Skip to content

    SERVICE ORDER TERMS

    EVOTIX_REDUCERISK_RGB-01

    Evotix EMEA Terms and Conditions

     

    THESE TERMS AND CONDITIONS WILL APPLY TO THE PURCHASE AND USE OF EVOTIX LIMITED’S SERVICES. CUSTOMER AGREES TO THE TERMS OF THIS AGREEMENT IF CUSTOMER CLICKS A BOX INDICATING ACCEPTANCE OR EXECUTES A SERVICE ORDER THAT REFERENCES THIS AGREEMENT. 

    CUSTOMER MEANS THE ENTITY AND ITS AFFILIATES LISTED ON THE SERVICE ORDER. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT IS ACCEPTING ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, SUCH INDIVIDUAL REPRESENTS THAT THEY HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS. CAPITALIZED TERMS HAVE THE DEFINITIONS SET FORTH HEREIN. 

    THESE TERMS AND CONDITIONS WERE LAST UPDATED ON 5 11 2021.

     

    1.   DEFINITIONS
    Affiliate(s): means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity. 
    Agreement: means these Terms and Conditions and the attached or referenced exhibits, schedules and addenda including an executed Statement of Work and Service Order.
    Agreement Start Date: means the effective date of this Agreement as set out in the Service Order.
    Business Day: means any day which is not a Saturday, Sunday or public holiday in the United Kingdom.
    Customer Data:  means the Customer’s data inputted into the Services by the Customer, by Named Users, or by the Supplier on the Customer's behalf. 
    Data Protection Schedule: means the data protection Schedule attached as Schedule 1 to this Agreement. 
    Data Protection Legislation: has the meaning set out in the Data Protection Schedule. 
    Fees:  means the fees payable to the Supplier by Customer for the Services as set out in a Service Order.
    Force Majeure Event means any unavailability caused by circumstances beyond Supplier’s reasonable control, including, for example, an act of God, act of government, flood, fire, earthquake, civil unrest, act of terror, strike or other labor problem (other than one involving Supplier employees), Internet service provider failure or delay, denial of service attack, failure of a utility service or transport or telecommunications network or default of suppliers or sub-contractors.
    Hosted Services: means the services that are ordered by Customer under a Service Order and made available online by Supplier using the Software and, where relevant, shall include associated offline components. 
    Implementation Services: means the work the Supplier will perform to configure the Hosted Services and provide training as set out in the Statement of Work.
    Maintenance and Support:  means any error corrections, updates and upgrades that the Supplier may provide or perform with respect to the Hosted Services as described in clause 3. 
    Named Users:  means those specific employees and independent contractors or other authorised third parties (up to the total number of Named User licenses specified in a Service Order) who are authorised to use the Services under this Agreement. 
    Order Start Date: means the start date for the Services as set forth in the Service Order. 
    Renewal Period: means the renewal period set out in the applicable Service Order.
    Service Order: means the service order mutually executed by the parties specifying the Services to be provided, including any addenda and supplements thereto. 
    Services: means the Hosted Services and/or Implementation Services which are ordered by Customer under a Service Order. 
    Software: means the Supplier's proprietary software in machine-readable object code form, including any error corrections, updates, upgrades, modifications and enhancements used to provide the Hosted Services to the Customer under this Agreement. 
    Statement of Work or SOW: means a statement of work describing the Implementation Services to be provided to Customer that is mutually executed by Customer and Supplier and incorporated herein. 
    Virus:  means any thing or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices.
    Year: means a period of twelve calendar months commencing on the applicable Order Start Date or on any anniversary thereof.
     
    2.   SUPPLIER RESPONSIBILITIES

    2.1   The Supplier will (a) provide the Customer with Supplier standard support for the Services, (b) use commercially reasonable efforts to make the Hosted Services available 24 hours a day, 7 days a week, except for: (i) planned downtime (of which the Supplier shall give advance electronic notice provided the Customer has signed up for such notifications), and (ii) a Force Majeure Event and (c) provide the Services in accordance with laws and government regulations applicable to the Supplier related to its provision of the Services to its customers generally and subject to the Customer’s use of the Services in accordance with this Agreement.

    2.2   This Agreement will not prevent the Supplier from entering into similar agreements with third parties, or from independently developing, using, selling or licensing materials, products or services which are similar to those provided under this Agreement.

     
    3.   MAINTENANCE AND SUPPORT SERVICES

    3.1   The Supplier shall provide the Customer with Maintenance and Support. Maintenance and Support includes all regularly scheduled error corrections, software updates and upgrades to the Services.  Customer shall appoint a commercially reasonable number of Customer Support Representatives (“CSRs”) who are authorised to contact the Supplier for technical support services.  Only CSRs, or such replacement personnel notified to the Supplier from time to time, shall be authorised to contact the Supplier for technical support services.  Customer will provide front-line support to Named Users who are not the designated CSRs. However, the Customer's designated CSRs may contact Supplier technical support in order to report problems from Named Users that the Customer's designated CSRs cannot resolve themselves after they have performed a reasonable level of diagnosis.

    3.2   Supplier technical support shall accept voicemail and e-mail incident submittal from CSRs 24 hours a day, 7 days a week. The Supplier technical support call centre shall accept telephone calls for English language telephone support during the following hours:
     

    Country

    Hours

    United Kingdom:     

    8.30 am to 5.00 pm local UK time, each Business Day. 

     

    The Supplier shall use reasonable endeavours to process support requests, issue trouble ticket tracking numbers if necessary and respond to the Customer with a typical response within 4 hours during the hours identified above. 

    3.3   The Supplier provides monitoring of its Hosted Services 24 hours a day seven days a week. Provided the Customer has signed up to receive such notifications, the Supplier shall notify the CSRs via the Hosted Services of any maintenance events that may affect the availability of the Hosted Services.

     

    4.   CUSTOMER’S USE OF THE SERVICES AND OBLIGATIONS

    4.1   Hosted Services are purchased as subscriptions for the term set out in the Service Order.  Customer may allow Named Users to access the Hosted Services solely for the Customer's internal business purposes. Data storage related to the use of the Hosted Services is not limited but such use must be reasonable.


    4.2   The Customer shall: 

    (a)   provide the Supplier with all necessary and timely and efficient co-operation in relation to this Agreement, and with all necessary and reasonable access to such information as may be required by the Supplier in order to render the Services, including but not limited to Customer Data, security access information and software interfaces to the Customer's other business applications; 
    (b)   provide such personnel assistance, including the customer account team personnel as may be reasonably requested from time to time. The Customer account team shall consist of the personnel listed on the Service Order. Customer shall use reasonable efforts to ensure continuity of its personnel assigned to a Service Order, if any;
    (c)   maintain all necessary licences, consents, and permissions necessary for the Supplier, its contractors and agents to perform their obligations under this Agreement, including without limitation use of the Services with Customer’s systems;
    (d)   be solely responsible for procuring and maintaining its network connections and telecommunications links from its systems to the Supplier’s data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer's network connections or telecommunications links or caused by the internet; 
    (e)   use reasonable endeavours to prevent any unauthorised access to, or use of, the Services and notify the Supplier promptly of any such unauthorised access or use and carry out all other Customer responsibilities set out in this Agreement in a timely and efficient manner;
    (f)   comply with all laws and regulations applicable to its obligations under this Agreement;
    (g)   be  responsible for Named Users’ compliance with this Agreement.

    4.3   In relation to Named Users, the Customer shall ensure that:

    (a)   the maximum number of users that it authorises to access and use the Services does not exceed the number of Named User licences specified in the Service Order, and that any Named User licence is used only by the relevant individual Named User unless that licence has been reassigned in its entirety to another individual Named User (in which event the previous Named User shall no longer have any right to access or use the Services);
    (b)   each Named User keeps the log-in details of their account confidential and regularly changes any passwords.

    4.4   The Customer shall not:  

    (a)   knowingly store, distribute or transmit any Virus, or any material, including Customer Data, through the  Services that is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive; depicts sexually explicit images; promotes unlawful violence; is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or in a manner that is otherwise unlawful, tortious, or causes damage or injury to any person or property; and the Supplier reserves the right, without liability or prejudice to its other rights to the Customer, to disable the Customer’s access to any material that breaches the provisions of this clause;
    (b)   attempt to copy, duplicate, modify, create derivative works from or distribute all or any portion of or attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Services except to the extent expressly set out in this Agreement or as may be allowed by any applicable law which is incapable of exclusion by agreement between the Parties;
    (c)   access all or any part of the Software or Hosted Services in order to build a product or service which competes with the Services or to benchmark the Software or Hosted Services with a non-Supplier product or service; 
    (d)   license, re-sell, sell, sublicense, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services available to any third party except the Named Users, or include any Service in a service bureau or outsourcing offering; or
    (e)   interfere with or disrupt the integrity or performance of any Service or third-party data contained therein, or attempt to gain unauthorized access to any Service or Software or its related systems or networks or permit direct or indirect access to or use of any Service in a way that circumvents a contractual usage limit, or use any of the Services to access or use any Supplier intellectual property except as permitted under this Agreement or frame or mirror any part of any Service, other than framing on Customer's own intranets or otherwise for its own internal business purposes.

    5.   IMPLEMENTATION AND ACCEPTANCE

    5.1   The Supplier shall use reasonable endeavours to perform the Implementation Services as specified in the Statement of Work.

    5.2   Within ten (10) days of the Supplier's delivery to the Customer of the Implementation Services, the Customer shall review the configuration to confirm that it functions in material conformance with the applicable portion of the Statement of Work. If the Implementation Services fail in any material respect to conform with such provisions, the Customer shall give the Supplier a detailed description of any such non-conformance ("Error"), in writing, within the ten-day review period.

    5.3   With respect to any Errors, the Supplier shall use reasonable endeavours to correct any such Error within a reasonable time and, on completion, submit the corrected configuration to the Customer. The provisions of this clause shall then apply again, up to three additional times. If the Supplier is unable to correct such Error after three attempts, either party may terminate this Agreement without further liability to the other party and recover all fees paid for the Implementation Services under such SOW or Service Order for such deficient Deliverable.


    5.4   In any case, if the Customer does not provide any written comments in the ten-day period specified above, or if the configuration is found to conform with the applicable portion of the Service Order and/or the Statement of Work (if any), the Configuration shall be deemed accepted.  For the avoidance of doubt, any use of the Services by the Customer in a live environment, after it has been rolled out to the Customer’s employees for operational purposes, will be treated as acceptance by the Customer.  Any further Implementation Services provided by the Supplier after acceptance or deemed acceptance shall not alter the status of that acceptance.


    6.   CHANGES TO THE SERVICES

    6.1   The Customer acknowledges that the Supplier may amend, develop and update the Hosted Services in its discretion from time to time without notice to or requiring any consent from the Customer, provided that the amended, developed or updated Hosted Services shall continue to comply with the undertaking in 2.1 (Supplier Responsibilities). 


    7.   CUSTOMER DATA AND DATA PROTECTION

    7.1   The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of Customer Data.

    7.2   Both parties shall comply with all applicable privacy law and Data Protection Legislation in their creation, collection, receipt, access, use, storage, disposal and disclosure of personal information processed under this Agreement and shall process personal data only in accordance with the terms of the Data Protection Schedule. The Data Protection Schedule is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under the Data Protection Legislation. 

    7.3   In the event of any loss or damage to Customer Data that is the fault of the Supplier, Customer’s sole and exclusive remedy shall be for the Supplier to use reasonable commercial efforts to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by Supplier as a standard feature of the provided Service (its hosted platform).  Supplier shall not be held liable or responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by Supplier to perform services related to Customer Data maintenance and back-up).

    7.4   Notwithstanding any other clause, term or provision of this Agreement, the Customer agrees that the Supplier shall be authorised to process Customer Data, anonymised and aggregated with the personal data of other customers, for the purpose of creating and, at its discretion, publishing benchmarking information.

     

    8.   FEES AND PAYMENT

    8.1   The Customer shall pay the Fees to Supplier as set out in the relevant Service Order and shall reimburse the Supplier for all actual, reasonable travel expenses including, but not limited to, airfare, hotel and meals incurred by the Supplier in performance of the Services.  

    8.2   Supplier’s fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction (collectively, “Taxes”). Customer is responsible for paying all Taxes associated with the Services. If Supplier has the legal obligation to pay or collect Taxes for which Customer is responsible under this section, Supplier will invoice Customer and Customer will pay that amount unless Customer provides Supplier with a valid tax exemption certificate authorized by the appropriate taxing authority. For clarity, Supplier is solely responsible for taxes assessable against it based on its income, property and employees. 

    8.3   The Supplier shall invoice the Customer upon the Order Start Date and then annually in advance of each anniversary of the Order Start Date.  Each invoice is due and payable 30 days after the invoice date. Unless otherwise specified in a Service Order, the Supplier shall be entitled, with effect from each anniversary of the Order Start Date, to increase the Fees by up to 7.5% calculated from the date of the last increase in the Fees (or Order Start Date for the first such increase).  Customer shall provide Supplier with such paperwork as is necessary to enable Supplier to invoice Customer as specified above.

    8.4   If the Supplier has not received payment as required herein, and without prejudice to any other rights and remedies, the Supplier may, without liability to the Customer, disable the Customer’s account and the passwords and access of the Customer and its Named Users to all or any part of the Services, and the Supplier shall be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid. In addition, interest shall accrue on such due amounts at an annual rate equal to 4% over the then current base lending rate of Lloyds Bank PLC at the date the relevant invoice was issued, or the maximum rate provided by law, whichever is lower, commencing on the due date and continuing until fully paid, whether before or after judgment.

     

    9.   REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS

    9.1   Each party represents that it has validly entered into this Agreement and has the legal power to do so. 

    9.2   The Supplier warrants that during an applicable subscription term that (a) the Implementation Services will be performed with reasonable skill and care and (b) the Hosted Services will perform materially in accordance with the published documentation for such Hosted Services. For any breach of a warranty above, Customer’s exclusive remedies are those described in clause 9.4 below.

    9.3   Except as expressly provided herein, neither party makes any warranty of any kind, whether express, implied, statutory or otherwise, and each party specifically disclaims all implied warranties, including any implied warranty of merchantability, fitness for a particular purpose or non-infringement, to the maximum extent permitted by applicable law. The undertaking in clause 9.2 shall not apply to the extent of any non-conformance which is caused by use of the relevant Services contrary to the Supplier's instructions or modification or alteration of the relevant Services by any party other than the Supplier or the Supplier's duly authorised contractors or agents. 

    9.4   If the relevant Services do not conform with the foregoing warranty, the Supplier will, at its expense, use all reasonable commercial endeavours to correct any such non-conformance promptly, or provide the Customer with an alternative means of accomplishing the desired performance. 

    9.5   Notwithstanding the foregoing, the Supplier does not warrant that the Customer’s use of the Software and the Hosted Services will be uninterrupted or error-free and is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Services and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities. In addition, the Supplier makes no warranty of any kind that the Software, documentation or any Services or result of the use thereof will meet the Customer’s requirements, operate without interruption, achieve any intended result, be compatible or work with any software or systems. 

     

    10.   PROPRIETARY RIGHTS

    10.1   The Customer acknowledges and agrees that the Supplier and/or its licensors own all intellectual property rights in the Software, the Services and related documentation. Except as expressly stated herein, this Agreement does not grant the Customer any rights to, or in, patents, copyrights, database rights, trade secrets, trade names, trademarks (whether registered or unregistered), or any other rights or licences in respect of the Software, Services or any related documentation. Supplier, its Affiliates and licensors reserve all of their right, title and interest in and to the Software, Services and documentation including all of their related intellectual property rights. No rights are granted to Customer hereunder other than as expressly set forth herein. 

    10.2   Supplier hereby grants to Customer a non-exclusive, non-transferable license to use the Services up to the number of Named Users Customer has paid for solely for its internal business purposes according to the terms and conditions of this Agreement.

    10.3   Customer grants to Supplier, its Affiliates and applicable contractors a worldwide, limited term license to host, copy, use, transmit and display any Customer Data in order to provide the Services to Customer and its Named Users. Customer hereby assigns to Supplier any intellectual property rights in and to the Software and Services that may be developed by Customer. 

     

    11.   CONFIDENTIALITY

    11.1   “Confidential Information” means all information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure.  However, Confidential Information does not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party.

    11.2   The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care) (i) not to use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, and (ii) except as otherwise authorized by the Disclosing Party in writing, to limit access to Confidential Information of the Disclosing Party to those of its and its Affiliates’ employees and contractors who need that access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections no less stringent than those herein.  Neither party will disclose the terms of this Agreement or any Service Order to any third party other than its Affiliates, legal counsel and accountants without the other party’s prior written consent, provided that a party that makes any such disclosure to its Affiliate, legal counsel or accountants will remain responsible for such Affiliate’s, legal counsel’s or accountant’s compliance with this “Confidentiality” section.

    11.3   The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of the compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the disclosure.

    11.4   The Customer acknowledges that the Software, the results of any performance tests of the Software, the Services and Supplier’s documentation constitute the Supplier's Confidential Information. The Supplier acknowledges that the Customer Data is the Confidential Information of the Customer. Confidential Information of each party includes the terms and conditions of this Agreement and all Service Orders (including pricing), as well as business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such party.  

     

    12.   PUBLICITY

    12.1   The parties consent to the publication of a press release or other public announcement by either party regarding the entry into of this Agreement (with written approval from the Customer) and Customer will provide references to prospective Supplier customers at the Supplier’s reasonable request, including phone calls and site visits. The Customer consents to the use by the Supplier of the Customer corporate logo on the supplier website and/or in other Supplier promotional materials (with written approval from the Customer) and agrees to the development of case studies and other promotional material illustrating practical use of the solution (with written approval from the Customer).


    13.   INTELLECTUAL PROPERTY INDEMNITY

    13.1   The Supplier shall defend the Customer, its officers, directors and employees against any claim that the Software infringes any patent effective as of the Agreement Start Date, copyright, database right or related right of confidentiality (“Claim”), and shall indemnify the Customer for any amounts awarded against the Customer in judgment or settlement of the Claim(s), provided that (a) the Supplier is given prompt notice of any Claim; (b) the Customer provides reasonable assistance to the Supplier in the defence and settlement of the Claim, at the  Customer’s expense; and (c) the Supplier is given sole authority to defend or settle the Claim provided that Supplier may not settle any Claim unless it unconditionally releases customer of all liability. 

    13.2   If the Supplier receives information about an infringement or misappropriation Claim, Supplier may in its discretion, obtain for the Customer the right to continue using the Software, replace or modify the Software so that they becomes non-infringing or, if such remedies are not reasonably available, terminate this Agreement without liability to the Customer and refund the Customer any prepaid fees covering the remainder of the term of the terminated subscriptions.  The Supplier shall have no liability if the alleged infringement is based on: (a) a modification of the Software by anyone other than the Supplier; (b) the Customer's use of the Software in a manner contrary to the instructions given to the Customer by the Supplier; or (c) the Customer's use of the Software after notice of the alleged or actual infringement from the Supplier or any appropriate authority. This clause states the Customer’s sole and exclusive rights and remedies, and the Supplier’s entire obligations and liability for claims arising out of this section.

    13.3   The Customer will defend the Supplier and its Affiliates against any claim, demand, suit or proceeding made or brought against the Supplier by a third party (a) alleging that any Customer Data or use of Customer Data with the Services infringes or misappropriates such third party’s intellectual property rights or violates Data Protection Legislation, or (b) arising from the Customer’s use of the Services in an unlawful manner or in violation of the Agreement. The Customer will indemnify the Supplier from any damages, attorney fees and costs finally awarded against the Supplier as a result of any such claim, or for any amounts paid by the Supplier under a settlement approved by the Customer in writing provided Supplier (a) promptly gives the Customer written notice of the claim, (b) gives the Customer sole control of the defense and settlement of the claim (except that the Customer may not settle any claim unless it unconditionally releases the Supplier of all liability), and (c) gives the Customer all reasonable assistance, at the Customer’s expense. The above defense and indemnification obligations do not apply if a claim arises from the Supplier’s breach of this Agreement. 

     

    14.   LIMITATION OF LIABILITY

    14.1   Except as expressly and specifically provided in this Agreement, the Customer assumes sole responsibility for results obtained from the use of the Software and the Services by the Customer, and for conclusions drawn from such use. The Supplier shall have no liability for any damage caused by errors or omissions in any information, instructions or scripts provided to the Supplier by the Customer in connection with the Services, or any actions taken by the Supplier at the Customer's direction.

    14.2   Nothing in this Agreement excludes or limits the liability of either party for death or personal injury caused by that party’s negligence, or for fraud or fraudulent misrepresentation, or for any other liability to the extent that the same may not be excluded or limited as a matter of applicable law.

    14.3   In no event shall the Supplier be liable, whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation (whether innocent or negligent) and regardless of the theory of liability, restitution or otherwise, for any loss of profits, revenues, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, in each case whether direct or indirect, or for any special, indirect or consequential, cover, business interruption or punitive damages howsoever caused and whether or not such losses are foreseeable, even if that party has been advised (or is otherwise aware) of the possibility of such losses in advance. 

    14.4   Subject to clause 14.2 and 14.3 above, the Supplier's total aggregate liability arising out of or in connection with this Agreement shall be limited to the Fees paid by Customer for the Services giving rise to the liability during the 12 months preceding the date on which the claim arose.


    15.   TERM AND TERMINATION

    15.1   This Agreement commences on the Agreement Start Date and continues until all subscriptions hereunder have expired or have been terminated. The term of each subscription for the Services shall commence on the Order Start Date and shall be as specified in the applicable Service Order.  Subscriptions will automatically renew for additional periods equal to one year unless either party gives the other written notice (email acceptable) at least 90 days before the end of the relevant subscription term. 

    15.2   A party may terminate this Agreement for cause (i) upon 30 days written notice to the other party of a material breach if such breach remains uncured at the expiration of such period, or (ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors or the other party ceases, or threatens to cease, to trade.

    15.3   If this Agreement is terminated by Customer in accordance with the termination section above, Supplier will refund Customer any prepaid fees covering the remainder of the term of the Service Order after the effective date of termination. If this Agreement is terminated by Supplier in accordance with the termination section above, Customer will pay any unpaid fees covering the remainder of the term of all Service Orders to the extent permitted by applicable law. In no event will termination relieve Customer of its obligation to pay any fees payable to Supplier for the period prior to the effective date of termination. 

    15.4   On termination of this Agreement for any reason each party shall return and make no further use of any equipment, property, materials and other items (and all copies of them) belonging to the other party. The Supplier shall maintain access to the Customer Data as provided in the Data Protection Schedule.

    15.5   The sections titled “ Fees and Payment,” “Proprietary Rights,” “Confidentiality,” “Disclaimers,” “Intellectual Property Indemnity,” “Limitation of Liability,” “Refund or Payment upon Termination,” “Surviving Provisions” and “General Provisions” will survive any termination or expiration of this Agreement, and the section titled “Customer Data and Data Protection” will survive any termination or expiration of this Agreement for so long as Supplier retains possession of Customer Data.

     

    16.   FORCE MAJEURE

    16.1   Neither party shall be in breach of this Agreement nor liable for delay in performing, or failure to perform, any of its obligations under this Agreement if such delay or failure results from a Force Majeure Event. In such circumstances the affected party shall be entitled to a reasonable extension of the time for performing such obligations, provided that if the period of delay or non-performance continues for six months, the party not affected may terminate this Agreement by giving 30 days' written notice to the other party.


    17.   NOTICES

    17.1   Any notice required to be given under this Agreement shall be in writing and shall be delivered by hand or sent by pre-paid first-class post or recorded delivery post to the other party at its address set out in this Agreement for the attention of the General Counsel or such other address as may have been notified by that party for such purposes.


    17.2   A notice delivered by hand shall be deemed to have been received when delivered (or if delivery is not in business hours, at 9 am on the first Business Day (in the UK) following delivery). A correctly addressed notice sent by pre-paid first-class post or recorded delivery post shall be deemed to have been received at the time at which it would have been delivered in the normal course of post.

    17.3   Except as otherwise expressly set out in this Agreement, a notice given under this Agreement is not valid if sent by e-mail and, for the avoidance of doubt, "writing" shall not include e-mail for the purposes of this clause.

     

    18.   NON POACHING OF STAFF

    18.1   The Customer agrees that during the term of this Agreement and for a period of 12 months after its termination, it shall not without the prior written consent of the Supplier, solicit, or permit any subsidiary or associate (as those terms are defined in sections 1159 and 345 of the Companies Act 2006) to solicit, the employment or engagement of any employee or contractor of the Supplier who has been engaged in the performance of this Agreement or any Service Order, whether or not the acceptance of such offer would cause the employee or contractor to be in breach of his contract with the Supplier. Notwithstanding the foregoing, any person’s response to, and subsequent hiring as a result of, general solicitation through advertising shall not constitute a violation of this provision. 


    19.   GENERAL PROVISIONS

    19.1   The Services may be subject to export laws and regulations of the United Kingdom, the United States and other jurisdictions.  The Supplier and the Customer each represents that it is not named on any U.K. government designated-persons list or U.S. government denied-party list.  Customer will not permit any User to access or use any Service in a U.S.-embargoed country (currently Crimea, Cuba, Iran, North Korea, Sudan or Syria) or in violation of any U.K. or U.S. export law or regulation.

    19.2   The parties shall comply with all applicable laws, regulations and sanctions relating to anti-bribery and anti-corruption, including without limitation the Bribery Act 2010 (as such statute is amended from time to time).  The Customer has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from a Supplier employee or agent in connection with this Agreement.  If Customer learns of any violation of the above restriction, it will use reasonable efforts to promptly notify the Supplier. 

    19.3   Nothing in this Agreement is intended to, or shall be deemed to, establish any partnership or joint venture between any of the parties, constitute any party the agent of another party, nor authorise any party to make or enter into any commitments for or on behalf of any other party. 

    19.4   No variation of this Agreement shall be effective unless it is in writing and signed by the parties (or their authorised representatives). 

    19.5   This Agreement does not confer any rights on any person or party (other than the parties to this Agreement and (where applicable) their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.

    19.6   Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the other party’s prior written consent (not to be unreasonably withheld); provided, however, the Supplier may assign this Agreement in its entirety (including all Service Orders), without Customer’s consent to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. Notwithstanding the foregoing, if the Supplier is acquired by, sells substantially all of its assets to, or undergoes a change of control in favor of, a direct competitor of the other party, then such other party may terminate this Agreement upon written notice. In the event of such a termination, Supplier will refund the Customer any prepaid fees covering the remainder of the term of all subscriptions for the period after the effective date of such termination. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties, their respective successors and permitted assigns. 

    19.7   If any provision (or part of a provision) of this Agreement is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, the other provisions shall remain in force.  If any invalid, unenforceable or illegal provision would be valid, enforceable or legal if some part of it were deleted, the provision shall apply with whatever modification is necessary to give effect to the commercial intention of the parties.

    19.8   A waiver of any right under this Agreement is only effective if it is in writing and it applies only to the party to whom the waiver is addressed and to the circumstances for which it is given. 

    19.9   Unless specifically provided otherwise, rights arising under this Agreement are cumulative and do not exclude rights provided by law.

    19.10   This Agreement and any documents referred to in it constitute the whole agreement between the parties and supersede any previous arrangement, understanding or agreement between them relating to the subject matter of this Agreement. The parties agree that any term or condition stated in a Customer purchase order or in any other Customer order documentation is void. In the event of any conflict or inconsistency among the following documents, the order of precedence shall be: (1) the Service Order, (2) the Statement of Work (if any); (3) this Agreement, (4) Schedules to the Agreement. Titles and headings of sections of this Agreement are for convenience only and shall not affect the construction of any provision of this Agreement.

    19.11   Each party acknowledges that, in entering into this Agreement and the documents referred to in it, it has not relied and does not rely on any statement, representation (whether innocent or negligent), assurance or warranty (Representation) of any person (whether a party to this Agreement or not) other than as expressly set out in this Agreement or those documents.  

    19.12   Each party agrees that the only rights and remedies available to it arising out of or in connection with a Representation shall be for breach of contract as expressly provided in this Agreement.

    19.13   This Agreement and any disputes or claims arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) are governed by, and construed in accordance with, the laws of England.  The parties irrevocably agree that the courts of England have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims). 


     

     

    Schedule 1
    Data Protection Schedule
    1.   DEFINITIONS

    1.1   Any capitalised terms used in this Schedule which are not defined herein shall have the meaning ascribed to them in the Agreement.

    1.2   In this Data Protection Schedule, the following additional definitions shall apply:

    Controller, Data Subject, Processor, Process and Processing shall have the same meaning as in the applicable Data Protection Legislation.
    Data Protection Legislation means all laws and regulations of the European Union, the European Economic Area and their member states, Switzerland and the United Kingdom, applicable to the Processing of Personal Data under this Agreement including (i) the GDPR; (ii) the Swiss Federal Act of 19 June 1992 on Data Protection, as amended; and (iii) the UK Data Protection Legislation.  
    GDPR means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), including as implemented or adopted under the laws of the United Kingdom.
    Hosting Provider means the hosting provider engaged by the Supplier from time to time. The current Supplier Hosting Provider as of the Agreement Start Date is Amazon Web Services (AWS). 
    Hosting Provider Audit Report means the audit report generated as a result of an audit performed by an independent third party selected by the Hosting Provider to verify the adequacy of its security measures, including the security of the physical data centres from which it provides its services.  Such audit report is performed at least annually according to ISO 27001 standards or such other alternative standards that are substantially equivalent to ISO 27001.
    Personal Data means any data relating to an identified or identifiable natural person uploaded by or for the Customer or the Named Users, Customer’s agents, employees or contractors to the Hosted Services as Customer Data.
    Personal Data Breach means a breach of Supplier’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed by the Supplier or its Sub-processors of which the Supplier becomes aware.
    SCC’s means the EU Model Clauses for Personal Data transfer from controllers to processors pursuant to the European Commission’s decision (C(2010)593) of 5 February 2010 on Standard Contractual Clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection (or any updates to, or replacement thereof).
    Special Category Data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and genetic data, biometric data (where used for identification purposes), data concerning health, data concerning a person’s sex life, and data concerning a person’s sexual orientation.
    UK Data Protection Legislation means all applicable data protection and privacy legislation in force from time to time in the UK including the GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended.

     

    2.   SCOPE OF THE PROCESSING

    2.1   The Customer acknowledges and agree that the Supplier may process Personal Data on behalf of the Customer in carrying out the Services and/or its obligations under the Agreement.  The parties acknowledge and agree for the purposes of the Data Protection Legislation that the Customer is the Controller and the Supplier is a Processor in respect of the provision of the Services. 

    2.2   The subject-matter of Processing of Personal Data by the Supplier is the performance of the Services pursuant to the Agreement. The duration of processing, the nature and purpose of the processing, the types of Personal Data and categories of Data Subject are set out in Annex 1 to this Data Protection Schedule. 


    3.   DATA PROCESSOR OBLIGATIONS 

    3.1   Customer Instructions. The Customer appoints the Supplier as a processor to process Personal Data in accordance with the Customer’s instructions (a) as set forth in the Agreement, including this Data Protection Schedule, and as otherwise necessary to provide the Services to the Customer (which may include investigating security incidents, preventing fraudulent activity, and detecting and preventing network exploits and abuse); (b) as necessary to comply with applicable law, and (c) as otherwise agreed in writing by the parties.

    3.2   The Customer will ensure that (i) its instructions comply with Data Protection Legislation and (ii) the Supplier’s processing of Customer Data in accordance with the Customer’s instructions will not cause the Supplier to violate any applicable law, regulation, or rule, including Data Protection Legislation. The Supplier will have no liability for any harm or damages resulting from the Supplier’s compliance with instructions received from the Customer. The Supplier will inform the Customer if it becomes aware or reasonably believes that the Customer’s data processing instructions violate any applicable law, regulation, or rule, including Data Protection Legislation.

    3.3   Additional instructions outside the scope of the Agreement, a Service Order, or this Schedule will be agreed to between the parties in writing, including any additional fees that may be payable by the Customer to the Supplier for carrying out those instructions. 

    3.4   Supplier Personnel.   Access to Personal Data by the Supplier will be limited to personnel who require such access to perform the Supplier’s obligations under the Agreement.  The Supplier shall ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential and are aware of the Supplier’s duties and their personal duties and obligations under the Data Protection Legislation and the Agreement. The Supplier will take reasonable steps, including the provision of appropriate training, to ensure the reliability, competency and integrity of all personnel who have access to and/or Process Personal Data.

    3.5   Security of Processing.  The Supplier shall maintain technical and organisational measures designed for protection of the security (including protection against unauthorised or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to Customer Data), confidentiality and integrity of the Customer Data, including Personal Data, as prescribed by Data Protection Legislation and shall include the controls as set out in Annex 3. 

    3.6   Expiry or Termination of Processing. The Supplier shall maintain access to the Customer Data for a period of 30 days after the expiry or termination of the Agreement for the purposes of allowing the Customer to download copies of the Customer Data. During such period, the Customer may request the Supplier export the information on the Customer’s behalf subject to the payment of mutually agreed costs. On expiry of the 30 day period, the Customer will cease to have access to the data and it will be securely deleted, unless the Supplier is required to retain the Customer Data by law. The Customer Data will remain within backed up information for a further period of fourteen (14) days after which the backups will have been rotated and all backed up data will be securely deleted. The parties agree that a confirmation of deletion of Personal Data shall be provided by the Supplier to the Customer only upon the Customer’s request.

    3.7   Assistance.  The Supplier shall, taking account of the nature of the Services, provide reasonable assistance to the Customer with respect to the Customer’s compliance with its obligations under the Data Protection Legislation relating to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators.

     

    4.   DATA SUBJECT REQUESTS AND REGULATORS

    4.1   The Supplier shall promptly (and wherever possible within two working days) notify the Customer, to the extent legally permitted, if the Supplier receives a request from a Data Subject to exercise it’s right of access, to rectification, to restriction of Processing, to erasure, to data portability, to object to the Processing, or not be subject to an automated individual decision making (“Data Subject Request”). Taking into account the nature of the Processing, the Supplier shall assist the Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Customer’s obligation to respond to a Data Subject Request under Data Protection Legislation. In addition, to the extent the Customer does not have the ability to address a Data Subject Request through its use of the Services, the Supplier shall, upon the Customer’s request, use commercially reasonable efforts to assist the Customer in responding to such Data Subject Request, to the extent the Supplier is legally permitted to do so and the response to such Data Subject Request is required under Data Protection Legislation. To the extent legally permitted, the Customer shall be responsible for any costs arising from the Supplier’s provision of such assistance. 

    4.2   In the case of a notice, audit, inquiry or investigation by a government body, data protection authority or law enforcement agency regarding the Processing of Personal Data, the Supplier shall promptly notify the Customer, to the extent legally permitted to do so. The Supplier shall keep reports of the Personal Data Processed by the Supplier and shall cooperate and provide all reasonable information to the Supplier in the event that the Supplier is required to produce such information to a data protection authority.

     

    5.   BREACH NOTIFICATION  

    5.1   The Supplier shall notify the Customer without undue delay upon becoming aware of a Personal Data Breach. The Supplier shall make reasonable efforts to identify the cause of the Personal Data Breach and take those reasonable steps the Supplier deems necessary to mitigate the effects and to minimise any damage resulting from the Personal Data Breach.  The initial notice will be provided to the Customer’s security or privacy contact(s) identified in the Hosted Services customer support portal or if no such contact is designated, to the primary contact designated by the Customer. The Customer will maintain accurate contact information in the Customer support portal and provide any information that is reasonably requested to resolve any security incident. Notwithstanding Supplier’s obligations under clause 3.7, the Customer is solely responsible for determining whether to notify the relevant supervisory or regulatory authorities and impacted Data Subjects and for providing such notice. 


    6.   AUDITS

    6.1   Upon written request from the Customer, or the Customer’s representative, and subject to the confidentiality obligations of the Agreement, the Supplier will provide a copy of the ISO Certification and Statement of Applicability which covers the scope of the services provided to the Customer. Once per calendar year the Customer may contact the Supplier by providing reasonable notice to request an on-site audit of the Supplier’s Information Security Management Systems by itself or a suitably qualified third party auditor that is not a competitor of the Supplier. The parties shall mutually agree the scope, timing and duration of the audit and reimbursement of costs. Any audit or inspection shall be subject to a reasonable confidentiality agreement and the Supplier reserves the right to refuse to provide the Customer (or its representative) with any information that would pose a security risk to the Supplier or its customers, or which the Supplier is prohibited to provide or disclose under applicable law or contractual obligation. 

    6.2   The Customer agrees that any audit or inspection in relation to the Sub-processing carried out by the Hosting Provider shall be satisfied by providing the Partner Audit Report to the Customer. The Customer must sign a Non-disclosure agreement with the Hosting Partner to receive a copy of the Hosting Partner Audit Report. 

    6.3   The Customer shall promptly notify the Supplier with information regarding any non-compliance discovered during the course of an audit. This clause shall not modify or limit the rights of audit of the Customer as provided under Data Protection Legislation. It is intended to clarify the procedures in respect of any audit. 

     

    7.   DATA TRANSFERS

    7.1   Customer may specify the location(s) where Customer Data will be processed within the Amazon Web Services (“AWS”) Network, including the London, UK  Region, the US East, Ohio Region or the Asia Pacific, Sydney Region. (each a “Region”). Once Customer has made its choice, AWS will not transfer Customer Data from Customer’s selected Region(s) except as necessary to provide the Services initiated by Customer, or as necessary to comply with the law or binding order of a governmental body. If the Standard Contractual Clauses apply, nothing in this Section varies or modifies the Standard Contractual Clauses.

    7.2   The parties agree that the Standard Contractual Clauses will apply to Personal Data that is transferred via the Hosted Services from the European Economic Area, the United Kingdom, and/or Switzerland to outside the European Economic Area, the United Kingdom, and Switzerland, as applicable, either directly or via onward transfer, to any country or recipient not recognized by the European Commission (or, in the case of transfers from the UK or Switzerland, the competent authority for the UK or Switzerland) as providing an adequate level of protection for personal data (“International Data Transfer”).

    7.3   To the extent Processing by Supplier involves an International Data Transfer of Personal data to a Supplier Affiliate, such transfers shall be subject to the terms of the Supplier’s Intra-Company Data Transfer Agreement which includes the Standard Contractual Clauses, and requires all processing of Personal Data to be made in compliance with Data Protection Legislation and all applicable Supplier security and data privacy policies and standards. 

    7.4   This Schedule hereby incorporates the Standard Contractual Clauses by reference, avoiding the need to separately execute the Standard Contractual Clauses between the Parties, provided that Appendices 1 and 2 of the Standard Contractual Clauses shall be deemed completed as set forth in Annex 1 to this Schedule. 


    8.   SUB-PROCESSING

     

    8.1   The Supplier may Process the Personal Data in the locations and with the Sub-processors set out in Annex 2 to this Schedule in order to perform the Services. 

    8.2   The Customer may receive notifications of new Sub-processors and updates to existing Sub-processors by subscribing for updates. If the Customer subscribes, the Supplier will provide the subscriber with written notice of the appointment of any new Sub-processor, including full details of the Processing to be undertaken by the Sub-processor. If, within thirty (30) days of receipt of that notice, the Company notifies the Supplier in writing of any reasonable objections to the proposed appointment, neither the Supplier nor any Supplier Affiliate shall disclose any Personal Data to that proposed Sub-processor until reasonable steps have been taken to address the objections raised by the Customer and the Customer has been provided with a reasonable written explanation of the steps taken.

    8.3   In the event the Customer objects to a new Sub-processor, the Supplier will use reasonable efforts to make a change to the affected Services available or recommend commercially reasonable changes to the Customer’s configuration or use of the Services to avoid the Processing that is the subject of the objection.  If the Supplier is unable to make available such changes within a reasonable period of time, the Customer may terminate the applicable Service Order with respect only to those Services which cannot be provided by the Supplier without use of the objected-to Sub-processor by providing written notice to the Supplier. The Supplier will then refund the Customer any prepaid fees covering the remainder of the term of such Service Order following the effective date of termination with respect to such terminated Services.

    8.4   The Customer provides a general consent for the Supplier to engage onward Sub-processors, provided the following requirements are satisfied: (a) any onward sub-processor must agree in writing to only process data in a country that the European Commission has declared to have an “adequate” level of protection or to only process data on terms equivalent to the Standard Contractual Clauses, or pursuant to Binding Corporate Rules and (b) the Supplier will restrict the onward Sub-processor’s access to Personal Data only to what is strictly necessary to provide the Services, and will prohibit the Sub-processor from processing the Personal Data for any other purpose.

    8.5   The Supplier will enter into a written agreement with each Sub-processor containing data protection obligations no less protective than those contained in this Data Protection Schedule with respect to the protection of Personal Data.  The parties agree that the copies of the Sub-processor agreements that must be provided by the Supplier to the Customer pursuant to Clause 5(j) of the Standard Contractual Clauses may have all commercial information, or clauses unrelated to the Standard Contractual Clauses or their equivalent, removed by the Supplier beforehand; and, that such copies will be provided by the Supplier, in a manner to be determined in its discretion, only upon the written request of the Customer.

    8.6   Use of a Sub-processor will not relieve, waive or diminish any obligation the Supplier has under the Agreement and the Supplier is liable for any acts or omissions of any Sub-processor to the same extent as if the acts or omissions were performed by the Supplier. 

     
    9.   DATA CONTROLLER RESPONSIBLITIES 

    9.1   The Customer shall comply with all of its obligations under the Data Protection Legislation when Processing Personal Data.

    9.2   The Customer shall notify the Supplier promptly in writing of any request for it to take any action to assist the Customer with ensuring compliance with its obligations under the Data Protection Legislation, including with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators.

    9.3   The Customer warrants that it has a lawful basis under the Data Protection Legislation for the processing of the Personal Data contemplated under the Agreement, and shall ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Supplier for Processing and/or enable lawful collection by the Supplier of the Personal Data and shall be responsible for the accuracy, quality and legality of Customer Data and how the Customer Data is acquired. The Customer is responsible for ensuring that suitable safeguards are in place prior to transmitting or processing, or prior to permitting the Customer’s end users to transmit or process, any Special Category Data via the Services.

     

    10.   CUSTOMER AFFILIATES

    10.1   The obligations of the Supplier as Data Processor set forth herein will extend to those of Customer’s Affiliates whose Personal Data is Processed within the Hosted Services, subject to the following conditions:

    (a)   Customer shall at all times be liable for its Affiliates’ compliance with this Data Protection Schedule and all acts and omissions by a Customer Affiliate are considered acts and omissions of Customer.
    (b)   Customer’s Affiliates will not bring a claim directly against the Supplier. In the event a Customer Affiliate wishes to assert a valid legal action, suit, claim or proceeding against the Supplier (a “Customer Affiliate Claim”): (i) Customer must bring such Customer Affiliate Claim directly against the Supplier on behalf of such Customer Affiliate, unless Data Protection Legislation requires that the Customer Affiliate be party to such Customer Affiliate Claim; and (ii) all Customer Affiliate Claims will be considered claims made by Customer and are at all times subject to any aggregate limitation of liability set forth in the Agreement.
     
    11.   LIMITATION OF LIABILITY

    11.1   Each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or related to this Data Protection Schedule, whether in contract, tort or under any other theory of liability, is subject to the ‘Limitation of Liability’ section of the Agreement, and any reference in such section to the liability of a party means the aggregate liability of that party and all of its Affiliates under the Agreement.


    12.   ORDER OF PRECEDENCE

    12.1   In relation to any Personal Data, in the event of any conflict or inconsistency between any of the terms of the Agreement and this Data Protection Schedule in regard to the processing of Personal Data, the provisions of the following documents (in order of precedence) shall prevail:  (i) the SCCs, (ii) this Data Protection Schedule (iii) the Agreement and (iv) the Service Order or Statement of Work. 


     

     

    Annex 1

    DESCRIPTION OF PROCESSING*

     

    Description

    Detail

    Duration of Processing

    The Supplier will Process Personal Data for the duration of the Agreement.

    Nature and Purposes of the Processing

    The Supplier provides a solution that stores the Customer Data for the purposes of managing Health, Safety or Environmental matters

    • Risk Assessments (e.g. H&S, DSE, Manual Handling, COSHH assessments..)
    • Incidents and Accidents including submission of Reportable accidents
    • Information based around individuals, e.g. training records
    • Registers of assets (e.g. Equipment, electrical testing)
    • Audit and Inspection records
    • Supplier management information
    • Tasks (both system generated and manually added)

    Categories of Personal Data

    The Customer may submit Personal Data to the Hosted Service, the extent of which is solely determined by the Customer, and may include the following categories: 

    • Name
    • Personal Addresses
    • Date of Birth
    • Accident and Near Miss records
    • Phone Number
    • Email Address
    • IP Addresses
    • Training Records

    Special Categories of Personal Data 

     

    The Customer may submit Special Categories Data to the Hosted Services, the extent of which is solely determined by the Customer in compliance with Data Protection Legislation, and may include the following categories, if any: 

    • Health data related to individuals (e.g. recorded due to incidents, actions, or specialised risk assessments)

    Data Subjects

     

    The Customer may submit Personal Data to the Hosted Services, the extent of which is solely determined by the Customer, and may include Personal Data relating to the following categories of Data Subjects: 

    • Employees, volunteers, agents, and temporary workers 
    • Members of the public 
    • Customers, Contractors and Suppliers

     

     
    • Personal data processed is dependant upon the Customer’s requirements. This list states the general information processed by Supplier’s Services for health and safety related activities. If Customer’s requirements change the above scope, Customer should add any additional data it provides to the above table
     
    Annex 2
    Sub-processors

     

    Sub-Processor

    Processing Activities

    Country

    Evotix Limited Group’s wholly owned subsidiaries (“Affiliates”): 

     

    Evotix Limited (UK)

    Evotix Inc. (USA)

    Evotix PTY (Australia)

    Evotix PTY (New Zealand)

    Global Support 

     

     

     

    United Kingdom

    United States 

    Australia

    New Zealand

    Amazon Web Services, Inc. and its Affiliates 

    Third Party Hosting Provider 

    London Region for UK and EU customers

    US East – Ohio Region for North American customers

    Asia Pacific – Sydney Region for Australian and New Zealand customers.

     

     

     


     

     

    Annex 3 
    Supplier Security Measures

     

    Evotix Limited Is Certified to ISO27001: 2013 and is externally assured at least annually against the requirements of that standard.