Iinsight Customer Terms of Service
PLEASE READ THESE CUSTOMER TERMS OF SERVICE CAREFULLY.
Our Customer Terms of Service is a contract that governs our customers' use of the Be Software’s product iinsight®. It consists of the following information (noting Schedules 1, and 3 are redacted as they relate to specific customer pricing, region [country] and conditions of contract):
its registered office at Suite 204 Level 2, 23 Ryde Road NSW 2073 (Service Provider)
AND: CUSTOMER at Item 1 of Schedule 1 (Customer)
The Service Provider and Customer are hereinafter referred as the “Parties”
BACKGROUND
i. The Service Provider is the exclusive owner of the Service.
ii. The Customer has requested and Service Provider has agreed to provide the Service to the Customer on the terms and conditions set out in this Agreement.
1.1 In this Agreement the following definitions shall apply:
“Applicable Laws ” means the laws of England, Wales, Scotland, Northern Ireland, Republic of Ireland and the European Union and any other laws or regulations, regulatory policies, guidelines or industry codes which apply to the provision of the Services.
"Best Industry Practice " means the exercise of that degree of skill, care and timeliness as would be expected from a leading company within the relevant industry or business sector.
“Business Day” means any day other than Saturday, Sunday and gazetted statutory holidays in the State of New South Wales.
“Business Hours” means the hours between 9am (AEST) and 5pm (AWST) on any Business Day.
“Commencement Date” means the date the Service commences as specified at Item 2 in Schedule 1.
“Conditions” means the conditions specified at Schedule 3.
“Confidential Information” means the Services and any associated software, documents and information of the disclosing Party, communicated in written, oral or electronic form, marked as proprietary, confidential or otherwise so identified, or any information that by its form, nature, content or mode of Transmission would to a reasonable recipient be understood to be confidential or proprietary.
“Contract Term” means the period whereby this agreement cannot be cancelled, overriding any Termination of Service requirements as specified in Section 13.
“Consequential Loss” means loss of revenue, loss of profits, loss of goodwill, loss of anticipated savings, pure economic loss, loss of data, loss of value of equipment (other than the cost of repair or replacement) loss of opportunity or expectation loss of any other form of consequential, special, indirect, punitive or exemplary loss or damage.
“Costs” means the total amount of the costs inclusive of activities or items created against a case. “Customer” means the person specified at Item 1 in Schedule 1.
“Customer Data” means all electronic data or information provided by Customer to the Service or retrieved by Customer from the Service.
"Controller" means the same as the term of this name set out in the Data Protection Legislation.
"Processor" means the same as the term of this name set out in the Data Protection Legislation.
"Data Protection Legislation " means the UK Data Protection Act 2018, the General Data Protection Regulation (EU) 2016/679, the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (SI 2000/2699), the Electronic Communications Data Protection Directive (2002/58/EC), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003), and Applicable Laws and regulations Commercial-in-Confidence VERSION REVISION AUTHOR DOC PAGE SLD:NJ/5833 01/12/2022 LC SAAS-UK 2 relating to the processing of personal data and privacy, including where applicable the guidance and codes of practice issued by the UK Information Commissioner’s Office.
"Data Subject" means the same as the term of this name set out in the Data Protection Legislation.
“Fees” means all the fees payable by Customer under this Agreement including those fees specified at Item 3 of Schedule 1.
“Fee Increase Date” means the date specified at Item 4 of Schedule 1 and every 12 months thereafter.
“Force Majeure Event” means, in respect of a Party, any event or circumstance outside that Party's reasonable control that prevents it from fulfilling, or renders it unable to fulfil, an obligation under this Agreement, including, but not limited to, fire, storm, flood, earthquake, explosion, war, invasion, rebellion, sabotage, epidemic, labour dispute, labour shortage, failure or delay in transportation and act or omission (including laws, regulations, disapprovals or failures to approve) of any third person not within the control of a Party (including, but not limited to, subcontractors, customers, governments or government agencies.
“GDPR” means both the UK Data Protection Act 2018 (UK GDPR) and the General Data Protection Regulation (EU) 2016/679.
“GST” has the same meaning given to that term by the GST Law.
“GST Law” means the A New Tax System (Goods and Services Tax) Act 1999 (Cth) - Australia . Also means the A New Tax System [Goods and Services Tax – combining both Provincial Sales Tax (PST) / Harmonized Sales Tax (HST)] Exise Tax Act – Canada.
“Insolvency Event ” in respect of a Party, means:
(i) that Party is unable to pay its debts as and when they fall due for payment;
(ii) that Party enters into a composition or arrangement with its creditors generally in respect of the payment of amounts owing by that party to its creditors;
(iii) a ‘controller’ (as that term is defined in the Corporations Act), mortgagee in possession, trustee in bankruptcy or other external administrator is appointed to the assets or to manage the operations and affairs of that Party; or
(iv) that Party ceases or suspends payment of its debts.
“Intellectual Property Rights” means copyright, trademarks, designs, patents, circuit layouts, business and domain names, inventions, other results of intellectual activity and any other intellectual property right.
“Malicious Code” means any harmful program, code or device incorporated into the Service, so that when it is operates in its intended manner, the result is:
“Managed User” is a user account that has been enabled at anytime within the billing period (month).
“Monthly Fee Invoice” is the invoice that is provided by Service Provider to the Customer for the fees incurred in the previous month;
“Moral Rights” means the right of integrity of authorship, the right of attribution of authorship, and the right not to have authorship falsely attributed, more particularly as described in the Copyright Act 1968 (Cth)/ Copyright Act of Canada (1985), and rights of a similar nature anywhere in the world whether existing presently or which may in the future come into existence.
“Objectionable Material ” means any material referred to in clause 6.1 (b), (c) or (d). “Personal Information” has the same meaning given to the term by the Privacy Act.
“Personal Data
” means the same as the term of this name set out in both the UK and EU GDPR and each countries local data protection laws.
“Privacy Act ” means the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth). Also means the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) Australia and the Personal Information Protection and Electronic Documents Act 2000 Canada including the Digital Privacy Act S4 .
“Privacy Law” means, to the extent applicable:
“Professional Service ” means additional services including but not limited to software engineering developments, and data migrations. Professional Services also relates to any additional expenses incurred by the Service Providing in attending for On-site Support (at the request of the Customer) to provide Training and Implementation supports.
“Quotation” means a formal statement setting out the estimated cost of a particular Professional Service.
“Reasonable Use” means use of the Service by the Customer comparative to the size and breadth of its business and which should not exceed the ordinary use or demands on Service Provider’s resources expected of a business of that size. Determination of whether the Customer is using the Service in accordance with Reasonable Use is at the sole discretion of the Service Provider, having regard to reasonable metrics including:
locations, user numbers, and/or customer volumes.
“Service” means the provision and hosting by Service Provider of the Software, including providing log-ins, managing and monitoring the hardware and Software, back-up and support.
“Service Level Agreement” means the service level agreement detailed in Schedule 2.
“Software” means the
rehabilitation case management
system known as
iinsight and
may include
the add-on
modules specified
at Item
3 of
Schedule 1 if
negotiated and purchased by
the Customer.
“Software Release Notes
” are communication documents shared with customers and clients of an organisation detailing the changes or enhancement made to the features of the Service provided by the Service Provider. This communication document is
usually circulated only after the product or service is thoroughly tested and approved against the specification provided by the development team
“Tax” A tax, known in some countries as a goods and services tax (GST), is a type of tax payable by companies and individuals in the United States.
“Territory” means the territory specified at Item 6 in Schedule 1.
“Transmission” means the transmission of Confidential Information. Where this information is transmitted electronically between the Customer and the Software this transmission is performed using Transport Layer Security protocols which are designed to prevent eavesdropping and tampering.
“Users” means people who are authorised to access and use the Service and who have been provided
with user identifications
and passwords by
Customer (or by
Service Provider at
Customer’s request) being Customer employees or means contractors who use it solely for the
benefit of Customer’s internal business purposes in accordance with the terms and conditions of this Agreement.
“VAT” A value-added tax (VAT), known in some countries as a goods and services tax (GST), is a type of tax that is assessed incrementally
Headings are for convenience only and do not affect interpretation. The following rules apply unless the context requires otherwise:
(i) a reference to a clause number is a reference to its subclauses;
(ii) words in the singular number include the plural and vice versa;
(iii) words importing a gender include any other gender;
(iv) a reference to a person includes body corporate, unincorporated associations and partnerships;
(v) a reference to this Agreement includes any annexure, exhibit or Schedule and any Reference Schedule;
(vi) a reference to a clause is a reference to a clause or subclause of this Agreement;
(vii) a reference to a subclause is a reference to a subclause of the clause in which that reference is made;
(viii) where a word or phrase is given a particular meaning, other parts of speech and grammatical forms of that word or phrase have corresponding meanings;
(ix) monetary references are references to currency stipulated in Section 1;
(x) a rule of construction does not apply to the disadvantage of a party because the party was responsible for the preparation of this Agreement or any part;
(xi) the words “include”, “including”, “for example” or “such as” are not used as, nor are they to be interpreted as, words of limitation, and, when introducing an example, do not limit the meaning of the words to which the example relates to that example or examples of a similar kind.
2.1 Service Provider grants to Customer a non-exclusive, non-transferable right to use the Service in the Territory, subject to Reasonable Use and solely for Customer’s own internal business purposes and to process Customer Data, subject to the terms of this Agreement.
2.2 Customer agrees to pay the Fees in accordance with this Agreement.
2.3 The Service commences on the Commencement Date.
2.4
Subject to clause Customer acknowledges and agrees that its purchase of the Service is not
contingent upon the delivery of any future functionality or features nor dependent on any oral or
written public statements made by Service Provider regarding future functionality of features
provided that, from time to time, additional functionality may be offered by Service Provider with respect
to the Services at an additional
Fee
2.5 This agreement may depend on the Conditions (if any) which the Service Provider agrees to comply with as a condition of Customer entering into this Agreement.
2.6 Service Provider reserves the right to make changes and updates to the functionality and/or documentation of the Service from time to time and shall promptly advise Customer in writing of such changes and updates.
2.7 Service Provider agrees to use commercially reasonable efforts to maintain Service accessibility solely in accordance with the provisions of the Service Level Agreement (Standard) provided that in no event will any additional support or maintenance policies published by Service Provider or other contractual support provisions be applicable to this Agreement unless agreed to by the Parties in writing.
2.8 Service Provider or a third party designated by Service Provider, may during Business Hours and on reasonable advance notice describing the purpose and scope of the request, in a manner that does not unreasonably interfere with the business operations of Customer, audit Customer’s use of or access to the Services to verify Customers compliance with the provisions of this Agreement.
2.9 Customer is responsible for:
(i) all activities that occur under Customer’s User accounts;
(ii) maintaining the security and confidentiality of all User username and passwords; and
(iii) notifying Service Provider immediately of any unauthorised use of any Service username, password, account or any other known or suspected breach of security.
3.1 Customer agrees to pay:
(i) the Fees as stated in Schedule 1 and in accordance with this Agreement; and
(ii) all applicable GST/VAT, sales tax, import and custom duties and any other applicable taxes relating to the Services.
3.2 The Fees will increase not exceed a 5% annual increase with the first fee increase to take place on the Fee Increase Date and every 12 months thereafter.
3.3 Payment obligations are non-cancellable and all Fees paid are non-refundable. Customer is not entitled to withhold or set-off any Fees due for any reason whatsoever.
3.4 Monthly Fee Invoices will be issued within 2 days of the end of a calendar month. Within 7 days of issue of the invoice, payment of the invoice will be deducted from Customer’s credit card or direct debit account, whichever has been provided by Customer.
3.5 Invoices relating to Professional Service Fees will be issued upon receipt of signed Quotation. Payment of the invoice will be deducted from the Customer’s credit card or direct debit account (whichever has been provided by Customer) within 5-7 days of issue of the invoice. Upon receipt of payment a commencement date will be confirmed and the required resources will be allocated accordingly, unless alternate arrangements have been agreed in writing between the Customer and the Service Provider.
3.6 Customer is responsible for notifying Service Provider of changes to its billing contacts.
3.7 Any amount payable by Customer which is not paid by the due date will be subject to a late payment charge equal to 1.5% per month. All costs incurred due to late payment of fees and debt collection will be reimbursed by Customer.
4.1 From time to time the Service Provider may ask the Customer if they wish to engage in promotional activities. These activities can include press releases, case studies and advertising campaigns. Participation in any of these Marketing and Promotional activities is at the sole discretion of the Customer.
5.1 Service Provider may elect to archive any case that has remained inactive for a significant period of time after consultation with the Customer.
6.1 Customer will utilise the Service in accordance with Reasonable Use.
6.2 Customer shall use the Service solely for its internal business purposes as contemplated by this Agreement and shall not:
(i) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share or otherwise commercially exploit or make the Service available to any third party, other than Users or as otherwise contemplated by this Agreement;
(ii) send unsolicited commercial messages in violation of applicable laws;
(iii) send or store infringing, obscene, threatening, or otherwise unlawful material, including material that is harmful to children or violates third party privacy rights;
(iv) send or store Malicious Code;
(v) interfere with or disrupt the integrity or performance of the Service or the data (other than Customer Data) contained therein; or
(vi) attempt to gain unauthorised access to the Service or its related systems or networks.
6.3 Customer will be responsible to ensure that its Users do not submit any Objectionable Material.
6.4 Service Provider may, at its option, adopt rules for permitted and appropriate use and may update them from time to time on Service Provider’s website and Customer and Customer’s Users will be bound by any such rules.
6.5 Service Provider reserves the right to remove any Customer Data that constitutes Objectionable Material or violates any Service Provider rules regarding appropriate use, but is not obligated to do so.
6.6 Service Provider reserves the right to suspend or terminate immediately any Customer or User account or activity that is disrupting or causing harm to Service Provider’s computers, systems or infrastructure or to other parties, or is in violation of any state or federal laws relating to unsolicited commercial messages or otherwise.
7.1 Additional Professional services by Service Provider to Customer are available at Service Provider’s then current rates at the time the professional services are requested, pursuant to a separate services agreement including:
(i) recovery or restoration of Customer Data deleted by Customer;
(ii) assistance with configuration or other implementation of the Service;
(iii) Service instruction or other education or training; and
(iv) termination and migration assistance.
8.1 Subject to 8.2, Service Provider will maintain a back-up and disaster recovery system with respect to the Service and will use commercially reasonable efforts to perform the disaster recovery plan in a timely manner in the event of a disaster.
8.2 If a Force Majeure Event or any other event adversely affects Service Provider’s ability to backup or recover Customer Data, Customer acknowledges and agrees that such Customer Data may not be recoverable and Customer accepts responsibility for the re-entry of the data.
9.1 If Customer requests Service Provider to provide on-site support, Service Provider shall do so as soon as practicable, subject to Customer paying all out-of-pocket expenses associated with travel, accommodation and other relevant expenses (Expenses). Customer is deemed to agree to payment of the Expenses upon requesting the on-site support. The relevant on-site support Expenses will be charged to the Customer in the next Monthly Fee Invoice and is payable in accordance with this Agreement.
9.2 Service Provider does not warrant that it will be capable of promptly receiving, processing or otherwise acting upon a request for support which is made outside the Business Hours or that it can provide on-site support services outside Business Hours.
9.3 Service Provider shall be entitled to charge Customer additional fees for any on-site visit at the request of Customer where no fault in the Program is found to exist.
10.1 Service Provider acknowledges Customer’s rights, title, and interest in and to all Customer Data. Customer Data is deemed Confidential Information under this Agreement. Service Provider shall not access Customer’s User accounts, or Customer Data, except to respond to service or technical problems or at Customer’s request. Recovery of any Customer Data deleted by Customer shall be the responsibility of Customer. The Service including Customer Data shall be segregated from any other Service which Service Provider may provide for other customers.
10.2 Customer is solely responsible for all Customer Data, whether publicly posted or privately transmitted, that Customer uploads, posts, e-mails, transmits or otherwise makes available on the Service. Customer has sole responsibility for the accuracy, quality, integrity, legality, reliability and appropriateness of Customer Data. Customer Data will be protected by Service Provider with at least the same protective precautions that Service Provider takes to protect its similar proprietary or Confidential Information from unauthorised disclosure.
10.3 Service Provider will not, without Customer’s prior written consent, disclose any of Customer Data to any third party, except to those bona fide individuals whose access is necessary to enable Service Provider to perform its obligations under this Agreement.
10.4 Subject to Service Provider’s responsibilities of confidentiality set out in this Agreement, Service Provider will be not be responsible for any unauthorised access to or alteration, theft or destruction of Customer Data through accident, fraudulent means, or any other reason, unless such access, alteration, theft or destruction is caused as a direct result of Service Provider’s gross negligence or intentional misconduct and in that case, Service Provider’s liability will be limited to commercially reasonable efforts to restore or recover Customer Data to the most recent back-up of Customer Data.
11.1 The Parties agree that Confidential Information furnished to a Party (“Receiving Party”) shall be used and reproduced by the Receiving Party only in connection with that Party’s obligations under this Agreement. Except as specifically stated herein, neither Party grants to the other any right, title or interest in any of its Confidential Information.
11.2 A Receiving Party shall treat as secret and confidential all or any Confidential Information of the other Party acquired by it from the other Party during the performance of this Agreement by means that are no less restrictive than those used for its own Confidential Information.
11.3 The Receiving Party is permitted to disclose Confidential Information:
(i) where such disclosure is necessary or required to perform the Receiving Party’s obligations under this Agreement, but only then to the extent as may be necessary or required to perform those obligations; and
(ii) in connection with the requirements of law, regulation or court order, provided that the Receiving Party promptly notifies the other Party of any such requirement and cooperates with any attempt to procure a protective order or similar treatment.
11.4 The Receiving Party is not required to treat as Confidential Information information which:
(i) is available to the public (other than through breach of an obligation of confidentiality);
(ii) the Receiving Party can prove it lawfully possessed before obtaining it in connection with this Agreement;
(iii) is rightfully received by the Receiving Party from a third party without a duty of confidentiality; or
(iv) which is independently developed by the Receiving Party.
11.5 The Program and related documentation and the Service are Confidential Information of Service Provider.
12.1 Each Party will ensure that its representatives are aware of the respective Parties’ obligations under the Privacy Law and under this clause 12 in relation to the collection, storage, use and disclosure of Personal Information.
12.2 Each Party will at all times comply with its obligations under the Privacy Law or comply with its respective obligations under the Data Protection Legislation (for Australia and United Kingdom) or PIPEDA/HIPAA for Canadian and US companies.
12.3 Each Party will, to the extent reasonably requested by the other Party, assist the other Party to comply with its respective obligations under the Privacy Law, including complying with its obligations under National Privacy Principle 1.5 (Australia) and under the Fair Information Principles (Canada). Each Party will, to the extent reasonably requested by the other Party, assist the other Party to comply with its respective obligations under the Data Protection Legislation (UK/EU) and HIPPA (US)
12.4 Each Party will immediately notify the other Party if it receives a complaint in relation to, or a request for access to or amendment or correction of, Personal Information.
12.5 Each Party will take reasonable steps to assist the other Party to resolve a complaint or respond to a request in relation to Personal Information.
12.6 Subject to the requirements of any law, each Party, if requested to do so by the other Party, will return all copies of the relevant Personal Information received from the other Party or follow the other Party’s reasonable instructions to destroy, erase or de-identify all tangible and intangible records of that Personal Informatio n.
13.1 Service Provider may immediately terminate or suspend Customer’s use of the Service or terminate this Agreement, if Customer:
(i) fails to pay any applicable Fees when due;
(ii) breaches or otherwise fails to comply with this Agreement and where the breach is capable of remedy, fails to remedy the breach within 30 days of being notified in writing; or
(iii) is the subject of an Insolvency Event.
13.2 Service Provider may terminate or suspend Customer’s use of the Service or terminate this Agreement by giving Customer 30 days’ notice in writing.
13.3 Customer may terminate the Agreement by giving Service Provider 30 days’ notice in writing where the Contract Term has ended.
13.4 Upon termination of this Agreement by Service Provider as a result of Customer’s breach, Service Provider will have no obligation to refund to Customer any Fees paid by Customer.
13.5 In the event Service Provider (or its successor) permanently ceases to operate the Service, Service Provider will refund to Customer any pre-paid fees (if any) for the remaining months where Customer no longer has access to the Service
13.6 Where a notice of termination is given by Customer in accordance with clauses 13.2 and 13.3, Service Provider must, subject to Customer complying with all its obligations under this Agreement, continue to provide the Service to Customer until the notice period has elapsed. Rejection will occur if the Customer is still in the contract term.
14.1 Service Provider owns all right, title and interest, including all Intellectual Property Rights, in and to the Service, the Program, materials and other related content (excluding Customer Data), and any derivatives, suggestions, ideas, development or modification requests, feedback, recommendations or other information provided by Customer or any other party relating to the Service. In addition, the Intellectual Property Rights in all content published on the Service by Service Provider, including reports, presentations, written content, graphics, images, marks, logos, sound or video clips, and Flash or Java animation, are held by Service Provider or Service Provider’s partners or users.
14.2 Customer shall not:
(i) modify, copy or create derivative works based on the Program or Service;
(ii) reverse assemble or reverse compile or directly or indirectly allow or cause a third party to reverse assemble or reverse compile the whole or any part of the Program or Service;
(iii) access or use the Service to:
(a) build a competitive product or service;
(b) copy any ideas, features, functions or graphics of the Service.
14.3 Service Provider shall have a royalty-free, worldwide, transferable, sub-licensable, irrevocable, perpetual license to use or incorporate into the Services any suggestions, development or modification requests, recommendations or other feedback provided by Customer, including Users, relation to the operation of the Service.
14.4 Service Provider may use software under licence in providing the Service which Customer and its Users may access or use with Service Provider’s consent.
15.1 Subject to clauses 15.2, 15.4 and 15.5, Service Provider indemnifies Customer against liability under any final judgment in proceedings brought by a third party against Customer which determines that Customer’s use of the Service or Program constitutes an infringement in Australia of any Intellectual Property Rights of the third party by reason of the Service or Program infringing the Intellectual Property Rights of the third party.
15.2 Service Provider shall not be required to indemnify Customer as provided in clause 15.1 unless Customer:
(i) notifies Service Provider in writing as soon as practicable of any infringement, suspected infringement or alleged infringement;
(ii) gives Service Provider the option to conduct the defence of such a claim, including negotiations for settlement or compromise prior to the institution of legal proceedings; and
(iii) provides Service Provider with reasonable assistance in conducting the defence of such a claim.
15.3 In case of such a claim, Service Provider may, at its discretion:
(i) modify, alter or substitute the infringing part of the Service or Program at its own expense in order to avoid continuing infringement;
(ii) procure for Customer the authority to continue the use and possession of the Service or Program; or
(iii) if it deems such remedies not practicable, terminate the Service and this Agreement without penalty, provided that in case of such termination, Customer will receive a pro-rata refund of the Fees prepaid for the Service not yet furnished as of the date of termination.
15.4 Service Provider shall not indemnify Customer to the extent that an infringement, suspected infringement or alleged infringement arises from:
(i) use of Service in combination by any means and in any form with other goods or services not specifically approved by Service Provider;
(ii) use of Service in a manner or for a purpose not reasonably contemplated or not authorised by Service Provider; or
(iii) any transaction entered into by Customer relating to the Service without Service Provider's prior consent in writing.
15.5 In the event that proceedings are brought or threatened by a third party against Customer alleging that Customer’s use of the Service constitutes an infringement of Intellectual Property Rights, Service Provider may at its option and at its own expense conduct the defence of such proceedings.
15.6 Customer shall provide all necessary co-operation, information and assistance to Service Provider in the conduct of the defence of proceedings referred to in clause 15.5.
15.7 Customer shall indemnify Service Provider against any loss, costs, expenses, demands or liability, whether direct or indirect, arising out of a claim by a third party alleging infringement of its Intellectual Property Rights if:
(i) the claim arises from an event specified in clause 15.4; or
(ii) the ability of Service Provider to defend the claim has been prejudiced by the failure of Customer to comply with any requirements of clauses 15.2 or 15.6.
15.8 Customer must not do anything that is, or is likely to be, an infringement of, or otherwise inconsistent with, any Moral Rights in any part or parts of Service.
15.9 Customer will defend, indemnify, and hold Service Provider (and its officers, directors, employees and agents) harmless:
(i) from and against all loss or damage (including Consequential Loss) which may be suffered or incurred or which may arise directly or indirectly in respect of a claim, suit, action or proceeding by a third party:
(a) alleging that Customer Data or Customer’s use of the Services in breach of this Agreement, infringes the Intellectual Property Rights or other rights of a third party or violates applicable law; or
(b) arising out of breach of clause 12.6;
(ii) from any expense or cost incurred by Service Provider arising from any third party subpoena or court order or process that seeks Customer Data and/or other Customer- related information or data including prompt payment of all costs (including reasonable legal expenses).
16. Data Protection
16.1
The parties must comply at all times with the Data Protection Legislation and will not perform their obligations under this Agreement in such a way as to cause either party to breach any of its obligations under the Data
Protection Legislation.
16.2
The Service Provider must notify the relevant regulators and/or the supervisory authority competent in accordance with Article 55 of the GDPR within 72 hours if it becomes aware of any breach by the Service Provider of
the Data Protection Legislation in connection with this agreement. The Service Provider must also notify the Customer as soon as is reasonably possible where a breach is a serious case, such as where there is a high risk
to the Customer’s rights and freedom, such as security, confidentiality or identity theft.
16.3
With respect to the parties' rights and obligations under this agreement, the parties agree that the Customer is the Controller and
that the Service Provider is the Processor.
16.4 The Service Provider will:
(a) only process the Personal Data on behalf of the Customer for the purposes of performing this agreement, and only in accordance with instructions contained in this agreement or received from the Customer from time to time;
(b) not otherwise modify, amend or alter the contents of the Personal Data or disclose or permit the disclosure of any of the Personal Data to any third party unless specifically authorised in writing by the Customer;
(c) at all times comply with Articles 32 and 34 of the GDPR and the Data Protection Act 2018 and in so doing provide, on prior written request from the Customer, a written description of the technical and organisational methods employed by the Service Provider for processing Personal Data and implement appropriate technical and organisational measures to protect the Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure;
(d) take reasonable steps to ensure the reliability of any of the Service Provider’s personnel who have access to the Personal Data;
(e) ensure that only those of the Service Provider's personnel who need to have access to the Personal Data are granted access to such data and only for the purposes of the performance of this agreement and all of Service Provider's personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this clause 16;
(f) not publish, disclose or divulge any of the Personal Data to any third party (including for the avoidance of doubt the Data Subject) unless directed to do so in writing by the Customer;
(g) notify the Customer within 5 (five) Business Days if it receives:
(ii) providing the Customer with full details of the complaint or request;
(iii) complying with a data access request within the relevant timescales set out in the Data Protection Legislation but strictly in accordance with the Customer's instructions;
(iv) providing the Customer with any Personal Data it holds in relation to a Data Subject making a complaint or request within the timescales required by the Customer; and
(v) providing the Customer with any information reasonably requested;
16.5 The Customer acknowledges that the Service Provider is reliant on the Customer alone for direction as to the extent that the Service Provider is entitled to use and process the Personal Data. Consequently, the Service Provider will be fully indemnified for liability by the Customer in circumstances where a Data Subject makes a claim or complaint with regards to the Service Provider's actions to the extent that such actions directly result from instructions received from the Customer.
16.6 The Service Provider must at all times during and after the duration of this agreement, indemnify the Customer and keep the Customer indemnified against all direct losses, costs or expenses and other liabilities reasonably incurred by, awarded against, or agreed to be paid by, the Customer arising from any breach of the Service Provider's obligations under this Clause 16 except and to the extent that such liabilities have resulted directly from the Customer's instructions.
17.1 Each Party represents and warrants that it has the legal power to enter into this Agreement.
17.2 Service Provider represents and warrants that:
(i) it owns or otherwise has sufficient rights in the Service to grant Customer the rights to access and use the Service granted herein;
(ii) it will provide the Service in a manner consistent with general industry standards reasonably applicable to the provision of the Service; and
(iii) the Service shall perform in all material respects to the functionality as described in applicable online user documentation available to Customer through customer support.
17.3 Subject to clause 16.5 any condition or warranty which would otherwise be implied in this Agreement is hereby excluded.
17.4 All Services provided pursuant to this Agreement are provided or performed on an “as is”, “as available” basis and Customer’s use of the Service is solely at its own risk.
17.5 Where legislation implies in this Agreement any condition or warranty, and that legislation prohibits provisions in a contract excluding or modifying the application of or liability under such condition or warranty but allows the liability there under to be limited, the condition or warranty shall be deemed to be included in this Agreement and the liability of Service Provider for any breach of such
condition or warranty shall be limited, at the option of Service Provider, to one or more of the following:
(i) if the breach relates to goods:
(a) the replacement of the goods or the supply of equivalent goods;
(b) the repair of such goods;
(c) the payment of the cost of replacing the goods or of acquiring equivalent goods; or
(d) the payment of the costs of having the goods repaired; and
(ii) if the breach relates to services, the supplying of the services again.
18.1 Save as provided for in clause 17.2, Service Provider will not be liable for any claim to the extent that the claim relates to:
in each case regardless of the form of action, whether in contract, strict liability or tort (including negligence).
18.2 Nothing in this Agreement limits or excludes the either party’s liability for:
18.3 Customer acknowledges that to the extent Service Provider has made any representation which is not otherwise expressly stated in this Agreement, Customer has been provided with an opportunity to independently verify the accuracy of that representation.
18.4 Customer shall at all times indemnify and hold harmless Service Provider and its officers, employees and agents (“those indemnified”) from and against any loss (including reasonable legal costs and expenses) or liability reasonably incurred or suffered by any of those indemnified arising from any proceedings against those indemnified where such loss or liability was caused by:
(i) a breach by Customer of its obligations under this Agreement; or
(ii) any wilful, unlawful or negligent act or omission of Customer.
18.5 Neither Party will be liable to the other Party for any Consequential Loss which may be suffered or incurred under any theory of liability, whether based on breach of contract, breach of statute, tort (including any negligent act or omission) and whether or not the Party has been advised of the possibility of such loss or damage.
18.6 In the event that any exclusion or limitation contained in this Agreement shall be held to be invalid for any reason and to the extent that Service Provider becomes liable for loss or damage that may lawfully be limited; such liability will not exceed the amount paid by Customer for the 3 months immediately preceding the month in which the claim arose.
19.1 Customer may not assign this Agreement, the use of the Service, or any other rights and obligations under this Agreement without the prior written consent of Service Provider.
19.2 Service Provider shall have the unrestricted right to assign all or part of its rights and obligations under this Agreement.
19.3 Each Party shall bear its own costs arising out of the preparation, negotiations and execution of this Agreement.
19.4 A notice, demand, consent, approval or communication given or made under this Agreement (“Notice”):
(i) must be in legible writing, in English;
(ii) must be duly signed by the issuing Party’s Contract Representative;
(iii) must be delivered by hand or sent by prepaid post, email or facsimile to the address of the other Party as specified in the Reference Schedule;
(iv) will be taken to be duly given or made:
(a) if hand delivered, when delivered;
(b) if sent by prepaid post, on the second Business Day after the date of posting (or on the seventh Business Day after the date of posting if posted to or from a place outside Australia);
(c) if by facsimile or email transmission, on the day of transmission as evidenced by a fax or email transmission record indicating that the transmission has been made without error before 5:00pm on a Business Day, otherwise on the next Business Day.
19.5 If any of these terms and conditions (or part of them) is void or unenforceable, it is deemed to be removed and no longer forms part of the Agreement and the remaining terms and conditions or parts of the term or condition of this Agreement continue in full force and effect.
19.6 No forbearance, delay or indulgence by a Party in enforcing the provisions of this Agreement shall prejudice or restrict the rights of the Party, nor shall any waiver of those rights operate as a waiver of any subsequent breach.
19.7 A Party (“Affected Party”) shall not be liable to the other Party for any delay or failure to perform its obligations pursuant to this Agreement if such delay is due to a Force Majeure Event provided that such Party takes reasonable steps to mitigate any impact of such event. The Affected Party shall notify the other Party of a Force Majeure Event and in the event that Service Provider is the Affected Party and cannot provide the Service, Customer shall have the option of suspending the Fees charged for the period of the Force Majeure Event. If a Force Majeure Event continues beyond the period of seven (7) Business Days, the Parties shall in good faith negotiate to vary the terms of this Agreement as necessary and mutually agree to any change, or notification of termination.
19.8 This Agreement shall be governed by and construed in accordance with the laws for the time being in force in the State of New South Wales and the Parties agree to submit to the jurisdiction of the courts and tribunals of that State.
19.9 Clauses 3 (Service Fees); 10 (Customer Data); 11 (Confidentiality and Privacy); 14 (Proprietary Rights); 15 (Intellectual Property Rights Indemnities); 16 (Warranty and Implied Terms); 17 (Liability of Service Provider); and the obligation of Customer to pay any outstanding fees due under this Agreement shall survive the termination of this Agreement.
19.10 This Agreement constitutes the entire agreement between the Parties in connection with its subject matter and supersedes all previous agreements, proposals, purchase orders, representations or understandings, whether oral or written, between the Parties in connection with its subject matter. No alteration or modification of this Agreement will be valid unless made in writing and signed by the Parties.
19.11 This Agreement may be executed in counterparts. All counterparts, taken together, constitute one instrument. A party may execute this Agreement by signing any counterpart. The Parties agree that counterparts may be exchanged by electronic mail. Each Party consents to the other Party executing this Agreement by affixing their electronic signature.
SCHEDULE 2
MAINTENANCE AND SUPPORT TERMS
The Support Services are included and will be provided in relation to the Software during the Term. The elements included in the Support Services vary according to the Tier specified below.
|
Service Level Agreement |
Standard |
Customised |
|
Hours of coverage |
0900 (AEST) – 1700 (AWST) |
To be negotiated (TBN) |
|
Email support |
Yes |
TBN |
|
Phone support |
Yes |
TBN |
|
Target Response Time |
See table below |
TBN |
|
System Health Monitoring (24x7) |
Yes |
TBN |
|
Access to User Group |
Yes |
TBN |
|
Software updates (quarterly) |
Yes |
TBN |
|
Severity |
Target Response Time |
|
Severity 1 Critical |
2 hours |
|
Severity 2 High |
4 hours |
|
Severity 3 Medium |
Next business day |
|
Severity 4 Low |
Next business day |
|
Category |
Severity 1 Critical |
Severity 2 High |
Severity 3 Medium |
Severity 4 Low |
|
Business exposure |
Application Failure results in serious business exposure. |
Application Failure results in serious business exposure. |
Application Failure results in low business exposure. |
Application Failure results in minimal business exposure. |
|
Number of offices or users affected |
Application Failure affects a large number of offices/users. |
Application Failure affects a large number of offices/users. |
Application Failure affects a small number of offices/users. |
Application Failure may affect only a small number of offices/users. |
|
Workaround possibilities |
No acceptable workaround to the problem (i.e. job cannot be performed in any other way) |
An acceptable and implemented workaround to the problem (i.e. job can be performed in some other way) |
May or may not be an acceptable workaround to the problem |
Likely to be an acceptable workaround to the problem |
Application Failure means a defect, error or bug that has a materially adverse effect on the appearance, operation, or functionality of the Software but excludes any defect, error or bug caused by or arising because of:
Target Response Time is the period of time commencing from the point at which the Service Provider confirms that a request for Support Services is due to a failure of the Software (on account of errors in the code) to perform in accordance with its specifications; and Service Provider will appoint one or more of its software engineers to work on resolving the application failure. Any period of time during which Service Provider cannot progress the Support Services due to a delay in providing information or collaboration by the Customer will be excluded from this time.
The target resolution may be the provision of a suitable Workaround. Where appropriate, the Service Provider will continue to work towards a permanent correction of the error as soon as reasonably practicable, but any measurement of the Target Response Time will cease once a Workaround has been provided.
SCHEDULE 3
Conditions of contract, if any, would be inserted here.
ADDENDUM (UK & EU)
This Data Protection Agreement ("DPA ") forms part of the Software as a Service Agreement ("Agreement ") between: (i) Be Software International Limited (" Service Provider"); and (ii) the Customer at Item 1, Schedule 1 of the Agreement (" Company").
The purpose of this DPA is to reflect the parties’ agreement regarding the processing of personal data in accordance with the requirements of the Data Protection Legislation.
Service Provider warrants and represents that, before its Affiliates Process any Personal Data on behalf of any party, Service Provider's entry into this DPA as agent for and on behalf of that Affiliate has been authorised (or subsequently ratified) by that Affiliate.
This DPA is entered into and becomes a binding part of the Agreement.
These Clauses are deemed to be amended from time to time, to the extent that they relate to a Restricted Transfer which is subject to the Data Protection Laws of a given country or territory, to reflect (to the extent possible without material uncertainty as to the result) any change (including any replacement) made in accordance with those Data Protection Laws (i) by the Commission to or of the equivalent contractual clauses approved by the Commission under EU Directive 95/46/EC or the GDPR (in the case of the Data Protection Laws of the European Union or a Member State); or (ii) by an equivalent competent authority to or of any equivalent contractual clauses approved by it or by another competent authority under another Data Protection Law (otherwise).
If these Clauses are not governed by the law of a Member State, the terms "Member State" and "State" are replaced, throughout, by the word "jurisdiction".
Standard Contractual Clauses (processors)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection
Name of the data exporting organisation (Company Group Member): Signatory to the Agreement between the parties (the data exporter)
And
Name of the data importing organisation: Be Software International Limited
Address: Compass House, Vision Park, Chivers Way, Cambridge CB24 9AD, UK
Tel.:+44 (0) 1223 257 790 ; fax: +44 (0) 1223 257 800;
e-mail: privacy@besoftware.biz (the data importer)
each a “party”; together “the parties”,
HAVE AGREED on the following Contractual Clauses (the Clauses) to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
Background
The data exporter has entered into a data processing agreement (“DPA ”) with the data importer. Pursuant to the terms of the DPA, it is contemplated that services provided by the data importer will involve the transfer of personal data to data importer. Data importer is located in a country that does not ensure an adequate level of data protection. To ensure compliance with Directive 95/46/EC and applicable data protection law, the controller agrees to the provision of such Services, including the processing of personal data incidental thereto, subject to the data importer’s execution of, and compliance with, the terms of these Clauses.
Clause 1
Definitions
For the purposes of the Clauses:
(a) 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals for the processing of personal data and on the free movement of such data;
(b) ' the data exporter' means the controller who transfers the personal data;
(c) 'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC
(d) 'the Subprocessor' means any processor engaged by the data importer or by any other Subprocessor of the data importer who agrees to receive from the data importer or from any other Subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) 'the applicable data protection law ' means the legislation protecting the fundamental rights and freedoms of individuals and their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
(f) 'technical and organisational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Clause 2
Details of the transfer
The details of the transfer and the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Clause 3
Third-party beneficiary clause
1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
3. The data subject can enforce against the Subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity . Such third-party liability of the Subprocessor will be limited to its own processing operations under the Clauses.
4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
Clause 4
Obligations of the data exporter
The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any Subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a Subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).
Clause 5
Obligations of the data importer
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority regarding the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which will be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, except for Appendix 2 which will be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the Subprocessor will be carried out in accordance with Clause 11;
(j) to send promptly a copy of any Subprocessor agreement it concludes under the Clauses to the data exporter.
Clause 6
Liability
1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or Subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his Subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a Subprocessor of its obligations in order to avoid its own liabilities.
3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the Subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the Subprocessor agrees that the data subject may issue a claim against the data Subprocessor w ith regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the Subprocessor will be limited to its own processing operations under the Clauses.
Clause 7
Mediation and jurisdiction
1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is established.
2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Clause 8
Cooperation with supervisory authorities
1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any Subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
3. The data importer must promptly inform the data exporter about the existence of legislation applicable to it or any Subprocessor preventing the conduct of an audit of the data importer, or any Subprocessor, pursuant to paragraph 2. In such a case the data exporter is entitled to take the measures foreseen in Clause 5 (b).
Clause 9
Governing Law
The Clauses will be governed by the law of the Member State in which the data exporter is established.
Clause 10
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
Clause 11
Subprocessing
1. The data importer must not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it can do so only by way of a written agreement with the Subprocessor which imposes the same obligations on the Subprocessor as are imposed on the data importer under the Clauses. Where the Subprocessor fails to fulfil its data protection obligations under such written agreement the data importer remains fully liable to the data exporter for the performance of the Subprocessor's obligations under such agreement.
2. The prior written contract between the data importer and the Subprocessor will also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the Subprocessor is limited to its own processing operations under the Clauses.
3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 are governed by the law of the Member State in which the data exporter is established.
4. The data exporter must keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which will be updated at least once a year. The list will be available to the data exporter's data protection supervisory authority.
Clause 12
Obligation after the termination of personal data processing services
1. The parties agree that on the termination of the provision of data processing services, the data importer and the Subprocessor will, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or must destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
2. The data importer and the Subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
On behalf of the data exporter: Signatory to the Agreement between the parties
On behalf of the data importer: Signatory to the Agreement between the parties
Appendix 1 to the Standard Contractual Clauses (UK & EU)
Parties and contacts for data protection enquiries
The data exporter is the Signatory to the Agreement between the parties.
The data importer is the Signatory to the Agreement between the parties.
Data subjects
The personal data transferred concern the following categories of data subjects:
Categories of data
The personal data transferred concern the following categories of data:
The data transferred is the Customer Personal Data provided by the data exporter to the data importer in connection with the use of its iinsight® case management software (“ iinsight® ”). The Customer Personal Data may include a person’s contact details including first and last names, email address and telephone number; work, education and health history; medical information including healthcare provider details; data relating to sales leads and customer lists; and notes provided by the data exporter regarding the Customer Personal Data.
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data:
Sensitive Customer Personal Data may be provided by the data exporter to the data importer in connection with its use of iinsight® such as a person’s racial or ethnic origin, and medical and health-related information.
Recipients
The Personal Data transferred may be disclosed only to the following recipients or categories of recipients:
Employees and other representatives of the data importer who have a legitimate business purpose for Processing of such Personal Data.
Processing operations
Personal Data transferred will be subject to the following basic processing activities:
All Personal Data is encrypted both in transit and at rest.
Additional Information (storage limits and duration)
Personal Data transferred between the parties will only be retained for the period of time permitted under the Agreement, or as required by law. The parties agree that they will, to the extent that each party acts as a Controller with respect to Personal Data, reasonably cooperate with the other party to ensure the exercise of data protection rights as set out in the Data Protection Laws.
The obligations and rights of Company and Affiliates
The obligations and rights of Company and Affiliates are set out in the Agreement and this DPA
Appendix 2 to the Standard Contractual Clauses (UK & EU)
This Appendix forms part of the Clauses and must be completed by the parties.
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c):