Adventoris Ltd Terms and Conditions
28 January 2021
Please read these terms and conditions carefully, as they set out our and your legal rights and obligations in relation our SwiftCloud platform and services offered by Adventoris Ltd. You will be asked to agree to these terms and conditions before becoming a customer or using our application.
You should print a copy of these terms and conditions for future reference. We will not file a copy specifically in relation to you, and they may not be accessible on our website in future.
These terms and conditions are available in the English language only. If you have any questions or complaints about our services, please contact us by writing to Adventoris Ltd, 3M Buckley Innovation Centre, Firth Street, Huddersfield. HD1 3BD or by email to firstname.lastname@example.org
1. Definitions and interpretation
1.1 In the Agreement:
“Affiliate” means an entity that Controls, is Controlled by, or is under common Control with the relevant entity;
“Agreement” means the agreement between the Provider and the Customer for the provision of the Platform as a service, incorporating these terms and conditions (including the Schedules) and the Statement of Services, and any amendments to the Agreement from time to time;
“Application” or “App” means the software application supplied by the Provider to the Customer called SwiftCloud for the purpose of enabling the Customer to access and use the Platform;
“Business Day” means any week day, other than a bank or public holiday in England;
“Business Hours” means between 09:00 and 17:30 London time on a Business Day;
“CCN” means a Change control notice issued in accordance with Clause 11, which may be in the form specified in Schedule 4;
“CCN Consideration Period” means the period of 10 Business Days following the receipt of a CCN sent by the other party;
“Commencement” means the date on which this Agreement is made between the Customer and the Provider;
“Charges” means the amounts payable by the Customer to the Provider under or in relation to the Agreement as set out in Schedule 2;
“Confidential Information” means the Customer Confidential Information and the Provider Confidential Information;
“Control” means the legal power to control (directly or indirectly) the management of an entity (and “Controlled” will be construed accordingly);
“Customer” means the customer specified in the Statement of Services as set out in Schedule 5;
“Customer Confidential Information” means
(a) any information disclosed (whether disclosed in writing, orally or otherwise) by the Customer to the Provider that is marked as “confidential”, described as “confidential” or should have been understood by the Provider at the time of disclosure to be confidential;
(b) the financial terms and conditions of the Agreement;
(c) the Customer Materials; and
(d) other Confidential Information;
“Customer Indemnity Event” has the meaning given to it in Clause 13.1;
“Customer Materials” all works and materials:
(a) uploaded to, stored on, processed using or transmitted via the Platform or Application by or on behalf of the Customer or by any person or application or automated system using the Customer’s account; and
(b) otherwise provided by the Customer to the Provider in connection with the Agreement;
“Customer Representatives” means the person or persons identified as such in the Statement of Services;
“Customisations” means customisations to the Platform that the Provider and Customer agree the Provider will produce on behalf of the Customer;
“Defect” means a defect, error or bug having an / a materially adverse effect on the appearance, operation or functionality of the Platform, but excluding any defect, error or bug caused by or arising as a result of:
(a) an act or omission of the Customer, or an act or omission of one of the Customer’s employees, officers, agents, suppliers or sub-contractors; or
(b) an incompatibility between the Platform and any other system, application, program or software not specified as compatible in the Statement of Services;
“Digital Tax” has the meaning given to it in Clause 13.3;
“Documentation” means the documentation produced by the Provider and supplied / made available on the Platform or given to the Customer specifying how the Platform and Application should be used;
“Effective Date” means the date that the Agreement comes into force;
“Force Majeure Event” means an event, or a series of related events, that is outside the reasonable control of the party affected (including failures of or problems with the internet or a part of the internet, hacker attacks, virus or other malicious software attacks or infections, power failures, industrial disputes affecting any third party, changes to the law, disasters, explosions, fires, floods, riots, terrorist attacks and wars);
“Intellectual Property Rights” means all intellectual property rights wherever in the world, whether registered or unregistered, including any application or right of application for such rights (and the “intellectual property rights” referred to above include copyright and related rights, database rights, confidential information, trade secrets, know-how, business names, trade names, trademarks, service marks, passing off rights, unfair competition rights, patents, petty patents, utility models, semi-conductor topography rights and rights in designs);
“Minimum Term” means the period specified as such in the Statement of Services as set out in Schedule 5;
“Permitted Purpose” means to receive sales orders, payments for orders, feedback and other communication directly from customers, and in addition send promotions, order confirmations, notifications and other communications to customers;
“Personal Data” has the meaning given to it in the Data Protection Act 1998;
“Platform” means the software platform known as SwiftCloud that is owned and operated by the Provider, and that will be made available to the Customer as a service via the internet under the Agreement;
“Provider” means Adventoris Ltd a company incorporated in England and Wales registration number 07918688 having its registered office at 3M Buckley Innovation Centre, Firth Street, Huddersfield HD1 3BD;
“Provider Confidential Information” means:
(a) any information disclosed (whether disclosed in writing, orally or otherwise) by the Provider to the Customer that is marked as “confidential”, described as “confidential” or should have been understood by the Customer at the time of disclosure to be confidential;
(b) the financial terms and conditions of the Agreement; and
(c) other Confidential Information
“Provider Indemnity Event” has the meaning given to it in Clause 13.4;
“Provider Representatives” means the person or persons identified as such in the Statement of Services;
“Representatives” means the Customer Representatives and the Provider Representatives;
“Schedule” means a schedule attached to the Agreement;
“Services” means all the services provided or to be provided by the Provider to the Customer under the Agreement, including the Support Services;
“Statement of Services” means the online document made available by the Provider to the Customer as set out in Schedule 5 that specifies the identity of the Customer, and other matters relating to the Agreement;
“Support Services” means support and maintenance services provided or to be provided by the Provider to the Customer in accordance with Schedule 1;
“SwiftChat” means the feedback and communication feature associated with the SwiftCloud Application;
“SwiftCloud” means the Application;
“Term” means the term of the Agreement; and
“Upgrades” means new versions of, and updates to, the Platform, whether for the purpose of fixing an error, a Defect, bug or other issue in the Platform or enhancing the functionality of the Platform.
1.2 In the Agreement, a reference to a statute or statutory provision includes a reference to:
(a) that statute or statutory provision as modified, consolidated and/or re-enacted from time to time; and
(b) any subordinate legislation made under that statute or statutory provision.
1.3 The Clause headings do not affect the interpretation of the Agreement.
1.4 The ejusdem generis rule is not intended to be used in the interpretation of the Agreement.
2. Agreement and Term
2.1 The advertising of the Platform and the Services on the Provider’s website constitutes an “invitation to treat”; and the Customer’s order for the Platform and the Services constitutes a contractual offer. No contract will come into force between the Provider and the Customer unless and until the Provider accepts the Customer’s order in accordance with the procedure detailed in this Clause 2.
2.2 In order to enter into the Agreement, the Customer must either confirm its acceptance and confirmation of an order quotation prepared by the Provider; at which point the Agreement will come into force, or alternatively the Customer must take the following steps: “(i) the Customer must select the Platform from the Providers website; (ii) the Customer must then create an account with the Provider’s website and log in; (iii) once the Customer is logged in, the Customer must consent to the terms of this Agreement; (iv) the Customer will then be able to upload Customer Material; at which point the Agreement will come into force.”
2.3 Once in force, the Agreement will continue in force unless terminated in accordance with Clause 17.
3. The Platform
3.1 The Provider will generate an account for the Customer following the Effective Date, enabling the Customer to access the Platform. The Provider will work with the Customer to setup the Platform for the Customer, the length of time to do this being dependent on availability of data, complexity of setup, agreed developments and responses by third parties.
3.2 Subject to the limitations set out in Clause 3.3 and the prohibitions set out in Clause 3.4, the Provider hereby grants to the Customer a non-exclusive licence to use the Platform for the Permitted Purpose via the Application and via any standard web browser or mobile device in accordance with the Documentation during the Term.
3.3 The licence granted by the Provider to the Customer under Clause 3.2 is subject to the following limitations:
(a) the Platform may only be used by the employees, agents and sub-contractors of the Customer and:
(i) where the Customer is a company, the Customer’s officers;
(ii) where the Customer is a partnership, the Customer’s partners; and
(iii) where the Customer is a limited liability partnership, the Customer’s members;
(b) the Customer must comply at all times with the terms of the acceptable use policy and must ensure that all users of the Platform agree to and comply with the terms of that acceptable use policy.
3.4 Except to the extent mandated by applicable law or expressly permitted in the Agreement, the licence granted by the Provider to the Customer under this Clause 3 is subject to the following prohibitions:
(a) the Customer must not sub-license its right to access and use the Platform or allow any unauthorised person to access or use the Platform;
(b) the Customer must not frame or otherwise re-publish or re-distribute the Platform;
(c) the Customer must not alter or adapt or edit the Platform save as expressly permitted by the Documentation.
3.5 For the avoidance of doubt, the Customer has no right to access the object code or source code of the Platform, either during or after the Term.
3.6 All Intellectual Property Rights in the Platform shall, as between the parties, be the exclusive property of the Provider.
3.7 The Customer shall ensure that no unauthorised person will or could access the Platform using the Customer’s account.
3.8 The Customer must not use the Platform in any way that causes, or may cause, damage to the Platform or impairment of the availability or accessibility of the Platform, or any of the areas of, or services on, the Platform.
3.9 The Customer must not use the Platform:
(a) in any way that is unlawful, illegal, fraudulent or harmful; or
(b) in connection with any unlawful, illegal, fraudulent or harmful purpose or activity.
4. The Application
4.1 The Provider will as soon as practicable following the Effective Date make available to the Customer access to the Application.
4.2 The use of the Application shall be subject to the following licensing terms:
(a) the Customer may only use the Application for the Customer’s business;
(b) the Customer may download, install and use the Application on any computer or mobile device owned and operated by the Customer in accordance with the Documentation;
(c) the Customer must not:
(i) copy or reproduce Application or any part of the Application other than in accordance with the licence granted in this Clause 4;
(ii) sell, resell, rent, lease, loan, supply, distribute, redistribute, publish or re-publish the Application or any part of the Application;
(iii) modify, alter, adapt, translate or edit, or create derivative works of, the Application or any part of the Application;
(iv) reverse engineer, decompile, disassemble the Application or any part of the Application (except as mandated by applicable law);
(v) use the Application other than in accordance with the Documentation; or
(vi) circumvent or remove or attempt to circumvent or remove the technological measures applied to the Application for the purposes of preventing unauthorised use.
4.3 All Intellectual Property Rights in the Application shall, as between the parties, be the exclusive property of the Provider.
5. Support Services and Upgrades
5.1 During the Term the Provider will provide the Support Services to the Customer, and may apply Upgrades to the Platform, in accordance with the service level agreement set out in Schedule 1.
5.2 The Provider may sub-contract the provision of any of the Support Services without obtaining the consent of the Customer.
6.1 From time to time the Provider and the Customer may agree that the Provider will customise the Platform and/or the Application in accordance with a specification agreed in writing between the parties / using the Change control procedure set out in Clause 11.
6.2 From the date when a Customisation is first made available to the Customer, the Customisation shall form part of the Platform or Application where appropriate under the Agreement, and accordingly from that date the Customer’s rights to use the Customisation shall be governed by Clause 3 or Clause 4.
6.3 The Customer acknowledges that the Provider may make any Customisation available to its other Customers following the making available of that Customisation to the Customer.
6.4 All Intellectual Property Rights in the Customisations shall, as between the parties, be the exclusive property of the Provider.
6.5 The Customer will be responsible for procuring any third party co-operation reasonably required by the Provider to enable the Provider to fulfil its obligations under this Clause 6.
7.1 The Customer will ensure that all instructions in relation to the Agreement will be given by a Customer Representative to a Provider Representative, and the Provider:
(a) may treat all such instructions as the fully authorised instructions of the Customer; and
(b) will not comply with any other instructions in relation to the Agreement without first obtaining the consent of a Customer Representative.
8. Customer Materials
8.1 The Customer grants to the Provider a non-exclusive licence to store, copy and otherwise use the Customer Materials for the purposes of operating the Platform, providing the Services, fulfilling its other obligations under the Agreement, and exercising its rights under the Agreement.
8.2 Subject to Clause 8.1, all Intellectual Property Rights in the Customer Materials will remain, as between the parties, the property of the Customer.
8.3 The Customer warrants to the Provider that the Customer Materials, and their use by the Provider in accordance with the terms of the Agreement, will not:
(a) breach any laws, statutes, regulations or legally-binding codes;
(b) infringe any person’s Intellectual Property Rights or other legal rights; or
(c) give rise to any cause of action against the Provider or the Customer or any third party,
in each case in any jurisdiction and under any applicable law.
8.4 Where the Provider reasonably suspects that there has been a breach by the Customer of the provisions of this Clause 8, the Provider may:
(a) delete or amend the relevant Customer Materials; and/or
(b) suspend any or all of the Services and/or the Customer’s access to the Platform while it investigates the matter.
8.5 Any breach by the Customer of this Clause 8 will be deemed to be a material breach of the Agreement for the purposes of Clause 17.
8.6 The Provider shall ensure that the Customer Materials stored and processed by the Platform are stored separately from, and are not co-mingled with, the materials of other customers of the Provider.
9. Trial period
There is no trial period.
10.1 The Provider will issue invoices for the Charges to the Customer in accordance with the provisions of Schedule 2.
10.2 The Customer will pay the Monthly Charges to the Provider within 11 days of the date of an invoice issued in accordance with Clause 10.1, though where Direct Debit is used the invoice will be collected on the 11th day of the month following the due date.
10.3 The Customer will pay the Initial Charges and Other Charges to the Provider within 14 days of the date of an invoice issued in accordance with Clause 10.1. The Provider may use Direct Debit to collect the Initial Charges on the 11th day of the month following the due date.
10.4 All Charges stated in or in relation to the Agreement are stated exclusive of VAT. VAT will be payable by the Customer to the Provider in addition to the principal amounts.
10.5 Monthly Charges must be paid by Direct Debit using such payment details as are notified by the Provider to the Customer from time to time.
10.6 If the Customer does not pay any amount properly due to the Provider under or in connection with the Agreement, the Provider may:
(a) charge the Customer interest on the overdue amount at the rate of 8% per year above the base rate of LloydsTSB Bank from time to time which interest will accrue daily and be compounded quarterly; or
(b) claim interest and statutory compensation from the Customer pursuant to the Late Payment of Commercial Debts (Interest) Act 1998.
10.7 The Provider may vary the Monthly Charges of Schedule 2 at any time by giving to the Customer not less than 30 days’ written notice (email being accepted as written notice) of the variation.
10.8 The Provider may suspend access to the Platform and the provision of the Services if any amounts due to be paid by the Customer to the Provider under the Agreement are overdue by more than 30 days.
11. Change control
11.1 The provisions of this Clause 11 apply to all Changes requested by a party.
11.2 Either party may request a Change at any time.
11.3 When requesting a Change, the requesting party will notify the other party and provide a CCN (which may be in the form specified in Schedule 4). The CCN will set out (as a minimum):
(a) details of the impact on the Services;
(b) details of any additional resources expected to be required as a result of the Change; and
(c) details of any variation to the Charges consequent upon the Change.
11.4 The other party will consider any proposed Change within the CCN Consideration Period.
11.5 Either party may:
(a) accept or reject a CCN issued by the other party;
(b) request further information concerning any aspect of a CCN issued by the other party; and/or
(c) request amendments to a CCN issued by the other party.
11.6 Following agreement of a CCN, each party will confirm its agreement to the CCN by:
(a) signing a copy of the CCN and sending the signed CCN to the other party; or
(b) otherwise sending its written acceptance of the CCN to the other party.
11.7 Until a CCN recording a proposed Change has been signed or agreed in writing by each party, the proposed Change will not take effect.
12.1 The Customer warrants and represents to the Provider that it has the legal right and authority to enter into and perform its obligations under the Agreement.
12.2 The Provider warrants and represents to the Customer:
(a) that it has the legal right and authority to enter into and perform its obligations under the Agreement;
(b) that it will perform its obligations under the Agreement with reasonable care and skill;
(c) that the Platform will perform substantially in accordance with the Documentation subject to any Upgrades and Customisations;
(d) that the Platform will be hosted in accordance with the requirements set out in the Statement of Services, and will be available to the Customer in accordance with the uptime commitments given in Schedule 1;
(e) the Platform excluding for the avoidance of doubt the Customer Materials will not:
(i) breach any laws, statutes, regulations or legally-binding codes;
(ii) infringe any person’s Intellectual Property Rights or other legal rights; or
(iii) give rise to any cause of action against the Provider or the Customer or any third party,
in each case in any jurisdiction and under English law;
(f) the Platform is and will remain free from viruses and other malicious software programs.
12.3 The Customer acknowledges that:
(a) complex software is never wholly free from defects, errors and bugs, and the Provider gives no warranty or representation that the Platform will be wholly free from such defects, errors and bugs;
(b) the Provider does not warrant or represent that the Platform will be compatible with any application, program or software (other than the Mobile Application) not specifically identified as compatible in the Statement of Services and the Customer is responsible for providing the relevant data in a compatible format to populate the Platform;
(c) the Provider will not and does not purport to provide any legal, taxation or accountancy advice under the Agreement or in relation to the Platform and (except to the extent expressly provided otherwise) the Provider does not warrant or represent that the Platform will not give rise to any civil or criminal legal liability on the part of the Customer or any other person;
(d) this agreement is between the Customer and the Provider. The Provider is not party to any agreement whatsoever between the Customer and any other party related in any way to the Customer. The Customer indemnifies the Provider against anyimplications of any event whatsoever that would occur between the Customer and any other party. For the avoidance of doubt, this would include a breakdown in commercial dealings between the Customer and any other party; and
(e) the Provider is not responsible for the content of any Customer Material;
(f) the Customer will regularly check that the platform is performing as it expects and where it does not immediately notify the Provider of this. The Customer will regularly check that the Platform is generating selling prices in accordance with the business terms, and the Customer remains responsible for ensuring that the selling prices are correctly calculated;
(g) the Provider is not party to, or an agent of, any transaction or order transmitted through the Application;
(h) the length of the time to setup the Platform for the Customer is dependent on availability of data, complexity of setup, agreed developments and responses by third parties.
12.4 All of the parties’ warranties and representations in respect of the subject matter of the Agreement are expressly set out in the terms of the Agreement. To the maximum extent permitted by applicable law, no other warranties or representations concerning the subject matter of the Agreement will be implied into the Agreement.
13.1 Subject to the Provider’s compliance with Clause 13.2, the Customer will indemnify and will keep indemnified the Provider against all liabilities, damages, losses, costs and expenses including legal expenses and amounts paid upon legal advice in settlement of any disputes suffered or incurred by the Provider and arising as a result of any breach by the Customer of Clause 8.3 (a “Customer Indemnity Event“).
13.2 The Provider will:
(a) upon becoming aware of an actual or potential Customer Indemnity Event, notify the Customer;
(b) provide to the Customer reasonable assistance in relation to the Customer Indemnity Event;
(c) allow the Customer the exclusive conduct of all disputes, proceedings, negotiations and settlements relating to the Customer Indemnity Event; and
(d) not admit liability in connection with the Customer Indemnity Event or settle the Customer Indemnity Event without the prior written consent of the Customer.
13.3 The Customer will indemnify and will keep indemnified the Provider against digital tax liabilities and digital levy’s which arise in regions outside of the United Kingdom due to the usage of the Platform in those regions by the Customer. In addition, the Customer will indemnify and will keep indemnified the Provider against all liabilities, damages, losses, costs and expenses including legal expenses in connection with those digital tax liabilities and digital levy’s which arise in regions outside of the United Kingdom due to the usage of the Platform in those regions by the Customer (“Digital Tax“).
13.4 Subject to the Customer’s compliance with Clause 13.5, the Provider will indemnify and will keep indemnified the Customer against all liabilities, damages, losses, costs and expenses including legal expenses and amounts paid upon legal advice in settlement of any dispute suffered or incurred by the Customer and arising as a result of any breach by the Provider of Clause 12.2(e)) (a “Provider Indemnity Event“).
13.5 The Customer will:
(a) upon becoming aware of an actual or potential Provider Indemnity Event, notify the Provider;
(b) provide to the Provider reasonable assistance in relation to the Provider Indemnity Event;
(c) allow the Provider the exclusive conduct of all disputes, proceedings, negotiations and settlements relating to the Provider Indemnity Event; and
(d) not admit liability in connection with the Provider Indemnity Event or settle the Provider Indemnity Event without the prior written consent of the Provider.
14. Limitations and exclusions of liability
14.1 Nothing in the Agreement will:
(a) limit or exclude the liability of a party for death or personal injury resulting from negligence;
(b) limit or exclude the liability of a party for fraud or fraudulent misrepresentation by that party;
(c) limit any liability of a party in any way that is not permitted under applicable law; or
(d) exclude any liability of a party that may not be excluded under applicable law.
14.2 The limitations and exclusions of liability set out in this Clause 14 and elsewhere in the Agreement:
(a) are subject to Clause 14.1;
(b) govern all liabilities arising under the Agreement or in relation to the subject matter of the Agreement, including liabilities arising in contract, in tort (including negligence) and for breach of statutory duty; and
14.3 The Provider will not be liable in respect of any loss of profits, income, revenue, use, production or anticipated savings.
14.4 The Provider will not be liable for any loss of business, contracts or commercial opportunities.
14.5 The Provider will not be liable for any loss of or damage to goodwill or reputation.
14.6 The Provider will not be liable in respect of any loss or corruption of any data, database or software.
14.7 The Provider will not be liable in respect of any special, indirect or consequential loss or damage.
14.8 The Provider will not be liable for any losses arising out of a Force Majeure Event.
14.9 The Provider’s liability in relation to any event or series of related events will not exceed the total amount paid and payable by the Customer to the Provider under the Agreement during the 30 day period immediately preceding the event or events giving rise to the claim.
14.10 The Provider’s aggregate liability under the Agreement will not exceed the total amount paid and payable by the Customer to the Provider under the Agreement during the 12 month period immediately preceding the event or events giving rise to the claim.
15. Data protection
15.1 The Customer warrants that it has the legal right to disclose all Personal Data that it does in fact disclose to the Provider under or in connection with the Agreement.
15.2 The Provider will ensure compliance with Schedule 6 on Data Protection and GDPR.
15.3 The Provider warrants that:
(a) it will act only on instructions from the Customer in relation to the processing of any Personal Data performed by the Provider on behalf of the Customer; and
(b) it has in place appropriate security measures (both technical and organisational) against unlawful or unauthorised processing of Personal Data and against loss or corruption of Personal Data processed by the Provider on behalf of the Customer.
16. Confidentiality and publicity
16.1 The Provider will:
(a) keep confidential and not disclose the Customer Confidential Information to any person save as expressly permitted by this Clause 16;
(b) protect the Customer Confidential Information against unauthorised disclosure by using the same degree of care as it takes to preserve and safeguard its own confidential information of a similar nature, being at least a reasonable degree of care; and
(c) without prejudice to the generality of Clause 16.1(b), deploy and maintain the security systems and technologies detailed in the Statement of Services in relation to the Customer Confidential Information held on the Platform.
16.2 The Customer will:
(a) keep confidential and not disclose the Provider Confidential Information to any person save as expressly permitted by this Clause 16;
(b) protect the Provider Confidential Information against unauthorised disclosure by using the same degree of care as it takes to preserve and safeguard its own confidential information of a similar nature, being at least a reasonable degree of care.
16.3 Confidential Information of a party may be disclosed by the other party to that other party’s officers, employees, agents, insurers and professional advisers, provided that the recipient is bound in writing to maintain the confidentiality of the Confidential Information disclosed.
16.4 The obligations set out in this Clause 16 shall not apply to:
(a) Confidential Information that is publicly known (other than through a breach of an obligation of confidence);
(b) Customer Confidential Information that is in possession of the Provider prior to disclosure by the Customer, and Provider Confidential Information that is in possession of the Customer prior to disclosure by the Provider;
(c) Customer Confidential Information that is received by the Provider, and Provider Confidential Information that is received by the Customer, from an independent third party who has a right to disclose the relevant Confidential Information; or
(d) Confidential Information that is required to be disclosed by law, or by a governmental authority, stock exchange or regulatory body, provided that the party subject to such disclosure requirement must where permitted by law give to the other party prompt written notice of the disclosure requirement.
16.5 Neither party will make any public disclosure relating to the Agreement (without the prior written consent (email being accepted as written notice) of the other party, although either party may promote the publishing of the Customer mobile app in press releases, public announcements and marketing materials.
17.1 Either party may terminate the Agreement immediately by giving written notice (email being accepted as written notice) to the other party if the other party:
(a) commits any material breach of any term of the Agreement, and:
(i) the breach is not remediable; or
(ii) the breach is remediable, but the other party fails to remedy the breach within 30 days of receipt of a written notice requiring it to do so; or
(b) persistently breaches the terms of the Agreement (irrespective of whether such breaches collectively constitute a material breach).
17.2 Either party may terminate the Agreement immediately by giving written notice to the other party if:
(a) the other party:
(i) is dissolved;
(ii) ceases to conduct all (or substantially all) of its business;
(iii) is or becomes unable to pay its debts as they fall due;
(iv) is or becomes insolvent or is declared insolvent; or
(v) convenes a meeting or makes or proposes to make any arrangement or composition with its creditors;
(b) an administrator, administrative receiver, liquidator, receiver, trustee, manager or similar is appointed over any of the assets of the other party;
(c) an order is made for the winding up of the other party, or the other party passes a resolution for its winding up (other than for the purpose of a solvent company reorganisation where the resulting entity will assume all the obligations of the other party under the Agreement); or
(d) (where that other party is an individual) that other party dies, or as a result of illness or incapacity becomes incapable of managing his or her own affairs, or is the subject of a bankruptcy petition or order.
17.3 Either party may terminate the Agreement by giving at least 12 months written notice (email being accepted as written notice) of termination to the other party.
17.4 If the Provider stops or makes a good faith decision to stop operating the Platform generally, then the Provider may terminate the Agreement by giving at least 30 days’ written notice (email being accepted as written notice) of termination to the Customer.
17.5 The Provider may terminate the Agreement by giving written notice (email being accepted as written notice) of termination to the Customer in the event that the parties cannot reasonably agree on any Change request made in accordance with Clause 11.
17.6 The Provider may terminate the Agreement immediately by giving written notice (email being accepted as written notice) of termination to the Customer where the Customer fails to pay to the Provider any amount due to be paid under the Agreement by the due date.
18. Effects of termination
18.1 Upon termination of the Agreement, all the provisions of the Agreement will cease to have effect, save that the following provisions of the Agreement will survive and continue to have effect (in accordance with their terms or otherwise indefinitely): Clauses 1, 4.3, 10.5, 13, 14, 16.1 to 16.4, 18 and 21.
18.2 Termination of the Agreement will not affect either party’s accrued liabilities and rights as at the date of termination.
18.3 Subject to Clause 18.5, within 30 days following the termination of the Agreement, the Provider will irrevocably delete from the Platform all Customer Confidential Information.
18.4 Subject to Clause 18.5, within 30 days following the termination of the Agreement, the Customer will:
- return to the Provider or dispose of as the Provider may instruct all documents and materials containing Provider Confidential Information; and
- irrevocably delete from its computer systems all Provider Confidential Information.
18.5 A party may retain any document (including any electronic document) containing the Confidential Information of the other party after the termination of the Agreement if:
- that party is obliged to retain such document by any law or regulation or other rule enforceable against that party; or
(b) the document in question is a letter, fax, email, order confirmation, invoice, receipt or similar document addressed to the party retaining the document.
19.1 Any notice given under the Agreement must be in writing (email being accepted as written notice) whether or not described as “written notice” in the Agreement and must be delivered personally or sent by recorded signed-for post or sent via email, for the attention of the relevant person, and to the relevant address or fax number or email address as notified by one party to the other in accordance with this Clause.
19.2 A notice will be deemed to have been received at the relevant time set out below (or where such time is not within Business Hours, when Business Hours next begin after the relevant time set out below):
- where the notice is delivered personally, at the time of delivery;
- where the notice is sent by recorded signed-for post, 48 hours after posting.
20. Force Majeure Event
20.1 Where a Force Majeure Event gives rise to a failure or delay in either party performing its obligations under the Agreement other than obligations to make payment, those obligations will be suspended for the duration of the Force Majeure Event.
20.2 A party who becomes aware of a Force Majeure Event which gives rise to, or which is likely to give rise to, any failure or delay in performing its obligations under the Agreement, will:
(a) forthwith notify the other; and
(b) will inform the other of the period for which it is estimated that such failure or delay will continue.
20.3 The affected party will take reasonable steps to mitigate the effects of the Force Majeure Event.
21.1 No breach of any provision of the Agreement will be waived except with the express written consent of the party not in breach.
21.2 If a Clause of the Agreement is determined by any court or other competent authority to be unlawful and/or unenforceable, the other Clauses of the Agreement will continue in effect. If any unlawful and/or unenforceable Clause would be lawful or enforceable if part of it were deleted, that part will be deemed to be deleted, and the rest of the Clause will continue in effect unless that would contradict the clear intention of the parties, in which case the entirety of the relevant Clause will be deemed to be deleted.
21.3 Nothing in the Agreement will constitute a partnership, agency relationship or contract of employment between the parties.
21.4 The Agreement may not be varied except by the agreement of each of the parties.
21.5 The Customer hereby agrees that the Provider may freely assign any or all of its contractual rights and/or obligations under the Agreement. Save as expressly provided in this Clause or elsewhere in the Agreement, neither party may without the prior written consent (email being accepted as written notice) of the other party assign, transfer, charge, license or otherwise dispose of or deal in the Agreement or any contractual rights or obligations under the Agreement.
21.6 Neither party will, without the other party’s prior written consent (email being accepted as written notice), either during the term of the Agreement or within 6 months after the date of effective termination of the Agreement, engage, employ or otherwise solicit for employment any employee, agent or contractor of the other party who has been involved in the performance of the Agreement.
21.7 Each party agrees to execute and arrange for the execution of any documents and do and arrange for the doing of any things reasonably within that party’s power, which are necessary to enable the parties to exercise their rights and fulfil their obligations under the Agreement.
21.8 The Agreement is made for the benefit of the parties, and is not intended to benefit any third party or be enforceable by any third party. The rights of the parties to terminate, rescind, or agree any amendment, waiver, variation or settlement under or relating to the Agreement are not subject to the consent of any third party.
21.9 Subject to Clause 14.1:
(a) the Agreement and the acceptable use policy and end user licence agreement referred to in herein constitute the entire agreement between the parties in relation to the subject matter of the Agreement, and supersedes all previous agreements, arrangements and understandings between the parties in respect of that subject matter; and
- neither party will have any remedy in respect of any misrepresentation whether written or oral made to it upon which it relied in entering into the Agreement.
21.10 The Agreement will be governed by and construed in accordance with the laws of England and Wales; and the courts of England will have exclusive jurisdiction to adjudicate any dispute arising under or in connection with the Agreement.
Service Level Agreement
1.1 In this Schedule:
“New Functionality” means new functionality that is introduced to the Platform by an Upgrade; and
“Protected Functionality” means functionality available from the Effective Date.
1.2 References in this Schedule to Paragraphs are to the paragraphs of this Schedule, unless otherwise stated.
2.1 The Provider will make available a telephone and email helpdesk facility for the purposes of:
(a) assisting the Customer with the configuration of the Platform and the integration of the Platform with the Customer’s other systems;
(b) assisting the Customer with the proper use of the Platform;
(c) determining the causes of errors and fixing errors in the Platform.
2.2 Subject to Paragraph 2.3, the Customer must make all requests for Support Services through the helpdesk, and all such requests must include at least the following information: Company Name, Supplier Number, Logon name, Persons name, Description of problem, date and time of problem.
2.3 The Provider will use reasonable endeavours to ensure that a member of its support staff can be reached by mobile phone and email outside Business Hours in the case of an emergency.
3. Response and resolution times
3.1 The Provider will:
(a) use reasonable endeavours to respond to requests for Support Services made through the helpdesk (email@example.com); and
(b) use reasonable endeavours to resolve issues raised by the Customer,
in accordance with the following response time matrix.
|Severity||Example||Response time||Resolution time|
|Critical||System Down||30 Minutes||4 Hours|
|Serious||Functionality impaired||60 Minutes||8 Hours|
|Moderate||System Slow||4 Hours||24 Hours|
|Minor||Cosmetic||48 Hours||96 Hours|
3.2 The Provider will determine, acting reasonably, in to which severity category an issue raised through the Support Services falls.
3.3 All Support Services will be provided remotely unless expressly agreed otherwise by the Provider.
4. Limits on Support Services
4.1 The Provider may agree to provide additional Support Services to the Customer, but the provision of such services will be subject to payment by the Customer of additional Charges at the Provider’s standard hourly rate from time to time.
4.2 The Provider shall have no obligation under the Agreement to provide Support Services in respect of any fault or error caused by:
(a) the improper use of the Platform; or
(b) the use of the Platform otherwise than in accordance with the Documentation.
5.1 The Customer acknowledges that from time to time during the Term the Provider may apply Upgrades to the Platform, and that such Upgrades may, subject to Paragraph 5.2, result in changes the appearance and/or functionality of the Platform.
5.2 No Upgrade shall disable, delete or significantly impair the Protected Functionality.
5.3 The Provider will give to the Customer at least 7 days prior notice of the application of any significant Upgrade to the Platform. Such notice shall include details of the specific changes to the functionality of the Platform resulting from the application of the Upgrade.
5.4 The Customer shall not be subject to any additional Charges arising out of the application of the Upgrade, save where agreed with the Customer the following apply:
(a) the Upgrade introduces New Functionality to the Platform;
(b) that New Functionality does not serve the same purpose as legacy functionality that ceases or has ceased to be available as a result of any Upgrade;
(c) access to or use of the New Functionality is chargeable to the customers of the Provider using the Platform generally; and
(d) any decision by the Customer not to pay the Charges for the New Functionality will not prejudice the Customer’s access to and use of the rest of the Platform.
6. Uptime commitment
6.1 The Provider shall use reasonable endeavours to ensure that the Platform is available 99% of the time during each calendar month, subject to Paragraph 8.
7. Back-up and restoration
7.1 Subject to Paragraph 7.2, the Provider will:
(a) make back-ups of the Customer Materials stored on the Platform on a daily basis, and will retain such back-ups for at least 30 days; and
(b) at least on a daily basis, the Provider will arrange for the off-site storage of a current back-up of the Customer Materials stored on the Platform (which will be over-written on the following off-site back-up date).
7.2 In the event of the loss of, or corruption of, Customer Materials stored on the Platform being notified by the Customer to the Provider under Paragraph 2, the Provider shall if so directed by the Customer use reasonable endeavours to promptly to restore the Customer Materials from the most recent available back-up copy.
8. Scheduled maintenance
8.1 The Provider may suspend access to the Platform in order to carry out scheduled maintenance, such maintenance to be carried out outside Business Hours and such suspension to be for not more than 12 hours in each calendar month.
8.2 The Provider must give to the Customer at least 7 days’ notice of scheduled maintenance, including full details of the expected Platform downtime.
8.3 Platform downtime during scheduled maintenance carried out by the Provider in accordance with this Paragraph 8 shall not be counted as downtime for the purposes of Paragraph 6.
1.1 References in this Schedule to Paragraphs are to the paragraphs of this Schedule, unless otherwise stated.
1.2 The Charges under the Agreement will consist of the following elements:
- Initial Charges which are chargeable on commencement of this Agreement;
- Monthly Charges which are chargeable on commencement of this Agreement;
(d) Other Charges to be agreed from time to time.
2. Initial Charges
2.1 The Initial Charges plus VAT will be invoiced to the Customer on Commencement of this Agreement by the Provider and will consist of the following elements:
- App Build Fee which is chargeable on commencement of this Agreement;
- Setup Fee which is chargeable on commencement of this Agreement.
3. Monthly Charges
3.1 The Monthly Charges plus VAT will be chargeable to the Customer from the Commencement of this Agreement by the Provider, and will consist of the following elements:
- Mobile App Charge which is chargeable 1 month from commencement of this Agreement;
- Web Ordering Charge which is chargeable 1 month from commencement of this Agreement;
- Sales Manager Charge which is chargeable 1 month from commencement of this Agreement;
- Telesales Desktop Charge which is chargeable 1 month from commencement of this Agreement.
4. Other Charges
4.1 All Other Charges, plus VAT, that are agreed between the parties in writing (email being accepted as written notice) from time to time.
Acceptable Use Policy
1. This Policy
This Acceptable Use Policy (the “Policy”) sets out the rules governing the use of our web services (the “Service”) and any content that you may submit to the Service (“Content”).
By using the Service, you agree to the rules set out in this Policy.
2. General restrictions
You must not use the Service in any way that causes, or may cause, damage to the Service or impairment of the availability or accessibility of the Service, or any of the areas of, or services on, the Service.
You must not use the Service:
- in any way that is unlawful, illegal, fraudulent or harmful; or
- in connection with any unlawful, illegal, fraudulent or harmful purpose or activity.
3. Unlawful and illegal material
You must not use the Service to store, host, copy, distribute, display, publish, transmit or send Content that is illegal or unlawful, or that will or may infringe a third party’s legal rights, or that could give rise to legal action whether against you or us or a third party (in each case in any jurisdiction and under any applicable law).
Content (and its publication on the Service) must not:
(a) be libellous or maliciously false;
(b) be obscene or indecent;
(c) infringe any copyright, moral rights, database rights, trade mark rights, design rights, rights in passing off, or other intellectual property rights;
(d) infringe any rights of confidence, rights of privacy, or rights under data protection legislation;
(e) constitute negligent advice or contain any negligent statement;
(f) constitute an incitement to commit a crime;
(g) be in contempt of any court, or in breach of any court order;
(h) be in breach of racial or religious hatred or discrimination legislation;
(i) be blasphemous;
(j) be in breach of official secrets legislation; or
(k) be in breach of any contractual obligation owed to any person.
You must not submit any Content that is or has ever been the subject of any threatened or actual legal proceedings or other similar complaint.
4. Data mining
You must not conduct any systematic or automated data collection activities (including without limitation scraping, data mining, data extraction and data harvesting) on or in relation to the Service without our express written consent.
5. Graphic material
Content must not depict violence in an explicit, graphic or gratuitous manner.
Content must not be pornographic or sexually explicit, or consist of or include explicit, graphic or gratuitous material of a sexual nature.
6. Harmful software
You must not use the Service to promote or distribute any viruses, Trojans, worms, root kits, spyware, adware or any other harmful software, programs, routines, applications or technologies.
You must not use the Service to promote or distribute any software, programs, routines, applications or technologies that will or may negatively affect the performance of a computer or introduce significant security risks to a computer.
7. Factual accuracy
Content must not be untrue, false, inaccurate or misleading.
Statements of fact contained in the Content must be true; and statements of opinion contained on the Content must be truly held and where possible based upon facts that are true.
8. Negligent advice
Content must not consist of or contain any instructions, advice or other information that may be acted upon and could, if acted upon, cause:
a) illness, injury or death; or
(b) any other loss or damage.
9. Marketing and spam
Content must not constitute spam.
You must not use the Service to transmit or send unsolicited commercial communications.
You must not use the Service to market, distribute or post chain letters, ponzi schemes, pyramid schemes, matrix programs, “get rich quick” schemes or similar schemes, programs or materials.
You must not use the Service for any purpose related to gambling, gaming, betting, lotteries, sweepstakes or any gambling-related activity.
11. Professional advice
You must not use the Service to provide any legal, financial, investment, taxation, accountancy, medical or other professional advice or advisory services.
Content must be appropriate, civil, tasteful and accord with generally accepted standards of etiquette and behaviour on the internet.
Content must not be offensive, deceptive, threatening, abusive, harassing, or menacing, hateful, discriminatory or inflammatory.
Content should not cause annoyance, inconvenience or needless anxiety.
Do not flame or conduct flame wars on the Service (“flaming” is the sending hostile messages intended to insult, in particular where the message is directed at a particular person or group of people).
Do not troll on the Service (“trolling” is the practice of deliberately upsetting or offending other users).
You must not flood the Service with Content focusing upon one particular subject or subject area, whether alone or in coordination with other users.
Content must not duplicate existing Content on the Service.
You must submit Content to the appropriate part of the Service.
Do not unnecessarily submit textual content in CAPITAL LETTERS.
You should use appropriate and informative titles for all Content.
You must at all times be courteous and polite to other Service users.
You must not link to any website or web page containing material that would, were it posted on the Service, breach the preceding terms of this Policy.
14. Breaches of this Policy
We reserve the right to edit or remove any Content in our sole discretion for any reason, without notice or explanation.
Without prejudice to this general right and our other legal rights, if you breach this Policy in any way, or if we reasonably suspect that you have breached this Policy in any way, we may:
(a) delete or edit any of your Content;
(b) send you one or more formal warnings;
(c) temporarily suspend your access to a part or all of the Service; and/or
(d) permanently prohibit you from using a part or all of the Service.
15. Banned users
Where we suspend or prohibit your access to the Service or a part of the Service, you must not take any action to circumvent such suspension or prohibition including without limitation using a different account.
Notwithstanding the provisions of this Policy, we do not actively monitor Content.
17. Report abuse
If you become aware of any material on the Service that contravenes this Policy, you must notify us by email to firstname.lastname@example.org
Form of CCN
|Title of Change:|
|CCN number: GIVEN BY ADVENTORIS|
|Change proposed by:|
|Date of issue of CCN:|
|Date of CCN expiry:|
|Summary details of proposed Change:|
|1. Detailed description of Change.|
|2. Details of the impact on the timetable for the provision of the Services.|
|3. Details of any additional resources expected to be required as a result of the Change.|
|4. Details of any variation to the Charges consequent upon the Change.|
|5. Any other consequences of, or matters relating to, the Change.|
Statement of Services
The Customer is a company incorporated in England and Wales, Scotland, Northern Ireland or Ireland, or an unincorporated business based in England and Wales, Scotland, Northern Ireland or Ireland.
Customer Notices will be issued to the email address that is used to create your SwiftCloud Log-In, or other Customer user email addresses or other Customer business contact email addresses as recorded within the Platform.
The Minimum Term is 12 months.
A revolutionary cloud based application for business, connecting suppliers to customers, supporting order processing, customer feedback and other communication.
The Platform will be designed to interface with the various systems, applications, programs and software, although the Customer is responsible to the provision of data to populate the Platform.
There will be a live and development environment.
Improvements and Upgrades will be tested before being put into a live environment.
The Platform will be hosted at a facilities that are World class hosting facilities in state-of-the-art N+1 Datacentres.
The Platform will be protected using the following security systems and technologies:
Cisco Firewall with 256 bit Advanced Encryption Standard (AES)
State of the art technology powered by Oracle
Multi-site and diverse infrastructure
Linux based architecture
Cisco based network capable of 250k transactions per second
Data Protection and GDPR
- Definitions and interpretations
- “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise Processed.
- “Data Protection Laws” means all applicable data protection laws and regulations in force from time to time in the UK, including Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“General Data Protection Regulation”), the Data Protection Act 2018, Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (as updated by Directive 2009/136/EC), the Privacy and Electronic Communications Regulations 2003 (SI 2003 No. 2426) as amended, and any other applicable data protection laws which apply to a party relating to the use of Personal Data.
- “Shared Personal Data” means the Personal Data to be shared between the parties under this Agreement.
- “Sub-processor” means a third party engaged by the Data Processor to carry out any or all of its obligations under this Agreement related to the Processing of Personal Data.
- References to the terms “Personal Data”, “Data Processor”, “Data Controller”, “Processing”, “Processed”, “Supervisory Authority” and “Data Subject” in this Agreement shall be construed in accordance with the meanings attributed to them in the General Data Protection Regulation and other applicable Data Protection Laws.
- References to the term “Data Controller in Common” means where two or more Data Controllers share a pool of Personal Data that they Process independently of each other.
- A reference to a statute or statutory provision is a reference to it as it is in force as at the date of this agreement. Such reference shall include all subordinate legislation made as at the date of the Agreement under that statute or statutory provision.
- This Schedule (6) sets out the framework for the sharing and Processing of Personal Data under this Agreement in circumstances where (a) both parties are acting as Data Controllers in relation to such Personal Data; and (b) the Supplier is Processing Personal Data on behalf of the Company in performing its obligations under this Agreement. Both parties shall comply with all applicable requirements of the Data Protection Laws. This Schedule (6) is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under the Data Protection Laws.
- Data Controllers
- Where both parties are Data Controllers in Common, each party shall:
- ensure that it processes Shared Personal Data fairly and lawfully in accordance with all applicable Data Protection Laws;
- ensure that it has a legal basis under the Data Protection Laws for the Processing of Shared Personal Data;
- not transfer Shared Personal Data outside the European Economic Area (“EEA”) unless it ensures that (i) the transfer is to a country approved by the European Commission as providing adequate protection pursuant to Article 45 of the GDPR; (ii) there are appropriate safeguards in place pursuant to Article 46 of the GDPR; or (iii) one of the derogations for specific situations in Article 49 of the GDPR applies to the transfer; and
- cooperate in good faith to provide such assistance as is reasonably required to enable the other party to comply with requests from Data Subjects to exercise their rights under the Data Protection Laws in relation to Shared Personal Data within the time limits imposed by the Data Protection Laws.
- The parties shall each comply with its obligation to report a Personal Data Breach to the appropriate Supervisory Authority and (where applicable) Data Subjects under Article 33 of the GDPR.
- The party receiving the Shared Personal Data shall promptly inform the other party of any Personal Data Breach irrespective of whether there is a requirement to notify any Supervisory Authority or Data Subject(s).
- Both parties agree to provide such assistance as is reasonably necessary to each other to facilitate the handling of any Personal Data Breach in an expeditious and compliant manner.
- Personal data processing
- The parties acknowledge that for the purposes of the Data Protection Laws, where the Provider Processes Personal Data on behalf of the Customer when performing its obligations under this Agreement, the Customer is the Data Controller and the Provider is the Data Processor.
- Without prejudice to clause 2 above, the Data Processor shall in relation to any Personal Data processed in connection with the performance by the Data Processor of its obligations under this Agreement:
- comply promptly with, and only process Personal Data in accordance with, all written instructions from the Data Controller from time to time, unless the Data Processor is required by the law of the European Union or the law of any member state of the European Union to otherwise process that Personal Data. Where the Data Processor is relying on such EU or member state laws as the basis for processing Personal Data, the Data Processor shall promptly notify the Data Controller in writing of this before performing any Processing required by such laws, save for when the law prohibits such notification;
- co-operate at all times with the Data Controller and any applicable Supervisory Authority as it exercises its obligations for ensuring compliance with the Data Protection Laws;
- not Process Personal Data for any purpose other than for the provision of products or services to the Data Controller under this Agreement and only to the extent reasonably necessary for the performance of this Agreement;
- take all necessary steps to ensure the reliability and suitability of individuals authorised to access Personal Data, including ensuring that any persons employed or engaged by the Data Processor have undertaken training in respect of the Data Processor’s obligations under this Agreement;
- ensure that access to Personal Data is strictly on a need to know basis and is restricted to those persons who need to access the Personal Data in order to meet the Data Processor’s obligations under this Agreement, and ensure that all persons who are permitted to access the Personal Data are obliged to keep the Personal Data confidential before beginning any Processing; and
- ensure that, upon the request of the Data Controller, the Data Processor shall delete, modify, suppress, amend, move, or otherwise Process the Personal Data.
- The Data Processor shall not engage a sub-Processor of the Personal Data without the prior written consent or authorisation from the Data Controller. If the Data Controller gives express written authorisation for the Data Processor to engage a Subprocessor, the Sub-processor shall be engaged on identical, or substantially similar terms as set out in this Agreement. As between the Data Controller and the Data Processor, the Data Processor shall remain fully liable for all acts or omissions of any Sub-processor appointed by it pursuant to this clause (4.3).
- The Data Processor shall not, and shall procure that employees, agents and sub-contractors shall not, transfer or Process, including remotely accessing, any Personal Data outside the EEA without the prior written consent and instruction of the Data Controller. In the event that the Data Controller provides such prior written consent, the Data Processor shall only Process or transfer any Personal Data outside the EEA if:
- the Data Processor has provided appropriate safeguards in accordance with Data Protection Laws in relation to the transfer, the Data Subject has enforceable rights and effective legal remedies and the Data Processor provides an adequate level of protection to any Personal Data that is transferred.
- The Processor shall notify the Data Controller of any request made by a Data Subject or any other third party (including government bodies or law enforcement agencies) to access Personal Data Processed by the Data Processor on behalf of the Data Controller within 2 days of receiving the request and, if required by the Data Controller, permit the Data Controller to handle such request and at all times cooperate with and assist the Data Controller with executing its obligations under the Data Protection Laws in relation to such requests. If the Data Controller elects not to handle any such request received by the Data Processor, the Data Processor shall comply with such request. In all cases, the Data Processor shall, upon request of the Data Controller, provide a copy to the Data Controller of all Personal Data which it does so disclose.
- The Data Processor shall, as soon as reasonably practicable in the circumstances and in any event within 24 hours of becoming aware, promptly notify the Data Controller in writing of any actual or suspected Personal Data Breach, and such notice shall include reasonable details of such unauthorised access or Processing of Personal Data, including without limitation details in respect of the categories and approximate number of individuals concerned, the categories and approximate number of records, the likely consequences of the breach and the measures taken or proposed to be taken to mitigate and address the breach.
- The Data Processor shall assist the Data Controller in ensuring compliance with its obligations under the Data Protection Laws with respect to security, breach notifications, impact assessment and consultations with Supervisory Authorities or regulators.
- The Data Processor shall permit, at no cost to the Data Controller, the Data Controller and / or any Supervisory Authority, by their respective authorised representatives from time to time, to inspect and audit any Data Processor, agent or Sub-processor premises or records, and shall comply with all reasonable requests by the Data Controller during or as a result of such / inspection, to enable the Data Controller and/or any Supervisory Authority to verify that the Data Processor is in full compliance with its obligations under this Agreement and the Data Protection Laws.
- The Data Processor shall implement all necessary and appropriate technical and organisational measures in accordance with the Data Protection Laws (and permit the Data Controller to audit, review and approve such measures upon request) to:
- protect the security and confidentiality of Personal Data Processed by the Data Processor;
- protect against unauthorised or unlawful Processing of Personal Data; and
- protect Personal Data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure, access, or Processing.
- The Data Processor shall (and shall ensure that its employees, agents and Sub-processor(s)) delete or return all Personal Data to the Data Controller, at the Data Controller’s request, that is in the Data Processor’s or Sub-processor’s control on termination or expiry of this Agreement.
- Data breach policy
- If a data breach is detected then the Provider will notify within 72 hours the Customer of the breach, and also notify those where their personal data is affected. The Provider will take actions to mitigate the affects of those breaches and keep a record of the breaches.