MapX Terms of Service
Section no | Section | Description |
---|---|---|
1 | Definitions | Some basic terms, defined in a way that will help you understand this agreement. Refer back up to this section for clarification |
2 | Licences | These are the basic requirements of having a MapX licence |
3 | Restrictions on Use | These are the basic rules you must follow when using your MapX licences |
4 | Services | The services we provide |
5 | Data Protection | How MapX works with Data Protection rules |
6 | Supplier’s obligations | What we must do |
7 | Customer obligations | What you must do |
8 | Charges & payment | How we charge and how you pay |
9 | Third Party Materials | Management of third-party materials |
10 | Proprietary Rights | This describes what belongs to us and what belongs to you |
11 | Confidentiality | This describes how we will treat your confidential information and how you should treat ours |
12 | Indemnities | How our indemnities work |
13 | Limitation of Liability | How our limitation of liability works |
14 | Term & Termination | How this agreement may be cancelled |
15 & 16 | Force Majeure & General | General clauses not covered elsewhere |
Appendix 1 Data Protection | How we comply with Data Protection legislation | |
Appendix 2 Support Services | The support services we offer | |
Appendix 5 Sub processors & Technical and Organisational Measures | The technical and organisational measures we take to safeguard data | |
Appendix 6 Specification | A brief description of what MapX delivers | |
Appendix 7 Standard contractual clauses | Please see this section for legal details including our choice of law | |
Appendix 8 UK Addendum | How we are able to transfer data outside of the UK |
LICENCE TERMS
1. DEFINITIONS AND INTERPRETATION
1.1. The following terms shall have the following meanings unless and except to the extent that the context requires otherwise:
“Activity Limit”: 5,000 AI web search results per month per user or the maximum search credits as stated in your monthly package.
“Adequate Country”: a country which is not a member of the EU which is either: (i) in the EEA; or (ii) which is subject to a decision from the European Commission under Article 45 of the GDPR that it offers an adequate level of protection for personal data, in circumstances where that decision applies to the Customer Personal Data. In cases where the UK GDPR applies, the definition of Adequate Country refers to any country that is subject to a decision from the United Kingdom Government under the UK GDPR that it offers an adequate level of protection for personal data, in circumstances where that decision applies to Customer Personal Data.
“Agreement”: these licence terms, together with the Order Form, as may be amended from time to time in accordance with these licence terms.
“Authorised Users”: in respect of a Product, those employees of the Customer who are authorised by the Customer to access and use the Product, including View Only Users.
“Business Day”: a day, other than a Saturday, Sunday or public holiday in England.
“Business Hours”: has the meaning given to it in Clause 16.9 (General).
“Confidential Information”: any and all information that is: (i) proprietary and/or confidential in nature and is either clearly labelled as such or would, by its nature, reasonably be considered to be confidential; and/or (ii) in the case of the Supplier, concerns any product, service, technology, know-how, methodology of supply, business, development or finances of the Supplier (including any Product, Service or Documentation) or is Service Data, but not Customer Personal Data.
“Configuration Fees”: the fees for the Configuration Services as specified in the applicable Order Form.
“Configuration Services”: in relation to a Product, if the “Configuration Services” check box on the relevant Order Form has been completed, the configuration services set out at Appendix 3 (Configuration Services).
“Customer IP”: has the meaning given in Clause 10.2 (Proprietary Rights).
“Customer Materials”: all data, content, materials, logos, and/or other creative, graphic and/or design assets provided and/or made available to the Supplier by the Customer under or in connection with the Agreement.
“Customer Personal Data”: Product Output that is personal data.
“Customer Search”: the executive search to be undertaken by the Customer in relation to a particular permanent Senior Position job or role.
“Data Protection Laws”: means (a) all applicable UK data protection and privacy laws in force including the UK GDPR, (b) applicable EU or Member State laws which relate to data protection and privacy including the EU GDPR, the EU Privacy and Electronic Communications Directive 2002/58/EC, as implemented in each relevant jurisdiction and (c) applicable data protection and privacy laws of any other country.
“Documentation”: in relation to a Product, such documentation relating to the Product as the Supplier may (in its sole discretion) make available to the Customer from time to time.
“Effective Date”: the date specified as such in the Order Form.
“Equalities Laws”: (a) all applicable UK legislation in force which makes unlawful discrimination on grounds of sex, sexual orientation, gender reassignment, age, disability, colour, race, ethnic or national origin, religion, marital status or otherwise including, without limitation, the Equality Act 2010; (b) applicable EU or Member State laws which relate to equality or discrimination, as implemented in each relevant jurisdiction; and (c) applicable discrimination and equality laws of any other country.
“EU GDPR”: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
“Excess Usage Fees”: in relation to a Product, the excess usage fees as specified in the relevant Order Form.
“Fees”: the Configuration Fees, Optimisation Fees, Licence Fees, Support Fees, Excess Usage Fees, Termination Fees and any other fees paid or payable by the Customer to the Supplier in connection with the Agreement (including as specified in the Order Form).
“Fee Increase Notice Period”: at least ninety (90) days before the end of any Initial Licence Term or Renewal Period.
“Initial Licence Term”: in relation to a Product, the initial term for the Licences as specified in the relevant Order Form.
“Intellectual Property Rights”: any and all intellectual property rights of any nature anywhere in the world including patents, utility models, trade marks, registered designs and domain names, rights to inventions, service marks, trade or business names, goodwill, copyright and rights in the nature of copyright, design rights, rights in databases, moral rights, right of confidentiality, know-how and any other intellectual property rights which subsist in computer software, computer programs, websites, documents, information, techniques, business methods, drawings, logos, instruction manuals, lists, procedures, particulars of customers, marketing methods and procedures and advertising literature, and all similar or equivalent rights or forms of protection, in each case whether registered or unregistered or capable of registration and including all applications (or rights to apply) for, and renewals or extensions of, such rights which may now or in the future subsist in any part of the world.
“Licence Fees”: the Licence fees payable in respect of a Product, as specified in the applicable Order Form.
“Licence Services”: in relation to a Product, the provision of: (i) access to the Product via the Portal; and (ii) Support Services.
“Licence Term”: in relation to a Product, the Initial Licence Term together with any subsequent Renewal Period(s).
“Licences”: in relation to a Product, the number of licences to access and use the Product purchased by the Customer pursuant to the Agreement as specified in the relevant Order Form.
“List”: has the meaning given in Clause 5.5(Data Protection).
“Malicious Code”: software, code, file or programme which may prevent, impair or otherwise adversely affect the operation of any Product, computer software, hardware or network (including worms, trojan horses, viruses and other similar things or devices).
“Optimisation Fees”: the fees for the Optimisation Services as specified in the applicable Order Form.
“Optimisation Services”: in relation to a Product, if the “Optimisation Services” check box on the relevant Order Form has been completed, the optimisation services set out at Appendix 4 (Optimisation Services).
“Order Form”: the order form to which these licence terms are incorporated into.
“OSS”: any software, data or other item that is subject to any open source licence(s).
“personal data”, “processing”, “controller”, “processor” and “data subject”: shall have the meanings set out in the Data Protection Laws and be construed accordingly.
“Portal”: the portal available at www.talentmapx.com or such other location as the Supplier may advise the Customer in writing from time to time.
“Product”: the MapX tool licensed under this Agreement as may be updated from time to time and as further described at Appendix 6 (Specification).
“Product Output”: in relation to a Product, any information derived from Customer Materials and are contained in list(s) or document(s) created or generated by the Customer’s and/or an Authorised User’s use of the Product.
“Purpose”: use of a Product for the Customer’s own purposes of recruiting candidates to Senior Positions.
“Renewal Period”: has the meaning given in Clause 14.3 (Term and Termination).
“Restricted Transfer”: a transfer of Customer Personal Data which is subject to (i) the EU GDPR or (ii) the UK GDPR, by the Supplier to a Customer located in a Third Country.
“Senior Positions”: directors, company secretaries or similar officers of the Customer and persons that play a significant role in making of decisions about how the whole or a substantial part of the Customer’s activities are to be managed or organised or the actual managing or organising of the whole or a substantial part of those activities.
“Service Data”: has the meaning given in Clause 5.14.1 (Data Protection).
“Services”: the Licence Services, the Support Services, the Configuration Services and the Optimisation Services.
“Standard Contractual Clauses”: module 4 (transfer processor to controller) of the standard contractual clauses approved by the European Commission under Commission Implementing Decision (EU) 2021/914 of 3 June 2021, and appended to this Agreement at Appendix 7 (Standard Contractual Clauses).
“Subprocessor”: any subcontractor engaged by the Supplier to process Customer Personal Data on its behalf.
“Supplier IP”: has the meaning given in Clause 10.1.1 (Proprietary Rights).
“Support Services”: in relation to a Product, if the “Support Services” check box on the relevant Order Form has been completed, the support services set out at Appendix 2 (Support Services).
“Termination Fees”: the balance of all Fees that would have been payable had the Agreement not been terminated before the end the Licence Term.
“Termination Notice Period”: no less than ninety (90) days before the end of any Initial Licence Term or Renewal Period.
“Third Country”: a country outside the EU or UK (as applicable) which is not an Adequate Country.
“Third Party Materials”: any software, data or other item contained in any Product or Service that is licensed to the Supplier by a third party, including OSS.
“UK Addendum”: the Addendum to the Standard Contractual Clauses, which is appended to this Agreement at Appendix 8 (UK Addendum).
“UK GDPR”: the EU GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (SI 2019/419).
“View Only User”: an Authorised User that is authorised by the Customer to access the Product in ‘view only’ mode only.
“Vulnerability”: a weakness in the computational logic (for example, code) found in software and hardware components that when exploited, results in a negative impact to the confidentiality, integrity, or availability of any Product, computer software, hardware or network.
1.2. In the Agreement:
the headings and titles are for convenience only and shall not affect the construction or interpretation of the Agreement;
a reference to a “Clause” is to a clause of this document, reference to an “Appendix” is to an appendix of this document and a reference to a “paragraph” is to a paragraph of an Appendix;
any obligation not to do an act or thing includes an obligation not to agree, allow, permit or acquiesce to that act or thing being done;
any reference to any enactment or statutory provision or subordinate legislation shall be construed as a reference to it as from time to time replaced, amended, consolidated or re-enacted (with or without modification) and includes all orders, rules or regulations made under such enactment;
unless the context requires otherwise, words in the singular shall include the plural and vice versa and words importing the masculine include the feminine and vice versa;
any reference to a “person” includes individuals, firms, partnerships, companies, corporations, associations, organisations, trusts, statutory bodies or foundations (whether or not having separate legal personality); and
the words “including”, “other”, “in particular”, “for example” and similar words shall not limit the generality of the preceding words and shall be construed as if they were immediately followed by the words “without limitation”.
1.3 The Order Form shall be part of the Agreement and shall not form a separate contract to it.
1.4 Subject to Clause 5 (Definitions and Interpretation), if and to the extent that there is any conflict, consistency or ambiguity between any of the terms of the Agreement, the documents shall take precedence in the following order (with a document earlier in the list prevailing over a document later in the list):
1.4.1. the Order Form;
1.4.2. these licence terms; and
1.4.3. the Appendices.
1.5 If and to the extent that there is any conflict, consistency or ambiguity between any Order Forms, the Order Form entered into most recently shall take precedence.
1.6. The Supplier and the Customer agree that the Agreement shall apply to the exclusion of any other terms (including any terms set out in any quotation that may be provided by the Supplier or purchase order that may be provided by the Customer from time to time).
2. LICENCES
2.1 Subject to payment in accordance with the Agreement of the Fees and any other sum(s) due from the Customer to the Supplier pursuant to the Agreement and the Customer’s compliance with Clause 2 (Licences) and Clause 3 (Restrictions on Use), in respect of the Product, the Supplier hereby grants to the Customer a non-exclusive, non-transferable right, without the right to grant sub-licences, to permit Authorised Users to access and use the Product and the Documentation via the Portal, during the Licence Term solely for the Purpose and in accordance with the terms of the Agreement.
2.2 The Customer acknowledges and agrees that, in relation to the Product:
it is being granted a right to permit access to and use of the Product and that neither the Product nor any Documentation (nor any part of either of them) is being sold to the Customer; and
there is no right to have access to the Product (or any part of it) in object or source code form.
2.3. The Customer shall procure that, in respect of the Product:
the maximum aggregate number of Authorised Users (excluding View Only Users) that it authorises to access the Product shall not exceed the number of Licences;
the Activity Limit shall not be exceeded;
subject to Clause 2.3.4 (Licences), no Licence is used by more than one (1) individual Authorised User (excluding View Only Users); and
each Authorised User shall keep secure and confidential, and not share with any third party, all login credentials and passwords used by them to access to the Product and Documentation and that, an Authorised User is required to create login credentials and/or passwords to access the Product and Documentation, such login in credentials and passwords shall be secure.
2.4 The Customer may, from time to time, permanently re-assign in its entirety a Licence for a Product from one Authorised User to another Authorised User, in which case the first Authorised User shall cease to have any right to access or use the Product or Documentation (unless they become a View Only User). For the purposes of Clause 2.3.1 (Licences), an Authorised User from which a Licence has been permanently re-assigned in its entirety to another Authorised User shall not be counted as an Authorised User.
2.5 The Customer may, at any time, request in writing to increase the number of Licences. Except to the extent that the parties may agree otherwise in writing, if the Supplier agrees to such increase:
it shall apply immediately from the date of the Supplier’s agreement;
the additional Licence Fees payable shall be calculated based on the Supplier’s then current price(s) for Licences to the Product pro-rated for the remainder of the Initial Licence Term or Renewal Period (as applicable), which the Supplier shall be entitled to invoice at any time on or after the date of the Supplier’s agreement; and
the applicable Order Form shall be deemed amended accordingly.
2.6 The Customer shall maintain a written, up to date, list of all current Authorised Users of the Product and provide such list to the Supplier within seven (7) days of the Supplier’s written request from time to time.
2.7 In addition, the Supplier reserves the right to monitor the Customer’s use of the Product(s) from time to time to assess whether such usage is in accordance with the Agreement (including agreed usage limits). Where such monitoring reveals that the Customer has exceeded any agreed usage limits, the Supplier reserves the right to charge the Customer Excess Usage Fees in accordance with Clause 8.2 (Charges and Payment).
3. RESTRICTIONS ON USE
3.1 The Customer shall not (and shall not allow any person to) at any time access, store, distribute or transmit any Malicious Code or submit any material during the course of its access to and/or use of any Product or Service:
that is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing, or offensive (including racially or ethnically offensive);
that facilitates illegal activity;
that depicts sexually explicit images;
that promotes unlawful violence;
that is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or
is otherwise illegal or causes damage or injury to any person or property.
The Supplier reserves the right, without liability or prejudice to its other rights or remedies, to disable any Customer and/or Authorised User login credentials, passwords and/or access to all or any (or any part of any) Licence Services, Product(s) and/or Documentation in the event of any breach of this Clause 3 (Restrictions on Use). If the Supplier intends to disable any login credentials, passwords and/or access pursuant to this Clause 3 (Restrictions on Use), the Supplier shall notify the Customer of the Supplier’s intention to do so before the Supplier disables such log in credentials, passwords and/or access.
3.2 The Customer shall not (and shall not allow any person to) at any time:
except to the extent allowed by any applicable law which is incapable of exclusion by the parties, or expressly permitted under the Agreement:
attempt to copy, modify, duplicate, create derivative works from, frame, mirror, publish, download, display, transmit, or distribute all or any portion of any Product and/or Documentation in any form or media or by any means;
attempt to decompile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of any Product and/or Documentation;
convert all or any part of any Product to any programming language or format;
access or use all or any part of any Product, Service and/or Documentation in order to develop and/or build, or otherwise in connection with, any product or service that is substantially similar to or competitive with any product or service offered by the Supplier from time to time (including any Product and any of the Services);
access or use all or any part of any Product, Service and/or Documentation to provide services to third parties;
except to the extent expressly permitted under Clause 2 (Licences):
incorporate into any other product or service, license, sell, loan, rent, lease, transfer, assign, convey, translate, transfer or otherwise commercially exploit all or any part of any Product, Service and/or Documentation; or
permit any person to access or use, or provide or make available to any person, all or any part of any Product, Service and/or Documentation in any form;
attempt to obtain, or assist third parties in obtaining, access to all or any part of any Product and/or Documentation, other than as provided under Clause 2 (Licences);
introduce or permit the introduction of, any Malicious Code or Vulnerability into the Supplier’s network and information systems;
remove or alter any trade mark, product identification, proprietary, copyright or other notice or proprietary device (including any electronic watermark or other identifier) that may be incorporated in any Product or Documentation;
conduct Vulnerability scanning or penetration testing of any Supplier system or any Product; or
publicly disseminate performance information or analysis (including benchmarks) from any source relating to any Product or Documentation.
3.3 The Customer shall prevent any unauthorised access to, or use of, any Product and, in the event of any such unauthorised access or use, promptly notify the Supplier.
3.4 The Supplier has sole discretion and control over, and may modify at any time (with or without notice to the Customer), the functionality, performance, configuration, appearance and content of any Product provided that, in each case such modifications do not result in a material reduction to, or loss of, functionality, performance, content and/or accuracy of the Product.
4. SERVICES
The Supplier shall, in respect of the Product:
during the Licence Term, provide the Licence Services and Support Services to the Customer; and
where applicable, provide the Implementation Services and Configuration Services to the Customer.
If the Customer wishes to purchase further Supplier product(s) and/or service(s) after the Effective Date, the parties may agree to amend the Order Form to allow for the provision of such product(s) and/or service(s) (as the case may be) and on agreement, the applicable Order Form shall be deemed amended accordingly.
All Services shall be provided on and subject to the terms of the Agreement.
5. DATA PROTECTION
To the extent that the Supplier processes any Customer Personal Data, the parties record their intention that the Customer shall be the controller and the Supplier shall be a processor for the Customer and in any such case:
the subject matter and duration of the processing, nature and purpose of the processing, types of Customer Personal Data and categories of data subjects are set out in Appendix 1 (Data Protection);
the Supplier shall process such Customer Personal Data only in accordance with the Customer’s documented instructions (including with regard to transfers outside the UK or European Economic Area), unless required to do otherwise by applicable laws (in which event, the Supplier shall inform the Customer of the legal requirement before processing the Customer Personal Data other than in accordance with the Customer’s instructions, unless the same law prohibits the Supplier from doing so on important grounds of public interest);
the Supplier shall ensure that its personnel are subject to appropriate obligations of confidentiality; and
the Supplier shall, taking into account the nature of the Services, provide reasonable assistance to the Customer, insofar as this is reasonably possible, to: (i) fulfil its obligations as a controller in respect of data security, data breach notification, data protection impact assessments, and prior consultation with supervisory authorities; and (ii) assist the Customer in its obligations in respect of the fulfilment of data subjects’ rights. The Supplier may, at its absolute discretion, invoice the Customer for the Supplier’s costs in providing such reasonable assistance (calculated using the Supplier’s then current rate card).
the Supplier shall without undue delay, in the case of any personal data breach in respect of the Customer Personal Data, notify the Customer after becoming aware of such personal data breach. Such notification shall provide the Customer with a description of the personal data breach and its likely consequences, the categories of personal data subject to the personal data breach (to the extent known by the Supplier) and the identity of the affected data subjects (to the extent known by the Supplier). Where it is not possible to provide the information at the same time, the information may be provided in phases, without undue further delay. Supplier shall continue to provide other information and co-operation which Customer may reasonably request in order to enable the Customer to handle, investigate and respond to the personal data breach.
If and to the extent there is a Restricted Transfer of Customer Personal Data, the parties agree to each comply with their respective obligations under the SCCs, and where applicable, the UK Addendum, which are hereby incorporated into this Agreement and reproduced in Appendix 7 and Appendix 8. The Customer shall provide reasonable assistance to the Supplier, at the Customer’s cost, to fulfil its obligations as a data exporter including in respect of transfer impact assessments.
Notwithstanding Clause 1.4, to the extent that there is a Restricted Transfer of Customer Personal Data and to the extent there is any conflict, inconsistency or ambiguity between any of the terms of the Agreement and the terms Appendix 7 and/or Appendix 8, the terms Appendix 7 or Appendix 8 (as applicable) shall prevail.
If the transfer of Customer Personal Data under clause 5.2 ceases to be lawful, the parties shall either:
Implement an alternative lawful transfer mechanism; or
if it is not possible to implement an alternative lawful transfer mechanism, allow the Customer to terminate the Agreement at no additional cost to the Customer, which shall be Customer’s sole and exclusive remedy.
The Customer hereby consents to the Supplier engaging the Subprocessors listed at Appendix 5 (the “List”) to process the Customer Personal Data on its behalf, provided that:
the Supplier shall ensure that all Subprocessors are subject to data processing obligations which are consistent with those imposed on the Supplier under this Clause 5 (Data Protection); and
the Supplier shall be responsible for the acts and omissions of any Subprocessor with respect to the data processing obligations referenced in Clause 5.5.1 (Data Protection), as if they were the Supplier’s own acts and omissions.
The Customer authorises the Supplier to add, from time-to-time, additional or replacement Subprocessors to this List, provided that:
the Supplier shall give Customer reasonable written notice of any proposed addition or replacement of any Subprocessor in advance of the Supplier providing that Subprocessor with access to the Customer Personal Data;
the Customer shall have fourteen (14) days from the date of receipt of a notification in accordance with Clause 6.1 (Data Protection) to object to the proposed addition or replacement of any Subprocessor by contacting the Supplier in writing at chiefexecutive@mapx-ai.com with reasons for its objection; and
if the Customer, acting reasonably, objects to an additional or replacement Subprocessor and the Supplier cannot reasonably avoid use of the Subprocessor in its continued provision of the Services, the Customer may terminate the Agreement at the end of the notice period as referenced in Clause 5.6.1 (Data Protection) on written notice to the Supplier, which shall be Customer’s sole and exclusive remedy for its objection to the proposed Subprocessor.
The Customer acknowledges and agrees that Customer Personal Data may be processed outside the UK or the European Economic Area in order to provide the Services and perform the Supplier’s other obligations under the Agreement.
If Customer Personal Data is transferred outside the UK or European Economic Area by the Supplier, to the extent required under the Data Protection Laws, the Supplier shall ensure that:
there are appropriate safeguards in place (such as processor to processor standard contractual clauses) for the purposes of such transfer;
such transfer is to an Adequate Country; or
another mechanism for the lawful transfer of such personal data applies in respect of such transfer.
The Supplier shall use the technical and organisational measures set out at Appendix 5 to protect Customer Personal Data against unauthorised and unlawful processing and against accidental loss, destruction, disclosure, damage or alteration. The Customer agrees that it is solely responsible for determining whether such technical and organisational measures ensure a level of security appropriate to the risk (including the harm that might result from unauthorised or unlawful processing or accidental loss, destruction, disclosure, damage or alteration of Customer Personal Data), taking into account the nature, scope, context and purposes of the processing.
The Supplier shall, on the written request of the Customer, provide or make available to the Customer all information reasonably necessary to demonstrate its compliance with this Clause 5 (Data Protection) and shall submit to audits in accordance with Clause 5.11 (Data Protection) provided that:
the audit shall be performed by the Customer or an independent third party mutually agreed to by the parties (acting reasonably);
the auditor shall execute a confidentiality agreement on terms acceptable to the Supplier;
the scope of the audit shall be agreed to by the parties in advance of the audit taking place and shall be strictly limited to verification of the Supplier’s compliance with this Clause 5 (Data Protection), and any information relating to other customers of the Supplier, the Supplier’s finances and/or pricing and the Supplier’s trade secrets and the Supplier’s own internal reports shall be outside the scope of the audit;
access shall be granted only to Supplier facilities, records and systems relevant and material to the processing of Customer Personal Data under the Agreement; and
audits shall take place within Business Hours only.
The Customer shall provide at least ninety (90) Business Days’ notice of its intention to conduct an audit and shall use all reasonable endeavours to ensure that the conduct of an audit does not unreasonably disrupt the Supplier or delay the provision of the Services. Any information obtained by the Customer pursuant to this Clause 5.11 (Data Protection) shall be treated as the Confidential Information of the Supplier. The parties shall bear their own costs and expenses incurred in respect of compliance with their obligations under this Clause 5.11 (Data Protection).
The Customer shall:
ensure that relevant data subjects have been informed of the processing of Customer Personal Data, including the anonymisation of Customer Personal Data by the Supplier, in accordance with the Agreement as required by Data Protection Laws;
ensure that the Customer have a valid legal basis to process Customer Personal Data, including where applicable, a condition to process special category personal data as required by Data Protection Laws; and
otherwise comply with the Data Protection Laws with respect to Customer Personal Data.
Upon termination or expiry of the Agreement, the Customer shall have ten (10) Business Days to request the return of the Customer Personal Data, after which period the Supplier may destroy all Customer Personal Data in its possession unless required to retain such Customer Personal Data under applicable laws. For the purposes of this Clause 5.13 (Data Protection), Customer Personal Data shall be considered destroyed where it is put beyond further use by the Supplier.
Notwithstanding any other term of the Agreement:
the Customer acknowledges and agrees that the Supplier may process anonymised data relating to the Services and/or performance of its obligations under the Agreement (including data derived from Customer Personal Data and data about access to and use of Product(s) and Service(s)) (“Service Data”) for the purposes of:
research, insight and product and service development; and
monitoring access to and use of Product(s) and Service(s) for compliance with the Agreement; and
the parties agree that Clause 5 (Data Protection) (except for Clause 5.14 (Data Protection)) shall not apply to Service Data.
6. SUPPLIER’S OBLIGATIONS
The Supplier warrants that:
the Services shall be performed with reasonable skill and care;
it has the full power, authority and capability to enter into the Agreement and the Order Form; and
the Product shall materially conform to the applicable specification set out at Appendix 6 (Specification).
The Supplier shall:
comply with all applicable laws, regulations and legally binding codes of practice with respect to its activities under the Agreement;
use reasonable endeavours to maintain the availability of the Licence Services and the Product; and
periodically test the Product using OWASP 10 or another industry standard anti-virus software and other Vulnerability detection processes, for any code, software, file or programme designed to permit unauthorized access to or to disable or erase software, hardware and/or data (including worms, trojan horses, viruses and other similar things or devices).
The Customer acknowledges and agrees that, except to the extent expressly provided for elsewhere in the Agreement, to the maximum extent permitted by law:
all Services, Product(s), Documentation and deliverables are made available “as-is”;
the Supplier does not warrant that the Customer’s use of any of the Services, Product(s), Documentation or deliverables will be uninterrupted or error-free;
the Supplier does not warrant that the Product Output or the Customer’s use of the Product Output will comply with applicable laws, regulations and codes of practice including Equalities Laws; and
the Supplier shall not be responsible for any delays, delivery failures or any other loss or damage arising from or relating to the transfer of data over communications networks and facilities (including the internet) and the Customer acknowledges that access to and use of the Services, Product(s), Documentation and deliverables and the performance of the Supplier’s obligations pursuant to the Agreement, may be subject to limitations, delays and other problems inherent in the use of such communications facilities.
7. CUSTOMER’S OBLIGATIONS
The Customer warrants that it has the full power, authority and capability to enter into the Agreement.
The Customer shall:
provide the Supplier with:
all co-operation reasonably requested by the Supplier from time to time; and
all access to such information as is reasonably requested by the Supplier from time to time (including Customer Materials, security access information and configuration services),
in order to provide the Services and/or perform the Supplier’s other obligations under the Agreement;
comply with all applicable laws, regulations and legally binding codes of practice with respect to its activities under the Agreement, including Equalities Laws;
ensure that all Authorised Users access and use the Services, Product(s), Documentation and deliverables only in accordance with the Agreement and comply with the Agreement as if the Authorised User were the Customer, and shall be responsible for all Authorised User’s acts and omissions as if they were the Customer’s own acts and omissions;
obtain and shall maintain all necessary licences, consents and permissions necessary for it to provide and/or make available the Customer Materials under the Agreement;
ensure that its systems, software, hardware, networks and other components comply with any relevant specifications provided by the Supplier from time to time;
be solely responsible for determining the fitness of the Service, Product(s), Documentation and deliverables for its purposes and requirements, including compliance with any laws or regulatory requirements applicable to, or requirements of, the Customer and its business;
procure and maintain any and all systems, software, hardware, networks and other components required from time to time in order to access, use and obtain the benefit of the Services, Product(s), Documentation and deliverables (including its network connections and telecommunications links from its systems to the Supplier’s data centres) and be solely responsible for any and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to them; and
ensure, and be solely responsible for the legality, non-infringement, reliability, integrity, accuracy and quality of the Customer Materials.
use (and procure that each Authorised User uses) all reasonable endeavours to prevent any unauthorised access to, or use of, any Services, Product(s), Documentation and/or deliverables and, if the Customer discovers, or is made aware of, any such access or use, immediately notify the Supplier of such unauthorised access or use.
The Supplier shall not have any liability to the Customer under the Agreement if the Supplier breaches the Agreement and/or is prevented or delayed in providing the Services or performing its other obligations under the Agreement as a result of any breach of this Clause 7 (Customer Obligations) by the Customer.
8. CHARGES AND PAYMENT
The Supplier shall invoice the Customer for the Fees in the amounts and at such times specified in the applicable Order Form.
If, at any time, the maximum aggregate number of Authorised Users (excluding View Only Users) that the Customer authorises to access a Product exceeds the number of Licences or other agreed usage limits specified in the Agreement (including the activity limit per Licence), the Supplier may charge the Customer Excess Usage Fees. Any Excess Usage Fees incurred by the Customer shall be calculated by the Supplier monthly and may be invoiced by the Supplier at any time on or after the start of the relevant month.
The Customer shall pay each invoice within thirty (30) days after the date of such invoice.
Without prejudice to any other rights and remedies of the Supplier, if the Supplier has not received payment of an invoice by the due date for payment in accordance with the Agreement, the Supplier may, without liability to the Customer:
disable any or all of the Customer’s and Authorised Users’ passwords, accounts and/or access to any or all of the Licence Services, Product(s) and/or Documentation and the Supplier shall be under no obligation to provide access to or use of the Licence Services, Product(s) and/or Documentation while any amount(s) remain unpaid. If the Supplier intends to disable any passwords, accounts and/or access pursuant to this Clause 8.4.1 (Charges and Payments), the Supplier shall notify the Customer of the Supplier’s intention to do so before the Supplier disables such passwords, accounts and/or access;
terminate the Agreement in accordance with Clause 14.4 (Term and Termination); and
interest shall accrue on a daily basis on the unpaid amount(s) at an annual rate equal to three per cent (3%) over the then current base lending rate of Barclays Bank Plc from time to time, commencing on the due date for payment and continuing until such time as the unpaid amounts and interest in accordance with this Clause 8.4.3 (Charges and Payment) are actually paid in full, whether before or after judgment, and the Supplier shall be entitled to invoice such interest at any time in arrears.
All Fees and other amounts stated or referred to in the Agreement are exclusive of all taxes (including any value added tax and/or withholding taxes). The Customer shall be responsible for all taxes, withholdings, duties and levies arising in respect of the Agreement (excluding taxes based on the real property, personal property or net income of the Supplier), which shall be payable in addition by the Customer and added to the Supplier’s invoice at the appropriate rate (if applicable).
The Customer shall make all payments under the Agreement free and clear of any deduction or withholding of any kind, save only as may be required by law. If any such withholding or deduction is required, the Customer shall, at the same time as making the payment to which the withholding or deduction relates, pay to the Supplier such additional amount as will, after the deduction or withholding has been made, leave the Supplier with the same total amount that it would have received if no such withholding or deduction had been required.
The Supplier shall be entitled to deduct any sum owing from the Customer under the Agreement from any sum owing to the Customer under the Agreement.
The Supplier shall be entitled to increase any or all of the Licence Fees, Support Fees and Excess Usage Fees in respect of a Product at the start of each Renewal Period upon prior notice to the Customer in accordance with the Fee Increase Notice Period. Any such increase(s) shall be deemed to be accepted by the Customer and the applicable Order Form shall be deemed amended accordingly, unless the Customer gives to the Supplier written notice to terminate the relevant Order Form in respect of the relevant Product in accordance with the Termination Notice Period in which case the relevant Order Form shall terminate in respect of the relevant Product at the end of the Initial Licence Term or Renewal Period (as the case may be).
9. THIRD PARTY MATERIALS
A Product may include Third Party Materials. A list of all such Third Party Materials shall be provided to the Customer if the Customer requests in writing.
In respect of any Third Party Materials that are OSS, the Customer agrees:
to comply, and procure that each Authorised User complies, with the licence terms applicable to such OSS: and
that, notwithstanding any other provision of the Agreement, access to and use of such OSS shall be on a straight pass-through basis so that the Customer’s and Authorised User’s rights to access and use such OSS shall be no more or less restrictive than the rights of access and use that they would have had had they been the licensee of such OSS.
10. PROPRIETARY RIGHTS
Except to the extent expressly specified otherwise in the Agreement:
the Customer acknowledges and agrees that the Supplier and/or its licensors own:
all Intellectual Property Rights of the Supplier or its licensors existing before the Effective Date and/or developed independently of the Agreement or any part of it; and
all rights (including Intellectual Property Rights), title and interest in, to and arising in connection with the Services, Product(s) and Documentation or any part of them, together with any and all adaptations, add-ons, modifications, updates, and/or enhancements to any Product, Service or Documentation or part of them and/or any of their use and/or receipt and all copies of them,
(together, “Supplier IP”);
to the extent, at any time, that by operation of law any Supplier IP does not vest in the Supplier or its licensors, the Customer hereby irrevocably assigns to the Supplier (by way of present and future assignment) with full title guarantee all Supplier IP (or, if applicable, shall procure such an assignment to the Supplier);
the Customer shall not act in a way which is inconsistent with or undermines the Supplier or its licensors’ (as the case may be) right of ownership or diminishes any Supplier IP or calls any Supplier IP into question; and
the Agreement does not grant the Customer or any Authorised User any right, title or interest in, to or arising in connection with any Supplier IP or any licences in respect of any Supplier IP.
The Customer shall own all right (including Intellectual Property Rights), title and interest in and to:
all of the Customer Materials; and
the Product Outputs (except for any Supplier IP),
(together, “Customer IP”)
The Supplier hereby grants to the Customer a non-exclusive and non-transferable right to (and to permit Authorised Users to) use Supplier IP in:
a Product or Documentation to the extent necessary to access and use them as expressly permitted under Clause 2.1 (Licences); and
Product Outputs to the extent necessary for the Customer and Authorised Users to use, copy and adapt the Product Outputs for the Purpose.
The Customer hereby grants to the Supplier a fully paid-up, worldwide, non-exclusive, royalty free, licence to use Customer IP to the extent necessary for the Supplier to provide the Services and perform its other obligations under the Agreement. Subject to Clause 5 (Data Protection), such licence includes the right for the Supplier to grant to its subcontractors from time to time the right to use Customer IP on the same terms providing that nothing in this Clause 10.4 shall affect the Supplier’s obligations under Clause 5 (Data Protection).
Notwithstanding any other provision of the Agreement but subject to Clause 11 (Confidentiality), the Customer hereby grants to the Supplier a fully paid-up, worldwide, non-exclusive, royalty free licence to use the Customer’s name, logo and branding for the purposes of marketing the Supplier’s products and services (including in the Supplier’s promotional material, marketing material, announcements and other similar materials).
Subject to Clause 11 (Confidentiality), the Customer shall remain exclusively entitled to all right, title and interest in and to its Confidential Information. Subject to Clause 10.1 (Proprietary Rights) and Clause 11 (Confidentiality), the Supplier shall remain exclusively entitled to all right, title and interest in and to its Confidential Information.
The Customer acknowledges that non-compliance with this Clause 10 (Proprietary Rights) and/or use of Supplier IP otherwise than in accordance with the Agreement may cause substantial harm and/or irreparable loss or damage for which monetary damages alone would not be a sufficient remedy and, therefore, that upon non-compliance with this Clause 10 (Ownership) and/or use of Supplier IP otherwise than in accordance with the Agreement Quant shall be entitled to appropriate equitable relief in addition to whatever other remedies it might have at law or pursuant to the Agreement.
11. CONFIDENTIALITY
Each party may be given access to Confidential Information from the other party in the performance of the Agreement.
A party’s Confidential Information shall not include information that:
is or becomes publicly known other than through any act or omission of the receiving party;
was in the receiving party’s lawful possession before the disclosure;
is lawfully disclosed to the receiving party by a third party without restriction on disclosure; or
is independently developed by the receiving party.
Each party shall:
hold the other’s Confidential Information in confidence and use at least as great a standard of care in protecting the Confidential Information as it uses to protect its own information of like character, but in any event not less than a reasonable degree of care; and
subject to Clause 11.4 (Confidentiality), not make the other’s Confidential Information available to any third party, or use the other’s Confidential Information, for any purpose other than to fulfil its obligations under the Agreement and then only disclose the other’s Confidential Information to its employees, consultants and subcontractors having a need to know and who have agreed to obligations of confidentiality and non-disclosure no less onerous than as set out in this Clause 11 (Confidentiality).
Each party may disclose the other’s Confidential Information to a third party to the extent necessary for the receiving party to comply with any applicable law, regulation or court order or the rules of any stock exchange on which the shares or other securities of the receiving party are listed or any requirement of any regulatory or administrative body, provided that, except to the extent that to do so would breach an applicable law, regulation or court order, the receiving party provides prompt advance written notice to the disclosing party of such disclosure so that the disclosing party may seek a protective order, confidential treatment or other appropriate protection for such Confidential Information.
Each party shall take all reasonable steps to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of the Agreement.
Each party shall immediately notify the other in writing if any unauthorised access, use or disclosure of the other’s Confidential Information has taken place or is reasonably likely to take place and take such steps as the other may reasonably require in relation to the same.
Subject to Clause 10.5 (Proprietary Rights), neither party shall make, or permit any person to make, any public announcement concerning the Agreement or any part of it without the prior written consent of the other party (such consent not to be unreasonably withheld or delayed), except in connection with the sale of all or substantially all of the Supplier’s assets or shares, or as required by law, any governmental or regulatory authority (including any relevant securities exchange), any court or other authority of competent jurisdiction. For the avoidance of doubt, the existence of the Agreement shall not constitute Confidential Information.
Each party acknowledges that unauthorised use and/or disclosure of the other’s Confidential Information may cause substantial harm and/or irreparable loss or damage to the other party for which monetary damages alone would not be a sufficient remedy and, therefore, that upon any use or disclosure of Confidential Information in breach of this Clause 11 (Confidentiality) the disclosing party shall be entitled to appropriate equitable relief in addition to whatever other remedies it might have at law or pursuant to the Agreement.
12. INDEMNITIES
The Customer shall indemnify and hold harmless the Supplier and its officers, directors and employees against any all liabilities, costs, expenses (including reasonable legal fees), losses and damages incurred by them as a result of (a) a breach of Equalities Laws by the Customer, (b) a breach of Data Protection Laws by the Customer or (c) a third party claim that the Customer Materials or their use by the Supplier or any of its subcontractors infringes any third party rights (including Intellectual Property Rights), provided that:
the Customer is given prompt notice of any such claim;
the Supplier provides reasonable co-operation to the Customer in the defence and settlement of such claim; and
the Customer is given sole authority to defend or settle the claim.
Subject to Clause 12.4 (Indemnities), the Supplier shall indemnify and hold harmless the Customer and its officers, directors and employees against any all liabilities, costs, expenses (including reasonable legal fees), losses and damages (in each case, to the extent awarded by a court of competent jurisdiction or otherwise agreed by the Supplier in settlement of a claim) incurred by the Customer as a result of a third party claim that the Customer’s or an Authorised User’s access to and use of a Product (excluding any Product Output) in accordance with the Agreement infringes any Intellectual Property Rights, provided that:
the Supplier is given prompt notice of any such claim (and in any event is given notice within five (5) Business Days of becoming aware of, or being notified of, the claim);
the Customer provides reasonable co-operation to the Supplier in the defence and settlement of such claim;
the Supplier is given sole authority to defend or settle the claim;
the Customer shall not make any admission of fault or liability, agreement or compromise in respect of the claim without the Supplier’s prior written consent;
the Customer shall take all reasonable and timely action necessary to mitigate all liabilities, costs, expenses (including legal fees), losses and damages incurred by Customer as a result of the claim (including such reasonable actions as the Supplier may request to avoid, dispute, resist, appeal, compromise or defend the claim); and
if the Customer does not comply with any or all of the provisions set out in Clause 12.2.1 (Indemnities) to Clause 12.2.5 (Indemnities) (inclusive), the indemnity given by Supplier in Clause 12.2 (Indemnities) shall not apply.
In the defence or settlement of any claim under Clause 12.2 (Indemnities), the Supplier may procure the right for the Customer to continue using the Product, replace or modify the Product so that it becomes non-infringing or, if such remedies are not reasonably available, terminate the Agreement in relation to the Product on notice to the Customer without any additional liability to the Customer.
In no event shall the Supplier or its employees, agents and subcontractors be liable to the Customer to the extent that the alleged infringement is based on:
access to or use of the Product contrary to the Supplier’s instructions;
modification or alteration of the Product by any party other than the Supplier or its subcontractors;
the Customer’s or Authorised User’s access to or use of the Product or other act or omission in breach of the Agreement;
any negligence or misconduct, except for the negligence of misconduct of the Supplier or any person acting on its behalf; or
any Third Party Materials.
Clause 12.2 (Indemnities) and Clause 12.3 (Indemnities) are the Customer’s sole and exclusive rights and remedies, and the Supplier’s (including the Supplier’s employees’, agents’ and subcontractors’) entire obligations and liability for infringement of any third party rights (including Intellectual Property Rights).
The limitations of liability set out in Clause 13.2 and 13.3 (Limitation of Liability) shall not apply in respect of any indemnity granted under Clause 12.1 or 12.2 (Indemnities).
13. LIMITATION OF LIABILITY
Nothing in the Agreement excludes or limits:
the Customer’s obligation to pay the Fees; or
the liability of either party:
for death or personal injury caused by negligence;
for fraud or fraudulent misrepresentation;
for any other liability to the extent that it cannot be limited or excluded under applicable law; or
Subject to Clause 13.1 (Limitation of Liability), neither party shall be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for:
any loss of profits or revenue (except for the Fees);
loss of anticipated savings;
loss of contract, business or business opportunity;
depletion of goodwill;
loss or corruption of data or information; or
any special, indirect or consequential loss,
in each case arising (directly or indirectly) out of or in connection with the Agreement and whether or not reasonably foreseeable, reasonably contemplatable, actually foreseen or actually contemplated by a party at the Effective Date.
Subject to Clause 13.1 (Limitation of Liability) but without prejudice to the other terms of the Agreement, the Supplier shall have no liability under the Agreement to the extent any such liability is caused by:
access to or use of any Service, Product, Documentation or deliverable contrary to the Supplier’s instructions;
modification or alteration of any Product, Documentation or deliverable by any party other than the Supplier or its subcontractors.
the Customer’s or Authorised User’s access to or use of any Service, Product, Documentation or deliverable or other act or omission that is in breach of the Agreement or applicable laws;
the Customer’s use of the Product Output; or
any Third Party Materials.
Subject to Clause 13.1 (Limitation of Liability), Clause 13.2 (Limitation of Liability), Clause 13.3 (Limitation of Liability) and Clause 13.5 (Limitation of Liability), each party’s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution, under the indemnities granted in Clause 12.1 and 12.2 (Indemnities) or otherwise, arising out of or in connection with the Agreement shall not exceed 150% of the total Fees paid or payable during the twelve (12) months immediately preceding the date on which the event giving rise to the claim occurred, or if the event giving rise to the claim occurred less than twelve (12) months after the Effective Date, the total Fees that would have been paid or payable had the Services continued until the end of the twelve (12) months from the Effective Date.
Except to the extent expressly set out in the Agreement, all warranties, representations, conditions and all other terms of any kind whatsoever (whether express or implied by statute, common law, course of dealing or otherwise) are, to the fullest extent permitted by applicable law, excluded from the Agreement.
14. TERM AND TERMINATION
The Agreement shall commence on the Effective Date and shall continue until terminated by either party on not less than thirty (30) days’ written notice expiring no earlier than on expiry or termination of the Order Form entered into before the date on which such notice is served, unless and until terminated earlier in accordance with the terms of the Agreement.
Except to the extent that the parties may agree otherwise in the Order Form and unless and until terminated earlier in accordance with the Agreement, the Order Form shall commence on the Order Form Effective Date and continue for each applicable Licence Term.
In relation to a Product, on each anniversary of the first day of the Initial Licence Term, the Licence Term shall automatically be extended for successive periods of twelve (12) months (each a “Renewal Period”), unless either party gives to the other party written notice in accordance with the Termination Notice Period in which case no extension shall apply.
The Supplier may terminate the Agreement with immediate effect by giving written notice to the Customer if:
the Supplier has not received payment of an undisputed invoice within thirty (30) days after the date of such invoice; or
the Customer commits a breach of Clause 2 (Licences), Clause 3 (Restrictions on Use), Clause 5 (Data Protection), Clause 10 (Proprietary Rights) or Clause 11 (Confidentiality) which is irremediable or which the Customer fails to remedy that breach within thirty (30) days after being notified in writing to do so.
Without affecting any other right or remedy available to it, either party may terminate the Agreement with immediate effect by giving written notice to the other party if:
the other party commits a material breach of the Agreement which is irremediable or which the Customer fails to remedy within thirty (30) days after being notified in writing to do so; or
the other party:
is unable to pay its debts as defined in section 123 Insolvency Act 1986;
has steps taken for a receiver, administrator or manager to be appointed over the whole or a material part of its business or assets;
is subject to an order being made, a resolution passed or other steps being taken for its winding-up (except for the purposes of a bona fide solvent reorganisation), bankruptcy or dissolution;
proposes or enters into any composition or arrangement with its creditors generally or any class of them;
ceases to carry on business or claim the benefit of any statutory moratorium; or
if any event occurs, or proceeding is taken, with respect to the other party in any jurisdiction to which it is subject that has an effect equivalent or similar to any of the events mentioned in Clause 14.5.2(a) (Term and Termination) to Clause 14.5.2(e) (Term and Termination) (inclusive).
The Customer shall pay the Termination Fees to the Supplier if the Supplier terminates the Agreement in accordance with Clause 14.4 (Term and Termination) or Clause 14.5 (Term and Termination).
On termination or expiry of the Agreement:
all rights granted to the Customer under the Agreement shall immediately terminate and the Customer shall (and shall procure that all Authorised Users) immediately cease using all Products, Services and Supplier IP;
each party shall each return or (if the other requests) destroy all Confidential Information of the other (and all copies of the same) provided or made available in connection with the Agreement and certify that return or destruction to the other in writing, provided that the Supplier shall be entitled to retain the Customer’s Confidential Information to the extent that and for as long as applicable laws require the Supplier to do so. For the purposes of this Clause 14.7.2 (Term and Termination), Confidential Information shall be considered destroyed where it is put beyond further use by the Supplier;
Clause 5.13 (Data Protection) shall apply in accordance with its terms;
subject to Clause 5.13 (Data Protection), Clause 14.7.2 (Term and Termination) and Clause 14.7.5 (Term and Termination), each party shall return and make no further use of any equipment, property, and other items belonging to the other party (and all copies of them);
the Supplier may destroy or otherwise dispose of any of the Customer Materials in its possession unless the Supplier receives, no later than ten (10) Business Days after the effective date of the termination of the Agreement a written request for the delivery to the Customer of such Customer Materials; and
all unpaid Fees and / or other sums due in respect of Services provided and/or the period before the effective date of termination and Termination Fees (if applicable) shall become immediately due and payable to the Supplier and the Supplier shall have the right to issue invoices in respect of such Fees and/or other sums not yet invoiced.
Termination of the Agreement is without prejudice to any rights or remedies a party may be entitled to under the Agreement and shall not affect any accrued rights or liabilities.
Any provision of the Agreement that by its very nature should or is intended to survive termination of the Agreement shall survive any termination of the Agreement, including Clause 1 (Definitions and Interpretation), Clause 5.13 (Data Protection), 5.14 (Data Protection), Clause 6.3 (Supplier Obligations), Clause 7.2.6 (Customer’s Obligations), Clause 7.2.7 (Customer Obligations), Clause 7.2.8 (Customer Obligations), Clause 7.3 (Customer Obligations), Clause 8 (Charges and Payment), 10 (Proprietary Rights), Clause 11 (Confidentiality), 12.1 (Indemnities), 13 (Limitation of Liability), Clause 14.6 (Term and Termination), 14.7 (Term and Termination), 14.8 (Term and Termination), 14.9 (Term and Termination), 14.10 (Term and Termination), 15 (Force Majeure) and 16 (General).
Without prejudice to the Supplier’s other rights and remedies, if at any time the Supplier is entitled to terminate the Agreement, the Supplier may, without liability to the Customer, disable any Customer and/or Authorised User login credentials, passwords and/or access to all or any (or any part of any) Licence Services, Product(s) and/or Documentation. If the Supplier intends to disable any login credentials, passwords and/or access pursuant to this Clause 14.10 (Term and Termination), the Supplier shall notify the Customer of the Supplier’s intention to do so before the Supplier disables such login credentials, passwords and/or access.
15. FORCE MAJEURE
The Supplier shall not have any liability to the Customer under the Agreement if it is prevented from or delayed in providing the Services and/or performing its obligations under this Agreement by acts, events, omissions or accidents beyond its reasonable control, including strikes, lock-outs or other industrial disputes, failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or subcontractors.
16. GENERAL
The Agreement shall not prevent the Supplier from entering into similar agreements with third parties or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under the Agreement.
No variation of the Agreement shall be effective unless it is in writing and signed by the parties.
Subject to Clause 5.5 (Data Protection) and Clause 5.6 (Data Protection), the Supplier may subcontract any of its rights or obligations under the Agreement without the Customer’s prior written consent.
No failure or delay by a party to exercise any right or remedy provided under the Agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No waiver of any right or remedy shall operate as a waiver of any subsequent or other breach. Any waiver shall only be effective if in writing signed by a duly authorised representative on behalf of the party claimed to have waived.
If any provision (or part of a provision) of the Agreement is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal (the “Affected Provision”), the other provisions (and parts of the provision) of the Agreement shall remain in force and the Affected Provision shall be replaced, in so far as is possible according to the intent and spirit of the Agreement, with provisions having commercial effect as close as possible to the Affected Provision.
The Agreement, and any documents referred to in it, constitute the whole agreement between the parties and supersede any previous arrangement, understanding or agreement between them relating to the subject matter they cover. For the avoidance of doubt, the Savannah Terms of Business shall not apply to the provision of any Product or any Services. Each of the parties acknowledges and agrees that in entering into the Agreement and the Order Form it does not rely on any undertaking, promise, assurance, statement, representation, warranty or understanding (whether in writing or not) of any person (whether party to them or not) relating to the subject matter of the Agreement, other than as expressly set out in the Agreement. Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in the Agreement.
Neither party shall assign any of its rights under the Agreement without the prior written consent of the other party, such consent not to be unreasonably withheld or delayed, except that the Supplier may, without the Customer’s consent, assign or transfer any or all of its rights or obligations under the Agreement: (i) to any member of the group of companies to which it belongs; and (ii) to a third party purchaser, in connection with the sale of all or substantially all of the Supplier’s assets or shares to that third party purchaser. Any attempt to transfer or assign the Agreement (or any part of any of it) except as expressly authorised by this Clause 16.7 (General) shall be null and void.
The Agreement does not confer any rights on any person or party (other than the parties to the Agreement) pursuant to the Contracts (Rights of Third Parties) Act 1999.
Any notice required to be given under the Agreement shall be in writing (which shall include email) and shall be delivered by hand or sent by pre-paid first-class post or recorded delivery post to the other party for the attention of the contact and at the postal address, or sent by email to the other party for the attention of the contact and at the email address, specified in the Order Form or to such other contact, postal and/or email address as may have been notified by that party for such purposes in accordance with this Clause 16.9 (General). A notice delivered by hand shall be deemed to have been received when delivered (or if delivery is not between 9 am and 5 pm on a Business Day (“Business Hours”), at 9 am on the first Business Day following delivery). A correctly addressed notice sent by pre-paid first-class post or recorded delivery post shall be deemed to have been received at 9 am on the second Business Day after posting or, if the address for the recipient is outside the country in which the sender is located, on the fifth Business Day after posting. A notice sent by email shall be deemed to have been received at the time of transmission (or if transmission is not in Business Hours, at 9 am on the first Business Day following transmission) provided that the sender requested a delivery receipt notice and did not receive a delivery failure notice.
The Agreement and any dispute or claim arising out of or in connection therewith (including non-contractual disputes or claims) shall be governed by and construed in accordance with English law. With the exception of the right to seek injunctive relief, each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with the Agreement (including non-contractual disputes or claims).
The rights and remedies provided under the Agreement are in addition to, and not exclusive of, any rights or remedies provided by law. Each such right or remedy shall be cumulative (unless expressly stated otherwise in the Agreement).
Appendix 1: Data Protection
Subject matter: The provision by the Supplier of the Services.
Duration of the processing: The duration of the Agreement, subject to Clause 5.13.
Purpose of the processing: The provision of the Services and the performance of the Supplier’s obligations under the Agreement.
Nature of the processing: Processing activities necessary for the provision of the Services and the performance of the Supplier’s obligations under the Agreement, including:
Conducting searches for potential candidates for Senior Positions, according to the Customer’s search criteria;
Collecting and storing personal data relating to potential candidates for Senior Positions, collected from publicly available sources;
Analysis of potential candidate personal data using machine learning models to (1) calculate ethnicity and gender probabilities and (2) assign potential candidates to ethnicity and gender categories based on calculated probabilities;
Analysis of potential candidate personal data and Customer search criteria for the purposes of generating a candidate ‘score’, based on how closely the potential candidate for a Senior Position matches the search criteria. Display of potential candidates for Senior Positions sorted by ‘score’; and
Presentation of a short-list of potential candidates for Senior Positions based on the Customer’s selections and storing associated potential candidate personal data.
Categories of Personal Data: The personal data collected and processed relating to a potential candidate include:
full name;
home town & country;
profile picture;
current/previous positions (including job title, estimated seniority and company information);
description of current/previous positions;
location of current/previous positions;
school and university history;
predicted gender; and
potential candidate ‘score’.
Special Categories of Personal Data: The personal data collected and processed relating to a potential candidate include:
predicted ethnicity; and
predicted ethnicity likelihood.
Data subjects: Natural persons who have been identified as potential candidates for Senior Positions, according to the Customer’s search criteria.
Appendix 2: Support Services
Supplier shall provide the Customer with support and assistance necessary for the Customer to access and use the Product. The Supplier may (in its sole discretion) charge the Customer additional fees for any support and assistance it provides that it deems unreasonable or excessive, provided that it has first notified the Customer of its intention to do so.
Supplier shall provide the support and assistance in either of the following formats, at the Customer's discretion:
live chat; or
email correspondence.
Supplier shall aim to respond to Customer's initial enquiry within 8 hours.
Appendix 3: Configuration Services
[N/A]
Appendix 4: Optimisation Services
[N/A]
Appendix 5: Subprocessors and Technical and Organisational Measures
A. Subprocessors
The Subprocessors engaged by the Supplier to process the Customer Personal Data on its behalf are as follows:
Entity | Purpose | Applicable Services | Entity Country | Location of Data |
---|---|---|---|---|
Used for storage of all data and processing of data to serve through the web application. Machine learning services are used for predictive analytics and ETL services are used for data pipelines and data management. | Google Cloud Platform | USA | UK, EU and USA, as applicable to the Customer. | |
Open AI | Used to best interpret and perform your search requests on the platform, MapX uses text input you provide and passes it to large language models (LLMs) developed by OpenAI. MapX encrypts your content in transit and sends it via an API to OpenAI in order to generate response text. OpenAI stores the content it analyses with the model in accordance with the OpenAI terms and conditions around usage of the OpenAI API. | Open AI API | USA | USA and around the world |
Anthropic | Used to best interpret and perform your search requests on the platform, MapX uses text input you provide and passes it to large language models (LLMs) developed by Anthropic. MapX encrypts your content in transit and sends it via an API to Anthropic in order to generate response text. Anthropic stores the content it analyses with the model in accordance with the Anthropic terms and conditions around usage of the Anthropic API. | Anthropic API | USA | USA and around the world |
B. Technical and Organisational Measures
The Technical and Organisational Measures referred to in clause 5.9 are as follows:
Technical Measures
All data is hosted in Google Cloud Platform in and protected by multi factor authentication.
All Supplier devices are configured with multi-tiered real-time firewall, antivirus and malware protection and all data transfer is performed over secure transmission protocols (SFTP, HTTPS) to guard against interception.
Supplier Email flow protection has been implemented, with encryption capabilities in place.
Login and password security processes are in place as well as secure keys for wireless logons.
Supplier data is held in Office 365, Hubspot, Google Cloud, Slack and Github and encrypted backups are kept offsite in case of disaster as part of our recovery strategy.
Monitoring is in place to flag anomalous events including failed log-ins, new software installation and download times.
Special category data is only accessible to Savannah staff in an anonymised format.
Organisational Measures
All Supplier employees are subject to reference and certificate checks on appointment.
All Supplier employees receive regular, comprehensive data protection training.
Only authorised employees have access to Customer Personal Data.
Physical Measures
The Supplier’s office benefits from sole-occupancy, CCTV protection, access control, and fire and intruder alarms.
All confidential paper and electronic waste is disposed of securely
Appendix 6: Specification
MapX is a licenced tool that enables Customers to conduct searches for potential candidates for Senior Positions, according to specified search criteria provided by the Customer.
Using the MapX AI technology enables Customers to identify otherwise hard to find candidates for their roles.
MapX facilitates the presentation of a list of potential candidates for Senior Positions based on the Customer’s selections.
Further statistics on Customer created candidate pools are also provided.
Organisational charts of companies and associated statistics on people in those companies are assembled by MapX through the Customer’s use of the Product.
Appendix 7: Standard Contractual Clauses
Processor to Controller
SECTION I
Clause 1
Purpose and scope
(a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) for the transfer of personal data to a third country.
(b) The Parties:
(i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter ‘entity/ies’) transferring the personal data, as listed in Annex I.A (hereinafter each ‘data exporter’), and
(ii) the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A (hereinafter each ‘data importer’)
have agreed to these standard contractual clauses (hereinafter: ‘Clauses’).
(c) These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.
(d) The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.
Clause 2
Effect and invariability of the Clauses
(a) These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.
(b) These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.
Clause 3
Third-party beneficiaries
(a) Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:
(i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;
(ii) Clause 8 – Module One: Clause 8.5 (e) and Clause 8.9 (b); Module Two: Clause 8.1(b), 8.9(a), (c), (d) and (e); Module Three: Clause 8.1(a), (c) and (d) and Clause 8.9(a), (c), (d), (e), (f) and (g); Module Four: Clause 8.1 (b) and Clause 8.3(b);
(iii) Clause 9 – Module Two: Clause 9(a), (c), (d) and (e); Module Three: Clause 9(a), (c), (d) and (e);
(iv) Clause 12 – Module One: Clause 12(a) and (d); Modules Two and Three: Clause 12(a), (d) and (f);
(v) Clause 13;
(vi) Clause 15.1(c), (d) and (e);
(vii) Clause 16(e);
(viii) Clause 18 – Modules One, Two and Three: Clause 18(a) and (b); Module Four: Clause 18.
(b) Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.
Clause 4
Interpretation
(a) Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.
(b) These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.
(c) These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.
Clause 5
Hierarchy
In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.
Clause 6
Description of the transfer(s)
The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.
Clause 7 Optional: not used
SECTION II – OBLIGATIONS OF THE PARTIES
Clause 8
Data protection safeguards
The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.
8.1 Instructions
(a) The data exporter shall process the personal data only on documented instructions from the data importer acting as its controller.
(b) The data exporter shall immediately inform the data importer if it is unable to follow those instructions, including if such instructions infringe Regulation (EU) 2016/679 or other Union or Member State data protection law.
(c) The data importer shall refrain from any action that would prevent the data exporter from fulfilling its obligations under Regulation (EU) 2016/679, including in the context of sub-processing or as regards cooperation with competent supervisory authorities.
(d) After the end of the provision of the processing services, the data exporter shall, at the choice of the data importer, delete all personal data processed on behalf of the data importer and certify to the data importer that it has done so, or return to the data importer all personal data processed on its behalf and delete existing copies.
8.2 Security of processing
(a) The Parties shall implement appropriate technical and organisational measures to ensure the security of the data, including during transmission, and protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter ‘personal data breach’). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature of the personal data, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects, and in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner.
(b) The data exporter shall assist the data importer in ensuring appropriate security of the data in accordance with paragraph (a). In case of a personal data breach concerning the personal data processed by the data exporter under these Clauses, the data exporter shall notify the data importer without undue delay after becoming aware of it and assist the data importer in addressing the breach.
(c) The data exporter shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
8.3 Documentation and compliance
(a) The Parties shall be able to demonstrate compliance with these Clauses.
(b) The data exporter shall make available to the data importer all information necessary to demonstrate compliance with its obligations under these Clauses and allow for and contribute to audits.
Clause 9
Use of sub-processors
N/A
Clause 10
Data subject rights
The Parties shall assist each other in responding to enquiries and requests made by data subjects under the local law applicable to the data importer or, for data processing by the data exporter in the EU, under Regulation (EU) 2016/679.
Clause 11
Redress
The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.
Clause 12
Liability
(a) Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.
(b) Each Party shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages that the Party causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter under Regulation (EU) 2016/679.
(c) Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.
(d) The Parties agree that if one Party is held liable under paragraph (c), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its/their responsibility for the damage.
(e) The data importer may not invoke the conduct of a processor or sub-processor to avoid its own liability.
Clause 13
Supervision
N/A
SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES
Clause 14
Local laws and practices affecting compliance with the Clauses
(where the EU processor combines the personal data received from the third country-controller with personal data collected by the processor in the EU)
(a) The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.
(b) The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements:
(i) the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred;
(ii) the laws and practices of the third country of destination– including those requiring the disclosure of data to public authorities or authorising access by such authorities – relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards;
(iii) any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination.
(c) The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.
(d) The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request.
(e) The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a).
(f) Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.
Clause 15
Obligations of the data importer in case of access by public authorities
(where the EU processor combines the personal data received from the third country-controller with personal data collected by the processor in the EU)
15.1 Notification
(a) The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it:
(i) receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or
(ii) becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer.
(b) If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter.
(c) Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.).
(d) The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request.
(e) Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.
15.2 Review of legality and data minimisation
(a) The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).
(b) The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.
(c) The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.
SECTION IV – FINAL PROVISIONS
Clause 16
Non-compliance with the Clauses and termination
(a) The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.
(b) In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).
(c) The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:
(i) the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;
(ii) the data importer is in substantial or persistent breach of these Clauses; or
(iii) the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.
In these cases, it shall inform the competent supervisory authority of such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.
(d) Personal data collected by the data exporter in the EU that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall immediately be deleted in its entirety, including any copy thereof. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.
(e) Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.
Clause 17
Governing law
These Clauses shall be governed by the law of a country allowing for third-party beneficiary rights. The Parties agree that this shall be the law of Ireland.
Clause 18
Choice of forum and jurisdiction
Any dispute arising from these Clauses shall be resolved by the courts of Ireland.
ANNEX I
A. LIST OF PARTIES
Data exporter(s):
Name: See the definition of Supplier
Address: See the definition of supplier
Contact person’s name, position and contact details:
Rachael Dormer, Head of Operations, gdpr@mapx-ai.com
Activities relevant to the data transferred under these Clauses: See Appendix 1.
Role (controller/processor): Processor
Data importer(s):
Name: See the definition of Customer
Address: See the definition of Customer. See ‘Order Form - Address for notices – For the Customer’.
Activities relevant to the data transferred under these Clauses: See Appendix 1.
Role (controller/processor): Controller
B. DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred
See Appendix 1.
Categories of personal data transferred
See Appendix 1.
Sensitive data transferred and applicable restrictions of safeguards
See Appendix 1.
The frequency of the transfer
Continuously during the term of the Agreement.
Nature of the processing
See Appendix 1.
Purpose of the data transfer and further processing
Provision of the Services to the Customer.
Period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
As specified in clause 5.13 of the Agreement.
Sub-processing
Details of any sub-processing are set out in clause 5.5 to 5.8 and Appendix 5.
Appendix 8: UK Addendum
This Addendum has been issued by the Information Commissioner for Parties making Restricted Transfers. The Information Commissioner considers that it provides Appropriate Safeguards for Restricted Transfers when it is entered into as a legally binding contract.
Part 1: Tables
Table 1: Parties
Start date | Effective Date of the Agreement. | |
The Parties | Exporter (who sends the Restricted Transfer) | Importer (who receives the Restricted Transfer) |
---|---|---|
Parties’ details | Full legal name: See the definition of Supplier Trading name (if different): N/A Main address (if a company registered address): See the definition of Supplier Official registration number (if any) (company number or similar identifier): See the definition of Supplier |
Full legal name: See the definition of Customer Trading name (if different): N/A Main address (if a company registered address): See the definition of Customer Official registration number (if any) (company number or similar identifier): See the definition of Customer |
Key Contact | Full Name (optional):Rachael Dormer Job Title: Head of Operations Contact details including email: gdpr@mapx-ai.com |
Full Name (optional): [to be inserted by Customer] Job Title: [to be inserted by Customer] Contact details including email: [to be inserted by Customer] |
Signature (if required for the purposes of Section 2) | N/A | N/A |
Table 2: Selected SCCs, Modules and Selected Clauses
Addendum EU SCCs | The version of the Approved EU SCCs which this Addendum is appended to, detailed below, including the Appendix Information: Date: see the Effective Date of this Agreement. Reference (if any): See Appendix 7 and its annexes. Other identifier (if any): As above |
Table 3: Appendix Information
“Appendix Information” means the information which must be provided for the selected modules as set out in the Appendix of the Approved EU SCCs (other than the Parties), and which for this Addendum is set out in:
Annex 1A: List of Parties: Please refer to the parties listed in the Order Form. |
Annex 1B: Description of Transfer: Please refer to Appendix 1. |
Annex II: Technical and organisational measures including technical and organisational measures to ensure the security of the data: Please refer to clause 5.9 and Appendix 5. |
Annex III: List of Sub processors (Modules 2 and 3 only): Please refer to clause 5.5 and Appendix 5 |
Table 4: Ending this Addendum when the Approved Addendum Changes
Ending this Addendum when the Approved Addendum changes | Which Parties may end this Addendum as set out in Section 19: Importer Exporter neither Party |
Part 2: Mandatory Clauses
Mandatory Clauses | Part 2: Mandatory Clauses of the Approved Addendum, being the template Addendum B.1.0 issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses. |