SISCIN TERMS OF SERVICE

SISCIN TERMS OF SERVICE

1.              INTERPRETATION

1.1          The definitions and rules of interpretation in this clause apply in this Agreement.

Affiliate: includes each and any subsidiary or holding company of the Customer and each and any subsidiary of a holding company of the Customer.

Agreement: means these Terms of Service and the Order Form including all Annexes Appendices and Schedules referred to therein. In the event of conflict between the Terms of Service and any Order Form, the Order Form shall prevail to the extent of such conflict.

Authorised Users:  those employees, agents, and contractors who are authorised by the Customer to use the Services and the Documentation.

Customer Data: the information and data (including Personal Data) inputted by the Customer, Authorised Users, or the Supplier on the Customer’s behalf for the purpose of using the Services or facilitating the Customer’s use of the Services but shall exclude any customer data held on the Customer’s own data domain including for the avoidance of doubt the SISCIN Key Store and SISCIN Customer Archives.

Data Protection Legislation: the General Data Protection Regulation ((EU) 2016/679) (GDPR) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time.

Documentation:  the documents made available to the Customer by the Supplier online notified by the Supplier to the Customer from time to time or directly which sets out a description of the Services, user instructions for the Services and the Service Level Agreement.

Intellectual Property Rights: all patents, copyrights, design rights, trade marks, service marks, trade secrets, know-how, database rights and other rights in the nature of intellectual property rights (whether registered or unregistered) and all applications for the same, anywhere in the world.

Personal Data: means any and all personal data including sensitive personal data within the meaning of the Data Protection Legislation in respect of which the Customer is a data controller and which will be processed in the performance of the Services under this Agreement whether that data or information is in oral, visual or written form or is recorded in any other medium.

Software: the cloud software application and the related software to be downloaded by the Customer as set out in the Order Form, all provided by the Supplier as part of the Services.

Virus:  anything or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices.

1.2 The headings in this Agreement do not affect its interpretation. Save where the context otherwise requires, references to clauses and schedules are to clauses and schedules of this Agreement.

1.3         Unless the context otherwise requires:

1.3.1      references to the Supplier and the Customer include their permitted successors and assigns;

1.3.2      references to statutory provisions include those statutory provisions as amended or re-enacted; and

1.3.3      references to any gender include all genders.

1.4         Words in the singular include the plural and in the plural include the singular.

1.5 The acceptance and use of the Services by the Customer and its Authorised Users shall constitute consent by the Customer to be bound by the terms and conditions of this Agreement, regardless of whether the Order Form is signed by the Customer.

2. SERVICES

2.1          Subject to the Customer’s compliance with the terms and conditions of this Agreement, the Supplier grants the Customer access and use of the Services and a non-exclusive non-transferable revocable licence to install and use the Software included in the subscription.  

2.2          The Customer may not exceed the number of Subscriptions it has purchased from time to time. The Customer may purchase additional Subscriptions and the Supplier shall grant access to the Services and the Documentation to such additional Authorised Users in accordance with the provisions of this agreement.

2.3 The Supplier shall use commercially reasonable endeavours to make the Services available 24 hours a day, seven days a week, except for planned maintenance carried out during the maintenance window of 10.00 pm to 2.00 am GMT; and unscheduled maintenance performed outside Normal Business Hours, provided that the Supplier has used reasonable endeavours to give the Customer at least 6 hours’ notice in advance.

2.4 The Supplier reserves the right to introduce new or enhanced features and functionalities to the Services.

3.           CUSTOMER OBLIGATIONS

3.1 The Customer shall (i) comply with all applicable laws and regulations with respect to its activities under this Agreement including Data Protection Laws and direct marketing laws; (ii) ensure that Services are used in accordance with the terms and conditions of this Agreement; (iii) obtain and shall maintain all necessary licences, consents, and permissions necessary for the Supplier, its Third Party Providers and subcontractors to perform their respective obligations under this Agreement; (iv) ensure that its network and systems comply with specifications provided by the Supplier and will be solely responsible for procuring and maintaining its network connections and telecommunications links from its systems to the Supplier’s data centre’s and systems, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to Customer’s network connections or telecommunications links or caused by traversing the internet; and (v) ensure that  each Authorised User shall keep a secure password for his or her account which password shall be treated as confidential.

3.2 The Customer shall not, and shall procure that its Authorised Users shall not, use the Services:

3.2.1 to post, send, email, access, store, distribute or transmit make available

(a) any material that is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;

(b) any material that facilitates illegal activity; depicts sexually explicit images; promotes unlawful violence;

(c) any material that is discriminatory based on race, gender, color, religious belief, sexual orientation, disability, or any other protected class; or any other illegal activity; or causes damage or injury to any person or property.

(d) any unsolicited or unauthorized advertising, promotional materials, “junk mail,” “spam,” “chain letters,” “pyramid schemes,” “unsolicited commercial communications’, “unsolicited commercial communications’ including by email or SMS or other form of communication prohibited by the CAN-SPAM Act of 2003, the anti-spam laws of the countries the Customer Customers live in or the applicable direct marketing laws any other unauthorized forms of solicitation. The Customer must ensure that its “From” “To” and “Reply To” fields are accurate and clearly identify sender’s domain name and email addresses;

(e) any material that contains Viruses; 

(f) any material that encourages conduct that could constitute a criminal offense, give rise to civil liability or otherwise violate any applicable law or regulation;

(g) any content which may subject to any rules and regulations promulgated under the U.S. Export Administration Act of 1979 (as amended from time to time) or the U.S. Arms Export Administration Act of 1976 (as amended from time to time) or restricted under applicable export laws and regulations. the Customer will not export or re-export directly or indirectly (including via remote access) any part of the Services or Documentation to any country for which a validated licence is required under any export laws without first obtaining a validated licence and complying with this Agreement; or

(h) any material that promotes gambling, sexual, adult content, weapons and any explosives, tobacco or tobacco-related, drugs or political, hacking, lead sales and work-at-home offers promoting schemes such as “get rich quick”, “build your wealth” and “financial independence”;

3.3 to interfere with or disrupt the Service or servers or networks connected to the Service, or disobey any requirements, procedures, policies or regulations of networks connected to the Service; or

3.4 to gain unauthorized access to the Service or its related systems or networks.

3.5 The Customer shall not, except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties, (i) attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Software and/or Documentation (as applicable) in any form or media or by any means; (ii) attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Software; (iii) access all or any part of the Services and Documentation in order to build a product or service which competes with the Services; (iv) work around any technical limitations in the Service (iv)  use the Services to provide services to third parties;  (v) remove or alter any trademark, logo, copyright or other proprietary notices, symbols or labels (whichever is applicable); (vi) license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit the Services (vii) otherwise make the Services available to any third party, or (viii) attempt to obtain, or assist third parties in obtaining access to the Services.

3.6 Without prejudice to the Supplier’s other rights in law or equity, the Supplier reserves the right, without liability to the Customer, to suspend or disable the Customer’s or any Authorised Users access to the Services or Services where the Customer breaches the provisions of this clause or any terms of this Agreement and the Customer shall not thereby be entitled to claim any refund or compensation.

3.7 The Customer shall be responsible for the acts and omissions of its Affiliates, its Authorised Users, subcontractors and agents who access the Services, as though they were the acts and omissions of the Customer. The Customer agrees to defend, indemnify and hold harmless the Supplier, its Affiliates, Third Party Providers and subcontractors against any claim, losses, damages or liability arising from the acts or omissions of its Affiliates, the Authorised Users and their respective subcontractors and agents.

4.              CUSTOMER DATA

4.1 Customer shall own all rights, title and interest in and to all of Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of Customer Data. Customer hereby grants and represents and warrants that it has the right to grant the Supplier an irrevocable, perpetual, non-exclusive royalty free and fully paid worldwide licence to process Customer Data, which includes processing by Affiliates, Third Party Providers and subcontractors to the extent contemplated by this Agreement.

4.2 The Supplier will back up the Customer Data as set out in the Service Level Agreement. In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by reasons outside the control of the Supplier or a Third Party Provider. Save for its obligations under Data Protection Legislation and data back up under this clause, the Supplier, licensors, agents or subcontractors shall not be responsible or liable for (i) the use, deletion, correction, destruction, damage, loss or failure to store any data, or (ii) any unauthorized access to, or alteration of, transmissions or data, or any material, information or data sent or received.

4.3 The Customer acknowledges that the Customer is responsible for obtaining and managing their own archive storage for their data outside of Customer Data, however in using the Services, certain search and meta data will reside in the Supplier’s own managed data centre. As such, in providing its Services including Professional Services under this Agreement, the Supplier may be required to process Personal Data on the Customer’s behalf. If such processing of Personal Data is required, the parties record their intention that the Customer and its Affiliates (as applicable) shall be the data controller and the Supplier shall be a data processor and in any such case the Data Processing Addendum set out in Schedule 1 shall apply. The Supplier shall treat Customer Data in accordance with the Supplier’s Privacy Policy. If there is no processing of Personal Data in accordance with the Data Protection Legislation the provisions of Schedule 1 shall not apply. 

4.4 The Services are provided on a software-as-a-service hosted basis.  As such, the Customer authorizes the Supplier to permit the Supplier’s Third Party Providers, including its host provider, to have access certain same data, including Customer Data. These Third Party Providers are only permitted to process this data for the purposes of providing their specifically contracted services to The Supplier.

5. INTELLECTUAL PROPERTY RIGHTS

5.1            The Customer acknowledges that all Intellectual Property Rights and any other rights title and interest in the Software, Documentation and any modifications or improvements thereto belong and shall belong to the Supplier, and the Customer shall have no rights in or to the Software other than the right to use it in accordance with the terms of this Agreement. The Software is protected by law including without limitation copyright laws and international treaty provisions.

5.2 To the extent that any modifications or improvements to the Services, Software and/or the Documentation are carried out under or in connection with this Agreement, whether by the Supplier alone or jointly with the Customer, and whether based on ideas or suggestions from the Customer, all Intellectual Property Rights to such underlying ideas and in any resulting improvement or modifications shall be assigned to and shall vest with and be solely owned by the Supplier.

5.3          The Supplier undertakes at its own expense to defend the Customer or, at its option, settle any claim or action brought against the Customer alleging that the possession, use, development, modification or maintenance of the Software (or any part thereof) in accordance with the terms of this Agreement infringes the Intellectual Property Rights of a third party (Infringement Claim) and shall be responsible for any reasonable losses, damages, costs (including legal fees) and expenses incurred by or awarded against the Customer as a result of or in connection with any such Infringement Claim.

5.4 For the avoidance of doubt clause 6.3 shall not apply and the Supplier shall have no liability to the Customer to the extent that any Infringement Claim is based upon (i) modifications to the Services made by anyone other than the Supplier; (ii) a claim for which the Customer must indemnify the Supplier as set out in this Agreement; (iii) combination of the Services with software not provided by the Supplier; or (iv) Customer’s failure to use modifications to the Services provided by the Supplier to avoid infringement or misappropriation.

5.5          If any Infringement Claim is made, or in the Supplier’s reasonable opinion is likely to be made, against the Customer, the Supplier may at its sole option and expense:

5.5.1          procure for the Customer the right to continue using, developing, modifying or maintaining the Software (or any part thereof) in accordance with the terms of this Agreement; or

5.5.2          modify the Software so that it ceases to be infringing; or

5.5.3          replace the Software with non-infringing software; or

5.5.4          terminate this Agreement immediately by notice in writing to the Customer and refund to Purchaser the unearned portion of any prepaid fees.

6 WARRANTIES AND LIMITS OF LIABILITY

6.1 Each party warrants that it has the full corporate power (i) to enter into this Agreement, (ii) to carry out its obligations hereunder; and (iii) to grant the rights herein granted to the other party. 

6.2 The Customer warrants that the Customer Data, material, content or links provided to the Supplier by or on behalf of the Customer: (i) are owned by Customer or are provided with the express consent from the third party holding any ownership rights (including copyright) over such material, or, alternatively, are in the public domain, and are not owned by any third party or otherwise covered by copyright laws; (ii) do not breach the rights of any person or entity, including rights of publicity, privacy, or under applicable Data Protection Laws or direct marketing laws and are not defamatory; and (iii) do not result in consumer fraud (including being false or misleading), product liability, tort, breach of contract, breach of Intellectual Property, injury, damage or harm of any kind to any person or entity.

6.3 The Supplier warrants that the Services will substantially achieve any material function as described in the Documentation published by the Supplier and they will be performed with reasonable skill and care.  

6.4 The warranty at Clause 7.3 shall not apply to the extent of any non-conformance which is caused by use of the Services contrary to the Supplier’s instructions, or modification or alteration of the Services by any party other than the Supplier or the Supplier’s duly authorised contractors or agents. If the Services do not conform with the foregoing undertaking, the Supplier will, at its expense, use all reasonable commercial endeavours to correct any such non-conformance promptly, or provide the Customer with an alternative means of accomplishing the desired performance. Such correction or substitution constitutes the Customer’s sole and exclusive remedy for any breach of the undertaking set out in Clause 7.3.

6.5 The Supplier does not warrant that the Customer’s use of the Services will be uninterrupted or error-free or that the Services, Documentation and/or the information obtained by the Customer through the Services will meet the Customer’s requirements. The Customer is solely responsible for determining the suitability of the Services for its use in light of any applicable legislation or regulations including without limitation Data Protection Laws. The Service may be subject to limitations, delays and other problems inherent in the use of the internet and electronic communications. The Supplier is not responsible for any delays, delivery failures, or other damage resulting from such problems.

6.6 Where Third Party Providers are used the Customer acknowledges that the Supplier makes no representation or warranty in respect of Third Party Providers software and/or services and, that these are provided subject to, and with the benefit of, the terms of such Third Party Providers. The Supplier shall contract with the Third Party Providers for such services and the Customer agrees that the Supplier will not be liable to the Customer for any loss, damage, claim or liability howsoever arising from or related to Third Party Providers software and/or services beyond that which can be claimed by the Supplier under the terms of the contract with such Third Party Providers. The service levels in the Service Level Agreement will not apply to the extent that any failure is caused by any failure or delay in the Third Party Providers’ software and/or services.

6.7 WARRANTY DISCLAIMER. EXCEPT AS SET FORTH ABOVE, THE SUPPLIER DISCLAIMS ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, QUIET ENJOYMENT AND WARRANTIES ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE.

6.8            THE SUPPLIER’S TOTAL CUMULATIVE LIABILITY TO THE CUSTOMER, FROM ALL CAUSES OF ACTION AND ALL THEORIES OF LIABILITY, WILL BE LIMITED TO AND WILL NOT EXCEED THE AMOUNTS PAID BY THE CUSTOMER TO THE SUPPLIER IN THE TWELVE MONTHS PRIOR TO THE EVENT GIVING RISE TO SUCH LIABILITY. IN NO EVENT WILL SUPPLIER BE LIABLE TO YOU FOR ANY SPECIAL, INDIRECT, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES (INCLUDING LOSS OF USE, DATA, OR PROFITS, BUSINESS INTERRUPTION, OR COSTS OF PROCURING SUBSTITUTE SOFTWARE) ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE USE OR PERFORMANCE OF THE SOFTWARE, WHETHER SUCH LIABILITY ARISES FROM CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, AND WHETHER OR NOT SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. THE PARTIES HAVE AGREED THAT THESE LIMITATIONS WILL SURVIVE AND APPLY EVEN IF ANY REMEDY IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.  BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.

6.9 THE TWELVE MONTHS PRIOR TO THE EVENT GIVING RISE TO SUCH LIABILITY. IN NO EVENT WILL THE CUSTOMER BE LIABLE TO THE SUPPLIER FOR ANY SPECIAL, INDIRECT, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES (INCLUDING LOSS OF USE, DATA, OR PROFITS, BUSINESS INTERRUPTION, OR COSTS OF PROCURING SUBSTITUTE SOFTWARE) ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, WHETHER SUCH LIABILITY ARISES FROM CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, AND WHETHER OR NOT YOU HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. THE PARTIES HAVE AGREED THAT THESE LIMITATIONS WILL SURVIVE AND APPLY EVEN IF ANY REMEDY IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.

6.10 NOTHING IN THIS AGREEMENT SHALL OPERATE SO AS TO EXCLUDE OR LIMIT THE SUPPLIER’S LIABILITY TO THE CUSTOMER FOR DEATH OR PERSONAL INJURY ARISING OUT OF NEGLIGENCE OR FOR ANY OTHER LIABILITY WHICH CANNOT BE EXCLUDED OR LIMITED BY LAW.

6.11        The Customer will defend, indemnify and hold the Supplier and its officers directors agents and employees harmless from and against any loss, damage, liability or cost (including reasonable attorney fees) arising out of the Customer’s use of the Software, violation of the Agreement, violation of applicable law including any applicable Data Protection Laws and its obligations under the Data Processing Agreement or violation of any right of any person or entity.

6.12 If any action shall be brought against one of the parties hereto in respect to which indemnity may be sought against the other party (the “Indemnifying Party”) as provided for under this Agreement, the Indemnifying Party’s obligation to provide such indemnification will be conditioned on prompt notice of such claim (including the nature of the claim and the amount of damages and nature of other relief sought) being provided to the Indemnifying Party by the party against which such action is brought (the “Indemnified Party”) The Indemnified Party shall not make any admission as to liability or compromise or agreeing to any settlement of any claim. The Indemnified Party shall cooperate with the Indemnifying Party in all reasonable respects in connection with the defense of any such action at the expense of the Indemnifying Party.  The Indemnifying Party will, upon written notice to the Indemnified Party, conduct all proceedings or negotiations in connection with the action, assume the defense thereof, including settlement negotiations in connection with the action, and will be responsible for the costs of such defense, negotiations and proceedings.  The Indemnifying Party will have sole control of the defense and settlement of any claims for which it provides indemnification hereunder, provided that the Indemnifying Party will not enter into any settlement of such claim without the prior notice to the Indemnified Party.  The Indemnified Party shall have the right to retain separate counsel and participate in the defense of the action or claim at its own expense

7. TERM AND TERMINATION

7.1 This Agreement shall, unless otherwise terminated as provided hereunder, come into force on the Effective Date and shall continue for the Initial Term. Thereafter, this Agreement shall be automatically renewed for a Renewal Period, unless: (a) either party notifies the other party of termination, in writing, at least thirty (30) days before the end of the Initial Term or any Renewal Period, in which case this Agreement shall terminate upon the expiry of the applicable Initial Term or Renewal Period; or (b) otherwise terminated in accordance with the provisions of this Agreement.

7.2 Either party may terminate this Agreement at any time on written notice to the other if the other:

7.2.1   is in material or persistent breach of any of the terms of this Agreement and either that breach is incapable of remedy, or the other party fails to remedy that breach within 30 days after receiving written notice requiring it to remedy that breach; or

7.2.2   is unable to pay its debts, or becomes insolvent, or is subject to an order or a resolution for its liquidation, administration, winding-up or dissolution (otherwise than for the purposes of a solvent amalgamation or reconstruction), or has an administrative or other receiver, manager, trustee, liquidator, administrator or similar officer appointed over all or any substantial part of its assets, or enters into or proposes any composition or arrangement with its creditors generally, or is subject to any analogous event or proceeding in any applicable jurisdiction.

7.3          Termination by either party in accordance with the rights contained in this Clause 8 shall be without prejudice to any other rights or remedies of that party accrued prior to termination.

7.4 On termination for any reason:

7.4.1          all rights granted to the Customer under this Agreement shall cease and the Customer shall cease all activities authorised by this Agreement;

7.4.2          the Customer shall immediately pay to the Supplier any sums due to the Supplier under this Agreement and in the event of termination of this Agreement, the Supplier will have no obligation to refund any Fees, or other fees received from the Customer during the Term, save where otherwise provided for in the Agreement;

7.4.3          the Customer shall immediately destroy or return to the Supplier (at the Supplier’s option) all copies of Documentation then in its possession, custody or control and, in the case of destruction, certify to the Supplier that it has done so; and

7.4.4          Upon receipt of a written request, the Supplier shall use reasonable commercial endeavours to deliver the back-up to the Customer within 30 days of its receipt of such a written request, provided that the Customer has, at that time, paid all fees and charges outstanding at and resulting from termination. If the Supplier does not receive any such request within 30 days of the date of termination, it may destroy or otherwise dispose of any of the Customer Data in its possession.

8. FORCE MAJEURE

No party shall be liable to the other for any delay or non-performance of its obligations under this Agreement arising from any cause beyond its control including, without limitation, any of the following: governmental act, war, fire, flood, explosion or civil commotion. For the avoidance of doubt, nothing in this Clause 9 shall excuse the Customer from any payment obligations under this Agreement. In such circumstances the affected party shall be entitled to a reasonable extension of the time for performing such obligations, provided that if the period of delay or non-performance continues for three (3) months, the party not affected may terminate this Agreement by giving one calendar month written notice to the other party.

9. CONFIDENTIALITY

9.1 Each party shall, during the term of this Agreement and thereafter, keep confidential all, and shall not use for its own purposes nor without the prior written consent of the other disclose to any third party any information of a confidential nature (including, without limitation, trade secrets and information of commercial value) which may become known to such party from the other party and which relates to the other party or any of its Affiliates, unless such information is public knowledge or already known to such party at the time of disclosure, or subsequently becomes public knowledge other than by breach of this Agreement, or subsequently comes lawfully into the possession of such party from a third party.

9.2      The terms of this Agreement are confidential and may not be disclosed by the Customer without the prior written consent of the Supplier.

9.3      The provisions of this Clause 10 shall remain in full force and effect notwithstanding termination of this Agreement for any reason.

10. EXPORT

The Customer agrees to comply fully with all relevant export laws and regulations of the United States (“Export Laws”) to ensure that the Software is not (i) exported or re-exported directly or indirectly in violation of Export Laws; or (ii) intended to be used for any purposes prohibited by the Export Laws, including but not limited to nuclear, chemical, or biological weapons proliferation.

11. US GOVERNMENT RESTRICTED RIGHTS

The Software is deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 “Commercial Computer Licensed Software – Restricted Rights” and DFARS 227.7202, “Rights in Commercial Computer Licensed Software or Commercial Computer Licensed Software Documentation”, as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Software by the US Governmanet shall be solely in accordacne with the terms of this Agreement.

12. PUBLICITY

The Customer agrees that, subject to its prior written approval, the Supplier may identify you as a Supplier customer on Supplier websites, client lists, press releases, and/or other marketing and may publish a brief description highlighting your deployment of the Software. 

13. WAIVER

No forbearance or delay by either party in enforcing its rights shall prejudice or restrict the rights of that party, and no waiver of any such rights or of any breach of any contractual terms shall be deemed to be a waiver of any other right or of any later breach.

14. SEVERABILITY

If any provision of this Agreement is judged to be illegal or unenforceable, the continuation in full force and effect of the remainder of the provisions shall not be prejudiced.

15. ASSIGNMENT

The Customer has no right to sub-license or to assign the benefit or burden of this Agreement in whole or in part, or to allow the Software to become the subject of any charge, lien or encumbrance without the prior written consent of the Supplier. The Supplier may sub-license, assign, charge or otherwise transfer any of its rights or obligations under this Agreement, provided it gives written notice to the Customer of any sub-licence, assignment, charge or other transfer.

16. THIRD PARTY RIGHTS

No term of this Agreement is intended to confer a benefit on, or to be enforceable by, any person who is not a party to this Agreement.

17. NOTICES

Any notice required to be given pursuant to this Agreement shall be in writing and shall be delivered by hand or sent by pre-paid registered delivery. Correctly addressed notices sent by pre-paid registered delivery shall be deemed delivered two days from the date of posting, pre-paid registered airmail shall be deemed delivered five days after date of posting and hand delivery at the time of delivery.

18. AMENDMENT

The Supplier may amend these Terms of Service by posting revised terms on its website or within the Software. The continued use of the Software after an amendment effective date evidences the Customer’s agreement to be bound by it. Any amendment, waiver or variation of this Agreement other than the Terms of Service shall not be binding on the parties unless set out in writing, expressed to amend this Agreement and signed by or on behalf of each of the parties

19. ENTIRE AGREEMENT

This Agreement together with any documents otherwise referred to or incorporated by reference herein contain the whole agreement between the parties relating to the subject matter hereof and supersede all prior agreements, arrangements and understandings between the parties relating to that subject matter.

20. This Agreement may be executed in any number of counterparts and using electronic signatures, each of which when executed and delivered shall constitute an original of this Agreement, but all the counterparts shall together constitute the same agreement

21. This Agreement shall not constitute either party as an agent or legal representative of the other for any purpose whatsoever and creates no relationship of employment, principal and agent, partnership or joint ventures.

22.GOVERNING LAW AND JURISDICTION

If the Customer is located in North America, this Agreement shall be governed by the laws of the State of California and the Parties irrevocably agree that the courts of California shall have exclusive jurisdiction to settle any dispute or claim that arises out of or in in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims). Otherwise for all Customers located outside of North America, this Agreement shall be governed by and construed in accordance with Irish law and each party hereby submits to the non-exclusive jurisdiction of the Irish courts. The parties irrevocably agree that the courts of Ireland have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this Agreement or its subject matter or formation (including non- contractual disputes or claims). Such governing laws are exclusive of any provisions of the United Nations Convention on Contracts for Sale of Goods, including any amendments thereto, and without regard to principles of conflicts of law.

SCHEDULE 1

DATA PROCESSING ADDENDUM

Definitions:

The Supplier is Waterford Technologies Ltd and its group

The Customer is [your company name].

Data Controller: a person who, either alone or with others, controls the contents and use of Personal Data.

Data Processor, processing and process: a person who processes Personal Data on behalf of a Data Controller.

Data Protection Laws: any data protection laws applicable to processing of Personal Data contemplated by this agreement including, without limitation, in particular the European Union General Data Protection Regulation (“GDPR”) and any related decisions or guidelines and subsequent legislation of a similar nature, and all privacy, security, and data protection laws, rules, and regulations of any applicable jurisdiction including any jurisdiction in which the Services are being provided or the Personal Data is being processed and any jurisdiction from which the Supplier or any subcontractor provides any of the Services or from which the Customer provides its products or services.

Data Subject: an individual about whom the Personal Data relates.

EEA: the European Economic Area.

Personal Data: any and all data (including sensitive data) relating to living individuals who are or can be identified from the data or from the data in conjunction with other information that is, or is likely to come into, the possession of the data controller processed in connection with the Services.

Terms used in this Addendum shall have the same meaning as defined in this agreement, unless defined differently herein. 

1. Purpose

1.1. The purpose of this Addendum is to reflect the parties’ agreement with regard to the Processing of Personal Data in accordance with the requirements of Data Protection Laws.

1.2. If the Supplier processes any Personal Data on the Customer’s behalf when performing its obligations under the Agreement, the Parties record their intention that the Customer shall be the Data Controller and the Supplier shall be a Data Processor (“the Parties”). In order for the Customer to fulfil its obligations to Data Subjects, the Supplier agrees and shall procure that its subcontractors shall agree to the following terms. 

2. Details of the processing contemplated under the Agreement

2.1 The subject matter of the processing is: Email and File analysis and archiving.

2.2. The duration of the processing is: ongoing

2.3. Nature and purpose of the processing is: to provide analysis and archiving for Email and File systems.

2.4. The type of Personal Data is:

For Email archiving function, Waterford Technologies are viewed as a Data Processor under GDPR. However, the company does not have access to, or store any data belonging to clients. Subject matter of processing is remote application support and system health checks of Mailmeter application and server. Controller will provide the Processor with a service account that enables Processor access the Mailmeter server and related-infrastructure on a restricted/ limited basis. There is no unsupervised access. Access to Mailmeter components including Individual Search & Retrieval (user retrieval tool), Mailmeter Insight (report centre) and Mailmeter Investigate ( E-Discovery Search Tool) is controlled by Client via ACL. Waterford engineers have no access to these components. Database access is via ACL and Archive Volume content is encrypted. Waterford Technologies does not use 3rd. party contractors. For files, the Siscin product analyses file meta data and content and stores this information on our Microsoft Azure platform. Any files are stored by the client and Waterford Technologies do not have access to same. Access to the reporting system is controlled by the client. Waterford Technologies have no access to same.

For example: Employee personal information; insert list: e.g.: names, bank details, addresses

Any content from email or file systems may be processed by Waterford Technologies – there is no specific personal information targeted by the processing functions.

2.5. The categories of Data Subjects are: N\A see 2.4 above

2.6. The obligations and rights of the Data Controller are as detailed in the GDPR.

3. Permitted Processing and Disclosure of Personal Data

3.1 The Parties agree that the supply of the Services may involve the processing of Personal Data by the Supplier on behalf of the Customer. In such circumstances, the Supplier agrees that:

3.2 it will make reasonable efforts to assist the Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR (more specifically detailed below) taking into account the nature of the processing and the information available to the Supplier;

3.3it shall only process such Personal Data in accordance with the instructions of the Customer and as required for the provision of the Services;

3.4 it shall implement and maintain security measures aimed at protecting such Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing (the “Technical and Organisational Security Measures”);

3.5 the Customer (or its authorised representative(s)) shall be entitled, at reasonable times and on reasonable notice, to verify the Technical and Organisational Security Measures adopted by the Supplier to ensure that such measures comply with the data security obligations in the Data Protection Laws;

3.6 it shall report any incident which gives rise to a risk of unauthorised disclosure, loss, destruction or alteration of such Personal Data to the Customer immediately upon becoming aware of such an incident and shall provide such co-operation and assistance as may be reasonably required in the context of any dealings with the Office of the Data Protection Commissioner or other supervisory authority and to mitigate against the effect of the incident;

3.7 it shall inform the Customer promptly in the event of receiving a data subject access request and shall provide such co-operation and assistance as may be reasonably required to enable the Customer to deal with any subject access request or other data subject right in accordance with the provisions of the Data Protection Laws;

3.8 it shall not transfer such Personal Data to a country outside of the European Economic Area without the prior written consent of the Customer;

3.9 it shall comply with any obligations under the Data Protection Laws;

3.10 if legally required to do so, it shall appoint a Data Protection officer and make the relevant notifications to the office of the Data Commissioner where required under the Data Protection Laws or other applicable data protections laws; and

3.11 it must, and shall procure that its Subcontractors shall, process any Personal Data held in connection with this Agreement only for the purposes of fulfilling its obligations under this Agreement and in accordance with relevant documented instructions of the Customer.

3.12 The Customer agrees that it will comply with its obligations under the Data Protection Laws in respect of the Personal Data.

4. Audit

4.1 The Supplier shall keep at its normal place of business detailed, accurate and up-to-date records relating to the processing of the Personal Data by the Supplier.

4.2 The Supplier shall permit the Customer and its third-party representatives, on reasonable notice during Normal Business Hours, but without notice in case of any reasonably suspected breach of security, to:

4.2.1          gain access to, and take copies of, the Records and any other information held at the Supplier’s premises or on the Supplier’s System; and

4.2.2          inspect all Records, documents and electronic data and the Supplier’s System and facilities and equipment, for the purpose of auditing the Supplier’s compliance with its obligations under this Agreement.

4.3 The Supplier shall give all necessary assistance to the Customer to conduct such audits during the Term.

4.4 Audit access by any third-party representative of the Customer shall be subject to such representative agreeing confidentiality obligations in respect of the information obtained, provided that all information obtained may be disclosed to the Customer.

5. Security and Integrity of Personal Data

5.1 The Supplier shall ensure that the Personal Data is kept secure by using security measures, that it is in an encrypted form, and shall use all reasonable security practices and systems applicable to the use of the Personal Data to prevent, and take prompt and proper remedial action against, unauthorised access, copying, modification, storage, reproduction, display or distribution of the Personal Data.

5.2 Where the Supplier uses appropriate security measures in relation to the Services (wholly or in part), the security measures must, unless the Supplier notifies the Customer otherwise, be kept confidential and not lent, shared, transferred or otherwise misused by the Customer.

5.3 The Supplier shall take reasonable precautions to preserve the integrity of any Personal Data processed by it and to prevent any corruption or loss of such Personal Data.

5.4 Information made available to the Supplier by the Customer, will not be made available to any third Parties.

5.5 Back Ups: The Supplier shall make a back-up copy of the Personal Data every week and record the copy on media from which the Personal Data can be reloaded in the event of any corruption or loss of the Personal Data.

5.6 Security Incidents: The Parties agree that if the Supplier becomes aware of any unauthorised or unlawful access to, or acquisition, alteration, use, disclosure, or destruction of the Customer’s Data or that any Personal Data is lost or destroyed or becomes damaged or unusable (“Security Incident”), the Supplier will notify the Customer without unreasonable delay, but in any event within 12 hours from becoming aware of the Security Incident. The Supplier will also reasonably cooperate with the Customer with respect to any investigations and with preparing potentially required notices, and providing any information reasonably requested by the Customer in relation to the Security Incident.

5.7 Data Protection Impact Assessments (DPIAs): The Supplier may be required to undertake a DPIA before carrying out any processing that uses new technologies (and taking into account the nature, scope, context and purposes of the processing) that is likely to result in a high risk (such as monitoring activities, systematic evaluations or processing special categories of data) to the Customer’s Data, takes place. For the avoidance of doubt, the Supplier must consult with and seek the Customer’s written consent prior to adopting new technologies.

6. Data Subject Rights

The Supplier shall assist the Customer with all requests or other enquiries relating to the data protection rights of data subjects relating to the Personal Data.

7. Confidentiality & Access

7.1 The Supplier shall and shall procure that any persons engaged in the Processing of Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality with respect to the Personal Data and have received appropriate training on their responsibilities.

7.2 The Supplier shall ensure that access to Personal Data is limited to those personnel performing Services in accordance with the Agreement.  

8. Assignment/Appointment of Sub-Contractor

8.1 This Agreement is personal to the Supplier and it shall not assign, transfer, mortgage, charge, subcontract, declare a trust of or deal in any other manner with any of its rights and obligations under this Agreement without the prior written consent of the Customer.

8.2 The Supplier confirms it is acting on its own behalf and not for the benefit of any other person.

8.3 The Supplier may only authorise a third party (sub-contractor) to process the data:

8.3.1          subject to the Customer’s prior written consent where the Supplier has supplied the Customer with full details of such sub-contractor; and

8.3.2          provided that the Supplier has entered into a written agreement with each third party on terms which are substantially the same as those set out in this Agreement.

8.4 In the event that a third-party sub-contractor is appointed and fails to comply with its data processing obligations under this Agreement, the Supplier will remain fully liable to the Customer for the performance of the Data Processing obligations.

8.5 The Customer confirms its consent to the appointment of the Third Party Processors as sub-processors of Personal Data under this Agreement.

9. No transfer of Personal Data outside European Economic Area 

9.1 The Supplier must not, without the prior written approval of the Customer, transfer outside of the European Economic Area any Personal Data processed in connection with this Agreement.

9.2 The transfer of Personal Data to Ex-EEA Subcontractors will only be permitted where the Supplier can ensure that “an adequate level of protection” (as such term is understood under directive 95/46/EC or any subsequent legislation, including the General Data Protection Regulation) is in place to protect the data being transferred and supporting documentation (if required) has been provided to the Customer.

10. Return of Personal Data

Immediately on termination or expiry of this agreement, or otherwise on request by the Customer, the Supplier must and shall procure that its subcontractors shall:

10.1.1       return all the Personal Data to the Customer; or

10.1.2       destroy all the Personal Data, in a manner agreed to by the Customer;

at the Customer’s election, unless a law binding on the Supplier or its subcontractors prevents it from doing as requested.

11. Enforcement

The Supplier shall procure that its subcontractors have an obligation to make the Supplier aware of any of the following events in this clause. If the Supplier becomes aware of any of a breach of the terms of this Addendum by the Supplier or its subcontractors or unauthorised disclosure, use, modification or access, or attempted unauthorised disclosure, use modification or access, or misuse or loss of Personal Data it must promptly provide the Customer with full details of, and assist the Customer in investigating, such act or omission including, where relevant, the information required under Articles 33 and 34 of the GDPR.

12. Obligations independent of other provisions

The obligations contained in this Addendum are without prejudice to the Supplier’s and/or subcontractors other obligations under the Agreement and apply notwithstanding any permitted use or disclosure of confidential information in the Agreement.

13. Costs

13.1    Subject to Clause 13.2 the costs of the Supplier and its subcontractors to comply with their respective obligations as Data Processors under Data Protection Laws applicable in a specific jurisdiction shall be borne by the Supplier and its subcontractors to the extent compliance with such obligations is necessary for the Supplier’s and/or its subcontractor’s compliance with applicable Data Protection Laws in their role as Data Processors in the jurisdiction in question. 

13.2    Notwithstanding Clause 13.1, if the Supplier is requested by the Customer to take on compliance activities which go beyond the activities that the Supplier is required to do as a Data Processor under applicable Data Protection Laws, the Supplier shall be entitled to its reasonable costs and the above shall be notified via the change control process set out in this agreement.