1. Application of Conditions
1.1 The Supplier shall supply and the Client shall purchase the Lists and Services in accordance with the quotation which is subject to these Conditions.
2. Definitions and Interpretation
2.1 In these conditions:-
“Broker” means a person to whom the Client supplies any Data for immediate onward supply to a specific End-User
“Client” means the individual, firm, company or other party who accepts a quotation or offer from the Supplier for the sale of Lists and supply of Services, or whose order for Lists and Services is accepted by the Supplier;
“Controller” shall have the meaning set out in the UK GDPR;
“Data” means information comprising any combination of (but not limited to) postal address, email address, telephone number, contact name and qualifying information such as company size etc. in any number of fields;
“Data Protection Laws” means any laws and regulations in any relevant jurisdiction relating to privacy or the use or processing of data relating to natural persons, including: (a) the UK GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003; (b) the Data Protection Act 2018 and (c) any laws or regulations ratifying, implementing, adopting, supplementing or replacing the UK GDPR and the Data Protection Act 2018; in each case, to the extent in force, and as such are updated, amended or replaced from time to time;
“DP Regulator” means any governmental or regulatory body or authority with responsibility for monitoring or enforcing compliance with the Data Protection Laws;
“End-User” means any person to whom Client supplies (either directly or through a Broker) any Data;
“Enquiry” means any request, complaint, investigation, notice or communication from a Data Subject or a DP Regulator;
“Lists” means a selection of data (including any instalment) which the Supplier is to supply in accordance with these Conditions;
“Order Date” means the date the order is placed by the Client which shall be set out on the quotation.
“Personal Data Breach” shall have the meaning set out in Article 4 of the UK GDPR;
“Processor” shall have the meaning set out in the UK GDPR;
“Services” means the services set out in the quotation, specifically the supply of data services;
“Supplier” means Marketscan Limited, Registered Office 8 Duke’s Court, Bognor Road, Chichester, West Sussex, PO19 8FX;
The terms “Data Subject”, “Personal Data” and “Processor” shall have the meaning set out in the UK GDPR.
3.0 Variation of conditions
3.1 These Conditions shall be to the exclusion of any other terms and conditions subject to which any such quotation is accepted or purported to be accepted, or any such order is made or purported to be made, by the Client unless accepted in writing by a senior employee of the Supplier.
3.2. All quotations must be signed, dated and confirmed in writing. Quotations will not be accepted on the basis of verbal instructions.
4.1 Quotations lapse after 30 days unless re-confirmed in writing by the Supplier.
4.2 List prices shall be those set out in the quotation.
5.1 The Supplier warrants and represents that all Lists or parts of Lists are licensed by and copyrighted to the Supplier. Unless purchased as a data file specifically for multiple usages (which shall be set out in the quotation) the Supplier’s data is rented for one time use only.
5.2 Conditions of use for special data packages are specified in the relevant quotation and on the order. For example, postal addresses and telephone numbers supplied from the Supplier’s ‘Sales Generator’ package can be used unlimited times within a 12 month period from date of download and email addresses up to 12 times within a 12 month period from date of download. Unused records at the end of the period cannot be carried over to a new period.
5.3 The Data must not be copied or recorded by the Client or its agents, or in any way processed by the Client or its agents other than in accordance with the quotation or as agreed in writing by the Supplier. Data supplied as a data file is for the sole use of the Client or the specified End-User. If the Client is supplying the Data to a Broker for onward supply to an End-User, Client shall procure that the Broker supplies the Data only to the specified End-User and that neither the Broker nor the End-User shall supply the Data to any other person.All Lists contain seed names and dummy addresses to detect unlawful use. The Supplier may take legal action against any Client that unlawfully processes Data owned by the Supplier.
5.4 In the event of a breach of data usage by the Client, Broker or End-User ie. where it is determined that Data has been used by the Client, Broker or End-User outside of the usage terms as specified on the order, a re-use charge of 100% of the value of the order will be imposed per occasion of each breach.
6.0 Supply and use of Data and grant of licence
6.1 Data files are supplied for use on the Windows® operating system and in Excel Worksheet format unless otherwise specified on the quotation. No liability is accepted by the Supplier for conversion of the Data to any format, other than that in which it was supplied.
6.2 If the Client wishes the Supplier to exclude certain criteria from the Supplier’s range of criteria the Client must provide a suppression file to the Supplier that clearly states the requested exclusions prior to the Order Date.
6.3 Whilst every effort is made to quote the number of addresses accurately, the quantity may vary from time to time, as is reasonable, due to movements within the List or Lists and no warranty or condition is given that the figure quoted agrees with that finally reached during the execution of the quotation.
6.4 Where more than one List is supplied, the total quantity dispatched may be less than the sum of the individual list quantities due to persons or establishments being coded to more than one classification.
6.5 The Supplier uses all reasonable endeavours to ensure Lists are accurate and up-to-date. However, as Lists are compiled from a variety of sources, the Supplier cannot warrant that any of the records are 100% complete or accurate, neither are they built up from personal knowledge of any particular trade or profession or other body.
6.6 The Supplier does not accept liability for the outcome of the use of its Lists. In no event will the Supplier be liable for any loss of profit, revenue, goodwill, opportunity, business or other indirect or consequential loss of any kind in contract, tort (including negligence) or otherwise arising out of use of its Lists, save where such liability cannot be excluded by law.
6.7 The Supplier grants to the Client a non-exclusive licence for the Client to use the Data and Lists in accordance with these Conditions to:
(a) access and view the Data and Lists;
(b) market its goods and services to the contacts within the Data and Lists;
(c) store the Data and Lists on the Client’s systems;
(d) use the Data and Lists in the manner permitted in the quotation.
7.0 Data Protection and Codes of Practice
7.1 As an agency recognised by the Data & Marketing Association (the “DMA”), the Supplier warrants and represents that it shall uphold at all times, in letter and spirit, the British Code of Advertising Practice, Sales Promotion and Direct Marketing (‘the CAP Code’). The Supplier’s acceptance of quotations from the Client is conditional upon the Client undertaking to work within the accepted codes of conduct for the advertising industry, including in particular the CAP Code and the Data & Marketing Code of Practice.
7.2 The Supplier warrants, represents and undertakes that all Data and Lists has been fairly and lawfully obtained in accordance with all applicable Data Protection Laws.
The Data and Lists provided by the Supplier may include Personal Data (as defined in the UK GDPR) and the Supplier warrants, represents and undertakes that it shall obtain all necessary consents or satisfy another lawful ground for processing to enable it to share any Data or Lists with the Client or to carry out the purpose of providing the Services and to enable the Client to use the Lists or Data in the manner set out in these Conditions and the quotation.
7.3 The parties acknowledge and agree that, in respect of any Personal Data contained in the Data or Lists provided by the Supplier to the Client, they shall each be Controllers for the purposes of Data Protection Laws unless the Client is acting as a Broker in which case the Client will be a Processor. The parties shall comply with the provisions and obligations imposed on them by Data Protection Laws at all times when processing Personal Data under these Conditions and in connection with the Services.
7.4 Each party shall co-operate with the other party and provide such information and assistance as the other party may reasonably require to enable the other party to: (a) comply with its obligations under Data Protection Laws in respect of Personal Data provided by the Supplier to the Client; and (b) deal with and respond to any Enquiry relating to the Personal Data provided by the Supplier to the Client.
7.5 If either party receives any complaint, notice or communication which relates directly or indirectly to the processing of Personal Data provided by the Supplier to the Client by the other party or to either party’s compliance with Data Protection Laws, it shall as soon as reasonably practicable notify the other party and it shall provide the other party with reasonable co-operation and assistance in relation to any such complaint, notice or communication.
7.6 The Supplier undertakes to update Data regularly in respect of the Lists supplied. Lists supplied by the Supplier are maintained in accordance with the standards of list and database practice incorporated in the DMA’s Code of Practice, as amended from time to time.
7.7 The Supplier undertakes the scanning of the Lists against the TPS and CTPS registers daily to allow the Client 28 days usage from the date the lists are supplied to the Client.
7.8 The Client agrees to notify the Supplier within 14 days of receipt of any request received by the Client for the suppression of a deceased name or disputed data that can be identified as being included in the Data supplied by the Supplier.
7.9 The Client agrees to record and mark any request for suppression received by the Client from an individual whose name can be identified as being included in a list supplied by the Supplier, and that any such record will be suppressed from any list subsequently used by the Client.
7.10 The Client agrees, unless otherwise agreed in writing between the Client and the Supplier, that posting of mailings to any names on any list provided by the Supplier will take place no later than six months following the date of supply. In the event that the posting is delayed, the Client agrees to return to the Supplier unused copies of any list and to delete from its files any extracts from or copies of the list.
7.11 The Client warrants that items to be mailed to the Data or Lists provided by the Supplier shall contain nothing which infringes copyright or is defamatory, obscene, indecent, or otherwise illegal or unlawful or contradictory to the CAP Code.
7.12 Each party shall maintain records of all processing operations under its responsibility that contain at least the minimum information required by the Data Protection Laws, and shall make such information available to any DP Regulator on request.
7.13 The Controller shall only process the Data or Lists or cause the Data or Lists to be processed by a third-party Processor when that Processor and processing is located within the European Union or in a territory that provides an adequate level of protection under the UK GDPR.
8.0 Post Office Returns & Warranty
8.1 In relation to business addresses which may be provided in the Data or Lists, an amount equal to the List cost at the time of invoice will be refunded by the Supplier to the Client on all Post Office returns in excess of 2% of the total number of addresses supplied, provided that all returned envelopes, less contents, are received by the Supplier within 6 weeks of delivery of the original Data or Lists. No warranty is given on telephone numbers or contact names. See clause 19.0 for email warranty.
8.2 The undertaking at clause 8.1 extends to the End-User.
9.0 Dispatch of Lists
9.1 Dates given for dispatch of Lists are given in good faith and are estimates only, based on information available at the time of quoting. They are, however, not guaranteed and time is not of the essence of the contract.
10.1 In consideration for the receipt of the Services, the Client shall pay to the Supplier the fees as set out in the quotation.
10.2 30 day credit terms are offered subject to status otherwise pre-payment may be required.
11.1 Nothing in these Conditions:
(a) shall limit or exclude either party’s liability for any liability which cannot be limited or excluded by applicable law; and
(b) shall limit or exclude the Supplier’s liability to the Client under clauses 5.4, 7.2, 16.2.
11.2 Subject to clause 11.1, neither party shall have any liability to the other party, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, for any indirect or consequential loss arising under or in connection with these Conditions. Subject to clause 11.1, the Client’s total liability to the Supplier, whether in contract, tort (including negligence), breach of statutory duty, or otherwise arising under or in connection with these Conditions shall be limited to the total charges paid by the Client under these Conditions.
11.3 The Supplier shall be under no liability for any discrepancy or shortage on delivery or non-delivery of Lists unless the Client notifies the Supplier in writing:
- a) of any discrepancy or shortage on delivery within 7 days of receipt of Lists.
- b) of non-delivery within 7 days of confirmation by the Supplier that the Lists have been dispatched. The Supplier’s liability is limited to replacement of the Lists supplied.
11.4 It is the Client’s responsibility to ensure that its online account details are up-to-date and current. This includes but is not limited to deleting the details of personnel who have moved from the Client’s employ.
11.5 The Supplier warrants, represents and undertakes that the Data and Lists are owned and licensed to the Supplier by third party providers. The third-party providers make no warranties with respect to the Data and exclude as far as legally possible all liability for the Data.
12.1 The Supplier shall charge the amount of Value Added Tax due on the invoice and shall include that amount on the quotation and invoice.
13.0 Assignment and Sub-Contracting
13.1 The rights granted to the Client hereunder are personal to it and the Client shall not assign or grant any rights in respect of or otherwise deal in the same. The Supplier shall be entitled to assign or sub-contract the provision of the Services (or any part thereof) to any third party and reference in the terms and conditions to the Supplier shall be deemed to include reference to such assignee or sub-contractor.
14.0 Governing Law and Jurisdiction
14.1 These Conditions and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with them or their subject matter or formation shall be governed and construed in accordance with the laws of England and Wales. Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with these Conditions or their subject matter or formation.
15.0 Prize Promotions (includes Prize Competitions and Prize Draws unless otherwise stated)
15.1 You must be 18 years or over to enter a prize promotion.
15.2 There are no cash alternatives available for any prize.
15.3 Winners of prize promotions will be notified by email within two weeks of the closing date of entry unless otherwise stated.
15.4 Winners of prize promotions will be announced via the Supplier’s monthly e-newsletter.
15.5 No purchase is required to enter a prize draw. To enter the prize draw, please send your name, address and email address to “Prize Draw, Marketscan Ltd, 8 Dukes Court, Bognor Road, Chichester, West Sussex, PO19 8FX.
15.6 The Supplier does not accept responsibility for entries lost in the post or via an error in transmission by email. To confirm receipt of entry please email firstname.lastname@example.org
16.1 Force Majeure. Neither party shall be in breach of these Conditions nor liable for delay in performing, or failure to perform, any of its obligations under these Conditions if such delay or failure results from events, circumstances or causes beyond its reasonable control. In such circumstances the affected party shall be entitled to a reasonable extension of the time for performing such obligations. If the period of delay or non-performance continues for 2 weeks, the party not affected may terminate these Conditions by giving 5 days’ written notice to the affected party.
16.2 Confidentiality. Each party undertakes that it shall not at any time disclose to any person any confidential information concerning the business, affairs, customers, clients or suppliers of the other party. Each party may disclose the other party’s confidential information to its employees, officers, representatives or advisers who need to know such information for the purposes of exercising the party’s rights or carrying out its obligations under or in connection with these Conditions and as may be required by law.
16.3 Announcements. The Supplier shall not make, or permit any person to make, any public announcement concerning the existence, subject matter or terms of these Conditions, or the relationship between the parties, without the prior written consent of the Client, except as required by law.
16.4 Entire Agreement. These Conditions and the quotation constitutes the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter.
16.5 Variation. No variation of these Conditions shall be effective unless it is in writing and signed by the parties.
16.6 Notices. Any notice given to a party under or in connection with these Conditions shall be in writing and shall be: delivered by hand or pre-paid first class post or other next working day delivery service at its registered office marked for the attention of the Legal Department. Any notice shall be deemed to have been received: (a) if delivered by hand, on signature of a delivery receipt; (b) if sent by pre-paid first class post or other next working day delivery service at 9am on the second English working day after posting.
16.7 Third party rights. These Conditions do not give rise to any rights under the Contracts (Rights of Third Parties) Act 1999 to any term of these Conditions.
16.8 Termination. Without affecting any other right or remedy available to it, either party may terminate these Conditions with immediate effect by giving written notice to the other party if: (a) the other party commits a material breach of any term of these Conditions; (b) the other party repeatedly breaches any of the terms of these Conditions; (c) the other party is unable to pay its debts as they fall due.
SUPPLEMENTARY TERMS AND CONDITIONS FOR THE LICENCING OF DATA FOR EMAIL MARKETING
17.0 Email Definitions and Interpretation
17.1 ‘Undeliverables Threshold’ means for the purposes of these Conditions, 10% of the emails supplied against any single order that are hard bounces.
18.0 Supply and use of Email Data
18.1 If the Client wishes the Supplier to exclude a list of email addresses from the email Data field the Client must request this prior to the Order Date.
18.2 Subject to any restrictions of use stated in the quotation the Client’s use of the email Data may not exceed more than 12 emails to any one addressee in a 12 month period and not exceed more than 4 emails to any one addressee in any one calendar month.
19.0 Email Warranty and Obligations
19.1 The Supplier is not responsible or liable for email addresses that prove to be undeliverable save that where the number of undeliverable addresses exceeds the Undeliverables Threshold and subject to the Client
providing proof of non-delivery within 30 days of the Order Date, the Supplier will endeavour to provide two additional email addresses for each undeliverable email.
19.2 Proof of non-delivery in the form of undeliverable addresses must be returned to the Supplier in either a tab delimited, comma delimited, Excel or Dbase file.
19.3 The Supplier’s obligations stated in clause 19.1 shall not apply where the Client decides to use a method of delivery that has not been approved in writing by us. Unapproved methods of delivery include use of an SMTP (Single Message Transfer Protocol) email client such as Outlook, Netscape and Lotus, and delivery platforms that do not accept third party lists.
19.4 The Supplier reserves the right to require the Client to cease or modify use of the email Data where the Supplier discovers that the contents of email sent by the Client is different to how the Client has represented that it will use the Data.
19.5 Where the Client procures the use of the email Data to send emails, the Client must ensure that the recipient is given a simple means to opt-out of receiving further communications.
19.6 The undertaking and conditions stated in clause 19.0 extend to the End-User.
SUPPLEMENTARY TERMS AND CONDITIONS FOR THE PROVISION OF DATA BY THE CLIENT TO THE SUPPLIER
20.1 In the event that the Client provides Personal Data to the Supplier in order for the Supplier to carry out a matching, suppression or enhancement exercise against its own Data and Lists, the parties shall comply with the provisions and obligations imposed on them by the Data Protection Laws at all times when processing Personal Data in connection with such exercise. In such circumstances, the Supplier shall be a Processor and the Client shall be a Controller. The processing shall be in respect of the types of Personal Data and categories of Data Subjects set out in Clause 21 below. The nature, purpose and duration of the processing shall be solely for the Supplier to carry out a matching, suppression or enhancement of the Data and Lists for the time it takes to carry out such exercise.
20.2 Where the Supplier receives from, or processes any Personal Data on behalf of, the Client, the Supplier shall:
(a) process such Personal Data only in accordance with the Client’s written instructions from time to time (including those set out in this clause 20);
(b) ensure that any of its personnel who have access to such Personal Data are committed to binding obligations of confidentiality when processing such Personal Data;
(c) implement and maintain technical and organisational measures and procedures to ensure an appropriate level of security for such Personal Data, including protecting such Personal Data against the risks of accidental, unlawful or unauthorised destruction, loss, alteration, disclosure, dissemination or access;
(d) not transfer such Personal Data outside the United Kingdom and the European Economic Area without the prior written consent of the Client;
(e) inform the Client without undue delay if any such Personal Data is (while within the Supplier’s or its subcontractors’ or affiliates’ possession or control) subject to a Personal Data Breach or is otherwise lost or destroyed or becomes damaged, corrupted or unusable;
(f) at the Client’s sole option, return or irretrievably delete all Personal Data on completion of the matching, suppression or enhancement exercise, and not make any further use of such Personal Data thereafter;
(g) provide to Client and any DP Regulator such information and assistance as is reasonably required to demonstrate or ensure compliance with the obligations in this clause and/or the Data Protection Laws;
(h) take such steps as are reasonably required to assist the Client in ensuring compliance with its obligations under Articles 30 to 36 (inclusive) of the UK GDPR;
(i) notify the Client within two (2) business days if it receives a request from a Data Subject to exercise its rights under the Data Protection Laws in relation to that person’s Personal Data;
(j) provide the Client with such co-operation and assistance as may reasonably be required in relation to any request made by a Data Subject to exercise its rights under the Data Protection Laws in relation to that person’s Personal Data; and
(k) not disclose any Personal Data to any Data Subject other than at the written request of the Client or as expressly provided for in these Conditions.
20.3 Subject to clause 20.4 at the Client’s request and provided that the Client shall enter into appropriate confidentiality agreements (as reasonably required by the Supplier), the Supplier shall permit the Client or its representatives to access any relevant premises, personnel or records of the Supplier on reasonable notice to audit and otherwise verify compliance with this Clause 20.
20.4 The Supplier shall only be required to permit the Client or its representatives to access any relevant premises, personnel or records of the Supplier pursuant to clause 20.3:
(a) once in any calendar year; or
(b) in the event that the Client knows or has reasonable grounds to suspect that Personal Data which is processed by the Supplier pursuant to this clause 20 is subject to a Personal Data Breach or is otherwise lost or destroyed or becomes damaged, corrupted or unusable.
21.0 Categories of Data Subjects and Personal Data
In a matching, suppression or enhancement exercise, the categories of Data Subjects may include:
Employees of corporate clients of the Client and competitors of the Client.
In a matching, suppression or enhancement exercise, the categories of Personal Data may include:
SUPPLEMENTARY TERMS AND CONDITIONS FOR THE PROVISION OF EMAIL BROADCASTING KNOWN AS MARKETSCAN EDGE
22.1 The definitions and rules of interpretation in this clause apply in these Conditions.
“Business Day” means a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business.
“Charges” means the charges payable by the Client for the supply of the Services in accordance with the Order Form.
“Client Data” means the data inputted by the Client, authorised users, or the Supplier on the Client’s behalf for the purpose of using the Services or facilitating the Client’s use of the Services.
“Confidential Information” means information that is proprietary or confidential and is either clearly labelled as such or identified as Confidential Information in clause 8.5.
“Documentation” means the document made available to the Client by the Supplier within the Software and online via https://secure.marketscan-edge.co.uk or such other web address notified by the Supplier to the Client from time to time which sets out a description of the Services and the user instructions for the Services.
“Initial Term” means the initial term of the Contract as set out in the Order Form.
“Intermediary” means a customer of the Client who will use the Services for, or on behalf of, an End User or provide access to the Services for use by an End User.
“Normal Business Hours” means 9.00 am to 5.30 pm local UK time, each Business Day.
“Software” means the third party or Supplier developed online software applications licensed by the Supplier as part of the Services in accordance with these Conditions.
“Supervisory Authority” means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering Data Protection Law.
“Support Services Policy” means the Supplier’s policy for providing support in relation to the Services as made available at https://secure.marketscan-edge.co.uk or such other website address as may be notified to the Client from time to time.
“Third Party Features” means any features or applications that are owned by a third party which may, from time to time, form part of the Services.
“Virus” means any thing or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re- arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices.
23.1 Subject to the Client paying for the Services in accordance with these Conditions, the Supplier hereby grants to the Client and its Intermediaries and/or End Users a non-exclusive, non-transferable, non-licensable right to use the Services and the Documentation as set out on the Order Form.
23.2 For the avoidance of doubt, the Supplier grants to the Client and its Intermediaries and/or End Users a revocable, non- exclusive, non-transferable, non-licensable right to use the Software used in the delivery of the Services for the duration of the Contract.
23.3 The Supplier shall, during the Contract, provide the Services and make available the Documentation to the Client and its Intermediaries and/or End Users on and subject to the terms of these Conditions.
23.4 The Supplier shall use reasonable endeavours to make the Services available 24 hours a day, seven days a week, except for:
(a) planned maintenance carried out during the maintenance window of 4:00am to 8:00am GMT; and
(b) unscheduled maintenance performed outside Normal Business Hours, provided that the Supplier has used reasonable endeavours to give the Client at least 6 Normal Business Hours’ notice in advance.
23.5 The Supplier will, as part of the Services and at no additional cost to the Client, provide the Client with the Supplier’s standard support services during Normal Business Hours in accordance with the Supplier’s Support Services Policy in effect at the time that the Services are provided. The Supplier may amend the Support Services Policy in its sole and absolute discretion from time to time. The Client may purchase enhanced support services separately at the Supplier’s then current rates.
23.6 The Supplier may amend the Support Services Policy and/or the Third Party Features at its sole and absolute discretion from time to time. Where the Supplier proposes to make a material amendment to its Support Services Policy and/or the Third Party Features, it shall publish its proposed amendments on its website:
(a) in the case of a material amendment to the Support Services Policy, fourteen (14) days prior to implementing such amendments; and
(b) in the case of a material amendment to the Third Party Features, thirty (30) days prior to implementing such amendments.
24.0 CLIENT DATA
24.1 All right, title and interest in and to all of the Client Data shall vest in the Client or its Intermediaries or End Users dependent on the circumstances in each case. Whosoever owns the Client Data shall have sole responsibility for its legality, reliability, integrity, accuracy and quality.
24.2 To the extent the Client Data includes any Personal Data, the provisions of this clause 24 shall apply.
24.3 The parties acknowledge and agree that:
(a) the subject matter and details of the processing carried out under the Contract are described in Appendix 1;
(b) the Client is a Data Controller or Data Processor, as applicable, of that Personal Data under Data Protection Laws;
(c) the Supplier is a Data Processor of the Personal Data under Data Protection Laws.
24.4 Without prejudice to the generality of clauses 26.4(b) and 27.1(c), each party shall comply with all applicable requirements of Data Protection Laws. This clause 3 is in addition to, and does not relieve, remove or replace, a party’s obligations under Data Protection Laws.
24.5 Without prejudice to the generality of clause 24.4, the Client shall:
(a) ensure that it has all necessary appropriate consents and notices in place to enable the processing of the Personal Data by the Supplier for the duration and purposes of the Contract;
(b) ensure that any Personal Data that it provides is lawfully disclosed or provided to the Supplier and the Client warrants that where the Client is a Data Processor in respect of the Personal Data, its appointment of the Supplier as another Data Processor in accordance with the Contract has been authorised by the relevant Data Controller;
(c) not cause the Supplier to be in breach of Data Protection Laws;
(d) ensure that any instructions provided to the Supplier regarding the Processing of Personal Data are lawful and shall, at all times, be in accordance with Data Protection Laws;
(e) have sole responsibility for the technical and organisational measures employed in its own environments and shall put in place any reasonable measures recommended by the Supplier in respect of the security of the Personal Data;
(f) ensure that the Personal Data shall not include any “special categories of personal data” or “sensitive personal data” as defined in applicable Data Protection Laws;
(g) Indemnify the Supplier for any costs, damages, penalties, awards or fines suffered or incurred by the Supplier by a Supervisory Authority in the event of any breach of this clause 24 by the Client.
24.6 Insofar as the Supplier processes Personal Data under the Contract, the Supplier shall:
(a) not transfer any such Personal Data outside the European Economic Area without the Client’s prior consent and provided the following conditions are fulfilled:
(i) the Client or Supplier has provided appropriate safeguards in relation to the transfer;
(ii) the Data Subject has enforceable rights and effective legal remedies;
(iii) the Supplier complies with its obligations under Data Protection Laws by providing an adequate level of protection to any Personal Data that is transferred; and
(iv) the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data;
(b) process such Personal Data solely for the purposes specified in the Contract strictly in accordance with the Client’s written instructions unless the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Supplier to process Personal Data. Where the Supplier is relying on laws of a member of the European Union or European Union law as the basis for processing personal data, the Supplier shall promptly notify the Client of this before performing the processing required by the applicable laws unless those applicable laws prohibit the Supplier from so notifying the Client;
(c) ensure it has in place appropriate technical and organisational measures to protect against unauthorised processing or unlawful processing of Personal Data and against accidental loss of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures;
(d) ensure that all personnel who have access to and/or process the Personal Data are obliged to keep the Personal Data confidential;
(e) assist the Client in responding to any request from a Data Subject and in ensuring compliance with its obligations under Data Protection Law with respect to security, breach notifications, impact assessments and consultations with Supervisory Authorities or regulators and the Supplier shall be entitled to levy an additional charge on the Client for its reasonable time and effort utilised in providing such prompt cooperation and assistance as well as any costs and expenses incurred;
(f) maintain complete and accurate records and information to demonstrate its compliance with this clause 24 and allow for audits by the Client and its auditors, upon reasonable request, for the purpose of demonstrating compliance by the Supplier with their obligations under this clause 24.
24.7 The Supplier shall not appoint any third-party processors of the Personal Data under the Contract without first obtaining the consent of the Client.
24.8 On expiry or termination of the Contract, and unless otherwise directed by the Client, the Client instructs the Supplier to delete all Client Data in its possession in accordance with applicable law. The Supplier will, after a recovery period of 30 days following such expiry, comply with this instruction, unless applicable law requires the Supplier to store the Client Data.
25.0 NOTIFICATION OF SECURITY OR DATA BREACH
25.1 The Supplier shall notify the Client without undue delay if it becomes aware of any actual, threatened or potential security breach that affects the Client, the Services or the Client Data.
25.2 As part of the notification under clause 25.1, the Supplier shall set out
(a) the nature and extent of the security breach; and
(b) any steps the Client needs to take as a result of such security breach including circulating the information provided under clause 25.2(a) to any persons on the Client’s email distribution list including End Users and/or Intermediaries.
25.3 The Supplier’s notification of or response to a security breach will not be construed as an acknowledgement by the Supplier of any fault or liability with respect to such breach.
26.0 SUPPLIER’S OBLIGATIONS
26.1 The Supplier undertakes that the Services will be performed substantially in accordance with the Documentation and with reasonable skill and care.
26.2 The undertaking at clause 26.1 shall not apply to the extent of any non-conformance which is caused by use of the Services contrary to the Supplier’s instructions, or modification or alteration of the Services by any party other than the Supplier or the Supplier’s duly authorised contractors or agents. If the Services do not comply with the foregoing undertaking, the Supplier will, at its expense, use all reasonable endeavours to correct any such non-conformance promptly, or provide the Client with an alternative means of accomplishing the desired performance. Such correction or substitution constitutes the Client’s sole and exclusive remedy for any breach of the undertaking set out in clause 5.1. Notwithstanding the foregoing, the Supplier:
(a) does not warrant that the Client’s use of the Services will be uninterrupted or error-free; or that the Services Documentation and/or the information obtained by the Client through the Services will meet the Client’s requirements; and
(b) is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Client acknowledges that the Service and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities.
26.3 These Conditions shall not prevent the Supplier from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under these Conditions.
26.4 The Supplier warrants that it:
(a) has and will maintain all necessary licences, consents, and permissions necessary for the performance of its obligations under these Conditions; and
(b) shall comply with all applicable laws and regulations with respect to its activities under these Conditions.
27.0 CLIENT’S OBLIGATIONS
27.1 The Client shall:
(a) ensure that the terms of the Order are complete and accurate;
(b) provide the Supplier with:
(i) all necessary co-operation in relation to any applicable Contract; and
(ii) all necessary access to such information as may be required by the Supplier, in order to provide the Services, including but not limited to Client Data, security access information and configuration services;
(c) comply with all applicable laws and regulations with respect to its activities under any applicable Contract;
(d) notify the Supplier immediately as soon as it becomes aware of any actual, threatened or potential security breach that affects the Services, the Supplier, the Client or the Client Data;
(e) comply with any instructions or directions given by the Supplier in connection with an actual, threatened or potential security breach;
(f) carry out all other Client responsibilities set out in these Conditions in a timely and efficient manner. In the event of any delays in the Client’s provision of such assistance as agreed by the parties, the Supplier may adjust any agreed timetable or delivery schedule as reasonably necessary;
(g) ensure that the Intermediaries and/or End-users, its employees, agents and authorised independent contractors use the Services and the Documentation in accordance with the terms of these Conditions and shall be responsible for any such person’s breach of these Conditions;
(h) obtain and shall maintain all necessary licences, consents and permissions necessary for the Supplier, its contractors and agents to perform their obligations under these Conditions, including without limitation the Services;
(i) ensure that its network and systems comply with the relevant specifications provided by the Supplier from time to time; and
(j) be solely responsible for procuring and maintaining its network connections and telecommunications links from its systems to the Supplier’s data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Client’s network connections or telecommunications links or caused by the internet.
27.2 The Client undertakes that:
(a) It will not allow or suffer any individual to make use of the Services and/or Documentation who is not an employee, agent or independent contractors of the Client or an Intermediary and/or End User authorised to make use of the Services and/or Documentation;
(b) the Services and Documentation shall be password protected, with such password being kept confidential and that other reasonable measures shall be taken by the Client to ensure the security of the Services and Documentation;
(c) it shall permit the Supplier to audit the Client’s use of the Services. Such audit may be conducted no more than once every twelve months, at the Supplier’s expense, and this right shall be exercised with no less than 10 Business Days’ prior notice, in such a manner so as not to substantially interfere with the Client’s normal conduct of business. Any audit or representative of the Supplier shall be accompanied by a director of the Client at all times whilst conducting an audit and shall comply with the confidentiality obligations of clause 29 of these Conditions in relation to any documentation reviewed as part of any audit undertaken in accordance with this clause 27.2(c);
(d) if any of the audits referred to in clause 27.2(c) reveal that any password has been provided to any person who is not authorised to make use of the Services and/or Documentation, then without prejudice to the Supplier’s other rights, the Client shall promptly disable such passwords and the Supplier shall not issue any new passwords to any such person; and
(e) if any of the audits referred to in clause 27.2(c) reveal that the Client has shared its account with persons who are not authorised to make use of the Services and/or Documentation, then without prejudice to the Supplier’s other rights, the Supplier will be entitled to impose such additional charges on the Client as it sees fit, at all times acting reasonably.
27.3 The Client shall not knowingly or negligently access, store, distribute or transmit any Viruses, or any material during the course of its use of the Services that:
(a) is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;
(b) facilitates illegal activity;
(c) depicts sexually explicit images;
(d) promotes unlawful violence; is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or
(e) in a manner that is otherwise illegal or causes damage or injury to any person or property;
and the Supplier reserves the right, without liability or prejudice to its other rights to the Client, to disable the Client’s access to any material that breaches the provisions of this clause.
27.4 The Client shall not:
(a) except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties:
(i) and except to the extent expressly permitted under these Conditions, attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Software and/or Documentation (as applicable) in any form or media or by any means; or
(ii) attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of this Software; or
(b) access all or any part of the Services and/or Documentation in order to build a product or service which competes with the Services and/or the Documentation; or
(c) sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services and/or Documentation available to any third party except an End User or Intermediary, or
(d) attempt to obtain, or assist third parties in obtaining, access to the Services and/or Documentation, other than as provided under this clause 27; and
27.5. The Client shall use all reasonable endeavours to prevent any unauthorized access to, or use of, the Services and/or the Documentation and, in the event of any such unauthorised access or use, promptly notify the Supplier.
28.0 PROPRIETARY RIGHTS
28.1 The Client acknowledges and agrees that as between the Supplier and the Client, the Supplier and/or its licensors own all intellectual property rights in the Software, the Services and the Documentation. Except as expressly stated herein, these Conditions do not grant the Client any rights to, or in, patents, copyright, database right, trade secrets, trade names, trade marks (whether registered or unregistered), or any other rights or licences in respect of the Software, the Services and the Documentation.
28.2 The Supplier confirms that it has all the rights in relation to the Software, the Services and the Documentation that are necessary to grant all the rights it purports to grant under, and in accordance with, any applicable Contract.
29.1 Each party may be given access to Confidential Information from the other party in order to perform its obligations under any applicable Contract. A party’s Confidential Information shall not be deemed to include information that:
(a) is or becomes publicly known other than through any act or omission of the receiving party;
(b) was in the other party’s lawful possession before the disclosure;
(c) is lawfully disclosed to the receiving party by a third party without restriction on disclosure;
(d) is independently developed by the receiving party, which independent development can be shown by written evidence; or
(e) is required to be disclosed by law, by any insurance policy maintained by the Supplier, by any court of competent jurisdiction or by any regulatory or administrative body.
29.2 Each party shall hold the other’s Confidential Information in confidence and, unless required by law, not make the other’s Confidential Information available to any third party, or use the other’s Confidential Information for any purpose other than the implementation of any applicable Contract.
29.3 Each party shall take all reasonable steps to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of any applicable Contract.
29.4 Neither party shall be responsible for any loss, destruction, alteration or disclosure of Confidential Information caused by any third party.
29.5 The Client acknowledges that details of the Services, and the results of any performance tests of the Services, constitute the Supplier’s Confidential Information.
29.6 The Supplier acknowledges that the Client Data is the Confidential Information of the Client.
29.7 This clause 29 shall survive termination of any applicable Contract, however arising.
29.8 No party shall make, or permit any person to make, any public announcement concerning any applicable Contract without the prior written consent of the other parties (such consent not to be unreasonably withheld or delayed), except as required by law, any governmental or regulatory authority (including, without limitation, any relevant securities exchange), any court or other authority of competent jurisdiction.
30.0 LIMITATION OF LIABILITY
30.1 This clause 30 sets out the entire financial liability of the Supplier (including any liability for the acts or omissions of its employees, agents and sub-contractors) to the Client:
(a) arising under or in connection with these Conditions;
(b) in respect of any use made by the Client of the Services and Documentation or any part of them; and in respect of any representation, statement or tortious act or omission (including negligence) arising under or in connection with these Conditions.
30.2 Except as expressly and specifically provided in these Conditions:
(a) The Client assumes sole responsibility for results obtained from the use of the Services and the Documentation by the Client, and for conclusions drawn from such use. The Supplier shall have no liability for any damage caused by errors or omissions in any information, instructions or scripts provided to the Supplier by the Client in connection with the Services, or any actions taken by the Supplier at the Client’s direction;
(b) All warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this agreement; and
(c) the Services and the Documentation are provided to the Client on an ‘as is’ basis.
Subject Matter and Details of the Data Processing
The Supplier’s provision of the Services to the Client.
Duration of the processing
The period of the Contract until deletion of the Client Data by the Supplier in accordance with the Contract.
Nature and purpose of the processing
The Supplier will process Client Data for the purposes of providing the Services to the Client in accordance with the Contract. Categories of data
Data relating to individuals provided to the Supplier via the Services, by (or at the direction of) the Client, Intermediaries or End Users excluding special categories of data.
Data subjects include the individuals about whom data is provided to the Supplier via the Services by (or at the direction of) the Client, Intermediaries or End Users.