Terms and conditions of the sale of services by CY4OR LEGAL Limited (CYFOR)
© CY4OR LEGAL Limited 2019
CY4OR LEGAL TACOS Rev 4.9 08/2019
1.1. The definitions and rules of interpretation in this condition apply in these terms and conditions (“Conditions”).
Contract: any contract between the Supplier and the Customer for the supply and purchase of the Services formed in accordance with Condition 2;
Customer: a customer whose order for the Services is accepted by the Supplier in accordance with Condition 2; typically this will be the entity to whom all correspondence and Quotations have been addressed.
Deliverables: all Documents, products and materials developed by the Supplier solely in relation to a Contract in any form, including computer programs, data, reports and
Document: includes any document in writing, any drawing, map, plan, diagram, design, picture or other image, tape, disk or other device or record embodying information in any form;
Exhibits: all Documents, information and materials required by the Supplier so as to enable the Supplier to carry out the Services including, computers, phones, computer programs, data, reports and specifications, original evidential material and any other material and/or items appropriate to the investigation and required by the Supplier so as to enable the Supplier to provide the Services;
Force Majeure: any cause preventing the Supplier from performing its obligations which arises from or is attributable to acts, events, omissions or accidents beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes (whether involving the workforce of the Customer, Supplier or any other party), failure of a utility service, failure of IT systems and/or equipment, or transport network, act of God, war, terrorism, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or sub-contractors;
Intellectual Property Rights: all patents, rights to inventions, utility models, copyright and related rights, trade marks, service marks, trade names, business and domain names, rights in trade dress or get-up, rights in goodwill or to sue for passing off, unfair competition rights, rights in designs, rights in computer software, database rights, topography rights, moral rights, rights in confidential information (including know-how and trade secrets) and any other intellectual property rights, in each case whether registered or unregistered and including all applications for and renewals or extensions of such rights, and all similar or equivalent rights or forms of protection in any part of the world;
Normal Working Hours: 09:00 until 17:00 on a Working Day;
Normal Support Hours: 08:00 until 20:00 on a Working Day;
Quotation: a written quotation given by the Supplier to the Customer setting out, amongst other things, the scope of the Services and an estimate of the charges payable by the Customer in respect of such Services. All quotations are provided on the basis of information provided by the Customer to the Supplier but due to the nature of the Services cannot be expected to be prescriptive and Charges may vary in accordance with these Terms and Conditions after commencement of the Services.
Services: the services to be provided by the Supplier under the Contract in accordance with these Conditions, Quotation and the Supplier’s obligations under the Contract, as may be amended from time to time in accordance with these Conditions;
Supplier: CY4OR LEGAL Limited incorporated and registered in
England and Wales with company number 06295131 whose registered office is at PO BOX 266, Manchester, M24 0BY; CY4OR LEGAL Limited also trading as CYFOR and CYFOR SECURE.
VAT: value added tax chargeable under English law for the time being and any similar additional tax;
Working Day: any day other than Saturday or Sunday or a bank or statutory holiday in England.
1.2. Condition headings shall not affect the interpretation of these Conditions.
1.3. A person includes a natural person, corporate or unincorporated body (whether or not having separate legal personality) and that person’s legal and personal representatives, successors and permitted assigns.
1.4. Words in the singular shall include the plural and vice versa.
1.5. A reference to a statute or statutory provision is a reference to it as it is in force for the time being, taking account of any amendment, extension, or re-enactment and includes any subordinate legislation for the time being in force made under it.
1.6. A reference to writing or written includes, but is not limited to, verbal, letters, faxes, emails and text messages.
1.7. Where the words include(s), including or in particular are used in these Conditions, they are deemed to have the words without limitation following them and where the context permits, the words other and otherwise are illustrative and shall not limit the sense of the words preceding them.
1.8. An obligation in a Contract on a person not to do something includes an obligation not to agree, allow, permit or acquiesce in that thing being done.
2. Application of Conditions
2.1. These Conditions shall:
(a) apply to and be incorporated into every Contract;
(b) prevail over any terms or conditions (whether inconsistent or not) contained, or referred to, in any quotation (other than the Quotation), proposal, confirmation of order, specification or other Document, or implied by law, trade custom, practice or course of dealing;
(c) be subject to the terms and conditions set out in each Quotation (to the extent that there is any conflict); and
(d) exclude any terms and conditions of purchase submitted at any time by the Customer and whether printed or sent with any order form or otherwise.
2.2. Each order will be deemed to be an offer by the Customer to purchase the Services upon these Conditions. A Contract is formed when the order is accepted by the Supplier by way of written acknowledgement of order. No Contract will come into existence until a written acknowledgement of order is issued by the Supplier or until the Supplier commences the provision of the Services, whichever occurs earlier.
2.3. Quotations are given by the Supplier on the basis that no Contract shall come into existence except in accordance with Condition 2.2. Any Quotation is valid for a period of 30 days from its date, provided that the Supplier has not previously withdrawn it. The Supplier reserves the right to withdraw or revise a Quotation at any time prior to accepting the order from the Customer.
3. Supplier’s obligations
3.1. The Supplier shall provide the Services, and deliver the Deliverables to the Customer.
3.2. The dates mentioned in a Contract and/or any Quotation and/or any order are approximate only and time will not be of the essence as to any performance of the Services and/or delivery of the Deliverables, but the Supplier will use reasonable efforts to fulfil its obligations under a Contract in a timely manner. Additionally, the Supplier will not be liable for any delay in performing the Services and/or delivering the Deliverables that results from any delay or other failure by the Customer in providing any Exhibits and/or Documents and/or other information as may be required by the Contract.
3.3. The Services supplied under a Contract shall continue to be supplied until, in the opinion of the Supplier, the project is completed or until the relevant Contract is terminated in accordance with Condition 11.
3.4. The Supplier shall provide the Services from such premises as it deems appropriate from time to time.
3.5. Where the Services include data hosting on a review platform (“Hosting”) the Supplier shall grant such licences to the Customer as may be necessary for the Customer’s use of the Services and the Supplier shall be entitled to suspend any such licences (without refund) in the event that they are not used within any 7 day period.
3.6. The Services shall be provided during Normal Working Hours and any support services agreed to be undertaken by the Supplier as part of the Services shall take place during Normal Support Hours. In the event that any additional support is required outside the Normal Support Hours, such support shall be provided at the Supplier’s standard rate, as notified to the Customer from time to time.
3.7. The Supplier shall use reasonable endeavours to make the Services, including Hosting, available during Normal Working Hours except for emergency or essential systems maintenance, provided that, where reasonably practicable, the Supplier shall give to the Customer at least 1 hour’s notice in advance.
3.8. Notwithstanding the foregoing, the Supplier does not warrant that the Services will be uninterrupted or error free.
3.9. The Customer acknowledges and agrees that the Supplier is only able to provide the Services based on the information and documents disclosed to it and the Supplier shall not be responsible for any errors when undertaking work on the Customer’s behalf. It is the Customer’s responsibility to check all Deliverables produced by the Supplier
3.10. The Supplier will, and usually only if requested to, by the Customer, conduct a Conflict Check. This Conflict Check is conducted on a best endeavours basis and will be conducted using information provided to it by the Customer. The Customer warrants that it will ensure the information it provides to the Supplier is free of errors and indemnifies the Supplier and it’s agents against any errors or omissions howsoever caused.
4. Customer’s obligations
4.1. The Customer shall (and to the extent necessary to enable the Supplier to perform the
Services, shall procure that its client (“Client”) shall):
(a) co-operate with the Supplier in all matters relating to the Services and/or Deliverables;
(b) provide such access to the Customer’s and/or the Client’s premises and data, and such office accommodation and other facilities as may reasonably be required by the Supplier for the purposes of the Services and/or Deliverables;
(c) provide such access to appropriate numbers of the Customer’s and/or the Client’s suitably qualified personnel as may reasonably be required by the Supplier for the purposes of the Services and/or Deliverables (including without limitation, the provision of personnel to assist with the extraction of data from network or email servers and assist the Supplier in respect of complex IT infrastructures);
(d) provide or facilitate the provision of the Exhibits; and warrants that they and the client (“Client”) have the lawful and legal right to provide or grant access to the Exhibits for the purposes of this or any other Contract;
(e) provide in a timely manner such other information as the Supplier may request (or which the Customer and/or the Client knows or ought reasonably to have known that the Supplier would require) in order to carry out the Services and/or deliver the Deliverables, and ensure that it is accurate in all material respects; and
(f) inform the Supplier of all health and safety rules and regulations and any other reasonable security requirements that apply at any of the Customer’s and/or the Client’s premises.
5. Change, Variation and Extension to the scope
5.1. If either party wishes to change the scope or execution of the Services and/or Deliverables, it shall submit details of the requested change to the other in writing.
5.2. If the Customer requests a change to the scope or execution of the Services and/or Deliverables:
(a) the Supplier shall, within a reasonable time (and in any event not more than five Working Days after receipt of the Customer’s request), provide a written estimate to the Customer of:
(i) the likely time required to implement the change;
(ii) any necessary variations to the Supplier’s charges arising from the change; and
(iii) any other impact of the change on the terms of the Contract.
(b) if the Customer does not wish to proceed, there shall be no change to the Contract; and
(c) if the Customer wishes the Supplier to proceed with the change, the Supplier shall do so after agreement on the necessary variations to its charges, the Services, the Deliverables and any other relevant terms of the Contract to take account of the change and the Contract shall be varied in accordance with Condition 13.
5.3. If the Supplier requests a change to the scope of the Services and/or Deliverables (whereupon to the extent the Supplier deems it appropriate, it shall provide the Customer with the information set out at Condition 5.2(a)), the Customer shall not unreasonably withhold or delay consent to it. If the Customer wishes the Supplier to proceed with the change, the Supplier shall do so after agreement on the necessary variations to its charges, the Services, Deliverables and any other relevant terms of the Contract to take account of the change and the Contract shall be varied in accordance with Condition 13.
5.4. In the event that the Customer requires an extension and/or variance to the scope of the Services and/or Deliverables (whether requested by the Customer or reasonably deemed to be necessary by the Supplier) and due to time constraints or other factors, it is inappropriate for the procedure set out Condition 5.2 to be followed then, upon acceptance (whether by communicating such acceptance or by commencing its performance) of such extension by the Supplier the Contract shall be varied in accordance with Condition 13 and the Supplier’s standard rates as set out in the Quotation shall apply in respect of the additional Services and/or Deliverables.
6. Charges and payment
6.1. Invoices will be raised as agreed and/or at appropriate intervals. For the avoidance of doubt, Invoices will be addressed to the Customer (the entity to whom the Quotation was addressed) who will be responsible for Payment under the Contract. For the avoidance of doubt, changes to the Customer cannot be made without the Suppliers express permission and the provision of a new Quotation, after work has commenced in accordance with the Quotation or after an invoice has been raised.
6.2. Subject to Conditions 6.3 and 6.4, the total price for the provision of the Services and delivery of the Deliverables shall be the amount set out in the Quotation as amended in accordance with any scope extension, variance or changes as set out in Condition 5. The supplier will amend the Invoice and/or reissue an invoice to reflect any errors or omissions as appropriate in the Quotation.
6.3. The Supplier’s charges exclude the cost of hotel, subsistence, travelling and any other ancillary expenses reasonably and properly incurred by personnel of the Supplier in connection with the Services and/or Deliverables, and the costs of any materials or services reasonably and properly provided by third parties that are required by the Supplier for the supply of the Services and/or Deliverables. Such expenses, materials and third party services shall be invoiced by the Supplier at cost price plus an administration charge of 5% of the total amount. The Customer authorises the supplier to incur such expenses as is reasonably necessary to undertake the services agreed and agrees to re-imburse the Supplier in accordance with these terms and conditions.
6.4. The Supplier may at any time:
(a) withdraw any discount from its normal prices; and
(b) revise prices to take account of increases in costs including, without limitation, the cost of any goods, raw materials, transport, labour or overheads, the increase or imposition of any tax, duty or other levy and any variation in exchange rates; and
(c) revise prices to take account of increases in costs resulting from unforeseen circumstances (including unforeseen technical difficulties with respect to the Services, difficulties with extracting data from network or email servers, the nature of the work (including value), time spent, urgency, a greater number of Exhibits being the subject of the Services than was contemplated in the Quotation and/or increases in the data size contemplated in the Quotation and the other factors which may also be taken into consideration when arriving at our fees) and/or an extension of the scope of Services and/or Deliverables in accordance with Condition 5.
6.5. In the event that the Supplier has commenced the provision of the Services and subsequently the Customer no longer requires the Services (whether in accordance with its Clients’ instructions or otherwise), the Customer shall inform the Supplier of this in writing as soon as possible and the Customer shall be liable to pay the greater of 50% of the total price of the Services or the price payable for the Services provided by the Supplier to the Customer as at the date the Customer notifies the Supplier in writing that it no longer requires the Services.
6.6. The Supplier shall (if applicable) add to the price for the Services, and the Customer shall pay an amount equal to any VAT or other sales tax or duty applicable from time to time to the sale or supply of such Services.
6.7. Without prejudice to Condition 6.3, the Supplier reserves the right to invoice the Customer for the estimated charges set out in the Quotation prior to commencing the provision of the Services (and shall do so in any event where the Services include an international element). If the Customer fails to pay the Supplier in accordance with this Condition 6, the Supplier reserves the right to not commence the provision of the Services until such time as the Customer has paid the Supplier in accordance with this Condition 6. To the extent that the total charges for providing the Services and Deliverables:
(a) are greater than the estimated charges set out in the Quotation, the Supplier shall be entitled to invoice the Customer (at any time) for the excess charges and the Customer shall make all payments due the Supplier in accordance with this Condition 6; or
(b) are less than the estimated charges set out in the Quotation, the Supplier shall reimburse the Customer within 30 days of the completion of the provision of the Services and Deliverables.
6.8. The Customer shall make all payments due to the Supplier under any Contract immediately upon receipt of the relevant invoice. For the avoidance of doubt, the Customer shall be responsible for all payments to the Supplier, regardless of the Customer’s arrangements with its clients.
6.9. In the event that the Customer requires funding from the Legal Aid Agency, or any other similar organisation or authorised third party funder, so as to make the payments due to the Supplier under Condition 6.7, the Customer agrees that it shall:
(a) (where it is possible to do so) apply for prior authority for the Quoted value of Services and promptly notify the Supplier of the result of such application;
(b) (where it is possible to do so) apply for interim payment in respect of the Services;
(c) apply for such funding immediately upon receipt of the invoice from the Supplier;
(d) provide confirmation to the Supplier that such application has been made; and (e) make all payments due to the Supplier immediately upon receiving funding.
(f) make all payments due to the Supplier within 30 days of the date of the invoice
For the avoidance of doubt, the Customer assumes all responsibility for making the payments due to the Supplier under Condition 6.7, irrespective of whether or not the Customer requires funding pursuant to Condition 6.8 and payment of the Supplier’s fees shall not be contingent upon such funding being obtained by the Customer.
6.10. Without prejudice to Condition 6.11, time of payment is of the essence of each Contract and the Supplier reserves the right to suspend the provision of Services and delivery of Deliverables to the Customer where any amounts are overdue under any Contract until all such amounts have been paid in full.
6.11. Where Services have been suspended in accordance with 6.9 and the Suspension of Services includes Hosting, a reconnection fee will apply. Such fee will be notified to the Customer, by the Supplier, in advance of the Suspension of Services.
6.12. Without prejudice to Condition 6.9, where the Services include Hosting, charges for such Hosting will continue and accrue in accordance with the estimate until the contract is Terminated or notification is received in accordance with 11.5.
6.13. Without Prejudice to condition 6.15, the supplier reserves the right to raise an administration invoice to the Supplier for late payment of invoices. The administration fee will be notified to the Customer in advance but, in any event, will not be less then £50.
6.14. The Customer is not entitled to withhold payment of any amount due to the Supplier by way of any set-off or counterclaim.
6.15. If the Customer fails to pay any amount due to the Supplier under any Contract on the due date, notwithstanding the provisions of Condition 6.8, the Supplier reserves the right to add interest to such amount at the rate of 8% over the base rate for the time being of The Bank of England for the period from the due date until and including the date of receipt (whether before or after judgment).
6.16. Without prejudice to the Supplier’s other rights and remedies, if the Customer fails to pay any amount due to the Supplier under any Contract on the due date, the Supplier shall be entitled, upon notification to the Customer, to remove the Customer’s data (and Exhibits) and destroy or permanently erase the same.
6.17. The Supplier reserves the right to alter or withdraw at any time any credit allowed to the Customer.
6.18. The Supplier may offset any amount owing to it from the Customer against any amount owed to the Customer by the Supplier.
7. Quality of Services
7.1. The Supplier warrants that the Services will be performed (and the Deliverables provided) with reasonable care and skill and that the Services will for a period of 30 days from performance substantially conform with any descriptions and specifications provided to the Customer by the Supplier.
7.2. The warranties in Condition 7.1 are given on the following conditions:
(a) the Supplier is not liable for any defect in the Services (or Deliverables) caused by any act, neglect or default of the Customer or a third party; and
(b) the Supplier is not liable for a defect in the Services (or Deliverables) unless it is notified to the Supplier in writing within 7 Working Days of the date of performance or, if the defect would not be apparent upon reasonable inspection, within 60 days of the date of performance.
7.3. The Supplier is not liable for non-performance of any Services unless the Customer notifies the Supplier of the claim within 7 Working Days of the date of the alleged non-performance.
8. Intellectual Property Rights
8.1. The Supplier acquires title in and to all of the Intellectual Property Rights arising as a result of the Supplier performing the Services along with all other rights in and to the products of the Services (including the Deliverables) (“Services IPR”). Subject to receipt by the Supplier of payment in full of all amounts due under the Contract and subject to Condition 11, the Supplier hereby grants to the Customer a perpetual, non-exclusive, non-transferable right to use the Services IPR solely for the purpose of receiving the benefit of the Services.
8.2. Save for the rights granted pursuant to Condition 8.1, the Customer shall not acquire any right, title, and/or interest in and to the Services IPR whether by virtue of the Contract or otherwise.
9. Exclusion of Liability
9.1. The Supplier does not exclude its liability (if any) to the Customer:
(a) for breach of the Supplier’s obligations arising under section 12 Sale of Goods Act 1979 or section 2 Sale and Supply of Goods and Services Act 1982;
(b) for personal injury or death resulting from the Supplier’s negligence;
(c) for any matter which it would be illegal for the Supplier to exclude or to attempt to exclude its liability; or
(d) for fraud.
9.2. Except as provided in Condition 9.1, the Supplier will be under no liability to the Customer whatsoever (whether in contract, tort (including negligence), breach of statutory duty, restriction or otherwise), for any of the following losses or damages whether direct, indirect or consequential:
(a) pure economic loss;
(b) Consequential loss;
(c) loss of actual or anticipated profits;
(d) loss of anticipated savings;
(e) loss of business;
(f) loss caused due to use by the Supplier of Exhibits;
(g) loss caused by viruses, trojans, worms, logic bombs, denial of service attack or other material that is malicious or technologically harmful;
(h) depletion of goodwill and like loss; and
(i) injury to reputation, howsoever caused arising out of or in connection with:
i. any of the Services or Deliverables, or the manufacture or sale or supply, or failure or delay in supply, of any of the Services or Deliverables by the Supplier or on the part of the Supplier’s personnel, agents or sub-contractors;
ii. any breach by the Supplier of any terms of the Contract; or
iii. any statement made or not made, or advice given or not given, by or on behalf of the Supplier, or otherwise in connection with the Services or Deliverables.
9.3. Except as set out in Condition 9.1, the Supplier hereby excludes to the fullest extent permissible in law, all conditions, warranties and stipulations, express (other than those set out in these Conditions) or implied, statutory, customary or otherwise which, but for such exclusion, would or might subsist in favour of the Customer.
9.4. Each of the Supplier’s personnel, agents and sub-contractors may rely upon and enforce the exclusions and restrictions of liability in Conditions 9.2 and 9.3 in that person’s own name and for that person’s own benefit, as if the words “its personnel, agents and sub-contractors” followed the word “Supplier” wherever it appears in those Conditions.
9.5. Subject to Conditions 9.1 and 9.2, the entire liability of the Supplier arising out of or in connection with the Contract or supply, non supply or delay in supplying any of the Services or Deliverables, or otherwise in connection with the Services or Deliverables, whether in contract, tort (including negligence or breach of statutory duty) or otherwise, is limited to the price of the Contract.
9.6. The Customer acknowledges that the above provisions in Conditions 9.1 to 9.5 and this Condition 9.6 are reasonable and reflected in the price which would be higher without those provisions, and the Customer will accept such risk and/or insure accordingly.
10.1. In this Condition 10, “Confidential Information” means all information disclosed (whether in writing, orally or by another means and whether directly or indirectly) by a party (“Disclosing Party”) to the other party (“Receiving Party”) whether before or after the date of the Contract including, but not limited to, information relating to the Disclosing Party’s products, operations, processes, plans or intentions, product information, know-how, Intellectual Property Rights, trade secrets, market opportunities and/or business affairs.
10.2. During the term of the Contract and after termination or expiry of the Contract for any reason, the Receiving Party:
(a) shall not use Confidential Information of the Disclosing Party for any purpose other than for the performance of its obligations under the Contract;
(b) shall not disclose Confidential Information of the Disclosing Party to any person except with the prior written consent of the Disclosing Party or in accordance with Condition 10.3; and
(c) shall make every effort to prevent the use or disclosure of Confidential Information of the Disclosing Party.
10.3. During the term of the Contract, the Receiving Party may disclose Confidential Information of the Disclosing Party to any of its directors, other officers, employees, sub-contractors and customers (“Recipient”) to the extent that disclosure is necessary for the purpose of the Contract and provided that such persons are placed under written obligations of confidentiality equivalent to those contained in this Condition 10 (save that any Recipient shall not be entitled to further disclose any Confidential Information of the Disclosing Party unless it is required to be disclosed by law or unless the Disclosing Party expressly agrees to such disclosure).
10.4. Condition 10.2 does not apply to Confidential Information which:
(a) is at the date that the Contract is formed or becomes at any time after that date publicly known other than by the Receiving Party’s or Recipient’s breach of the Contract;
(b) can be shown by the Receiving Party to the Disclosing Party’s reasonable satisfaction to have been known by the Receiving Party before disclosure by the Disclosing Party to the Receiving Party;
(c) is or becomes available to the Receiving Party or a Recipient otherwise than pursuant to the Contract and free of any restrictions as to its use or disclosure; and
(d) is required to be disclosed by law, but then only to the extent so required.
11.1. Without prejudice to any other rights or remedies which may arise, either party may terminate the Contract without liability to the other (save for the Customer’s liability to the Supplier as set out in Condition 6.5) on giving the other party not less than three months’ written notice.
11.2. Without prejudice to any other rights or remedies which may arise, the Supplier may terminate the Contract immediately on giving notice if:
(a) the Customer commits a material breach of any of the terms of the Contract and, where the breach is remediable, fails to remedy that breach within 14 days of being notified in writing of the breach; or
(b) an order is made or a resolution is passed for the winding up of the Customer, or circumstances arise which entitle a court of competent jurisdiction to make a windingup order of the Customer; or
(c) an order is made for the appointment of an administrator to manage the affairs, business and property of the Customer, or documents are filed with a court of competent jurisdiction for the appointment of an administrator of the Customer, or notice of intention to appoint an administrator is given by the Customer or its directors or by a qualifying floating charge holder (as defined in paragraph 14 of Schedule B1 to the Insolvency Act 1986); or
(d) a receiver is appointed of any of the assets of the Customer or undertaking, or circumstances arise which entitle a court of competent jurisdiction or a creditor to appoint a receiver or manager of the Customer, or if any other person takes possession of or sells the assets of the Customer; or
(e) the Customer makes any arrangement or composition with its creditors, or makes an application to a court of competent jurisdiction for the protection of its creditors in any way; or
(f) the Customer ceases, or threatens to cease, to trade; or
(g) the Customer takes or suffers any similar or analogous action in any jurisdiction in consequence of debt; or
(h) there is a change of control of the Customer (as defined in section 574 of the Capital Allowances Act 2001).
11.3. On termination of a Contract for any reason, any indebtedness of the Customer to the Supplier pursuant to that Contract shall become immediately due and payable and the Supplier is relieved of any further obligations to the Customer pursuant to that Contract.
11.4. On termination of a Contract for any reason, the Supplier shall be entitled, upon notification to the Customer, to remove the Customer’s data (and Exhibits) and destroy or permanently erase the same.
11.5. In the event that the Supplier is providing Hosting to the Customer, such Hosting shall continue notwithstanding termination of the Contract until such time as the Customer gives notice of termination in respect of such Hosting to the Supplier or the Supplier terminates the Contract as above and the Customer shall continue to be responsible for the fees for such Hosting until such time.
11.6. Termination of the Contract, however it arises, shall not affect or prejudice the accrued rights of the parties as at termination or the continuation of any provision expressly stated to survive, or implicitly surviving termination. For the avoidance of doubt, upon termination of the Contract the licence granted pursuant to Condition 8.1 shall terminate.
12. Erasing of Data
12.1. In the event that Data Erasure is undertaken as part of this Contract whether by way of termination of the Contract or as part of a provided Service, the Customer will use industry standard techniques specifically designed for this purpose.
12.2. The Supplier will ensure, as far as is reasonably practicable, that all Data from it’s normal operating systems, including any independent archives, is securely erased and irretrievable. The supplier is not able to erase Data from media that is used for the purposes of its Infrastructure Backup and Disaster Recovery purposes. As these archives are superseded, previous Archives will be securely Erased and ultimately the Data will be securely erased.
13. Marketing and Public Relations
13.1. Without prejudice to condition 10, the Customer reserves the right to use generic and appropriately sanitised references to the services it has supplied in its Marketing and Public Relations collateral.
14. Force Majeure
14.1. The Supplier shall not be deemed to be in breach of the Contract or otherwise liable to the Customer in any manner whatsoever for any failure or delay in performing its obligations under the Contract due to Force Majeure.
15.1. Subject to Condition 5, no variation of a Contract and/or these Conditions shall be valid unless it is in writing and signed by or on behalf of each of the parties.
16.1. A waiver of any right under a Contract is only effective if it is in writing and it applies only to the party to whom the waiver is addressed and the circumstances for which it is given.
16.2. Unless specifically provided otherwise, rights arising under a Contract are cumulative and do not exclude rights provided by law.
17. Assignment and sub-contracting
17.1. The Customer shall not, without the prior written consent of the Supplier, assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under any Contract.
17.2. The Supplier is entitled at any time to assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights under any Contract and may sub-contract or delegate in any matter any or all of its obligations under any Contract.
18. No partnership or agency
18.1. Nothing in a Contract is intended to, or shall operate to, create a partnership between the parties, or to authorise either party to act as agent for the other, and neither party shall have authority to act in the name or on behalf of or otherwise to bind the other in any way (including the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).
19. Rights of third parties
19.1. Subject to Condition 9.4, a person who is not a party to a Contract shall have no rights under the Contract (Rights of Third Parties) Act 1999 to enforce any terms of such Contract.
20.1. If any Condition is held by any court, tribunal or administrative body of competent jurisdiction to be wholly or partly illegal, invalid or unenforceable in any respect then this shall not affect any other Conditions of the Contract, which shall remain in full force and effect.
21. Whole Agreement
21.1. These Conditions and any Contract constitute the whole agreement between the parties relating to the subject matter they cover and supersede any arrangements, understanding or previous agreements between the parties relating to such subject matter.
21.2. Each party acknowledges that in entering into these Conditions and any Contract (including the appropriate Quotation) it does not rely on any representation or warranty (whether made innocently or negligently) that is not set out in these Conditions and any Contract (including the appropriate Quotation). Each party agrees that its only liability in respect of those representations and warranties that are set out in these Conditions and any Contract (including the appropriate Quotation) (whether innocently or negligently) shall be for breach of contract.
21.3. Nothing in this Condition shall limit or exclude any liability for fraud.
22.1. Notice given under the Contract shall be in writing, and sent to the registered office of the other party (or such other address, fax number or person as the relevant party may notify to the other party) and shall be delivered personally, sent by fax or sent by pre-paid, first-class post or recorded delivery. A notice is deemed to have been received, if delivered personally, at the time of delivery, in the case of fax, at the time of transmission, in the case of pre-paid first class post or recorded delivery, 48 hours from the date of posting and, if deemed receipt under this Condition 20 is not within business hours (meaning 9.00am to 5.30pm Monday to Friday on a day that is a Working Day), at 9.00am on the first Working Day following delivery. To prove service, it is sufficient to prove that the notice was transmitted by fax, to the fax number of the party or, in the case of post, that the envelope containing the notice was properly addressed and posted.
23. Governing law and jurisdiction
23.1. The Contract and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims), shall be governed by, and construed in accordance with English law.
23.2. The parties irrevocably agree to submit to the exclusive jurisdiction of the courts of England and Wales.
DATA PROTECTION TERMS
1. DEFINITIONS AND INTERPRETATION
1.1. For the purpose of this Appendix 1, the following terms have the meanings ascribed to them (and are in addition to the definitions at condition 1.1):
“Data Controller”, “Data Processor”, “Data Subject”, “Personal Data” and “Processing” shall have the same meanings as are assigned to those terms in the Data Protection Act 2018 (the “Act”);
“Data Processing Terms” means the terms in this Appendix;
“Personal Data” shall have the meaning ascribed to it in the Act, and includes Special Categories of Personal Data as defined therein;
“Regulations” means the General Data Protection Regulations (EU) 2016/679 and the Privacy and Electronic Communications (EC Directive) Regulations 2003;
“Staff” means any employee, worker or other individual or body corporate as the case may be which the Supplier uses or engages to supply, or in relation to, the Services.
2. PARTIES’ ROLES UNDER THE ACT AND APPLICATION OF THESE CONDITIONS
2.1. The parties agree that, in respect of Personal Data which are provided to the Supplier by the Client pursuant to the Contract, then, for the purposes of the Data Processing Terms, the Client is deemed to be the Data Controller and the Supplier is deemed to be the Data Processor.
2.2. These Data Processing Terms shall apply to all Personal Data provided by the Client to the Supplier under the Contract.
2.3. The Supplier shall comply with the Act and Regulations to the extent that they are applicable to the Services provided by the Supplier.
3. OBLIGATIONS OF THE DATA PROCESSOR
3.1. The Supplier shall, in relation to any Personal Data processed in connection with the performance by the Supplier of its obligations under the Contract:
(a) process that Personal Data only on the written instructions of the Customer unless the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Supplier to process the Personal Data (Applicable Data Processing Laws). Where the Supplier is relying on Applicable Data Processing Laws, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Data Processing Laws unless those Applicable Data Processing Laws prohibit the Supplier from so notifying the Customer;
(b) ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of the Personal Data and against accidental loss or destruction of, or damage to, the Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the Personal Data, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting the Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to the Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
(c) ensure that all personnel who have access to and/or process the Personal Data are obliged to keep the Personal Data confidential; and
(d) only transfer Personal Data outside of the European Economic Area (EEA) where the following conditions are fulfilled:
(i) the Customer or the Supplier has provided appropriate safeguards in relation to the transfer;
(ii) the Data Subject (as defined in the Data Protection Legislation) has enforceable rights and effective legal remedies;
(iii) the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any of the Personal Data that is transferred; and
(iv) the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data;
(e) ensure that all its computers and portable electronic devices (including laptops, tablets, smart phones and USB sticks) that will be used for storing, sending and receiving the Personal Data are appropriately protected against unauthorised use by encryption/passwords and appropriate firewalls/anti-virus packages (with regular and frequent updates being applied) and are physically stored securely when not in use;
(f) ensure that Personal Data transported by portable storage media or by telecommunications network shall be fully encrypted or password protected or sent by a secure virtual private network (“VPN”) as appropriate and all such data must be wiped from the storage media used for transporting the data or destroyed such that it cannot be recovered once the data has been transferred to the target system;
(g) ensure that the data centre premises on which Personal Data are stored are ISO27001 compliant and compliant with other appropriate security and audit standards throughout the term of the Contract;
(h) inform the Customer immediately upon becoming aware that Personal Data has been used or Processed in a manner which is not expressly permitted by these Data Processing Terms;
(i) inform the Customer immediately upon becoming aware of any actual or suspected, threatened or ‘near miss’ incident of accidental or unlawful destruction or accidental loss, alteration, unauthorised or accidental disclosure of or access to the Personal Data or other data security breach in relation to the Personal Data, or if the Personal Data is lost (temporarily or permanently) or has the potential to be misused in any way.
3.2. Notwithstanding paragraph 3.1 of this Appendix 1, the Supplier shall:
3.2.1 inform the Customer and the Client within 2 (two) Working Days in the event that the Supplier receives a request from a Data Subject seeking to exercise their rights under the Act in relation to the Personal Data and not to respond to the Data Subject other than to acknowledge receipt of the request;
3.2.2 assist the Customer and the Client, at the Customers cost, with all Data Subject information requests which may be received from any Data Subject in relation to any Personal Data; or in complying with any obligations relating to security and consulting with supervisory bodies, providing reasonable prior written notice has been given.
3.2.3 allow its data processing facilities, procedures and documentation to be submitted for scrutiny, inspection or audit by the Customer and/or the Client in order to ascertain compliance with the terms of these Data Processing Terms within twenty (20) Working Days of such a request from the Customer and/or the Client and to provide reasonable information assistance and co-operation to the Customer and/or the Client if this right is exercised. In the event that the Customer and/or the Client has to come onto premises where the Personal Data is being processed in order to carry out any scrutiny, inspection or audit, the Customer and/or the Client shall reimburse any reasonable costs directly incurred by the Supplier in permitting the Customer and/or the Client to exercise their rights under this paragraph. No customer penetration testing or vulnerability scanning is allowed during any Customer or Client audits as such actions could impact the Supplier’s ability to service other clients; and
3.2.4 ensure that non-authorised persons are prevented from entering areas of its premises where Personal Data is stored and used. Where this is not possible, all visitors must be escorted at all times.
4. OBLIGATIONS OF THE DATA CONTROLLER
4.1 The Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Supplier and its duly authorised sub-contractors (which the Customer hereby acknowledges may be located outside of the EEA) for the duration and purposes of the Contract.
4.2 The Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Supplier and its duly authorised sub-contractors (which the Customer hereby acknowledges may be located outside of the EEA) for the duration and purposes of the Contract
4.3 The Customer acknowledges and agrees that details of the Customer’s name, address and payment record may be submitted to a credit reference agency for the purpose of the Supplier establishing the Customer’s commercial credibility and to protect the Supplier’s business interests. Such credit search results may be retained by the Supplier for the duration of the provision of the Services
4.4 The Customer consents to the Supplier using 3rd party couriers, postal services, document processing and other subcontractors as third-party processors of the Personal Data under the Contract. The Supplier confirms that it has entered or (as the case may be) will enter with the third-party processor a written agreement incorporating terms which are substantially similar to those set out in this condition. As between the Customer and the Supplier, the Supplier shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this condition.
4.5 The Customer shall indemnify the Supplier against all liabilities, costs, expenses, damages and losses (including but not limited to any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal costs (calculated on a full indemnity basis) and all other professional costs and expenses) suffered or incurred by the Supplier arising out of or in connection with the breach of this condition by the Customers, its employees or agents and/or the Data Protection Legislation by the Customer, its employees or agents
5. DATA RETENTION POLICY
5.1. The Supplier shall not retain data for longer than is necessary and shall be in accordance with agreed retention schedules and EU/UK law.
5.2. The Supplier may be required to comply with any reasonable data retention guidelines as issued by the Customer and/or the Client and as amended from time to time (additional costs may flow to the Customer for non-standard retention, such costs to be agreed in writing by the parties). This may require certain data to be identified for retention and made available to the Customer in electronic form by the Supplier and the Supplier shall comply with the same.
INFORMATION SECURITY TERMS
The Supplier shall:
1) on or before the date on which the Supplier commences providing the Services, provide a copy of the Supplier’s information security policy (and such policy shall include as a minimum an information security breach procedure, details of encryption used and security access controls with regards to user credentials used by its staff) to the Customer and shall update and maintain and abide by the such policy throughout the term of the Contract and shall provide to the Customer updated versions as and when the same are created;
2) remain throughout the term of the Contract ISO 27001 compliant and shall provide the Services in accordance with such standard at all times;
3) ensure that all subcontractors involved in the provision of the Services adhere to the terms of these Conditions in respect of the obligations to be performed by them as if they were signatories hereto;
4) conduct security testing of its information technology systems used to provide the Services (including but not limited to penetration testing and vulnerability scans) at least once each quarter during the term of the Contract and shall provide a copy of the results of such testing promptly upon completion;
5) as at the date on which the Supplier commences providing the Services, be registered with the Information Commissioner’s Office as a Data Controller (as defined in Appendix 1) and shall update and maintain such registration throughout the term of the Contract;
6) ensure that all hardware assets used in or to support the provision of the Services which are in any way connected to the Customer’s or the Client’s information technology hardware or network are:
(a) listed in an asset register (to be maintained and updated throughout the term of the Contract such updates to occur as a minimum every six months); and
(b) virus and malware protected in accordance with good industry practice (to be maintained and updated throughout the term of the Contract, such updates to occur as a minimum quarterly).