TASKEATER TERMS AND CONDITIONS
The following definitions and rules of interpretation apply in the Service Agreement.
“Applicable Laws” means all applicable laws, statutes, regulations and codes from time to time in force.
“Authorised Sub-Processors” means the entities set out in clause 5.10 set out in these terms.
“Business Purposes” has the meaning set later in clause 5.2.
“Business Day” means a day, other than Saturday and Sunday, when banks in London are open for business.
“Change Order” shall be a document setting out the proposed changes and the effect that those changes will have on the
Services, the Resources, the Supplier’s existing charges; and/or any of the terms of the Service Agreement.
“Charges” means the sums payable for the Services, as set out in Schedule 1 of the signed Service Agreement.
“Control” shall be as defined in section 1124 of the Corporation Tax Act 2010, and the expression change of control: shall be construed accordingly.
“Customer” means the Party identified as ‘Customer’ in the Service Agreement.
“Data Controller” or “Controller” has the meaning given in applicable Data Protection Legislation from time to time.
“Data Subject” has the meaning given in applicable Data Protection Legislation from time to time.
“Data Protection Legislation” all applicable privacy and data protection laws including the General Data Protection
Regulation ((EU) 2016/679) and any applicable national implementing laws, regulations and secondary legislation in England and Wales relating to the processing of Personal Data and the privacy of electronic communications, as amended, replaced or updated from time to time, including the Privacy and Electronic Communications Directive (2002/58/EC) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426).
“Deliverables” means any output from the completed Services to the Customer.
“Intellectual Property Rights” means patents, rights to inventions, copyright and neighbouring and related rights, moral rights, trademarks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, rights in computer software, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.
“GDPR” means the General Data Protection Regulation (EU) 2016/679.
“ICO” means the Information Commissioner’s Office. “Party” means any one signatory of the Service Agreement.
“Parties” means all the signatories of the Service Agreement.
“Personal Data” means any information relating to an identified or identifiable natural person that is processed by the Supplier as a result of, or in connection with, the provision of the services under the Service Agreement; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Personal Data Breach” a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
“Processing” or “processes” or “process” means either any activity that involves the use of Personal Data or as the Data Protection Legislation may otherwise define processing, processes or process. It includes any operation or set of operation which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection,
recording. organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Processing also includes transferring Personal Data to third parties.
“Processor” or “Data Processors” has the meaning given in applicable Data Protection Legislation from time to time.
“Resources” means the personnel made available by the Supplier to the Customer from time to time and as initially set out in Schedule.
“Services” means the Deliverables as defined in the Service Agreement.
“Service Agreement” means the most recently signed service agreement between the Parties, including its attachments namely any effective schedules, change orders and these Terms and Conditions.
“Supplier” means the Party identified as ‘Supplier’ in the Service Agreement.
“Terms and Conditions” means this document of terms titled ‘Taskeater Terms and Conditions version 1.03’ available at https://www.taskeater.com/termsandconditionsv103/.
“VAT” means value added tax chargeable under the Value Added Tax Act 1994.
- 1.2 Clause, Schedule and paragraph headings shall not affect the interpretation of the Service Agreement.
- 1.3 A person includes a natural person, corporate or unincorporated body (whether or not having separate legal personality)
- 1.4 The Schedules form part of the Service Agreement and shall have effect as if set out in full in the body of the Service Agreement. Any reference to the Service Agreement includes the Schedules.
- 1.5 A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.
- 1.6 Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular.
- 1.7 Unless the context otherwise requires, a reference to one gender shall include a reference to the other genders.
- 1.8 The Service Agreement shall be binding on, and enure to the benefit of, the Parties to the Service Agreement and their respective personal representatives, successors and permitted assigns, and references to any Party shall include that Party’s personal representatives, successors and permitted assigns.
- 1.9 A reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time.
- 1.10 A reference to a statute or statutory provision shall include all subordinate legislation made from time to time under that statute or statutory provision.
- 1.11 A reference to writing or written includes email.
- 1.12 Any obligation on a Party not to do something includes an obligation not to allow that thing to be done.
- 1.13 A reference to the Service Agreement or to any other agreement or document referred to in the Service Agreement is a reference of the Service Agreement or such other agreement or document as varied or novated (in each case, other than in breach of the provisions of the Service Agreement) from time to time.
- 1.14 References to clauses and Schedules are to the clauses and Schedules the Service Agreement.
- 1.15 Any words following the terms including, include, in particular, for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.
- 2. CONFIDENTIALITY
- 2.1 Each Party undertakes that it shall not at any time disclose to any person any confidential information concerning the business, affairs, customers, clients or suppliers of the other Party except as permitted by the Terms and Conditions.
- 2.2 Each Party may disclose the other Party’s confidential information:
- 2.2.1 to its employees, officers, representatives or advisers who need to know such information for the purposes of
exercising the Party’s rights or carrying out its obligations under or in connection with the Service Agreement. Each
Party shall ensure that its employees, officers, representatives or advisers to whom it discloses the other Party’s
confidential information comply with the Terms and Conditions; and
- 2.2.2 as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority.
- 2.3 No Party shall use any other Party’s confidential information for any purpose other than to exercise its rights and perform its obligations under or in connection with the Service Agreement.
- 3 INTELLECTUAL PROPERTY RIGHTS
- 3.1 In relation to the Customer Materials, the Customer:
- 3.3.3 and its licensors shall retain ownership of all IPRs in the Customer Materials; and
- 3.1.2 grants the Supplier a fully paid-up, non-exclusive, royalty-free, non-transferable licence to copy and modify the Customer Materials for the term of the Service Agreement for the purpose of providing the Services to the Customer.
- 3.2 The Customer:
- 3.2.1 warrants that the receipt and use of the Customer Materials in the performance of the Service Agreement by the
Supplier, its agents, subcontractors or consultants shall not infringe the rights, including any Intellectual Property
Rights, of any third party; and
- 3.2.2 shall keep the Supplier indemnified in full against all costs, expenses, damages and losses, including any interest,
fines, legal and other professional fees and expenses awarded against or incurred or paid by the Supplier as a result of
or in connection with any claim brought against the Supplier, its agents, subcontractors or consultants for actual or
alleged infringement of a third party’s Intellectual Property Rights arising out of, or in connection with, the receipt or
use in the performance of the Service Agreement of the Customer Materials.
- 3.3 If the Customer (the “Indemnifying Party”) is required to indemnify the Supplier (the “Indemnified Party”) under the Terms and Conditions, the Indemnified Party shall:
- 3.3.1 notify the Indemnifying Party in writing of any claim against it in respect of which it wishes to rely on the
indemnity of the Terms and Conditions (“IPRs Claim”);
- 3.3.2 allow the Indemnifying Party, at its own cost, to conduct all negotiations and proceedings and to settle the IPRs
Claim, always provided that the Indemnifying Party shall obtain the Indemnified Party’s prior approval of any
settlement terms, such approval not to be unreasonably withheld;
- 3.3.3 provide the Indemnifying Party with such reasonable assistance regarding the IPRs Claim as is required by the
Indemnifying Party, subject to reimbursement by the Supplier of the Indemnified Party’s costs so incurred; and
- 3.3.4 not, without prior consultation with the Indemnifying Party, make any admission relating to the IPRs Claim or
attempt to settle it, provided that the Indemnifying Party considers and defends any IPRs Claim diligently, using
competent counsel and in such a way as not to bring the reputation of the Indemnified Party into disrepute.
- 4. SECURITY
- 4.1 The Supplier shall take the following technical and organisational measures:
- 4.1.1 physical access controls;
- 4.1.2 system access controls;
- 4.1.3 data access controls;
- 4.1.4 transmission controls;
- 4.1.5 input controls;
- 4.1.6 data backups; and
- 4.1.7 data segregation.
- 4.2 The Supplier shall implement and maintain technical and organisational security measures set out in this clause to protect the Personal Data in accordance with the Data Protection Laws, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of the Personal Data to be carried out under or in connection with the Service Agreement, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons and the risks that are presented by the processing, especially from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Personal Data transmitted, stored or otherwise processed, the Supplier shall implement appropriate technical and organisational security measures appropriate to the risk.
- 4.3 The Supplier shall implement such appropriate technical and organisational measures to ensure a level of security appropriate to the risk involved, including:
- 4.3.1 the pseudonymisation and encryption of personal data;
- 4.3.2 the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- 4.3.3 the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
- 4.3.4 a process for regularly testing, assessing and evaluating the effectiveness of security measures.
- 5. DATA PROTECTION AND DATA PROCESSING
- 5.1 The Customer and the Supplier acknowledge that for the purposes of the Data Protection Legislation, the Customer is the Data Controller and the Supplier is the Data Processor in respect of any Personal Data.
- 5.2 Processing of Personal Data is required for the purpose of providing cost-effective solutions as more particularly set out in the Service Agreement signed by the parties (the “Business Purposes”).
- 5.3 The Supplier shall process Personal Data:
- 5.3.1 pursuant to the Data Subject’s consent;
- 5.3.2 to fulfil contracts;
- 5.3.3 pursuant to the Supplier’s legitimate interests; and/or
- 5.3.4 The Supplier’s legal duty.
- 5.4 The Supplier shall process the Personal Data only in accordance with the Customer’s instructions from time to time and shall not process the Personal Data for any purposes other than those expressly authorised by the Customer.
- 5.5 Types of Personal Data may include but not limited to:
- 5.5.1 financial positions;
- 5.5.2 contact details;
- 5.5.3 addresses;
- 5.5.4 details about products and services the Customer provides to its clients;
- 5.5.5 data obtained from other sources, including any third party;
- 5.5.6 any personal data learned by the Supplier from the correspondence received from the Customer;
- 5.5.7 Personal Data obtained from public records and information openly available on the Internet;
- 5.5.8 Personal Data contained in documents or copies of them which we have access to;
- 5.5.9 racial or ethnic origin;
- 5.5.10 religious or philosophical beliefs;
- 5.5.11 trade union membership;
- 5.5.12 genetic and bio-metric data;
- 5.5.13 health data including gender;
- 5.5.14 criminal convictions and offences; and
- 5.5.16 any permissions, consents, or preferences made known to the Supplier.
- 5.6 The Customer retains control of the Personal Data and remains responsible for its compliance obligations under the applicable Data Protection Legislation, including providing any required notices and obtaining any required consents, and for the processing instructions it gives to the Supplier.
- 5.7 Each Party agrees to indemnify and keep indemnified and defend at its own expense the other Party against all costs, claims, damages or expenses incurred by the other Party or for which the other Party may become liable due to any failure by the first Party or its employees or agents to comply with any of its obligations under the Terms and Conditions.
- 5.8 The Customer acknowledges that the Supplier is reliant on the Customer for direction as to the extent to which the Supplier is entitled to use and process the Personal Data. Consequently, the Supplier will not be liable for any claim brought by a Data Subject arising from any action or omission by the Supplier, to the extent that such action or omission resulted directly from the Customer’s instructions.
- 5.9 The Supplier may authorise a third party (“subcontractor”) to process the Personal Data provided that the subcontractors’ contract:
- 5.9.1 is on terms which are substantially the same as those set out in the Service Agreement; and
- 5.9.2 terminates automatically on termination of the Service Agreement for any reason.
- 5.10 The Customer authorises the appointment of the following Sub-Processors (“Authorised Sub-Processors”):
- 5.10.1 Taskeater Bangladesh Limited, a company incorporated in accordance with the laws of Bangladesh with
company number C-121412 having its registered address at 9th Floor, High Tower, 9 Mohakhali C/A, Dhaka 1212, Bangladesh; and
- 5.10.2 Bonplay Oy (trading as “Taskeater”), a company incorporated in accordance with the laws of Finland with
company number 0767392-9 having its registered address at Langorintie 119, 00890 Helsinki, Finland.
- 5.11 The Customer authorises the Supplier and the Authorised Sub-Processors to transfer Personal Data to Bangladesh for the purpose of processing related to the Business Purposes, provided that the Supplier complies with its obligation these terms.
- 5.12 The Supplier shall not process, transfer, or otherwise directly or indirectly disclose, any Personal Data in or to countries outside the United Kingdom without the prior written consent of the Customer.
- 5.13 The Supplier must not transfer or otherwise process Personal Data outside the European Economic Area (“EEA”) without obtaining the Customer’s prior written consent.
- 5.14 Where such consent is granted, the Supplier may only process, or permit the processing, of Personal Data outside the EEA subject to the Authorised Sub-Processor:
- 5.14.1 ensuring an adequate level of protection of Personal Data;
- 5.14.2 respecting human rights and freedoms of Data Subjects, complying with relevant legislation, both general and
sectoral, including concerning public security, and the access of public authorities to personal data, as well as the
implementation of such legislation, data protection rules, professional rules and security measures, including rules for
the onward transfer of personal data to another third country or international organisation which are complied with in
that country or international organisation, case-law, as well as effective and enforceable Data Subject rights
and effective administrative and judicial redress for the data subjects whose personal data are being transferred;
- 5.14.3 ensuring compliance with the Data Protection Legislation, including adequate enforcement powers, for assisting
Data Subjects in exercising their rights and for cooperation with the supervisory authorities of the EEA; and
- 5.14.4 complying with other obligations arising from legally binding conventions or instruments as well as from its
participation in multilateral or regional systems, in particular in relation to the protection of personal data.
- 5.15 The Supplier may transfer Personal Data outside the EEA subject to providing appropriate safeguards and provided that enforceable data subject rights and effective legal remedies for data subjects are available.
- 5.16 The Supplier may only authorise any Authorised Sub-Contractor to process the Personal Data if:
- 5.16.1 the Customer is provided with an opportunity to object to the appointment of each subcontractor within 14 Business
Days after the Supplier supplies the Customer with full details regarding such subcontractor;
- 5.16.2 the Supplier maintains control over all Personal Data it entrusts to the Authorised Sub-Contractor and
- 5.16.3 the Authorised Sub-Contractor contract terminates automatically on termination of this Agreement for any reason.
- 5.17 Where any Authorised Sub-Contractor fails to fulfil its obligations set out in this Agreement or any other relevant agreement, the Supplier remains fully liable to the Customer for the Authorised Sub-Contractor’s performance of its obligations under this Agreement.
- 5.18 The Parties consider the Supplier to control any Personal Data controlled by or in the possession of its subcontractors.
- 5.19 Any provision of this Agreement that expressly or by implication should come into or continue in force on or after termination of the Service Agreement in order to protect Personal Data will remain in full force and effect.
- 5.20 If a change in any Data Protection Legislation prevents either Party from fulfilling all or part of its Service Agreement obligations, the parties will suspend the processing of Personal Data until that processing complies with the new requirements. If the parties are unable to bring the Personal Data processing into compliance with the Data Protection Legislation within 30 Business Days, they may terminate the Service Agreement on written notice to the other Party.
- 6. RESPONSIBILITIES OF THE CUSTOMER FOR DATA PROTECTION
- 6.1 The Customer shall at all times comply with all Data Protection Laws in connection with the processing of Personal Data. The Customer shall ensure all instructions given by it to the Supplier in respect of Personal Data shall at all times be in accordance with Data Protection Legislation.
- 6.2 The Customer undertakes to promptly respond to the Data Subjects’ requests pursuant to the Data Protection Legislation, including but not limited to requests pursuant to the Data Subjects’ rights under the Terms and Conditions.
- 6.3 The Customer shall provide the Data Subjects, where personal data, relating to the Data Subject is obtained for the purposes of processing, including, but not limited to:
- (a) the identity and the contact details of the Controller and, where applicable, of the Controller’s representative;
- (b) the contact details of the data protection officer, if applicable;
- (c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing; and
- (d) the nature of the legitimate reason, if processing is necessary for the purposes of the legitimate interests pursued by
the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights
and freedoms of the Data Subjects which require protection of Personal Data, in particular where the Data Subject is a child.
- 7. RESPONSIBILITIES OF THE SUPPLIER FOR DATA PROTECTION
- 7.1 The Supplier shall take reasonable steps to ensure the reliability of all its employees who have access to the Personal Data.
- 7.2 The Supplier warrants that, having regard to the state of technological development and the cost of implementing any measures, it will:
- 7.2.1 take appropriate technical and organisational measures against the unauthorised or unlawful processing of
Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to:
- (a) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and
- (b) the nature of the data to be protected.
- 7.2.2 take reasonable steps to ensure compliance with those measures.
- 7.3 The Supplier shall:
- 7.3.1 not permit any processing of Personal Data by any agent, subcontractor or other third party except the authorised
Sub-Processors and the Supplier’s and the authorised Sub-Processors’ employees in the course of their employment;
- 7.3.2 prior to the relevant Authorised Sub-Processor carrying out any processing activities in respect of the Personal
Data, appoint each Authorised Sub-Processor under a written contract containing materially the same obligations as
set out in this Agreement and ensure each such Sub-Processor complies with all such obligations; and
- 7.3.3 ensure that all persons authorised by the Supplier or any Authorised Sub-Processor to process Personal Data are
subject to a binding written contractual obligation to keep the Personal Data confidential.
- 7.4 The Supplier will keep detailed, accurate and up-to-date written records regarding any processing of Personal Data it carries out for the Customer, including but not limited to, the access, control and security of the Personal Data, Approved Sub-Contractors and affiliates, the processing purposes, categories of processing, any transfers of personal data to a third country and related safeguards, and a general description of the technical and organisational security measures referred to in these terms (“Records”).
- 7.5 The Supplier will ensure that all employees:
- 7.5.1 are informed of the confidential nature of the Personal Data and are bound by confidentiality obligations and use
restrictions in respect of the Personal Data; and
- 7.5.2 are aware of their duties and obligations under the Data Protection Legislation and this Agreement.
- 7.6 The Supplier shall take steps steps to ensure the reliability, integrity and trustworthiness of and conduct background checks consistent with applicable law on all of the Supplier’s employees with access to the Personal Data.
- 7.7 The Supplier shall use its reasonable endeavours in assisting the Customer in its obligation to take appropriate measures in relation to the Data Subjects’ rights set out in these terms.
- 7.8 The Supplier shall, at the Customer’s cost, taking into account the nature of the processing, assist the Customer (by appropriate technical and organisational measures), insofar as this is possible, for the fulfilment of the Customer’s obligations to respond to requests for exercising the Data Subjects’ rights set out in these terms.
- 8. COMPLAINTS, DATA SUBJECT REQUESTS AND THIRD PARTY RIGHTS
- 8.1 The Supplier shall take such technical and organisational measures as may be appropriate and necessary, and promptly provide such information to the Customer as the Customer may reasonably require, to enable the Customer to comply with the rights of Data Subjects under the Data Protection Legislation, including subject access rights, the rights to rectify and erase personal data, object to the processing and automated processing of personal data, and restrict the processing of personal data.
- 8.2 The Supplier must notify the Customer immediately if it receives any complaint, notice or communication that relates directly or indirectly to the processing of the Personal Data or to either Party’s compliance with the Data Protection Legislation.
- 8.3 The Supplier must notify the Customer within 5 working days if it receives a request from a Data Subject for access to their Personal Data or to exercise any of their related rights under the Data Protection Legislation.
- 8.4 The Supplier will give the Customer its full co-operation and assistance in responding to any complaint, notice, communication or Data Subject request.
- 8.5 The Supplier must not disclose the Personal Data to any Data Subject or to a third party other than at the Customer’s request or instruction, as provided for in this Agreement or as required by law.
- 8.6 The Supplier will only process the Personal Data to the extent, and in such a manner, as is necessary for the Business Purposes in accordance with the Customer’s written instructions. The Supplier will not process the Personal Data for any other purpose or in a way that does not comply with this Agreement or the Data Protection Legislation. The Supplier must promptly notify the Customer if, in its opinion, the Customer’s instruction would not comply with the Data Protection Legislation.
- 8.7 The Supplier shall comply with any Customer request or instruction requiring the Supplier to amend, transfer, delete or otherwise process the Personal Data, or to stop, mitigate or remedy any unauthorised processing.
- 8.8 The Supplier will maintain the confidentiality of all Personal Data and will not disclose Personal Data to third parties unless the Customer or this Agreement specifically authorises the disclosure, or as required by law. If a law, court, regulator or supervisory authority requires the Supplier to process or disclose Personal Data, the Supplier must first inform the Customer of the legal or regulatory requirement and give the Customer an opportunity to object or challenge the requirement, unless the law prohibits such notice.
- 8.9 The Supplier must promptly notify the Customer of any changes to Data Protection Legislation that may adversely affect the Supplier’s performance of the Service Agreement.
- 8.10 The Supplier shall only process the Personal Data in accordance with the Service Agreement, unless alternative processing instructions are agreed between the parties in writing, except where otherwise required by applicable law and shall inform the Customer of that legal requirement before processing, unless applicable law prevents it doing so on important grounds of public interest.
- 8.11 If the Supplier believes that any instruction received by it from the Customer is likely to infringe the Data Protection Legislation it shall promptly inform the Customer and be entitled to cease to provide the relevant Services until the parties have agreed appropriate amended instructions which are not infringing.
- 9. PERSONAL DATA BREACH
- 9.1 The Supplier shall notify the Customer in writing upon becoming aware of any Personal Data Breach in respect of any Personal Data.
- 9.2 The Parties shall keep a record of any personal data breaches and supply a copy to the other Party as may reasonably be required.
- 9.3 Where a Personal Data breach has occurred, each Party, upon becoming aware of the breach, must establish the likelihood and severity of the resulting risk to people’s rights and freedoms. If the Customer determines that the risk is likely to result in a risk to people’s rights and freedoms, including but not limited to a likelihood of identity fraud, likelihood of a financial loss, it must notify the ICO as soon as practical, but in any event not later than 72 hours from becoming aware of such breach.
- 9.4 Where the Supplier becomes aware of a Personal Data Breach it shall, without undue delay, provide the Customer with the following information:
- 9.4.1 description of the nature of, including the categories and approximate number of both Data Subjects and Personal
Data records concerned;
- 9.4.2 the likely consequences; and
- 9.4.3 description of the measures taken or proposed to be taken to address such Personal Data Breach, including
measures to mitigaxte any possible adverse effects.
- 9.5 Promptly, following any unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties shall co-ordinate with each other to investigate the matter. The Supplier will, at the Customer’s cost, reasonably co-operate with the Customer in the Customer’s handling of the matter, including:
- 9.5.1 assisting with any investigation;
- 9.5.2 making available all relevant records, logs, files, data reporting and other materials required to comply with all
Data Protection Legislation or as otherwise reasonably required by the Customer; and
- 9.5.3 taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the
Personal Data Breach or unlawful Personal Data processing.
- 9.6 The Supplier will not inform any third party of any Personal Data Breach without first obtaining the Customer’s prior written consent, such consent not to be unreasonably withheld, except when required to do so by law.
- 9.7 The Supplier will cover all reasonable expenses associated with the performance of the obligations under this clause unless the matter arose from the Customer’s specific instructions, negligence, wilful default or breach of this Agreement, in which case the Customer will cover all reasonable expenses.
- 10. DATA RETURN AND DESTRUCTION
- 10.1 At the Customer’s request, the Supplier will give the Customer a copy of the Customer’s Personal Data in its possession or control in the format and on the media reasonably specified by the Customer.
- 10.2 If any law, regulation, or government or regulatory body requires the Supplier to retain any documents or materials that the Supplier would otherwise be required to return or destroy, it will notify the Customer in writing of that retention requirement, giving details of the documents or materials that it must retain, the legal basis for retention.
- 11. CONSEQUENCES OF TERMINATION
- 11.1 On termination or expiry of the Service Agreement:
- 11.1.1 the Customer shall immediately pay to the Supplier all of the Supplier’s outstanding unpaid invoices and interest
and, in respect of the Services supplied but for which no invoice has been submitted, the Supplier may submit an
invoice, which shall be payable immediately on receipt;
- 11.1.2 the Supplier will securely delete or destroy or, if directed in writing by the Customer, return and not retain, all or
any Personal Data related to this Agreement in its possession or control, except for one copy that it may retain and use
for 12 months for audit purposes only.
- 11.1.3 the following clauses of the Terms and Conditions shall continue in force: clause 1 (Interpretation), clause 2
(Confidentiality), clause 3 (Intellectual property rights), clause 13 (Limitation of liability), clause 11 (Consequences of
termination), clause 16 (Waiver), clause 20 (Severance), clause 21 (Conflict); and
- 11.1.4 the clauses with the following titles the Service Agreement shall continue in force: Non-solicitation, Limitation of
liability, Governing law, Entire Agreement and Jurisdiction.
- 11.2 The agreements around Personal Data outlined in the Terms and Conditions shall stay in full force as long as the Supplier retains any Personal Data related to the Service Agreement in its possession or control.
- 11.3 Termination or expiry of the Service Agreement shall not affect any rights, remedies, obligations or liabilities of the Parties that have accrued up to the date of termination or expiry, including the right to claim damages in respect of any breach of the Service Agreement which existed at or before the date of termination or expiry.
- 12. FORCE MAJEURE
- 12.1 “Force Majeure Event” means any circumstance not within a Party’s reasonable control including, without limitation:
- 12.1.1 acts of God, flood, drought, earthquake or other natural disaster;
- 12.1.2 epidemic or pandemic;
- 12.1.3 terrorist attack, civil war, civil commotion or riots, war, threat of or preparation for war, armed conflict,
imposition of sanctions, embargo, or breaking off of diplomatic relations;
- 12.1.4 nuclear, chemical or biological contamination or sonic boom;
- 12.1.5 any law or any action taken by a government or public authority, including without limitation imposing an export
or import restriction, quota or prohibition, or failing to grant a necessary licence or consent;
- 12.1.6 collapse of buildings, fire, explosion or accident;
- 12.1.7 any labour or trade dispute, strikes, industrial action or lockouts;
- 12.1.8 non-performance by suppliers or subcontractors; and
- 12.1.9 interruption or failure of utility service.
- 12.2 If a Party is prevented, hindered or delayed in or from performing any of its obligations under the Service Agreement by a Force Majeure Event (“Affected Party”), the Affected Party shall not be in breach of the Service Agreement or otherwise liable for any such failure or delay in the performance of such obligations. The time for performance of such obligations shall be extended accordingly.
- 12.3 The Affected Party shall:
- 12.3.1 as soon as reasonably practicable after the start of the Force Majeure Event, notify the other Party in writing of the Force Majeure Event, the date on which it started, its likely or potential duration, and the effect of the Force Majeure Event on its ability to perform any of its obligations under the Service Agreement; and
- 12.3.2 use all reasonable endeavours to mitigate the effect of the Force Majeure Event on the performance of its obligations.
- 12.4 If the Force Majeure Event prevents, hinders or delays the Affected Party’s performance of its obligations for a continuous period of more than 8 weeks, the Party not affected by the Force Majeure Event may terminate the Service Agreement by giving 4 weeks’ written notice to the Affected Party.
- 12.5 If the Force Majeure Event prevails for a continuous period of more than 2 months, either Party may terminate the Service Agreement by giving 10 days’ written notice to the other Party. On the expiry of this notice period, the Service Agreement will terminate. Such termination shall be without prejudice to the rights of the parties in respect of any breach of the Service Agreement occurring prior to such termination.
- 13. LIMITATION OF LIABILITY
- 13.1 Nothing in the Service Agreement shall limit or exclude the Supplier’s liability for:
- 13.1.1 death or personal injury caused by its negligence;
- 13.1.2 fraud or fraudulent misrepresentation; or
- 13.1.3 breach of the terms implied by section 2 of the Supply of Goods and Services Act 1982 (title and quiet possession) or any other liability which cannot be limited or excluded by applicable law.
- 13.2 The terms implied by sections 3, 4 and 5 of the Supply of Goods and Services Act 1982 are, to the fullest extent permitted by law, excluded from the Service Agreement.
- 14. ASSIGNMENT AND OTHER DEALINGS
- 14.1 The Service Agreement is personal to the Customer and the Customer shall not assign, transfer, mortgage, charge, subcontract, declare a trust over or deal in any other manner with any of its rights and obligations under the Service Agreement.
- 14.2 The Supplier may at any time assign, mortgage, charge, declare a trust over or deal in any other manner with any or all of its rights under the Service Agreement.
- 15. VARIATION
- 15.1 No variation of the Service Agreement shall be effective unless it is in writing and signed by the Parties (or their authorised representatives).
- 16. WAIVER
- 16.1 A waiver of any right or remedy under the Service Agreement or by law is only effective if given in writing and shall not be deemed a waiver of any subsequent breach or default.
- 16.2 A failure or delay by a Party to exercise any right or remedy provided under the Service Agreement or by law shall not constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict any further exercise of that or any other right or remedy. No single or partial exercise of any right or remedy provided under the Service Agreement or by law shall prevent or restrict the further exercise of that or any other right or remedy.
- 17. WARRANTIES
- 17.1 The Supplier warrants and represents that:
- 17.1.1 it and anyone operating on its behalf will process the Personal Data in compliance with the Data Protection
Legislation and other laws, enactments, regulations, orders, standards and other similar instruments;
- 17.1.2 it has no reason to believe that the Data Protection Legislation prevents it from providing any of the Service
Agreement’s contracted services; and
- 17.1.3 considering the current technology environment and implementation costs, it will take appropriate technical and
organisational measures to prevent the unauthorised or unlawful processing of Personal Data and the accidental loss
or destruction of, or damage to, Personal Data, and ensure a level of security appropriate to:
- 17.1.4 the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage;
- 17.1.5 the nature of the Personal Data protected; and
- 17.1.6 comply with all applicable Data Protection Legislation and its information and security policies.
- 18. The Customer warrants and represents that the Supplier’s expected use of the Personal Data for the Business Purposes and as specifically instructed by the Customer will comply with the Data Protection Legislation.
- 19. RIGHTS AND REMEDIES
- 19.1 The rights and remedies provided under the Service Agreement are in addition to, and not exclusive of, any rights or remedies provided by law.
- 20. SEVERANCE
- 20.1 If any provision or part-provision of the Service Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of the Service Agreement.
- 20.2 If any provision or part-provision of the Service Agreement is invalid, illegal or unenforceable, the Parties shall negotiate in good faith to amend such provision so that, as amended, it is legal, valid and enforceable, and, to the greatest extent possible, achieves the intended commercial result of the original provision.
- 21. CONFLICT
- 21.1 If there is an inconsistency between any of the provisions of the effective signed service agreement document, Schedules, change orders, and Terms and Conditions, the provisions of the service agreement document shall prevail.
- 22. NO PARTNERSHIP OR AGENCY
- 22.1 Nothing in the Service Agreement is intended to, or shall be deemed to, establish any partnership or joint venture between any of the parties, constitute any Party the agent of another Party, or authorise any Party to make or enter into any commitments for or on behalf of any other Party.
- 22.2 Each Party confirms it is acting on its own behalf and not for the benefit of any other person.
- 23. THIRD PARTY RIGHTS
- 23.1 No one other than a Party to the Service Agreement, their successors and permitted assignees, shall have any right to enforce any of its terms.
- 24. NOTICES
- 24.1 Any notice given to a Party under or in connection with the Service Agreement shall be:
- 24.1.1 in writing;
- 24.1.2 delivered by hand, email or reputable international courier; and
- 24.1.3 sent to the physical address specified in the recitals or to the corporate email address of the other Party’s signatory.
- 24.2 Any notice given by either Party shall be deemed to have been received:
- 24.2.1 if delivered by hand, at the time it is left at the relevant address;
- 24.2.2 if sent by email, at the time the other Party as replied to the email; or
- 24.2.3 if sent by a reputable international courier, at the time when it is recorded as being delivered.
- 24.3 This clause does not apply to the service of any proceedings or any documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.
- 25. COUNTERPARTS
- 25.1 The Service Agreement may be executed in any number of counterparts, each of which when executed shall constitute a duplicate original, but all the counterparts shall together constitute the one agreement.
- 25.2 Transmission of an executed counterpart of the Service Agreement (but for the avoidance of doubt not just a signature page) by email (in PDF, JPEG or other agreed format) shall take effect as delivery of an executed counterpart of the Service Agreement. If either method of delivery is adopted, without prejudice to the validity of the Service Agreement thus made, each Party shall provide the other with the original of such counterpart as soon as reasonably possible thereafter.
- 25.3 No counterpart shall be effective until each Party has executed at least one counterpart.