Aprimo UK Terms and Conditions
These Terms and Conditions were last updated on March 3, 2021.
Aprimo UK Terms and Conditions
These Terms and Conditions were last updated on March 3, 2021.
These terms and conditions (this “Agreement”) are made as of the date shown on the Order Form (“Effective Date”) between Aprimo Marketing Operations UK Ltd (registered in England and Wales under Company No: 10162761) whose registered office is at Suite 1, 7th Floor, 50 Broadway, London, SW1H 0BL, United Kingdom (“Aprimo”) and the customer or enterprise listed within and signatory to each such Order Form (“Customer”), each a “Party” and together collectively referred to as the “Parties”.
WHEREAS:
Aprimo is the licensor of a cloud based software platform; and the Customer wishes to access and use the Aprimo platform in return for the payment of fees and subject to the terms and conditions of this Agreement. In consideration of the foregoing the Parties agree as follows:
Definitions:
“Agreement” means these terms and conditions, any attached Schedules, any Order Form (including any statement of work) together with any variations of the same;
“Confidential Information” means all information which is marked or designated as confidential or should otherwise be considered confidential due to its nature (and includes, but is not limited to, electronic data or databases, drawings, films, documents, computer readable media or oral information) which is disclosed by one Party (the “Disclosing Party”) to the other (the “Receiving Party”) or otherwise obtained by the Receiving Party in respect of the Disclosing Party and its business and operations. “Confidential Information” includes, but is not limited to, commercial, financial and technical information and data and information and data which concern the Parties’ current and future products and services, pricing, customers, suppliers, licensors and marketing plans (if any) in connection with the provision of the Services under this Agreement;
“Force Majeure Event” means any cause affecting the performance by a Party of its obligations arising from acts, events, omissions, happenings or non-happenings beyond its reasonable control, including acts of God, riots, war or armed conflict, acts of terrorism, acts of government, local government or regulatory bodies, fire, flood, storm or earthquake, or disaster, interruption of or delay in transportation, unavailability of or interruption or delay in telecommunications or third party services, failure of third party software or inability to obtain raw materials, supplies or power but excluding any industrial dispute between the Customer and Aprimo or any failure in any sub-contractor Aprimo uses to deliver any Services under this Agreement;
“Intellectual Property Rights” means all intellectual property rights wherever in the world arising, whether registered or unregistered (and including any application), including copyright, know-how, moral rights, trade secrets, business names and domain names, trademarks, service marks, trade names, patents, petty patents, utility models, design rights, semi-conductor topography rights, database rights, rights in any software and all rights in the nature of unfair competition rights or rights to sue for passing off;
“Order Form” means the initial order executed between the Parties together with any supplemental or renewal order(s) under this Agreement;
“Professional Services” means the provision of consulting services as specified in the applicable Order Form or statement of work;
“Professional Services Fees” means the amount due and payable for the Professional Services;
“Services” means any Professional Services as well as access and use by the Customer of the System, to which the Customer is granted access to and use of under this Agreement and which includes (i) online and/or telephone customer support to Customer in accordance with Aprimo’s customer engagement guide; and (ii) hosting of the System, in accordance with its specifications and the Service Level Agreement in Schedule A;
“Subscription Fee” means the amount due and payable, annually in advance for the Subscription Period;
“Subscription Period” means the period of subscription to the Service as defined in an Order Form;
“System” means the modules of Aprimo’s platform specified in the applicable Order Form.
1. Subscription Licence.
1.1 Upon execution of an Order Form, and payment of the Subscription Fees, Aprimo grants the Customer a personal, non-transferable (without the right of sub-licence), non-exclusive, revocable subscription licence to access and use the System for the Subscription Period for the limited purpose of managing its internal business operations.
1.2 The Customer’s licence rights are limited to those granted in this Agreement and as specified in an Order Form. Except as expressly agreed in writing by Aprimo, the Customer shall not directly or indirectly reverse engineer, attempt to derive the source code, copy or reproduce all or any portion of the System, whether electronically, mechanically or otherwise, in any form including, but not limited to, the copying of presentation, style or organization.
1.3 The Customer shall use the System and the Service solely for its intended purposes, in accordance with the terms of this Agreement, and shall not use the System and/or the Service for the benefit of any third party except as specifically contemplated under this Agreement.
1.4 The Customer shall not: (a) use the System for any content or activity that is libelous, slanderous, defamatory, offensive, scandalous, or obscene, or infringes on any third party’s rights, or violates any applicable law; or (b) introduce into the System any viruses, Trojan horses, worms, time bombs, cancel bots or other computer programming routines that are intended to damage, detrimentally interfere with, surreptitiously intercept or expropriate any system, data or personal information; or (c) perform any load or similar testing without Aprimo’s written consent.
1.5 The Customer shall not allow the System and/or the Service and/or Professional Services to be used in breach of any reasonable instruction given by Aprimo, or that causes Aprimo to be subject to any criminal prosecution, enforcement action, civil claim or other action or liability.
1.6 Access to the System and its various components, whether by authorized users within Customer’s business or by other entities or businesses that are permitted to access the System as “affiliates” or otherwise in connection with a business relationship with Customer, will be subject to this Agreement.
1.7 Aprimo may, from time to time, update or modify any component of the System, release new versions of the System or create new features or functionality related thereto, each of which will, to the extent Aprimo makes such versions, features or functionality available to other similarly-situated Aprimo subscribers, be included within the System.
1.8 Aprimo reserves the right to develop additional functionality that may become part of future released modules that would require an additional Order Form.
2. Fees and Payment.
2.1 Aprimo will invoice the Customer for the Subscription Fees and any Professional Services Fees (collectively the “Fees”) in accordance with the payment plan set out in the Order Form.
2.2 All payments shall be due thirty (30) days from the date of the invoice. Fees which are more than thirty (30) days overdue shall accrue late charges from the date such payment was due until the date paid at a rate equal to the lesser of 15% per annum or the maximum rate permitted by applicable law.
2.3 The Customer may not offset Fees due under this Agreement for any reason, and Customer agrees to reimburse Aprimo for all reasonable costs (including attorney’s fees) incurred in collecting past due Fees owed by Customer.
2.4 Any travel and other expenses incurred by Aprimo in completing the Professional Services will be invoiced separately, on a monthly basis.
2.5 If the Customer wishes to dispute an invoice, it must notify Aprimo within fourteen (14) days from the date of the invoice, with details of the dispute. The Customer may only withhold payment of the specific sums subject to such notified dispute.
2.6 All Fees exclude taxes and Customer agrees to pay any applicable taxes charged arising from this Agreement in a timely manner. If Customer is tax-exempt, Customer shall provide Aprimo with its tax-exemption number and certificate within five (5) business days after the Effective Date. Customer shall be responsible for any liability or expense incurred by Aprimo as a result of Customer’s failure or delay in paying taxes due or if Customer’s claimed tax exemption is rejected. If Customer is legally required to withhold tax from its payment of Fees to Aprimo, Customer agrees to gross up all Fees that are subject to such withholding tax, such that the net payment received by Aprimo is the full originally stated amount of such Fees.
2.7 Aprimo reserves the right to vary the Fees with effect from the end of the Subscription Period and subsequent anniversaries thereof by providing not less than 28 days written notice to Customer.
2.8 Aprimo reserves the right to suspend access to the System if Aprimo reasonably believes that the Customer has used the System in an unauthorized or illegal manner, if the Customer is in breach of any of its obligations under this Agreement, if any regulatory authority requires Aprimo to suspend access, to carry out emergency maintenance or if the Customer fails to make payment of any undisputed amounts within thirty (30) days of the due date for such payment, provided that Aprimo has notified the Customer that such payment is overdue.
3. Term and Termination.
3.1 This Agreement shall continue in full force beginning on the Effective Date and ending on the date which is thirty-six (36) months from the Effective Date, (“Term”).
3.2 The Subscription Licence granted under Clause 1.1 shall commence on the Effective Date and will continue for the duration of the Subscription Period.
3.3 In the event any Order Form provides for a Subscription Period that extends beyond the Term, this Agreement shall automatically be deemed to be extended through the termination date of such Order Form.
3.4 Either Party shall be entitled to terminate this Agreement immediately upon written notice to the other Party in the event that the other Party (i) declares bankruptcy, or (ii) or has committed an act of bribery directly linked to this Agreement, or (iii) breaches any material term set forth herein and fails to cure such breach within 30 days from the date of receipt of written notice thereof (or, to the extent the applicable breach is not susceptible to cure within a 30-day period, commences actions to cure such breach within such period and diligently pursues such cure until the applicable breach has been remedied).
3.5 In the event of termination of this Agreement by Aprimo as a result of a breach by the Customer, or upon expiry of the Subscription Period, all rights granted to the Customer under any licence in this Agreement shall cease and the Customer shall stop using the System or Service as relevant.
3.6 Sections 3 through 14 of this Agreement shall survive any termination of this Agreement.
4. Intellectual Property.
4.1 All Intellectual Property Rights in the System and the Service including any supporting software and documentation are the property of Aprimo or its licensors. The Aprimo name, logo and product names associated with the System and the Service are trademarks of Aprimo and its licensors, and no right or licence is granted to use them.
4.2 The Customer shall not, either during the Subscription Period or after the expiry of this Agreement, permit or cause to occur any infringement of any Intellectual Property Rights covered by this Clause 4.
5. Confidentiality.
5.1 Each Party undertakes to treat as confidential all Confidential Information of the other Party and not to use such Confidential Information for any purpose other than to the limited extent necessary to perform under this Agreement and not to disclose such Confidential Information to any third party except as may be reasonably required pursuant to this Agreement and subject to confidentiality obligations at least as protective as those set forth herein.
5.2 Without limiting the generality of the foregoing, each Party shall use at least the same degree of care which it uses to prevent the disclosure of its own confidential information, provided, however, that in no event shall such degree of care be less than reasonable in light of general industry practice.
5.3 The Parties hereby agree that the terms set forth in this Agreement constitute Confidential Information of both Parties and as such, neither Party will disclose such terms to any third party other than such Party’s legal counsel.
5.4 Notwithstanding the foregoing, Aprimo shall be entitled to list Customer as a client on Aprimo’s website and/or in marketing materials.
5.5 The duties imposed on the Parties by Clauses 5.1 to 5.3 above do not extend to information or data which at the time of its disclosure or use by the receiving Party: a) is generally available and known to the public other than by reason of the receiving Party’s breach of this clause 5; b) the receiving Party can demonstrate had previously come lawfully into the receiving Party’s possession from a third party under no restriction as to its use or disclosure; or c) the receiving Party can demonstrate that it developed independently without reliance on Confidential Information of the other.
5.6 Each Party agrees and acknowledges that damages alone may not be an adequate remedy for breach of this clause 5 and that each Party may be entitled to seek injunctive or other equitable relief to remedy or prevent any breach or threatened breach of this clause 5.
6. Representations and Warranties.
6.1 Each Party represents and warrants that: (i) it has the authority to enter into this Agreement and to perform the services required of it hereunder; and (ii) it will comply with all applicable laws and regulations in carrying out its responsibilities hereunder.
6.2 Aprimo represents and warrants that i) it will perform the Service and Professional Services hereunder using reasonable skill and care and in a professional manner consistent with industry practices; and (ii) the System will operate substantially in accordance with the specifications made available to Customer by Aprimo (“Documentation”).
6.3 Except as explicitly set forth herein, neither Aprimo nor its employees, affiliates, agents, suppliers, licensors nor the like, makes any warranties of any kind, either expressed or implied, including, without limitation, (a) warranties of merchantability, non-infringement or fitness for a particular purpose, (b) regarding System uptime or downtime, or (c) as to the results that may be obtained by the other Party by entering into this Agreement and/or the business relationship described in the Order Form(s).
7. Certain Responsibilities.
7.1 The Customer is responsible for: (i) maintaining all of its user devices and providing its permitted users with equipment and internet services sufficient to access and utilize Aprimo; and (ii) configuring necessary user accounts in connection with use of the System.
7.2 The Customer is responsible for administering, and keeping current, all System user accounts, which includes monitoring the employees that have access to the System as users, at all times, and ensuring that former employees or employees that are no longer required to have access to the System do not retain active user accounts.
7.3 The Customer shall be solely responsible for: (i) inputting all data into the System unless otherwise specified in an Order Form; (ii) maintaining confidentiality as may be required in connection with any data entered into the System; (iii) ensuring that each of Customer’s permitted users within its business complies with the terms set forth herein; and (iv) maintaining all passwords and access codes to the System, and refraining from sharing or otherwise permitting third parties to use any such passwords and/or access codes.
7.4 The Customer shall provide Aprimo, its agents, subcontractors, consultants and employees, in a timely manner and at no charge, with access to the Customer’s Sites, information, data remote access and other facilities as reasonably required by Aprimo to provide access to the System and to perform the Professional Services.
7.5 In the event that the Customer wishes to amend or change the System or subscription services under this Agreement, the Customer shall submit a request to Aprimo in writing. Following receipt of such request the Parties shall discuss and determine the impact on the Fees and timescales. Aprimo will not be obliged to agree to any requested change. Until such time as any change is agreed in writing by Aprimo, Aprimo shall provide the System and subscription services as if such change had not been requested. Any change agreed by the Parties shall constitute a variation of the Order Form and shall be made in writing and signed by both Parties.
8. Indemnification.
8.1 Aprimo will defend or settle any suit brought by a third party against the Customer alleging that the System infringes any third party patent, copyright and/or trade secret rights (“IPR Claim”) and Aprimo shall indemnify Customer for damages awarded as a result of such IPR Claim.
8.2 The indemnity at Clause 8.1 is conditional upon the Customer giving Aprimo notice promptly upon receipt of any IPR Claim, giving Aprimo sole control of the defence of such claim, including negotiations, appeals, and settlements, and giving Aprimo reasonable information and assistance as requested.
8.3 The indemnity at Clause 8.1 will not apply to any infringement arising from: (a) any modification of the System made by any party other than Aprimo; (b) a modification or enhancement to the System pursuant to designs provided by Customer; (c) the combination, operation or use by Customer of the System with any equipment, software, or devices not supplied by Aprimo to the extent the claim would have been avoided if the System were not used in such combination.
8.4 If the System is held to infringe, or in Aprimo’s opinion the System is likely to be held to infringe any Intellectual Property Rights of a third party, Aprimo may at its sole discretion and expense, either: (a) secure the right for Customer to continue use of the infringing System; (b) replace or modify the infringing System to make it non infringing, provided such replacement or modified system contains substantially similar functionality; or (c) terminate the licenses to the infringing System granted hereunder. If Aprimo elects to terminate the licenses under (c), as Customer’s sole and exclusive remedy, Aprimo shall refund to Customer any prepaid, unused license fees for the infringing System indicated on the related Order Form.
9. Limitation on Liability.
9.1 BOTH PARTIES ACCEPT UNLIMITED LIABILITY FOR: a) DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE; OR b) DECEPTIVE CONDUCT, FRAUD OR FRAUDULENT MISREPRESENTATION; OR; c) ANY OTHER ACT OR OMISSION FOR WHICH LIABILITY CANNOT BE LIMITED BY LAW.
9.2 SUBJECT TO CLAUSE 9.1, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY FOR ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES, INCLUDING, BUT NOT LIMITED TO, LOSS OF PROFITS, LOSS OF REVENUE, LOSS OF GOODWILL, LOSS OF REPUTATION, LOSS OF ANTICIPATED SAVINGS, LOSS OF BUSINESS, LOSS, CORRUPTION OR DESTRUCTION OF DATA.
9.3 SUBJECT TO CLAUSE 9.1, NEITHER PARTY’S LIABILITY ARISING OUT OF THIS AGREEMENT, WHETHER BASED IN CONTRACT, TORT OR ANY OTHER LEGAL THEORY, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES SHALL IN NO EVENT EXCEED 150% (ONE HUNDRED AND FIFTY PERCENT) OF THE FEES PAID TO APRIMO HEREUNDER DURING THE 12-MONTH PERIOD IMMEDIATELY PRECEDING THE DATE ON WHICH THE APPLICABLE CLAIM AROSE, EXCEPT FOR (I) APRIMO’S INDEMNIFICATION OBLIGATION IN CLAUSE 8, AND (II) CUSTOMER’S BREACH OF CLAUSE 1.
9.4 IN NO EVENT WILL APRIMO HAVE ANY LIABILITY FOR NON-PROVISION OR DELAY IN THE PROVISION OF THE SYSTEM, THE SERVICE AND/OR PROFESSIONAL SERVICES WHICH CAN BE REASONABLY ATTRIBUTED TO THE ACTS OR OMISSIONS OF THE CUSTOMER, ITS EMPLOYEES, SUB-CONTRACTORS, AGENTS OR CUSTOMERS; AND/OR OCCURS DURING ANY PERIOD OF SCHEDULED MAINTENANCE.
10. Force Majeure.
10.1 Excluding payment obligations hereunder and/or within an Order Form, neither Party shall be liable to the other Party for failure or delay in performing its obligations hereunder if such failure or delay is due to a Force Majeure Event.
10.2 If a Force Majeure Event affects the performance of the claiming Party for ninety (90) consecutive days, the non-claiming Party may terminate this Agreement, or an affected Order Form, upon not less than thirty (30) days prior written notice to such Party.
11. Governing Law and Dispute Resolution.
11.1 The rights and obligations of the Parties under this Agreement and each Order Form shall be governed by the laws of England and Wales and the Parties submit to the jurisdiction of the English courts.
11.2 Any dispute or claim arising out of or in connection with this Agreement, an Order Form or the performance, breach or termination thereof, shall be finally settled by arbitration in England under the rules of arbitration of (CEDR) the Centre for Effective Dispute Resolution.
12. Data Protection.
12.1 For the purposes of this clause 12, the meaning of Data Processor and Data Controller shall be determined in accordance with Regulation (EU) 2016/679 of 27 April 2016 (the “General Data Protection Regulation” or “GDPR”) and the Data Protection Act 2018.
12.2 Each Party undertakes to the other Party that, in carrying out its obligations under this Agreement, it will comply with its obligations under GDPR and the Data Protection Act 2018 and any codes of conduct or guidelines issued by the relevant regulatory authorities and in accordance with Data Protection provisions in Schedule B.
12.3 The Customer and Aprimo acknowledge that for the purposes of GDPR and the Data Protection Act 2018, the Customer is the Data Controller and Aprimo is the Data Processor in respect of any Personal Data (as defined in Schedule B Data Protection provisions) processed under this Agreement.
13. Anti-Bribery.
13.1 The Parties agree they shall respect and comply with all applicable legislation regulating the prohibition of corruptive acts (hereinafter: anti-corruption legislation) in the contractual territory. Neither contracting party shall require of the other party and its associated or affiliated companies, directors, clerks, shareholders, employees, representatives or agents across the world to violate the applicable anti-corruption legislation.
13.2 Without limitations to the aforesaid, the Parties hereto guarantee that no person shall give, offer, agree with, promise to give, or authorise to give either directly or indirectly, to any third party money or other valuable objects as an incentive or reward for obtaining a favour or omitting an action or exerting influence on a) any government official or employee of the public sector (including employees in state-owned companies or agencies or companies and agencies controlled by the state); b) any political party, its official or candidate; c) any intermediary; to pay anything stated above, or d) any person or subject; in order to obtain or retain in a corruptive or inappropriate manner a business deal or any other business benefit, for example to obtain a permit or approval under the condition that any such acts are against the currently valid legislation applicable in a specific territory.
13.3 If a Party violates the provisions of the first or second paragraph of this Clause 13, the other Party may terminate this Agreement with immediate effect.
13.4 The Parties undertake that they, their directors, top managers and other employees shall not offer, promise, give, authorise, induce or accept any unauthorised reward in cash or other benefit of any kind in relation to this Agreement (or give hints that they shall or could undertake any such act at any time in the future).
13.5 If the fourth paragraph of this Article is violated, the Agreement shall be deemed null and void.
14. Miscellaneous.
14.1 Each Party shall pay its own costs and expenses in connection with this Agreement and its activities hereunder.
14.2 Aprimo shall be entitled to subcontract portions of the Services and/or various of its responsibilities hereunder to third parties, it being understood that Aprimo shall be responsible for actions taken by each such subcontractor hereunder.
14.3 This Agreement, together with each Order Form, supersedes all prior written or oral agreements between the Parties regarding the subject matter hereof and supersedes any contradictory or additional language in any purchase order.
14.4 The relationship between the Parties under this Agreement is that of independent contractors and neither shall be, nor represent itself to be, the joint venture, partner, agent or representative of the other Party.
14.5 This Agreement may only be amended by written agreement of the Parties.
14.6 This Agreement shall inure to the benefit of and be binding upon the Parties hereto and their respective successors and assigns, but shall not be assignable by either Party other than in the event of change of control, including but not limited to an entity acquiring substantially all of its assets, equity or business and assuming the obligations hereunder.
14.7 Any notice pursuant this Agreement shall be deemed effective when delivered in person, or by pre-paid ordinary first class post to the address on the front page of this Agreement or any other address notified in writing. Notices delivered by hand during business hours will be served on the day they are delivered. Notice sent by first class post will be deemed served on the second business day after the date they are posted.
14.8 A person who is not a Party to this Agreement has no right under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this Agreement, but this does not affect any right or remedy of a third party which exists or is available apart from under that Act.
14.9 If any provision of this Agreement is held to be unenforceable or invalid for any reason, or if any governmental agency rules that any portion of this Agreement is illegal or contrary to public policy, the remaining provisions, to the extent feasible, will continue in full force and effect with such unenforceable or invalid provision to be changed and interpreted to best accomplish its original intent and objectives.
SCHEDULE A: SERVICE LEVEL AGREEMENT
1. SERVICE LEVELS
System Availability; Service Levels. Aprimo shall use commercially reasonable efforts to provide availability of the System. If the Customer encounters Server Downtime (excluding any test & development environments) more than one percent (1%) of the time during any month, Customer shall be entitled to a credit equal to the pro rata amount of System Fees applicable to that month relating to such unavailability, up to an aggregate amount of up to ten (10%) of its applicable monthly System Fees for such month. For purposes of this section, Server Downtime percentage in a calendar month shall mean the percentage derived by dividing (x) the total number of minutes that the System is unavailable due to Server Downtime in such month; by (y) the total number of minutes in the month. If for any reason other than a Force Majeure Event (a) Server Downtime is greater than ten percent (10%) for one calendar month or (b) Server Downtime for the prior three (3) consecutive months is greater than three percent (3%) per month, then Customer shall be entitled to terminate the applicable Order Form for material breach and receive a refund of any prepaid System Fees allocable to the post-termination period.
2. CUSTOMER SUPPORT
Response Times. Aprimo measures Response Time as the interval between Customer’s initial contact (via electronic receipt of case or phone call) to Aprimo and the first contact (via electronic receipt or phone call) with an Aprimo Customer Services support analyst.
Response/Update Times:
| Initial Response Times | Priority 1 | Priority 2 and 3 | |
| 2 hours | Next Business Day | ||
| Status Updates | Priority 1 | Priority 2 | Priority 3 |
| Hourly | Once every 2 days | Once every 5 days |
3. MAINTENANCE & BACKUP
Maintenance; Updates. Aprimo shall advise Customer prior to any scheduled maintenance that requires Aprimo to take down the System. Aprimo shall not be responsible for any damages or costs incurred by Customer or any user during or as a result of the scheduled down time or down time as to which Aprimo has provided notice to Customer.
Backup and Recovery Requirements. Aprimo will perform a running archive on the System in conformity with Aprimo’s then current backup procedures and policies.
Exclusions. Aprimo shall have no support obligations with respect to any hardware or software product other than the System (“Nonqualified Products”).
4. DEFINITIONS
Capitalized terms which are not defined herein shall have the meanings set forth in the Agreement. Additionally, the following terms shall have the meanings set forth below.
“Server Downtime” shall mean the time during which the System is not available to be accessed or used by the Customer, as monitored by Aprimo, but shall not include the time the System is unavailable due to scheduled maintenance or unavailability due to improper use of the System by Customer.
“Priority 1” shall mean a problem that prohibits use of the product or renders the product inoperable. A Priority 1 case is a catastrophic issue in the Aprimo System, which severely impacts the Customer’s production systems, as they are inaccessible or there is a system wide performance degradation making the System unusable.
“Priority 2” shall mean a problem that causes a significant impact to the business; however, operations can continue in a degraded fashion. A Priority 2 case is a production issue in which the Customer can access the System, but in a severely reduced capacity. This type of issue is causing significant impact to portions of the Customer’s normal business operations and productivity.
“Priority 3” shall mean a non-critical problem that is impacting the Customer. A Priority 3 case is an issue that is impacting the Customer, but is neither critical nor preventing ongoing use of the System.
SCHEDULE B: DATA PROTECTION
1. INTERPRETATION
1.1 Words defined in the terms and conditions to this Agreement shall have the meanings ascribed therein and references to a clause number of the Agreement shall be taken as a reference to a Clause in the terms and conditions to this Agreement.
1.2 The following words and expressions shall have the following meanings:
| “Adequate” | in relation to the level of protection given to Personal Data in countries outside the European Economic Area, means a decision made by the European Commission under Article 25(6) of Directive 95/46/EC (as amended or replaced from time to time), finding that the relevant third country provides an adequate level of protection by reason of its domestic law or of the international commitments it has entered into; |
| “Data Protection Laws” | means the GDPR and the Privacy and Electronic Communication Regulations 2003, any amendment, consolidation or re-enactment thereof, any legislation of equivalent purpose or effect enacted in the United Kingdom, or, where relevant, Member States of the European Union, and any orders, guidelines and instructions issued under any of the above by relevant Courts or national data protection authorities; |
| “Personal Data” | has the meaning given to it by the GDPR, but shall only include personal data to the extent that such personal data, or any part of such personal data, is processed in relation to the services provided under this Agreement; |
| “Model Clauses (Processors)” | means the standard contractual clauses adopted by the European Commission under Decision C(2010)530 for the transfer of Personal Data to Data Processors established in third countries, as modified or replaced from time to time; |
| “Personal Data Breach” | means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed. |
1.3 Words and phrases with defined meanings in the GDPR have the same meanings when used in this Schedule, unless otherwise defined in this Schedule.
2. OBLIGATIONS
2.1 Each party shall comply with the Data Protection Laws applicable to it in connection with this Agreement and shall not cause the other party to breach any of its obligations under applicable Data Protection Laws.
2.2 The Data Processor shall, and shall ensure that any Sub-Processor appointed by it under this Agreement shall:
2.2.1 process the Personal Data only on behalf of the Data Controller only for the purposes of performing its obligations under this Agreement, and only in accordance with instructions contained in this Agreement or received in writing from the Data Controller from time to time, unless required to do so by European Union or national law to which it is subject, in which case the Data Processor shall notify the Data Controller of that requirement before processing unless that law prohibits such notice being given on important public interest grounds;
2.2.2 not otherwise modify, amend or alter the contents of the Personal Data or disclose or permit the disclosure of any of the Personal Data to any third party unless specifically authorised in writing by the Data Controller;
2.2.3 maintain suitable records of all processing in accordance with Article 30 of the GDPR;
2.2.4 only grant access to the Personal Data to persons who need to have access to it for the purposes of performing the obligations of the Data Processor under this Agreement;
2.2.5 ensure that all persons with access to the Personal Data for the purpose of performing its obligations under this Agreement are:
2.2.5.1 reliable, trustworthy and suitably trained on Data Protection Laws; and
2.2.5.2 are subject to an obligation of confidentiality.
2.2.6 taking into account the nature of the processing and the information available to the Data Processor, assist the Data Controller, at the Data Controller’s expense, in ensuring compliance with its obligations pursuant to Articles 32 to 36 GDPR inclusive and comply with its own obligations under those Articles;
2.2.7 take all measures required pursuant to Article 32 GDPR in accordance with best practice and the security obligations set out in this Agreement (as amended from time to time), whichever imposes a higher standard, and at the request of the Data Controller provide a written description of, and rationale for, the technical and organizational measures implemented, or to be implemented, to:
2.2.7.1 protect the Personal Data against any Personal Data Breach; and
2.2.7.2 detect and report Personal Data Breaches in a timely manner.
2.2.8 notify any Personal Data Breach to the Data Controller without undue delay and provide all assistance to the Data Controller that it may require in relation to any notification of such breach to the applicable data protection regulator and any Data Subject;
2.2.9 provide all reasonable assistance to the Controller, at the Data Controller’s expense, in ensuring compliance with its legal obligations relating to data security and privacy impact assessments.
2.2.10 Subject to paragraph 2.2.12 below, not engage another processor (a “Sub-Processor”) to process Personal Data on its behalf without the written consent of the Data Controller, approving a named Sub-Processor, such consent always subject to:
2.2.10.1 the Data Processor imposing on the Sub-Processor by written agreement, obligations in relation to the Personal Data equivalent to those set out in this Agreement; and
2.2.10.2 the Data Processor remaining liable to the Data Controller for the acts and omissions of any Sub-Processor, as if they were the acts and omissions of the Data Processor;
2.2.11 The Data Controller acknowledges and agrees that (a) the Data Processor may appoint any of its group companies to process Personal Data on its behalf as a Sub-Processor; and (b) the Data Processor and the Data Processor’s group companies respectively may engage third-party Sub-Processors in connection with the provision of their obligations under this Agreement. The appointment of any such Sub-Processor shall be on written terms which impose upon the Sub-Processor obligations materially equivalent to those set out in this schedule.
2.2.12 The Data Processor shall make available to the Data Controller its current list from time to time of Sub-Processors (the “Sub-Processor List”) which shall include the identities of those Sub-Processors and their country of location. The Data Processor shall notify the Data Controller of any amendments to the Sub-Processor List before such amendments take effect.
2.2.13 If the Data Controller objects on reasonable grounds to the Data Processor’s proposed use of a new or replacement Sub-Processor, it shall notify the Data Processor promptly in writing and in any event within ten (10) business days after receipt of the Data Processor’s notification in accordance with paragraph 2.2.12. On receipt of such reasonable objection, the Data Processor and the Data Controller shall attempt to agree on such change in the nature of the services to be provided by the Data Processor as may be required to avoid the processing of Personal Data by the new or replacement Sub-Processor to which the Data Controller objects, without unreasonably inconveniencing the Data Controller. If the Data Processor is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, the Data Controller may terminate the Order concerned.
2.2.14 The Data Processor shall, and shall procure that any relevant group companies and Sub-Processors shall:
2.2.15 notify the Data Controller (within three days) if it receives:
2.2.15.1 a request from a Data Subject to have access to that person’s Personal Data; or
2.2.15.2 a complaint or request relating to the Data Controller’s obligations under Data Protection Laws; or
2.2.15.3 any other communication relating directly or indirectly to the processing of any Personal Data in connection with this Agreement;
2.2.16 not take action in relation to such communication, unless compelled by law or a relevant regulator, without the Data Controller’s prior approval, and shall comply with any reasonable instructions the Data Controller gives in relation to such communication;
2.2.17 provide the Data Controller with full co-operation and assistance, at the Data Controller’s expense, in relation to any complaint or request made in respect of any Personal Data including (without limitation) by:
2.2.17.1 providing the Data Controller with all reasonable details of the complaint or request;
2.2.17.2 complying with a data access request within the relevant timescales set out in the Data Protection Laws but strictly in accordance with the Data Controller’s instructions;
2.2.17.3 providing the Data Controller with a copy of any Personal Data it holds in relation to a Data Subject making a complaint or request within the timescales required by the Data Controller;
2.2.17.4 providing the Data Controller with any information reasonably requested by the Data Controller; and
2.2.17.5 assisting the Data Controller to respond or comply with the Data Subject’s complaint or request;
2.2.18 on termination of this Agreement and otherwise at the Data Controller’s request, delete or return to the Data Controller the Personal Data (as specified by the Data Controller), and procure that any party to whom the Data Processor has disclosed the Personal Data does the same;
2.2.19 store the Personal Data in a structured, commonly used and machine-readable format;
2.2.20 not transfer Personal Data outside of the European Economic Area (EEA) without the prior written consent of the Data Controller. Data Controller consents to Data Processor’s transfer of Personal Data outside the European Economic Area to the following countries: United States, United Kingdom, Philippines, and Australia. Where the Data Controller consents to the transfer of Personal Data outside the EEA, the Data Processor shall:
2.2.20.1 where the Data Processor and/or any group companies and/or Sub-Processors are to process Personal Data in a country outside the EEA in which the level of protection afforded by law to Personal Data has been found to be Adequate, Data Processor shall, and shall procure that its group companies and/or Sub-Processors as applicable, shall, comply in all material respects with the Data Protection Laws of that Adequate country while the Data Processor and/or any applicable group company and/or Sub-Processor processes Personal Data in that country; and
2.2.20.2 Where the Data Processor and/or any group companies are to process Personal Data relating to persons resident in the European Union outside the EEA, whether by themselves or via a Sub-Processor, in a country not found to provide an Adequate level of data protection, the Data Controller and the Data Processor and/or any applicable group companies shall enter into the “Model Clauses (Processors)” before the transfer of such Personal Data outside the EEA; and
2.2.20.3 Comply with any reasonable instructions of the Data Controller in relation to such transfer;
2.2.21 appoint and maintain in office a Data Protection Officer where required by the GDPR, and where a Data Protection Officer is not required by the GDPR, have a named individual that is responsible and available to deal with data protection issues as and when they arise in conjunction with the Data Controller; and
2.2.22 allow the Data Controller, or its external advisers (who are not in the reasonable opinion of the Data Processor competitors of the Data Processor) on seven (7) days’ written notice, and subject to appropriate confidentiality undertakings, to inspect and audit the Data Processor’s data processing activities and those of its relevant agents and group companies during normal working hours on business days in order to verify and procure that the Data Processor is in compliance with its obligations under this Schedule.
3. LIABILITY
3.1 Subject to clause 9 of this Agreement, the Data Processor shall indemnify and keep indemnified the Data Controller against any fine imposed by any regulatory body (and where applicable any appellate Court or Tribunal) of competent jurisdiction under Data Protection Laws if and to the extent that such fine is imposed upon the Data Controller directly as a result of a breach by the Data Processor and/or any relevant group company and/or Sub-Processor of its obligations under this Schedule, unless such indemnity is prohibited on grounds of public policy.
3.2 The Data Processor’s obligations under paragraph 3.1 above are subject to the condition that the Data Controller: (a) promptly gives the Data Processor written notice of the claim; (b) gives the Data Processor sole control of the defence and settlement of the claim including the bringing of any appeal that may be available (provided that the Data Processor may not settle any claim that adversely affects the Data Controller without the Data Controller’s consent, not to be unreasonably withheld); and (c) provides to the Data Processor all reasonable assistance.
4. INTELLECTUAL PROPERTY RIGHTS
4.1 All intellectual property rights in the Personal Data vest and shall remain vested absolutely in the Data Controller.
4.2 Electronic media and other means of transport containing the Personal Data received by the Data Processor and all copies or reproductions thereof shall also remain the property of the Data Controller.