitled to increase the Subscription Fees, the fees payable in respect of the additional Plans purchased pursuant to clause 3.3 at the start of each Renewal Period upon 90 days’ prior notice to the Customer.
11.1 The Customer acknowledges and agrees that the Licensor and/or its licensors own all Intellectual Property Rights in the Services and the Documentation. Except as expressly stated herein, this agreement does not grant the Customer any rights to, under or in, any patents, copyright, database right, trade secrets, trade names, trade marks (whether registered or unregistered), or any other rights or licences in respect of the Services or the Documentation.
11.2 The Licensor confirms that it has all the rights in relation to the Services and the Documentation that are necessary to grant all the rights it purports to grant under, and in accordance with, the terms of this agreement.
12.1Each party may be given access to Confidential Information from the other party in order to perform its obligations under this agreement. A party’s Confidential Information shall not be deemed to include information that:
a. is or becomes publicly known other than through any act or omission of the receiving party; b. was in the other party’s lawful possession before the disclosure;
c. is lawfully disclosed to the receiving party by a third party without restriction on disclosure; or
d. is independently developed by the receiving party, which independent development can be shown by written evidence.
12.2 Subject to clause 12.4, each party shall hold the other’s Confidential Information in confidence and not make the other’s Confidential Information available to any third party, or use the other’s Confidential Information for any purpose other than the implementation of this agreement.
12.3 Each party shall take all reasonable steps to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of this agreement.
12.4 A party may disclose Confidential Information to the extent such Confidential Information is required to be disclosed by law, by any governmental or other regulatory authority or by a court or other authority of competent jurisdiction, provided that, to the extent it is legally permitted to do so, it gives the other party as much notice of such disclosure as possible and, where notice of disclosure is not prohibited and is given in accordance with this clause 12.4, it takes into account the reasonable requests of the other party in relation to the content of such disclosure.
12.5 The Customer acknowledges that details of the Services, and the results of any performance tests of the Services, constitute the Licensor’s Confidential Information.
12.6 The Licensor acknowledges that the Customer Data is the Confidential Information of the Customer.
12.7 No party shall make, or permit any person to make, any public announcement concerning this agreement without the prior written consent of the other parties (such consent not to be unreasonably withheld or delayed), except as required by law, any governmental or regulatory authority (including, without limitation, any relevant securities exchange), any court or other authority of competent jurisdiction.
12.8 The above provisions of this clause 12 shall survive termination of this agreement, however arising.
13.1 The Customer shall defend, indemnify and hold harmless the Licensor against claims, actions, proceedings, losses, damages, expenses and costs (including without limitation court costs and reasonable legal fees) arising out of or in connection with the Customer’s use of the Services and/or Documentation, provided that:
a. the Customer is given prompt notice of any such claim;
b. the Licensor provides reasonable co-operation to the Customer in the defence and settlement of such claim, at the Customer’s expense; and
c. the Customer is given sole authority to defend or settle the claim.
13.2 The Licensor shall defend the Customer, its officers, directors and employees against any claim that the Customer’s use of the Services or Documentation in accordance with this agreement infringes any United Kingdom patent effective as of the Effective Date, copyright, trade mark, database right or right of confidentiality, and shall indemnify the Customer for any amounts awarded against the Customer in judgment or settlement of such claims, provided that:
a. the Licensor is given prompt notice of any such claim;
b. the Customer provides reasonable co-operation to the Licensor in the defence and settlement of such claim, at the Licensor’s expense; and
c. the Licensor is given sole authority to defend or settle the claim.
13.3 In the defence or settlement of any claim, the Licensor may procure the right for the Customer to continue using the Services, replace or modify the Services so that they become non-infringing or, if such remedies are not reasonably available, terminate this agreement on 2 Business Days’ notice to the Customer without any additional liability or obligation to pay liquidated damages or other additional costs to the Customer.
13.4 In no event shall the Licensor, its employees, agents and sub-contractors be liable to the Customer to the extent that the alleged infringement is based on:
a.a modification of the Services or Documentation by anyone other than the Licensor; or
b.the Customer’s use of the Services or Documentation in a manner contrary to the instructions given to the Customer by the Licensor; or
c.the Customer’s use of the Services or Documentation after notice of the alleged or actual infringement from the Licensor or any appropriate authority.
13.5 The foregoing and clause 14.3(b)state the Customer’s sole and exclusive rights and remedies, and the Licensor’s (including the Licensor’s employees’, agents’ and sub- contractors’) entire obligations and liability, for infringement of any patent, copyright, trade mark, database right or right of confidentiality.
14.Limitation of liability
14.1 Except as expressly and specifically provided in this agreement:
a. the Customer assumes sole responsibility for results obtained from the use of the Services and the Documentation by the Customer, and for conclusions drawn from such use. The Licensor shall have no liability for any damage caused by errors or omissions in any information, instructions or scripts provided to the Licensor by the Customer in connection with the Services, or any actions taken by the Licensor at the Customer’s direction;
b. all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this agreement; and
c. the Services and the Documentation are provided to the Customer on an “as is” basis.
14.2 Nothing in this agreement excludes the liability of the Licensor:
a. for death or personal injury caused by the Licensor’s negligence; or
b. for fraud or fraudulent misrepresentation.
14.3 Subject to clause 14.1 and clause 14.2:
a. the Licensor shall not be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or for any special, indirect or consequential loss, costs, damages, charges or expenses however arising under this agreement; and
b. the Licensor’s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of this agreement shall be limited to the total
Subscription Fees paid for the Plans during the 12 months immediately preceding the date on which the claim arose.
Subscription Fees paid for the Plans during the 12 months immediately preceding the date on which the claim arose.
15.Term and termination
15.1 This agreement shall, unless otherwise terminated as provided in this clause 15, commence on the Effective Date and shall continue for the Initial Subscription Term and, thereafter, this agreement shall be automatically renewed for successive periods equal to the Initial Subscription Term (each a Renewal Period), unless:
a. either party notifies the other party of termination, in writing, at least 60 days before the end of the Initial Subscription Term or any Renewal Period, in which case this agreement shall terminate upon the expiry of the applicable Initial Subscription Term or Renewal Period; or
b. otherwise terminated in accordance with the provisions of this agreement; and the Initial Subscription Term together with any subsequent Renewal Periods shall constitute the Subscription Term.
15.2 Without affecting any other right or remedy available to it, either party may terminate this agreement with immediate effect by giving written notice to the other party if:
a. the other party fails to pay any amount due under this agreement on the due date for payment and remains in default not less than 30 days after being notified in writing to make such payment;
b. the other party commits a material breach of any other term of this agreement which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 7 days after being notified in writing to do so;
c. the other party repeatedly breaches any of the terms of this agreement in such a manner as to reasonably justify the opinion that its conduct is inconsistent with it having the intention or ability to give effect to the terms of this agreement;
d. the other party suspends, or threatens to suspend, payment of its debts or is unable to pay its debts as they fall due or admits inability to pay its debts or is deemed unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986, as if the words “it is proved to the satisfaction of the court” did not appear in sections 123(1)(e) or 123(2) of the Insolvency Act 1986; or
e. the other party suspends or ceases, or threatens to suspend or cease, carrying on all or a substantial part of its business.
15.3 On termination of this agreement for any reason:
a. all licences granted under this agreement shall immediately terminate and the Customer shall immediately cease all use of the Services and/or the Documentation;
b. each party shall return and make no further use of any equipment, property, Documentation and other items (and all copies of them) belonging to the other party;
c. the Licensor may destroy or otherwise dispose of any of the Customer Data in its possession in accordance with clause 6.7(c), unless the Licensor receives, no later than ten days after the effective date of the termination of this agreement, a written request for the delivery to the Customer of the then most recent back-up of the Customer Data. The Licensor shall use reasonable commercial endeavours to deliver the back-up to the Customer within 30 days of its receipt of such a written request, provided that the Customer has, at that time, paid all fees and charges outstanding at and resulting from termination (whether or not due at the date of termination). The Customer shall pay all reasonable expenses incurred by the Licensor in returning or disposing of Customer Data; and
d. any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the agreement which existed at or before the date of termination shall not be affected or prejudiced.
e. the Customer shall immediately pay to the Licensor all of the Licensor’s outstanding unpaid invoices and interest and, in respect of Services supplied but for which no invoice has been submitted, the Licensor shall submit an invoice, which shall be payable by the Customer immediately on receipt.
The Licensor shall have no liability to the Customer under this agreement if it is prevented from or delayed in performing its obligations under this agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, epidemics or pandemics, strikes, lock-outs or other industrial disputes (whether involving the workforce of the Licensor or any other party), failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of Licensors or sub-contractors, provided that the Customer is notified of such an event and its expected duration.
If there is an inconsistency between any of the provisions in the main body of this agreement and the Schedules, the provisions in the main body of this agreement shall prevail.
No variation of this agreement shall be effective unless it is in writing and signed by the parties (or their authorised representatives).
No failure or delay by a party to exercise any right or remedy provided under this agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.
20.Rights and remedies
Except as expressly provided in this agreement, the rights and remedies provided under this agreement are in addition to, and not exclusive of, any rights or remedies provided by law.
21.1If any provision or part-provision of this agreement is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of this agreement.
21.2If any provision or part-provision of this agreement is deemed deleted under clause 21.1 the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
22.1 This agreement constitutes the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter.
22.2 Each party acknowledges that in entering into this agreement it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in this agreement.
22.3 Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in this agreement.
22.4 Nothing in this clause shall limit or exclude any liability for fraud.
23.1 The Customer shall not, without the prior written consent of the Licensor, assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this agreement.
23.2 The Licensor may at any time assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this agreement.
24.No partnership or agency
Nothing in this agreement is intended to or shall operate to create a partnership between the parties, or authorise either party to act as agent for the other, and neither party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way (including, but not limited to, the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).
25.Third party rights
This agreement does not confer any rights on any person or party (other than the parties to this agreement and, where applicable, their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.
26.1 Any notice required to be given under this agreement shall be in writing and shall be delivered by hand or sent by pre-paid first-class post or recorded delivery post to the other party at its address set out in this agreement, or such other address as may have been notified by that party for such purposes.
26.2 A notice delivered by hand shall be deemed to have been received when delivered (or if delivery is not in business hours, at 9 am on the first business day following delivery). A correctly addressed notice sent by pre-paid first-class post or recorded delivery post shall be deemed to have been received at the time at which it would have been delivered in the normal course of post. A notice sent by fax shall be deemed to have been received at the time of transmission (as shown by the timed printout obtained by the sender).
This agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales.
Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this agreement or its subject matter or formation (including non-contractual disputes or claims).
SCHEDULE 1 – DATA PROCESSING AGREEMENT (“DPA”)
1.1 For the purposes of this DPA, the terms defined in this schedule shall have the meanings as set forth in the Agreement. Any terms not specifically defined by this DPA or the Agreement shall have the meaning given by GDPR.
1.2 Terms defined in this DPA will have the meanings given below. Defined terms may be used in the singular or plural depending on the context.
“Customer Personal Data” means all personal data and information provided by Customer to, or accessible by, the Licensor under this Agreement in connection with the supply of the Services);
“Data Protection Laws” means the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003, the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), and laws of similar purpose or effect in any relevant jurisdiction, in each case as amended, updated, re-enacted or replaced from time to time;
“EU Model Clauses” means the standard contractual clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection under Directive 95/46/EC, pursuant to the European Commission Decision of 5 February 2010;
“GDPR” is as defined in “Data Privacy Laws” above;
2.SUBJECT MATTER OF THE DATA PROCESSING AGREEMENT
2.1 This Data Processor Agreement (“DPA”) applies to the processing of Customer Personal Data under the Agreement.
2.2 Customer will be the “Data Controller” and Licensor will be the “Data Processor” as defined under GDPR. Each Party agrees that it shall comply with its obligations as a Data Controller and a Data Processor, respectively under the Data Protection Laws in exercising its rights and performing its obligations under this Agreement.
3.NATURE AND PURPOSE OF PROCESSING REGULATED DATA
3.1 The Data Processor shall process Personal Data in order to provide the Services as set forth in the Agreement.
4.TYPES AND CATEGORIES OF PERSONAL DATA
4.1 Categories of Data Subjects are as follows:
• Customer clients; and
• any other categories of Data Subjects that may be contained in the Data Controller’s network.
4.2 The types of Personal Data are as follows:
• Customer staff names, addresses and contact details; and
• And any other types of Personal Data that may be required in order to supply the Services.
5.RIGHTS AND OBLIGATIONS OF THE CONTROLLER
5.1 The Data Controller hereby instructs the Data Processor to take such steps in the processing of Personal Data as are reasonably necessary for the performance of the Data Processor’s obligations under the Agreement, and agrees that such instructions, including the terms of this DPA and the Agreement, constitute its full and complete instructions as to the means by which Personal Data shall be processed by the Data Processor.
6.RIGHTS AND OBLIGATIONS OF THE PROCESSOR
6.1 The Data Processor shall only process Personal Data in accordance with the Data Controller’s written instruction as specified herein and shall not use Personal Data except to deliver the Services as instructed by the Agreement, unless such processing is required by law to which the Data Processor is subject, in which case the Data Processor shall, to the extent permitted by law, inform the Data Controller of that legal requirement prior to carrying out the applicable processing.
6.2 The Data Processor shall immediately inform the Data Processor if, in the Data Processor’s reasonable opinion, an instruction from the Data Controller infringes the Data Protection Laws.
6.3 If Personal data originates in the European Union, the Data Processor shall not transfer Personal Data outside the European Economic Area (“EEA”) without the prior written consent of the Data Controller and not without procuring provision of adequate safeguards (as defined by the European Commission from time to time).
6.4 In the event that the UK ceases to be a member of the European Union or ceases to be considered by the European Commission to be an adequate country pursuant to Article 45 of GDPR, then the parties agree that the Licensor will apply the EU Model Clauses to any relevant transfer of data and the EU Model Clauses will be deemed incorporated from the date of first transfer. Any processing of Personal Data under the EU Model Clauses will reflect the subject matter, purpose and scope of Personal Data processed under this DPA (for the purpose of Appendix 1 of the EU Model Clauses) and be subject to the technical and organisational measures detailed herein (for the purpose of Appendix 2 of the EU Model Clauses).
6.5 The Data Processor shall take reasonable steps to ensure the reliability of its agents and employees who have access to any Personal Data.
7.1 Taking into account the nature, scope, context and purposes of processing, the Data Processor will use commercially reasonable efforts to maintain the administrative, physical, technical and organisational measures to protect any Personal Data accessed or processed by it against unauthorised or unlawful processing or accidental loss, destruction, damage or disclosure.
8.PERSONAL DATA BREACH NOTIFICATION
8.1 In the event that the Data Processor suffers a Personal Data Breach, the Data Processor shall inform the Data Controller within twenty-four (24) hours upon learning of the same and reasonably cooperate with the Data Controller to mitigate the effects and to minimise any damage resulting therefrom. To the extent reasonably possible, the notification to the Data Controller shall include: (I) a description of the nature of the incident, including where possible the categories and approximate number of data subjects concerned and the categories and approximate number of Personal Data records concerned; (ii) the name and contact details of the Data Processor’s data protection officer or another contact point where more information can be obtained; (iii) a description of the likely consequences of the incident; and (iv) a description of the measures taken or proposed to be taken by the Data Processor to address the incident including, where appropriate, measures to mitigate its possible adverse effects
9.1 Customer consents to Data Processor engaging third party subprocessors to process the Customer Personal Data for the purposes of providing the Services, provided that Licensor maintains an up-to-date list of its subprocessors. At the time of execution of this Agreement the list of sub-processors is as follows:
• Amazon Web Services;
9.2 Licensor agrees, during any Initial Term or Renewal Period to update the Customer with details of any change in subprocessors at least 30 days prior to the change becoming effective.
Customer may object to Licensor’s appointment or replacement of a subprocessor prior to its appointment or replacement, provided such objection is based on reasonable grounds relating to data protection. In such event, Licensor will either not appoint or replace the subprocessor or, if this is not reasonably possible, in Licensor’s sole discretion, Customer may suspend or terminate the Agreement without penalty (save that any fees incurred by Customer up to and including the date of suspension or termination will remain payable).
10. ASSISTANCE WHEN HANDLING REQUESTS FROM DATA SUBJECTS
10.1 Taking into account the nature of processing and the information available to the Data Processor, the Data Processor will provide reasonable support to the Data Controller: (i) in complying with any legally mandated request for access to or correction of any Personal Data by a data subject under Chapter III GDPR (and where such request is submitted to the Data Processor, the Data Processor will promptly notify the Data Controller of it); (ii) in responding to requests or demands made to the Data Controller by any court or governmental authority responsible for enforcing privacy or data protection laws; or (iii) in its preparation of a Data Protection Impact Assessment.
11.1 On the Data Controller’s written request, and subject to appropriate confidentiality obligations, the Data Processor will make available to the Data Controller information reasonably requested by the Data Controller in writing with regards to the Data Processor’s processing of Personal Data under this DPA. The Data Controller agrees to exercise any right it may have to conduct an audit or inspection under GDPR (or the EU Model Clauses if they apply) by requesting the foregoing information.
12. RETURN/DESTRUCTION OF PERSONAL DATA
12.1 Upon termination of the Agreement, the Data Processor shall delete or return all Personal Data in accordance with the Data Controller’s written instructions.