Skip to content

    SERVICE ORDER TERMS

    EVOTIX_REDUCERISK_RGB-01

    EMEA ONLINE TERMS AND CONDITIONS 

     

    THESE TERMS AND CONDITIONS WILL APPLY TO THE PURCHASE AND USE OF EVOTIX LIMITED’S SERVICES. CUSTOMER AGREES TO THE TERMS OF THIS AGREEMENT IF CUSTOMER CLICKS A BOX INDICATING ACCEPTANCE OR EXECUTES A SERVICE ORDER THAT REFERENCES THESE TERMS AND CONDITIONS.

    CUSTOMER MEANS THE ENTITY AND ITS AFFILIATES LISTED ON THE SERVICE ORDER. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT IS ACCEPTING ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, SUCH INDIVIDUAL REPRESENTS THAT THEY HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS. CAPITALIZED TERMS HAVE THE DEFINITIONS SET FORTH HEREIN. 

    THESE TERMS AND CONDITIONS WERE LAST UPDATED ON 15 JANUARY 2024. 

     

    1.   DEFINITIONS
    Affiliate(s): means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
    Agreement: means these Evotix EMEA Terms and Conditions and any attached or referenced exhibits, schedules and addenda including any mutually executed Statement of Work and Service Order referencing these EMEA Terms and Conditions. 
    Business Day: means any day which is not a Saturday, Sunday or public holiday in the United Kingdom.
    Customer Data:  means the Customer’s data inputted into the Hosted Services by the Customer, by Named Users, or by the Supplier on the Customer's behalf
    Customer Support Representatives (CSR): means individuals appointed by Customer who are authorized to contact the Supplier on behalf of the Customer for Support Services. 
    Data Protection Schedule: means the data protection schedule attached as Schedule 2 to this Agreement.   
    Data Protection Legislation: has the meaning set out in the Data Protection Schedule.
    Documentation: means the applicable usage guides and policies for the Services provided by the Supplier, as updated from time to time, accessible via login to the relevant Service.  
    Enterprise Employee Count: means all of Customer's full-time, part-time & temporary employees, together with all its agents, contractors and consultants For clarity, this includes all Named Users, as defined in this Agreement
    Fees:  means the fees payable to the Supplier by Customer for the Services as set out in a Service Order. 
    Force Majeure Event: means any unavailability caused by circumstances beyond Supplier’s reasonable control, including, for example, an act of God, act of government, flood, fire, earthquake, civil unrest, act of terror, strike or other labor problem (other than one involving Supplier employees), pandemics or epidemics, Internet service provider failure or delay, denial of service attack, failure of a utility service or transport or telecommunications network or default of suppliers or sub-contractors.
    Hosted Services: means the services that are ordered by Customer under a Service Order and made available online by Supplier using the Software and, where relevant, shall include associated offline components Hosted Services do not include Third Party Content. 
    Implementation Services: means the work the Supplier will perform to configure the Hosted Services and provide training as set out in the Statement of Work. 
    Intellectual Property Rights:  means patents, utility models, rights to inventions, copyright and neighbouring and related rights, moral rights, trademarks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, rights in computer software, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future. 
    Named Users:  means those specific employees and independent contractors or other authorised third parties (up to the total number of Named User licenses specified in a Service Order) who are authorised to use the Services under this Agreement.
    Normal Business Hours: means 8.30 am to 5.00 pm local UK time, each Business Day
    Order Start Date: means the start date for the Services as set forth in the Service Order. 
    Service Order: means any service order mutually executed by the Parties and referencing this Agreement and specifying the Services to be provided, including any addenda and supplements thereto.
    Services: means the Hosted Services and/or Implementation Services which are ordered by Customer under a Service Order.
    Software: means the Supplier's proprietary software in machine-readable object code form, including any error corrections, updates, upgrades, modifications and enhancements used to provide the Hosted Services to the Customer under this Agreement.  
    Statement of Work or SOW: means a statement of work describing the Implementation Services to be provided to Customer that is mutually executed by the Parties and references this Agreement. 
    Support Services: means the technical support services that the Supplier may provide or perform with respect to the Hosted Services as described in Clause 3.
    Third Party Content: means all third party software, data, text, images, audio, video, photographs and other content and material, in any format, that Customer may access through, within, or in conjunction with Customer’s use of the Services.
    Usage Limits: means the applicable usage metrics and volume restrictions for the Services as set forth in a Service Order.  
    Virus:  means any thing or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices.
     
    2.   SUPPLIER RESPONSIBILITIES

    2.1   The Supplier will (a) use commercially reasonable efforts to make the Hosted Services available 24 hours a day, 7 days a week, except for: (i) planned downtime (of which the Supplier shall give advance electronic notice provided the Customer has signed up for such notifications) and (ii) a Force Majeure Event and (b) provide the Services in accordance with laws and government regulations applicable to the Supplier related to its provision of the Services to its customers generally and subject to the Customer’s use of the Services in accordance with this Agreement.

    2.2   This Agreement will not prevent the Supplier from entering into similar agreements with third parties, or from independently developing, using, selling or licensing materials, products or services which are similar to those provided under this Agreement.

     
    3.   SUPPORT SERVICES 

    3.1   The Supplier will provide the Customer with Support Services as set forth in the Support Services Schedule hereto or on the Supplier website. 

    3.2   The Supplier provides monitoring of its Hosted Services 24 hours a day seven days a week. Provided the Customer has signed up to receive such notifications, the Supplier shall notify the CSRs via the Hosted Services of any maintenance events that may affect the availability of the Hosted Services.
     
    4.   CUSTOMER’S USE OF THE SERVICES AND OBLIGATIONS

    4.1   Hosted Services are purchased as subscriptions for the term set out in the Service OrderNamed Users may access the Services solely for the Customer's internal business purposes.  Services are subject to the Usage Limits specified in the Service Order. If Customer exceeds a contractual Usage Limit, the Supplier will notify the Customer of the excess use and work with Customer to seek to reduce Customer’s use so that it conforms to the contractual Usage Limit If, notwithstanding Supplier’s efforts, Customer does not abide by a Usage Limit, Customer will execute a Service Order for additional quantities of the applicable Services promptly upon the Supplier’s request and/or pay any invoice for excess usage in accordance with the “Fees and Payment” section below Data storage related to the use of the Hosted Services is not limited but such use must be reasonable. The rights provided under this Agreement are granted to the Customer only and shall not be considered granted to any Affiliate of the Customer. 


    4.2   The Customer shall: 

    (a)   provide the Supplier with all necessary, timely and efficient co-operation in relation to this Agreement, and with all necessary and reasonable access to such information as may be required by the Supplier in order to render the Services, including but not limited to Customer Data, security access information and software interfaces to the Customer's other business applications;
    (b)   provide personnel assistance, including the customer account team personnel as may be reasonably requested from time to time. The Customer account team shall consist of the personnel listed on the Service Order. Customer shall use reasonable efforts to ensure continuity of its personnel assigned to a Service Order;
    (c)   maintain all necessary licences, consents, and permissions necessary for the Customer, its contractors and agents to perform their obligations under this Agreement, including without limitation, use of the Services with Customer’s systems;
    (d)   be solely responsible for procuring and maintaining its network connections and telecommunications links from its systems to the Supplier’s data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer's network connections or telecommunications links or caused by the internet; 
    (e)   use reasonable endeavours to prevent any unauthorised access to, or use of, the Services and notify the Supplier promptly of any such unauthorised access or use and carry out all other Customer responsibilities set out in this Agreement in a timely and efficient manner; and
    (f)   comply with all laws and regulations, including Data Protection Legislation, applicable to its obligations under this Agreement. 

    4.3    Customer will ensure that:

    (a)   the maximum number of Named Users that it authorises to access and use the Services does not exceed the number of Named User licences and the Usage Limits specified in the Service Order, and that any Named User licence is used only by the relevant individual Named User unless that licence has been reassigned in its entirety to another individual Named User (in which event the previous Named User shall no longer have any right to access or use the Services); and
    (b)   each Named User keeps the log-in details of their account confidential and regularly changes any passwords; 
    (c)   each Named User complies with all applicable laws and regulations and the terms of this Agreement as appropriate. Customer is responsible for Named Users’ compliance with this Agreement.

    4.4   The Customer shall not:  

    (a)   store, distribute or transmit any Virus, or any material, including Customer Data, through the  Services that is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive; depicts sexually explicit images; promotes unlawful violence; is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or in a manner that is otherwise unlawful, tortious, or causes damage or injury to any person or property; and the Supplier reserves the right, without liability or prejudice to its other rights or remedies, to disable the Customer’s access to any material that breaches the provisions of this clause;
    (b)   copy, duplicate, modify, create derivative works from or distribute all or any portion of or attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Services except to the extent expressly set out in this Agreement or as may be allowed by any applicable law which is incapable of exclusion by agreement between the Parties; 
    (c)   access all or any part of the Software or Hosted Services in order to build a product or service which competes with the Services or to publicly publish benchmark results of the Software or Hosted Services with a non-Supplier product or service  
    (d)   license, re-sell, sell, sublicense, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services available to any third party except the Named Users as authorised under this Agreement, or include any Service in a service bureau or outsourcing offering; or 
    (e)   interfere with or disrupt the integrity or performance of any Service or third party data contained therein, or attempt to gain unauthorized access to any Service or Software or its related systems or networks or permit direct or indirect access to or use of any Service in a way that circumvents a contractual usage limit, or use any of the Services to access or use any Supplier intellectual property except as permitted under this Agreement or frame or mirror any part of any Service, other than framing on Customer's own intranets or otherwise for its own internal business purposes. 
     
    4.5   Supplier does not warrant or support Third Party Content and Supplier cannot guarantee the continued availability of such Third Party Content.  Supplier is not responsible or liable for the functionality or use of Third Party Content.

    5.   IMPLEMENTATION AND ACCEPTANCE

    5.1   The Supplier shall use reasonable endeavours to perform the Implementation Services as specified in the Statement of Work.

    5.2   Unless otherwise agreed in a Statement of Work, within ten (10) days of the Supplier's delivery to the Customer of the Implementation Services, the Customer shall review the configuration to confirm that it functions in material conformance with the applicable portion of the Statement of Work. If the Implementation Services fail in any material respect to conform with such provisions, the Customer shall give the Supplier a detailed description of any such non-conformance ("Error"), in writing, within the above review period.

    5.3   With respect to any Errors, the Supplier shall use reasonable endeavours to correct any such Error within a reasonable time and, on completion, submit the corrected configuration to the Customer. If such corrected configuration fails to correct the Error, the provisions of this clause shall then apply again, up to three additional times. If the Supplier is unable to correct such Error after those three additional attempts, the Supplier may terminate this Agreement and refund a pro-rata share of any unused prepaid Fees for the impacted Implementation Services. The foregoing shall serve as Customer’s exclusive remedy and the Supplier’s sole and complete obligation with respect to any nonconforming Implementation Services. 

    5.4   In any case, if the Customer does not provide any written comments in the period specified above, or if the configuration is found to conform with the applicable portion of the Service Order and/or the Statement of Work (if any), the Configuration shall be deemed acceptedFor the avoidance of doubt, any use of the Services by the Customer in a live environment, after it has been rolled out to the Customer’s employees for operational purposes, will be treated as acceptance by the CustomerAny further Implementation Services provided by the Supplier after acceptance or deemed acceptance shall not alter the status of that acceptance. 


    6.   CHANGES TO THE SERVICES AND THIRD PARTY SERVICES

    6.1   The Customer acknowledges that the Supplier may amend, develop and update the Hosted Services in its discretion from time to time without notice to or requiring any consent from the Customer, provided that the amended, developed or updated Hosted Services shall continue to comply with the undertaking in 2.1 (Supplier Responsibilities).

    6.2   Supplier offers third party translation services, which automates translation of some of its Services (“Translate Services”).  Customer is responsible for all decisions made, advice given, actions taken, and failures to take action based on Customer’s use of the Translate Services. Translate Services use machine learning models that generate predictions based on patterns in data. Output generated by a machine learning model is probabilistic and should be evaluated for accuracy as appropriate for a Customer’s use case, including by employing human review of such output. Supplier disclaims and will not accept any liability for damages or losses of any kind caused by the use of the Translate Services.


    7.   CUSTOMER DATA AND DATA PROTECTION

    7.1   The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of Customer Data. 

    7.2   Customer shall comply with all applicable privacy law and Data Protection Legislation in its creation, collection, receipt, access, use, storage, disposal and disclosure of Personal Data processed under this Agreement and shall process Personal Data only in accordance with the terms of the Data Protection Schedule. The Data Protection Schedule is in addition to, and does not relieve, remove or replace, a Party’s obligations or rights under the Data Protection Legislation.

    7.3   In the event of any loss or damage to Customer Data that is the fault of the Supplier, Customer’s sole and exclusive remedy shall be for the Supplier to use reasonable commercial efforts to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier.  Supplier shall not be held liable or responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by Supplier to perform services related to Customer Data maintenance and back-up). 

    7.4   Notwithstanding any other clause, term or provision of this Agreement, the Customer agrees that the Supplier shall be authorised to process Customer Data, anonymised and aggregated with the personal data of other customers, for the purpose of creating and, at its discretion, publishing benchmarking information. 

     

    8.   FEES AND PAYMENT

    8.1   The Customer shall pay the Fees to Supplier as set out in the relevant Service Order and shall reimburse the Supplier for all actual, reasonable travel expenses including, but not limited to, airfare, hotel and meals incurred by the Supplier in performance of the Services. 

    8.2   Supplier’s fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction (collectively, “Taxes”). Customer is responsible for paying all Taxes associated with the Services. If Supplier has the legal obligation to pay or collect Taxes for which Customer is responsible under this section, Supplier will invoice Customer and Customer will pay that amount unless Customer provides Supplier with a valid tax exemption certificate authorized by the appropriate taxing authority. For clarity, Supplier is solely responsible for taxes assessable against it based on its income, property and employees.

    8.3   The Supplier shall invoice the Customer upon the Order Start Date and then annually in advance of each anniversary of the Order Start Date. Each invoice is due and payable 30 days after the invoice date. Unless otherwise specified in a Service Order, the Supplier shall be entitled, with effect from each anniversary of the Order Start Date, to increase the Fees by the greater of 6% or the increase in CPI as published by the Office for National Statistics  (or any other body to which the functions of that office may be transferred). Customer shall provide Supplier with such paperwork as is necessary to enable Supplier to invoice Customer as specified above.

    8.4   If the Supplier has not received payment as required herein, and without prejudice to any other rights and remedies, the Supplier may, without liability to the Customer, disable the Customer’s account and the passwords and access of the Customer and its Named Users to all or any part of the Services, and the Supplier shall be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid. In addition, interest shall accrue on such due amounts at an annual rate equal to 4% over the then current base lending rate of Lloyds Bank PLC at the date the relevant invoice was issued, or the maximum rate provided by law, whichever is lower, commencing on the due date and continuing until fully paid, whether before or after judgment.

     

    9.   REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS 

    9.1   Each Party represents that it has validly entered into this Agreement and has the legal power to do so. 

    9.2   The Supplier warrants during an applicable subscription term that (a) the Implementation Services will be performed with reasonable skill and care and (b) the Hosted Services will perform materially in accordance with the published Documentation for such Hosted Services. For any breach of a warranty above, Customer’s sole and exclusive remedies are those described in Clause 9.4 below. The undertaking in this clause shall not apply to the extent of any non-conformance which is caused by use of the relevant Services contrary to the Supplier's instructions or modification or alteration of the relevant Services by any party other than the Supplier or the Supplier's duly authorised contractors or agents.  

    9.3   Except as expressly provided herein, the Supplier makes no warranty of any kind, whether express, implied, statutory or otherwise, and the Supplier specifically disclaims all implied warranties, to the maximum extent permitted by applicable law, including any implied warranty of merchantability, satisfactory quality, fitness for a particular purpose or non-infringement including that the Customer’s use of the Software, the Hosted Services, the Documentation or any result of the use thereof will be uninterrupted or error-free, meet customer’s requirements or expectations, operate without interruption, achieve any intended result, be compatible or work with any software or systems or that Supplier will correct all Service errors. Supplier is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Services and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities. Supplier is not responsible for any issues related to the performance, operation or security of the Services that arise from Customer’s content including Customer Data or Third Party Content or Services provided by third parties. Third Party Content is provided “as is” and as available exclusive of any warranty whatsoever 

    9.4   If the relevant Services do not conform with the foregoing warranty, the Supplier will, at its expense, use all reasonable commercial endeavours to correct any such non-conformance promptly, or provide the Customer with an alternative means of accomplishing the desired performance. 

     
    10.   PROPRIETARY RIGHTS

    10.1   The Customer acknowledges and agrees that the Supplier and/or its licensors own all Intellectual Property Rights in the Software, the Services and related Documentation. Except as expressly stated herein, this Agreement does not grant the Customer any rights to, or in, patents, copyrights, database rights, trade secrets, trade names, trademarks (whether registered or unregistered), or any other rights or licences in respect of the Software, Services or any related Documentation. Supplier, its Affiliates and licensors reserve all of their right, title and interest in and to the Software, Services and Documentation including all of their related Intellectual Property Rights. No rights are granted to Customer hereunder other than as expressly set forth herein

    10.2   Supplier hereby grants to Customer a non-exclusive, non-transferable license to use the Services up to the number of Named Users and in accordance with the Usage Limits Customer has paid for solely for its internal business purposes according to the terms and conditions of this Agreement. 

    10.3   Customer grants to Supplier, its Affiliates and applicable contractors a worldwide, limited term license to host, copy, use, transmit and display any Customer Data in order to provide the Services to Customer and its Named Users. Customer hereby assigns to Supplier any Intellectual Property Rights in and to the Software and Services that may be developed by Customer.  

     

    11.   CONFIDENTIALITY

    11.1   Confidential Information means all information disclosed by a Party (“Disclosing Party”) to the other Party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosureConfidential Information does not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party. 

    11.2   The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care) (i) not to use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, and (ii) except as otherwise authorized by the Disclosing Party in writing, to limit access to Confidential Information of the Disclosing Party to those of its and its Affiliates’ employees and contractors who need that access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections no less stringent than those herein.  Neither Party will disclose the terms of this Agreement or any Service Order to any third party other than its Affiliates, legal counsel and accountants without the other Party’s prior written consent, provided that a Party that makes any such disclosure to its Affiliate, legal counsel or accountants will remain responsible for such Affiliate’s, legal counsel’s or accountant’s compliance with this “Confidentiality” section.

    11.3   The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of the compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the disclosure. 

    11.4   The Customer acknowledges that the Software, the results of any performance tests of the Software, the Services and Supplier’s Documentation constitute the Supplier's Confidential Information. The Supplier acknowledges that the Customer Data is the Confidential Information of the Customer. Confidential Information of each Party includes the terms and conditions of this Agreement and all Service Orders (including pricing), as well as business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such Party.

     

    12.   PUBLICITY

    12.1   The Parties consent to the publication of a press release or other public announcement by either Party regarding the entry into of this Agreement (with written approval from the relevant Party) and Customer will provide references to prospective Supplier customers at the Supplier’s reasonable request, including phone calls and site visits. The Customer consents to the use by the Supplier of the Customer corporate logo on the supplier website and/or in other Supplier promotional materials (with written approval from the Customer) and agrees to the development of case studies and other promotional material illustrating practical use of the solution (with written approval from the Customer).


    13.   INTELLECTUAL PROPERTY INDEMNITY

    13.1   The Supplier shall defend the Customer, its officers, directors and employees against any claim, demand, suit or proceeding made or brought against the Customer by a third party alleging that the Software infringes any third party patent effective as of the Order Start Date, copyright or database right (“Claim”) and shall indemnify the Customer for any amounts finally awarded against the Customer in judgment or settlement of the Claim(s) provided Customer (a) promptly gives the Supplier written notice of the Claim, (b) gives the Supplier sole control of the defence and settlement of the Claim (except that the Supplier may not settle any Claim unless it unconditionally releases the Customer of all liability), and (c) gives the Supplier all reasonable assistance. 

    13.2   If the Supplier receives information about an infringement or misappropriation Claim, Supplier may in its discretion, obtain for the Customer the right to continue using the Software, replace or modify the Software so that it becomes non-infringing or, if such remedies are not reasonably available, terminate this Agreement without liability to the Customer and refund the Customer any prepaid fees covering the remainder of the term of the terminated subscriptions.  The Supplier shall have no liability if the alleged infringement is based on: (a) a modification of the Software by anyone other than the Supplier; (b) the Customer's use of the Software in a manner contrary to the instructions given to the Customer by the Supplier; or (c) the Customer's use of the Software after notice of the alleged or actual infringement from the Supplier or any appropriate authority. This clause states the Customer’s sole and exclusive rights and remedies, and the Supplier’s entire obligations and liability for claims arising out of this section.

    13.3   The Customer will defend the Supplier and its officers, directors, employees and Affiliates against any claim, demand, suit or proceeding made or brought against the Supplier by a third party (a) alleging that any Customer Data or use of Customer Data with the Services infringes or misappropriates such third party’s Intellectual Property Rights or violates applicable law, including Data Protection Legislation, or (b) arising from the Customer’s use of the Services in an unlawful manner or in violation of the Agreement. The Customer will indemnify the Supplier from any damages, attorneys fees and costs finally awarded against the Supplier in judgment or settlement of the claim(s provided Supplier (a) promptly gives the Customer written notice of the claim, (b) gives the Customer sole control of the defence and settlement of the claim (except that the Customer may not settle any claim unless it unconditionally releases the Supplier of all liability), and (c) gives the Customer all reasonable assistance, at the Customer’s expense. 

    13.4  The foregoing provisions state the entire liability and obligation of Supplier regarding claims of third party infringement and the exclusive remedy to the Customer with respect to any actual or alleged infringement or misappropriation of any intellectual property or other proprietary rights of a third party.

     

    14.   LIMITATION OF LIABILITY

    14.1   Except as expressly and specifically provided in this Agreement, the Customer assumes sole responsibility for results obtained from the use of the Software and the Services by the Customer, and for conclusions drawn from such use. The Supplier shall have no liability for any damage caused by errors or omissions in any information, instructions or scripts provided to the Supplier by the Customer in connection with the Services, or any actions taken by the Supplier at the Customer's direction.

    14.2   Nothing in this Agreement excludes or limits the liability of either Party for death or personal injury caused by that Party’s negligence, or for fraud or fraudulent misrepresentation, or for any other liability to the extent that the same may not be excluded or limited as a matter of applicable law.

    14.3   In no event shall the Supplier or its Affiliates be liable, whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation (whether innocent or negligent) and regardless of the theory of liability, restitution or otherwise, for (i) any loss of profits, loss of revenues, loss of business or sales, depletion of goodwill or reputation and/or similar losses, loss or corruption of data or information, or pure economic loss, in each case whether direct or indirect, (ii) any special, indirect, incidental, consequential, cover, business interruption or punitive damages howsoever caused and whether or not such losses are foreseeable, even if the Supplier has been advised (or is otherwise aware) of the possibility of such losses in advance, (iii) any website or network downtime and/or (iv) any cost of procuring substitute services. 

    14.4   Subject to Clauses 14.2 and 14.3 above, the Supplier's (and its Affiliates’) total aggregate liability arising out of or in connection with this Agreement shall be limited to the Fees paid by Customer for the Services giving rise to the liability during the 12 months immediately preceding the date on which the claim arose. 


    15.   TERM AND TERMINATION

    15.1   This Agreement commences on the Order Start Date and continues , subject to the remaining provisions of this clause, until all subscriptions thereunder have expired or have been terminated. The term of each subscription for the Services shall commence on the Order Start Date and shall be as specified in the applicable Service Order. Subscriptions will automatically renew for additional periods equal to one year unless either Party gives the other written notice (email acceptable) at least 90 days before the end of the relevant subscription term.

    15.2   A Party may terminate this Agreement for cause (i) upon 30 days written notice to the other Party of a material breach if such breach remains uncured at the expiration of such period, or (ii) if the other Party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors or the other Party ceases, or threatens to cease, to trade.

    15.3   If this Agreement is terminated by Supplier in accordance with the termination section above, in addition to any other rights or remedies available to the Supplier, Customer will pay any unpaid fees covering the remainder of the term of all Service Orders to the extent permitted by applicable law. In no event will termination relieve Customer of its obligation to pay any fees payable to Supplier for the period prior to the effective date of termination.

    15.4   On termination (or expiry) of this Agreement, howsoever arising, each Service Order then in force at the date of such termination shall continue in full force and effect for the remainder of the term of such Service Order, unless terminated earlier in accordance with the terms of such Service Order. The termination of any Service Order shall not affect any other Service Orders or this Agreement. 

    15.5   On termination of this Agreement for any reason each Party shall return, upon request, and make no further use of any equipment, property, materials and other items (and all copies of them) belonging to the other Party. The Supplier shall maintain access to the Customer Data as provided in the Data Protection Schedule. 

    15.6  Any provision of this Agreement or a Service Order which contemplates performance or observance subsequent to any termination or expiration (in whole or in part) will survive any such termination or expiration and continue in full force and effect, such provisions to include specifically the clauses titled “Fees and Payment,” “Proprietary Rights,” “Confidentiality,” “Disclaimers,” “Intellectual Property Indemnity,” “Limitation of Liability,” “Refund or Payment upon Termination,” “Surviving Provisions” and “General Provisions”. The clause titled “Customer Data and Data Protection” will survive any termination or expiration of this Agreement for so long as Supplier retains possession of Customer Data and the clause titled “Non-Poaching of Staff” will survive for a period of twelve (12) months after termination or expiration of this Agreement.

    16.   FORCE MAJEURE

    16.1   Neither Party shall be in breach of this Agreement nor liable for delay in performing, or failure to perform, any of its obligations under this Agreement if such delay or failure results from a Force Majeure Event. In such circumstances the affected Party shall be entitled to a reasonable extension of the time for performing such obligations, provided that if the period of delay or non-performance continues for three months, the Party not affected may terminate this Agreement by giving 30 days' written notice to the other Party. 


    17.   NOTICES

    17.1   Any notice required to be given under this Agreement shall be in writing and shall be delivered (i) by hand; or (ii) sent by pre-paid first-class post or recorded delivery post to a Party at its address as set out in the Service Order or such other address as may have been notified by that Party to the other Party for such purposes; or (iii) by email. In the case of notices to the Supplier, by email to: legal@evotix.com and in the case of the Customer, by email to __________________. 

    17.2   A notice delivered by hand shall be deemed to have been received when delivered (or if delivery is not in Normal Business Hours, at 9 am on the first Business Day following delivery). A correctly addressed notice sent by pre-paid first-class post or recorded delivery post shall be deemed to have been received at the time at which it would have been delivered in the normal course of post. A correctly addressed notice sent by email shall be deemed to have been received at 9 a.m. on the next Business Day after sending.

     

    18.   NON-POACHING OF STAFF 

    18.1   The Customer agrees that during the term of this Agreement and for a period of 12 months after its termination, it shall not without the prior written consent of the Supplier, solicit, or permit any of its Affiliates to solicit, the employment or engagement of any employee or contractor of the Supplier who has been engaged in the performance of this Agreement or any Service Order, whether or not the acceptance of such offer would cause the employee or contractor to be in breach of his contract with the Supplier. Notwithstanding the foregoing, any person’s response to, and subsequent hiring as a result of, general solicitation through advertising shall not constitute a violation of this provision.   


    19.   GENERAL PROVISIONS

    19.1   Export laws and regulations of the United Kingdom and United States and any other relevant export laws and regulations apply to the ServicesSuch export laws govern use of the Services (including technical data) and any Services deliverables provided under this Agreement. Each Party agrees to comply with all such export laws and regulations (including “deemed export” and “deemed re-export” regulations). Customer agrees that no data, information, software programs and/or materials resulting from Services will be exported, directly or indirectly, in violation of these laws, or will be used for any purpose prohibited by these laws. The Supplier and the Customer each represents that it is not named on any U.S. government denied-party list.  Customer will not permit any User to access or use any Service in a U.S.-embargoed country or in violation of any U.K. or U.S. or other applicable export law or regulation. 

    19.2   Customer acknowledges that it is aware of, understands and has complied and will comply with, all applicable U.S. and foreign anti-corruption laws, including without limitation, the U.S. Foreign Corrupt Practices Act of 1977 and the U.K. Bribery Act of 2010, and similarly applicable anti-corruption and anti-bribery laws. The Customer has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from a Supplier employee or agent in connection with this AgreementIf Customer learns of any violation of the above restriction, it will promptly notify the Supplier.

    19.3   Nothing in this Agreement is intended to, or shall be deemed to, establish any partnership or joint venture between any of the Parties, constitute any Party the agent of another Party, nor authorise any Party to make or enter into any commitments for or on behalf of any other Party.  

    19.4   No variation of this Agreement shall be effective unless it is in writing and signed by the Parties (or their authorised representatives). 

    19.5   This Agreement does not confer any rights on any person or party (other than the Parties to this Agreement and (where applicable) their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.

    19.6   Neither Party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the other Party’s prior written consent (not to be unreasonably withheld); provided, however, the Supplier may assign this Agreement in its entirety (including all Service Orders), without Customer’s consent to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all its assets. Subject to the foregoing, this Agreement will bind and inure to the benefit of the Parties, their respective successors and permitted assigns.  

    19.7   If any provision (or part of a provision) of this Agreement is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, the other provisions shall remain in forceIf any invalid, unenforceable or illegal provision would be valid, enforceable or legal if some part of it were deleted, the provision shall apply with whatever modification is necessary to give effect to the commercial intention of the Parties. 

    19.8   A waiver of any right under this Agreement is only effective if it is in writing and it applies only to the Party to whom the waiver is addressed and to the circumstances for which it is given

    19.9   Unless specifically provided otherwise, rights arising under this Agreement are cumulative and do not exclude rights provided by law. 

    19.10   This Agreement and any documents referred to in it constitute the entire agreement between the Parties and supersede all prior and contemporaneous agreements, proposals or representations, written or oral, relating to the subject matter of this Agreement. The Parties agree that any term or condition stated in a Customer purchase order or in any other Customer order documentation is void. In the event of any conflict or inconsistency among the following documents, the order of precedence shall be: (1) the Service Order, (2) this Agreement and (3) Schedules to the Agreement. Titles and headings of sections of this Agreement are for convenience only and shall not affect the construction of any provision of this Agreement.  

    19.11   Each Party acknowledges that, in entering into this Agreement and the documents referred to in it, it has not relied and does not rely on any statement, representation (whether innocent or negligent), assurance or warranty (Representation) of any person (whether a Party to this Agreement or not) other than as expressly set out in this Agreement or those documents. 

    19.12   Each Party agrees that the only rights and remedies available to it arising out of or in connection with a Representation shall be for breach of contract as expressly provided in this Agreement. 

    19.13   This Agreement and any disputes or claims arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) are governed by, and construed in accordance with, the laws of England and WalesThe Parties irrevocably agree that the courts of England have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims).


     

     

    Schedule 1
    Data Protection Schedule
    1.   DEFINITIONS

    1.1   Any capitalised terms used in this Schedule which are not defined herein shall have the meaning ascribed to them in the Agreement. 

    1.2   In this Data Protection Schedule, the following additional definitions shall apply:

    Annex 1 means Annex 1 to this Data Protection Schedule (Description of Processing).
    Controller, Data Subject, Processor, Process, Processing and Supervisory Authority shall have the same meaning as in the applicable Data Protection Legislation.
    Data Protection Legislation means all laws and regulations of the European Union, the European Economic Area and their member states, Switzerland and the United Kingdom, applicable to the Processing of Personal Data under this Agreement including (i) the GDPR; (ii) the Swiss Federal Act of 19 June 1992 on Data Protection, as amended; and (iii) the UK Data Protection Legislation.  
    EU Personal Data means Customer’s Personal Data that is processed under this Agreement in accordance with the GDPR and the transfer of such data is not governed by an adequacy decision made by the European Commission in accordance with the relevant provisions of the GDPR. 
    EU SCCs means Module 2 of the Controller to Processor Standard Contractual Clauses approved by the European Commission pursuant to the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 (as amended and updated from time to time).  
    GDPR means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), including as implemented or adopted under the laws of the United Kingdom.
    Hosting Provider means the hosting provider engaged by the Supplier from time to time. The current Supplier Hosting Provider as of the Agreement Start Date is Amazon Web Services (AWS).
    Hosting Provider Audit Report means the audit report generated as a result of an audit performed by an independent third party selected by the Hosting Provider to verify the adequacy of its security measures, including the security of the physical data centres from which it provides its services Such audit report is performed at least annually according to ISO 27001 standards or such other alternative standards that are substantially equivalent to ISO 27001. 
    Personal Data means information uploaded to the Hosted Services about an individual that (a) can be used to identify, contact or locate a specific individual; (b) can be combined with other information that can be used to identify, contact or locate a specific individual; or (c) is defined as “personal data” or “personal information” under Data Protection Legislation. 
    Personal Data Breach means a breach of Supplier’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer’s Personal Data transmitted, stored or otherwise processed by the Supplier or its Sub-processors of which the Supplier becomes aware.
    Special Category Data means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and genetic data, biometric data (where used for identification purposes), data concerning health, data concerning a person’s sex life, and data concerning a person’s sexual orientation. 
    UK means the United Kingdom.
    UK GDPR means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data as implemented or adopted under the laws of the United Kingdom. 
    UK Personal Data means Customer’s Personal Data which is processed in accordance with the UK Data Protection Legislation and is not governed by an adequacy decision made by the UK Secretary of State in accordance with the relevant provisions of the UK GDPR. 
    UK Data Protection Legislation means all applicable data protection and privacy legislation in force from time to time in the UK including the UK GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended.
    UK International Data Transfer Addendum means the International Data Transfer Addendum to the EU SCCs issued by the UK Information Commissioner, Version B1.0, in force 21 March 2022. 
    UK Addendum means the UK Addendum issued by the Information Commissioner under section 119A(1) of the Data Protection Act 2018 and in force from 21 March 2022.
    UK SCCs means the standard contractual clauses approved by the European Commission for transfers of personal data in countries not otherwise recognised as offering an adequate level of protection for personal data by the European Commission, being the EU SCCs, together with the UK Addendum 

     

    2.   SCOPE OF THE PROCESSING

    2.1   The Customer acknowledges and agrees that the Supplier may process Personal Data on behalf of the Customer in carrying out the Services and/or its obligations under the Agreement.  The Parties acknowledge and agree for the purposes of the Data Protection Legislation that the Customer is the Controller and the Supplier is a Processor in respect of the provision of the Services

    2.2   The subject-matter of Processing of Personal Data by the Supplier is the performance of the Services pursuant to the Agreement. The duration of processing, the nature and purpose of the processing, the categories of Personal Data, and the Data Subject(s) for the relevant Hosted Services are set out in Annex 1. 


    3.   DATA PROCESSOR OBLIGATIONS 

    3.1   Customer Instructions. The Customer appoints the Supplier as a Processor to process Personal Data in accordance with the Customer’s documented instructions (a) as set forth in the Agreement, including this Data Protection Schedule, and as otherwise necessary to provide the Services to the Customer (which may include investigating security incidents, preventing fraudulent activity, and detecting and preventing network exploits and abuse), (b) as necessary to comply with applicable law, and (c) as otherwise agreed in writing by the Parties. 

    3.2   The Customer will ensure that (i) its instructions comply with Data Protection Legislation and (ii) the Supplier’s processing of Customer Data in accordance with the Customer’s instructions will not cause the Supplier to violate any applicable law, regulation, or rule, including Data Protection Legislation. The Supplier will have no liability for any harm or damages resulting from the Supplier’s compliance with instructions received from the Customer. The Supplier will inform the Customer if it becomes aware or reasonably believes that the Customer’s data processing instructions violate any applicable law, regulation, or rule, including Data Protection Legislation.  

    3.3   Additional instructions outside the scope of the Agreement, a Service Order, or this Schedule will be agreed to between the Parties in writing, including any additional fees that may be payable by the Customer to the Supplier for carrying out those instructions. 

    3.4   Supplier Personnel.   Access to Personal Data by the Supplier will be limited to personnel who require such access to perform the Supplier’s obligations under the AgreementThe Supplier shall ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential and are aware of the Supplier’s duties and their personal duties and obligations under the Data Protection Legislation and the Agreement. The Supplier will take reasonable steps, including the provision of appropriate training, to ensure the reliability, competency and integrity of all personnel who have access to and/or Process Personal Data. 

    3.5   Security of Processing.  The Supplier shall maintain technical and organisational measures designed for protection of the security (including protection against unauthorised or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to Customer Data), confidentiality and integrity of the Customer Data, including Personal Data, as prescribed by Data Protection Legislation and shall include the controls as set out in Annex 3 to this Schedule.

    3.6   Expiry or Termination of Processing. The Supplier shall maintain access to the Customer Data for a period of 30 days after the expiry or termination of the Agreement for the purposes of allowing the Customer to download copies of the Customer Data. During such period, the Customer may request the Supplier export the information on the Customer’s behalf subject to the payment of mutually agreed costs. On expiry of the 30-day period, the Customer will cease to have access to the data and it will be securely deleted, unless the Supplier is required to retain the Customer Data by law. The Customer Data will remain within backed up information for a further period of fourteen (14) days after which the backups will have been rotated and all backed up data will be securely deleted. The Parties agree that a confirmation of deletion of Personal Data shall be provided by the Supplier to the Customer only upon the Customer’s request. 

    3.7   Assistance.  The Supplier shall, taking account of the nature of the Services, provide commercially reasonable assistance to the Customer with respect to the Customer’s compliance with its obligations under the Data Protection Legislation relating to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators.

     

    4.   DATA SUBJECT REQUESTS AND REGULATORS

    4.1   The Supplier shall promptly (and wherever possible within two working days) notify the Customer, to the extent legally permitted, if the Supplier receives a request from a Data Subject to exercise its right of access, to rectification, to restriction of Processing, to erasure, to data portability, to object to the Processing, or not be subject to an automated individual decision making (“Data Subject Request”). Taking into account the nature of the Processing, the Supplier shall assist the Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Customer’s obligation to respond to a Data Subject Request under Data Protection Legislation. In addition, to the extent the Customer does not have the ability to address a Data Subject Request through its use of the Services, the Supplier shall, upon the Customer’s request, use commercially reasonable efforts to assist the Customer in responding to such Data Subject Request, to the extent the Supplier is legally permitted to do so and the response to such Data Subject Request is required under Data Protection Legislation. To the extent legally permitted, the Customer shall be responsible for any costs arising from the Supplier’s provision of such assistance.

    4.2   In the case of a notice, audit, inquiry or investigation by a government body, data protection authority or law enforcement agency regarding the Processing of Personal Data under this Agreement, the Supplier shall promptly notify the Customer, to the extent legally permitted to do so. The Supplier shall keep reports of the Personal Data Processed by the Supplier and shall cooperate and provide all reasonable information to the Supplier in the event that the Supplier is required to produce such information to a data protection Supervisory Authority.  

     

    5.   BREACH NOTIFICATION  

    5.1   The Supplier shall notify the Customer without undue delay upon becoming aware of a Personal Data Breach. The Supplier shall make reasonable efforts to identify the cause of the Personal Data Breach and take those reasonable steps the Supplier deems necessary to mitigate the effects and to minimise any damage resulting from the Personal Data Breach.  The initial notice will be provided to the Customer’s security or privacy contact(s) identified in the Hosted Services customer support portal or if no such contact is designated, to the primary contact designated by the Customer. The Customer will maintain accurate contact information in the Customer support portal and provide any information that is reasonably requested to resolve any security incident. Notwithstanding Supplier’s obligations under clause 3.7 (Assistance), the Customer is solely responsible for determining whether to notify the relevant supervisory or regulatory authorities and impacted Data Subjects and for providing such notice. 


    6.   AUDITS

    6.1   Upon written request from the Customer, and subject to the confidentiality obligations of the Agreement, the Supplier will provide a copy of the ISO Certification and Statement of Applicability which covers the scope of the services provided to the Customer. Once per calendar year, the Customer may contact the Supplier by providing at least thirty days’ notice to request an on-site audit of the Supplier’s Information Security Management Systems by itself or a suitably qualified third party auditor that is not a competitor of the Supplier. The Parties shall mutually agree the scope, timing and duration of the audit and reimbursement of costs. Any audit or inspection shall be subject to a reasonable confidentiality agreement and the Supplier reserves the right to refuse to provide the Customer (or its representative) with any information that would pose a security risk to the Supplier or its customers, or which the Supplier is prohibited to provide or disclose under applicable law or contractual obligation.

    6.2   The Customer agrees that any audit or inspection in relation to the Sub-processing carried out by the Hosting Provider shall be satisfied by providing the Hosting Provider Audit Report to the Customer. The Customer must sign a Non-disclosure agreement with the Hosting Partner to receive a copy of the Hosting Partner Audit Report

    6.3   The Customer shall promptly notify the Supplier with information regarding any non-compliance discovered during the course of an audit. This clause shall not modify or limit the rights of audit of the Customer as provided under Data Protection Legislation. It is intended to clarify the procedures in respect of any audit.

     

    7.   DATA TRANSFERS

    7.1   With respect to the Services known as “Assure”, Customer may specify the location(s) where Customer Data will be processed within the Amazon Web Services (“AWS”) Network, including the London, UK Region, the US East, Ohio Region or the Asia Pacific, Sydney Region. (each a “Region”). Once Customer has made its choice, AWS will not transfer Customer Data from Customer’s selected Region(s) except as necessary to provide the Services initiated by Customer, or as necessary to comply with the law or binding order of a governmental body. With respect to the Services knows as “Learn”, Customer Data will be processed within the AWS Dublin, Ireland Region 

    7.2   EU Standard Contractual Clauses. For transfers of EU Personal Data to Supplier for processing in a jurisdiction outside the EU, the EEA, or the European Commission-approved countries or organisations providing ‘adequate’ data protection, Module 2 of the EU SCCs will apply. For data transfers from the EU that are subject to the EU SCCs, the EU SCC’s will be deemed entered into (and incorporated into this Data Protection Schedule by reference) subject to the following:  

    (a) in Clause 7, the optional docking clause will apply; 

    (b) in Clause 8.5 and 16 (d), the Parties agree that the certification of deletion of Personal Data shall be provided by Supplier to Customer only upon written request; 

    (c) in Clause 8.9, the Parties agree that the audits described shall be carried out in accordance with the audit provisions agreed in the Agreement; 

    (d) in Clause 9, Option 2 will apply, and the time period for prior notice of Sub-processor changes shall be as set out in Clause 8 of this DPA. For the purpose of Clause 9 (a), Customer gives general authorisation to engage Sub-processors in accordance with Clause 8 of this Data Protection Schedule;  

    (e) in Clause 11, the optional language will not apply; 

    (f) in Clause 12, any claims brought under the EU SCCs shall be subject to the terms and conditions set forth in the Agreement. Supplier’s liability under Clause 12 (b) shall be limited to any damages caused by its Processing where Supplier has not complied with its obligations under the GDPR specifically directed to Processors, or where it has acted outside of or contrary to lawful instructions of Customer, as specified in Article 82 GDPR.  In no event shall any party limit its liability with respect to any data subject rights under the EU SCCs. 

    (g) in Clause 15 (1) (a), Supplier shall only notify the Customer and not the Data Subject(s) in case of a government access request.  Customer is solely responsible for promptly notifying the Data Subject as necessary.  

    (h) in Clause 17, Option 1 will apply, and Irish law will be the governing law; 

    (i) in Clause 18(b), disputes shall be resolved before the courts of Dublin; 

    (j) in Annex I, Part A of the EU SCC shall be completed as follows: 

    Data Exporter: Customer 

    Data Exporter (Key) Contact details: The email address(es) designated by Customer in Customer’s account via its notification preferences. 

    Data Exporter Role: The Data Exporter’s role is set forth in Section 2.1 of this Data Protection Schedule. 

    Signature and Date: By entering into the Agreement, Data Exporter is deemed to have signed these EU Standard Contractual Clauses incorporated herein, including their Annexes, as of the effective date of the Agreement. 

    Data Importer: Evotix Limited and its relevant Affiliate(s) 

    Data Importer (Key) Contact details: dpo@evotix.com 

    Data Importer Role: The Data Importer’s role is set forth in Section 2.1 of this Data Protection Schedule. 

    Signature and Date: By entering into the Agreement, Data Importer is deemed to have signed these EU SCCs, incorporated herein, including their Annexes, as of the effective date of the Agreement; 

    (k) Annex I of the EU SCCs shall be deemed completed with the information set out in Annex I; and 

    (l) Annex II of the EU SCCs shall be deemed completed with the information set out in Annex II to this Data Protection Schedule. 

    Nothing in the interpretations in this Clause 7.2 is intended to conflict with either Party's rights or responsibilities under the EU SCCs and, in the event of any such conflict, the EU SCCs shall prevail. 

    7.3   UK International Data Transfer Addendum. The Parties agree that the UK International Data Transfer Addendum will apply to UK Personal Data that is transferred via the Services from the United Kingdom, either directly or via onward transfer, to any country or recipient outside of the United Kingdom that is not recognized by the competent United Kingdom regulatory authority or governmental body for the United Kingdom as providing an adequate level of protection for Personal Data. For data transfers from the United Kingdom that are subject to the UK International Data Transfer Addendum, the UK International Data Transfer Addendum will be deemed entered into (and incorporated into this Data Protection Schedule by this reference) and completed as follows: 

    (a) In Table 1 (Parties) of the UK International Data Transfer Addendum, the Parties’ details and key contact information is located in Section 7.2 (j) above.  

    (b) In Table 2 (Selected SCC’s, Modules and Selected Clauses) of the UK International Data Transfer Addendum, information about the version of the Approved EU SCCs, modules and selected clauses which this UK International Data Transfer Addendum is appended to is located in Section 7.2 (EU SCCs) above. 

    (c) In Table 3 (Appendix Information) of the UK International Data Transfer Addendum:

    1. The list of Parties is located in Section 7.2(x) above.

    2. The description of the transfer is set forth in Section 1 (Nature and Purpose of the Processing) of Annex 1.

    3. Annex II is located in Annex 3 of this Data Protection Schedule (Supplier Security Measures)

    4. The list of sub-processors is located in Annex 2 of this Data Protection Schedule. 

    (d) In Table 4 (Ending the Addendum) of the UK International Data Transfer Addendum, both the Importer and the Exporter may end the UK International Data Transfer Addendum in accordance with the terms of the UK International Data Transfer Addendum. 

    7.4   Conflict. To the extent there is any conflict or inconsistency between the EU Standard Contractual Clauses or UK International Data Transfer Addendum and any other terms in this Data Protection Schedule, the Agreement, the provisions of the EU SCCs or UK International Data Transfer Addendum, as applicable, will prevail. 


    8.   SUB-PROCESSING

     

    8.1   The list of Sub-processors that are currently engaged by Supplier to perform the Services is posted at https://www.evotix.com/en/subprocessor-policy (“Updated Sub-processor List”). The Supplier may Process the Personal Data in the locations and with the Sub-processors set out in Annex 2 or the current list as updated from time to time on the Supplier website in order to perform the Services.  

    8.2   The Supplier will provide the Customer with written notice of the appointment of any new Sub-processor, including full details of the Processing to be undertaken by the Sub-processor. If, within thirty (30) days of receipt of that notice, the Customer notifies the Supplier in writing of any reasonable objections to the proposed appointment, neither the Supplier nor any Supplier Affiliate shall disclose any Personal Data to that proposed Sub-processor until reasonable steps have been taken to address the objections raised by the Customer and the Customer has been provided with a reasonable written explanation of the steps taken. 

    8.3   In the event the Customer objects to a new Sub-processor, the Supplier will use reasonable efforts to make a change to the affected Services available or recommend commercially reasonable changes to the Customer’s configuration or use of the Services to avoid the Processing that is the subject of the objectionIf the Supplier is unable to make available such changes within a reasonable period of time, the Customer may terminate the applicable Service Order with respect only to those Services which cannot be provided by the Supplier without use of the objected-to Sub-processor by providing written notice to the Supplier. The Supplier will then refund the Customer any prepaid fees covering the remainder of the term of such Service Order following the effective date of termination with respect to such terminated Services. 

    8.4   The Customer provides a general consent for the Supplier to engage onward Sub-processors, provided the following requirements are satisfied: (a) any onward sub-processor must agree in writing to only process data in a country that the European Commission has declared to have an “adequate” level of protection or to only process data on terms equivalent to the applicable Standard Contractual Clauses, or pursuant to Binding Corporate Rules and (b) the Supplier will restrict the onward Sub-processor’s access to Personal Data only to what is strictly necessary to provide the Services, and will prohibit the Sub-processor from processing the Personal Data for any other purpose. 

    8.5   The Supplier will enter into a written agreement with each Sub-processor containing data protection obligations no less protective than those contained in this Data Protection Schedule with respect to the protection of Personal Data.  The Parties agree that the copies of the Sub-processor agreements that must be provided by the Supplier to the Customer pursuant to the EU SCC’s or their equivalent, any commercially sensitive information will be removed by the Supplier beforehand; and, that such copies will be provided by the Supplier, in a manner to be determined in its discretion, only upon the written request of the Customer.

    8.6   Use of a Sub-processor will not relieve, waive or diminish any obligation the Supplier has under the Agreement and the Supplier is liable for any acts or omissions of any Sub-processor to the same extent as if the acts or omissions were performed by the Supplier. 

     
    9.   DATA CONTROLLER RESPONSIBLITIES 

    9.1   The Customer shall comply with all of its obligations under the Data Protection Legislation when Processing Personal Data. 

    9.2   The Customer shall notify the Supplier promptly in writing of any request for it to take any action to assist the Customer with ensuring compliance with its obligations under the Data Protection Legislation, including with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators. 

    9.3   The Customer warrants that it has a lawful basis under the Data Protection Legislation for the processing of the Personal Data contemplated under the Agreement, and shall ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Supplier for Processing and/or enable lawful collection by the Supplier of the Personal Data and shall be responsible for the accuracy, quality and legality of Customer Data and how the Customer Data is acquired. The Customer is responsible for ensuring that suitable safeguards are in place prior to transmitting or processing, or prior to permitting the Customer’s end users to transmit or process, any Special Category Data via the Services.  

     

    10.   CUSTOMER AFFILIATES

    10.1   The obligations of the Supplier as Data Processor set forth herein will extend to those of Customer’s Affiliates whose Personal Data is Processed within the Hosted Services, subject to the following conditions:

    (a)   Customer shall at all times be liable for its Affiliates’ compliance with this Data Protection Schedule and all acts and omissions by a Customer Affiliate are considered acts and omissions of Customer. 
    (b)   Customer’s Affiliates will not bring a claim directly against the Supplier. In the event a Customer Affiliate wishes to assert a valid legal action, suit, claim or proceeding against the Supplier (a “Customer Affiliate Claim”): (i) Customer must bring such Customer Affiliate Claim directly against the Supplier on behalf of such Customer Affiliate, unless Data Protection Legislation requires that the Customer Affiliate be party to such Customer Affiliate Claim; and (ii) all Customer Affiliate Claims will be considered claims made by Customer and are at all times subject to any aggregate limitation of liability set forth in the Agreement. 
     
    11.   LIMITATION OF LIABILITY

    11.1   Each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or related to this Data Protection Schedule, whether in contract, tort or under any other theory of liability, is subject to the ‘Limitation of Liability’ section of the Agreement, and any reference in such section to the liability of a party means the aggregate liability of that party and all of its Affiliates under the Agreement. 


    12.   ORDER OF PRECEDENCE

    12.1   In relation to any Personal Data, in the event of any conflict or inconsistency between any of the terms of the Agreement and this Data Protection Schedule in regard to the processing of Personal Data, the provisions of the following documents (in order of precedence) shall prevail: (i) the UK SCC’s or  the UK International Data Transfer Addendum as applicable, (ii) this Data Protection Schedule (iii) the Agreement and (iv) the Service Order or Statement of Work. 


     

     

    Annex 1

    DESCRIPTION OF PROCESSING FOR ASSURE PRODUCTS*

     

    Description

    Detail

    Duration of Processing

    The Supplier will Process Personal Data for the duration of the Agreement. 

    Nature and Purposes of the Processing

    The Supplier provides a solution that stores the Customer Data for the purposes of managing Health, Safety or Environmental matters 

    • Risk Assessments (e.g., H&S, DSE, Manual Handling, COSHH assessments) 
    • Incidents and Accidents including submission of Reportable accidents 
    • Information based around individuals, e.g., training records 
    • Registers of assets (e.g., equipment, electrical testing) 
    • Audit and Inspection records 
    • Supplier management information 
    • Tasks (both system generated and manually added) 

    Categories of Personal Data

    The Customer may submit Personal Data to the Hosted Service, the extent of which is solely determined by the Customer, and may include the following categories:  

    • Name 
    • Personal Addresses 
    • Date of Birth 
    • Accident and Near Miss records 
    • Phone Number 
    • Email Address 
    • IP Addresses 
    • Training Records 

    Special Categories of Personal Data 

     

    The Customer may submit Special Category Data to the Hosted Services, the extent of which is solely determined by the Customer in compliance with Data Protection Legislation, and may include the following categories, if any: 

    • Health data related to individuals (e.g., recorded due to incidents, actions, or specialised risk assessments).

    Data Subjects

     

    The Customer may submit Personal Data to the Hosted Services, the extent of which is solely determined by the Customer, and may include Personal Data relating to the following categories of Data Subjects:  

    • Employees, volunteers, agents, and temporary workers
    • Members of the public  
    • Customers, Contractors and Suppliers 
    •  
    * Personal data processed is dependent upon the Customer’s requirements. This list states the general information processed by Supplier’s Services for health and safety related activities. If Customer’s requirements change the above scope, Customer should add any additional data it provides to the above table.
     

    DESCRIPTION OF PROCESSING FOR EVOTIX LEARN*

    Description

    Detail

    Duration of Processing

    The Supplier will Process Personal Data for the duration of the Agreement. 

    Nature and Purposes of the Processing

    The Supplier provides a solution that stores the Customer Data for the purposes of managing training material, training records and tests of understanding. 

    Categories of Personal Data

    The Customer may submit Personal Data to the Hosted Service, the extent of which is solely determined by the Customer, and may include the following categories:  

    • Name 
    • Username 

    Special Categories of Personal Data 

    		 The solution should not hold any Special Category data. 

    Data Subjects

    The Customer may submit Personal Data to the Hosted Services, the extent of which is solely determined by the Customer, and may include Personal Data relating to the following categories of Data Subjects:  

    • Employees, volunteers, agents, and temporary workers
    • Customers, Contractors and Suppliers 
    Personal data processed is dependent upon the Customer’s requirements. This list states the general information processed by Supplier’s Services for health and safety related activities. If Customer’s requirements change the above scope, Customer should add any additional data it provides to the above table
     
    Annex 2
    Sub-processors

    The following sets out the Sub-processors as of the Effective Date of this Agreement. Additions or changes to the list of Sub-processors will be notified to Customer pursuant to Clause 8 of the Data Processing Schedule. In the event of a conflict between the below Sub-processor list and the Updated Sub-processor List, the Updated Sub-processor List will take precedence

    Sub-Processor  Processing Activities  Country 

    Evotix Limited Group’s wholly owned subsidiaries (“Affiliates”):  

    Evotix Limited (UK)  

    StoryShare Platform Ltd 

    Evotix Inc. (USA) 

    Evotix PTY (Australia) 

    Evotix PTY (New Zealand) 

    		 Global Support

    United Kingdom 

    United Kingdom 

    United States  

    Australia 

    New Zealand 
    Amazon Web Services, Inc. and its Affiliates

    Third Party Hosting Provider for Assure 

    Dynamic Translation Services 

    London Region for UK and EU customers 

    US East – Ohio Region for North American customers 

    Asia Pacific – Sydney Region for Australian and New Zealand customers. 
    Amazon Web Services, Inc. and its Affiliates  Third Party Hosting Provider for Learn Dublin, Ireland
    Gainsight, Inc. and its Affiliates Product user service usage data analysis  Frankfurt, Germany 

     

    Annex 3 
    Supplier Security Measures

     

    Evotix Limited holds Cyber Essentials and is Certified to ISO27001:2013 and is externally assured at least annually against the requirements of that standard.