STANDARD TERMS AND CONDITIONS
(1) Thomas Murray Network Management Limited, a private limited company incorporated and registered in England and Wales with company number 03313014 whose registered office is at 1 Farrier’s Yard, 77 Fulham Palace Road, London, England W6 8AH, United Kingdom ("TM");
(2) The Customer as set out in Distributor Form ("Customer"),
being a "Party" and are together the "Parties".
BACKGROUND:
(A) TM has developed the Platform (as defined below) which it makes available to customers via the internet on a subscription basis for the purpose of providing the Services (as defined below).
(B) TM has agreed to provide, and the Customer has agreed to purchase a Subscription (as defined below) from TM for use of the Platform and the Services in its business operations in accordance with and pursuant to the terms of this Agreement.
IT IS AGREED:
1 Definitions and interpretation.
1.1 In this Agreement, the following words and expressions have the following meanings, unless the context otherwise requires:
1.1.1 "Agreement" means the agreement comprised of: (a) these Standard Terms & Conditions (including the Schedules), (b) the Distributor Order Form, and (c) any other documents incorporated in these Standard Product Terms as may be varied from time to time in accordance with such terms;
1.1.2 "Agreement Date" means the agreement date specified in the Distributor Order Form, being the date the term of this Agreement starts;
1.1.3 "Affiliate" means each holding company, subsidiary, subsidiary undertaking, any associated company of TM or the Customer, and each of their holding companies, subsidiaries, subsidiary undertakings and associated companies, excluding TM and the Customer (a "group undertaking" or an "undertaking" is to be construed in accordance with section 1161 of the Companies Act 2006, a "subsidiary undertaking" is to be construed in accordance with section 1162 of the Companies Act 2006 and a "subsidiary" or "holding company" is to be construed in accordance with section 1159 of that Act);
1.1.4 "Applicable Data Protection Laws" means:
(a) to the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom which relates to the protection of Personal Data.
(b) to the extent the EU GDPR applies, the law the European Union or any member state of the European Union to which the Customer or TM is subject, which relates to the protection of Personal Data; or
(c) to the extent applicable, the data protection or privacy laws of any other country;
1.1.1 "Background IPRs" means Intellectual Property Rights that belong to or are licensed to a Party prior to the Agreement Date and all developments, modifications and/or enhancements of the same;
1.1.2 "Business Day" means a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business;
1.1.3 “Distributor Order Form” means any order for a Subscription made by the Customer in accordance with these Standard Terms & Conditions and to which these Standard Terms and Conditions are appended;
1.1.5 "Change of Control" shall be defined in section 1124 of the Corporation Tax Act 2010, and the expression change of control shall be construed accordingly;
1.1.6 “Contract Year” means each consecutive period of 12 months commencing from the Agreement Date;
1.1.7 "Confidential Information" means all information which is disclosed by one Party to the other however conveyed whether before or after the Agreement Date and would appear to a reasonable person to be confidential or is marked confidential or is accompanied by a written statement saying that it is confidential or proprietary, and which relates to the business affairs of the Party disclosing it (or other companies within that Party's group) including products, operations, processes, plans or intentions, developments, trade secrets, know how, design rights, market opportunities, personnel, customers and suppliers of the Party disclosing it and all information derived from the above together with the existence or provisions of this Agreement and the negotiations relating to it. Confidential Information does not include any information that:
(a) is or becomes generally available to the public (other than as a result of its disclosure by the receiving Party or its representatives in breach of clause 17);
(b) was available to the receiving Party on a non-confidential basis before disclosure by the disclosing Party;
(c) was, is, or becomes, available to the receiving Party on a non-confidential basis from a person who, to the receiving Party’s knowledge, is not bound by a confidentiality agreement with the disclosing Party or otherwise prohibited from disclosing the information to the receiving Party;
(d) was known to the receiving Party before the information was disclosed to it by the disclosing Party; or
(e) the Parties agree in writing is not confidential or may be disclosed;
1.1.8 "Customer Data" the data inputted by the Customer, Users, or TM on the Customer's behalf for the purpose of using the Platform or facilitating the Customer's use of the Services and Deliverables;
1.1.9 "Defect" means where the Service does not comply in all material respects with the applicable description of the Service;
1.1.10 "Deliverables" the items which are produced, delivered and/or otherwise made available to the Customer as outputs of its Subscription;
1.1.11 "Good Industry Practice" means the exercise of a degree of skill, care, diligence, prudence and foresight which would reasonably be expected from a person skilled and experienced in providing services similar to the Services;
1.1.12 "Heightened Cybersecurity Requirements" any laws, regulations, codes, guidance (from regulatory and advisory bodies, whether mandatory or not), international and national standards, industry schemes and sanctions, which are applicable to either the Customer or User (but not TM) relating to security of network and information systems and security breach and incident reporting requirements, which may include the cybersecurity Directive ((EU) 2016/1148), Commission Implementing Regulation ((EU) 2018/151), the Network and Information Systems Regulations 2018 (SI 506/2018), all as amended or updated from time to time;
1.1.13 "Intellectual Property Rights" or "IPRs" means:
(a) patents, utility models, petty patents, rights in trade secrets and other confidential or undisclosed information (such as inventions (whether patentable or not) or know how), registered designs, rights in copyright (including moral rights), database rights, design rights, semiconductor topography rights, mask work rights, and trade marks;
(b) all registrations or applications to register any of the items referred to in paragraph (a); and
(c) all rights in the nature of any of the items referred to in paragraphs (a) or (b) including continuations, continuations in part and divisional applications, rights in unfair competition and, without prejudice to anything set out elsewhere in this definition, rights to sue for passing off and all rights having equivalent or similar effect to, and the right to apply for any of, the rights referred to in this definition in any jurisdiction;
1.1.14 "Platform" means the Orbit platform operated by TM at https://login.thomasmurray.com
1.1.15 "Projects" means a project where the Customer has created a template questionnaire that will be provided to selected due diligence recipients;
1.1.16 "Service Modules" means either: (i) the Orbit diligence module; and/or (ii) the Orbit cyber (self-assessment) module; and/or (iii) the Orbit cyber (assessed entities) module; and/or (iv) the Orbit Intelligence module as purchased by the Customer in accordance with the Distributor Order Form and more particularly detailed at https://thomasmurray.com/service-module as updated from time to time;
1.1.17 "Services" means the Service Modules to be provided by TM to the Customer on the Platform, up to the Usage Allowance;
1.1.18 "Service Fees" means the Service fees set out in the Distributor Order Form payable by the Customer to TM in accordance with clauses 10 of these Standard Terms and Conditions, as updated by time to time in accordance with TM’s Rate Card;
1.1.19 "Sources" means TM’s third-party licensors or other providers of the Services;
1.1.20 "Software" the online software applications provided by TM as part of the Subscription;
1.1.21 "Subscription" means the subscription purchased by the Customer under an Distributor Order Form for access to and use of the Platform, the Services and the Deliverables for the Users pursuant to these Standard Terms & Conditions;
1.1.22 "Subscription Term" has the meaning given to it in the Distributor Order Form, as further described at clause 13.1;
1.1.23 "Tax" means any tax, and any duty, contribution, impost, levy or charge in the nature of tax, whether domestic or foreign, and any fine, penalty, surcharge or interest connected therewith and any other payment whatsoever which a person is or may be or become bound to make to any person and which is or purports to be in the nature of taxation or otherwise by reason of any taxation statutes;
1.1.24 "Usage Allowance" means the Services module usage allowance purchased by the Customer for the Service Fees, as detailed in the relevant Distributor Order Form;
1.1.25 "User(s)" those named and identified employees, agents and independent contractors of the Customer or any Affiliate of the Customer who are authorised by the Customer to access the Platform and to use the Services, as further described at clause 2. For the avoidance of doubt:
(a) there is no limitation on the number of Users;
(b) an employee of the Customer excludes employees of all Affiliates of the Customer; and
(c) the Customer shall be required to obtain TM’s consent for access by agents and independent contractors of the Customer;
1.1.26 "Virus" any thing or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices;
1.1.27 "Vulnerability" a weakness in the computational logic (for example, code) found in software and hardware components that when exploited, results in a negative impact to the confidentiality, integrity, or availability, and the term Vulnerabilities shall be construed accordingly; and
1.2 Unless otherwise expressly specified in the Agreement:
(a) a "person" includes any person, individual, company, firm, corporation, government, state or agency of a state or any undertaking or organisation (whether or not having separate legal personality and irrespective of the jurisdiction in or under the law of which it was incorporated or exists);
(b) reference to any legislation shall be to that legislation as amended, extended or re-enacted from time to time and to any subordinate provision made under that legislation;
(c) "includes" and "including" shall be deemed to be followed immediately by the phrase "without limitation";
(d) "day" shall mean a period of 24 consecutive hours ending at 12.00 midnight; and
(e) "clauses", "paragraphs" or "schedules" are to clauses and paragraphs of and schedules to this Agreement.
1.3 The headings in this Agreement are for information only and are to be ignored in construing the same.
2 Subscription
2.1 Subject to the Customer purchasing a Subscription in accordance with the Distribution Order Form and the restrictions set out in this clause 2, TM hereby grants to the Customer during the Subscription Term a non-exclusive, non-transferable right, without the right to grant sublicenses, to permit the Users to access the Platform and to use the Services solely for the Customer’s own internal business purposes in the conduct of its normal business affairs. If this Agreement is terminated or expires, this right will automatically terminate.
2.2 In relation to the Users, the Customer undertakes that:
2.2.1 it shall not allow access to the Platform and use of the Services (or related user codes and/or passwords), to anyone other than a User;
2.2.2 each User shall keep secure the username and password for access to the Platform, that such password shall be changed no less frequently than the period advised by TM from time to time and that each User shall keep their password confidential and shall not disclose it to any third-party;
2.2.3 it shall confirm that the list of current named and identified Users appearing to TM on the Platform is up-to-date and accurate and shall provide such list of current Users to TM within five (5) business days of TM’s written request.
2.3 In relation to the Services accessed as part of the Subscription:
2.3.1 the Customer shall permit TM or TM’s designated nominee to continuously monitor and check the Customer’s use of the Services in order to establish that the Customer’s usage does not exceed the Usage Allowance in compliance with this Agreement. To the extent that TM requires access to the Customer’s data processing facilities to monitor compliance with this Agreement, such review may be conducted no more than once per quarter, at TM’s expense, and this right shall be exercised with reasonable prior notice, in such manner as not to substantially interfere with the Customer’s normal conduct of business;
2.3.2 if any of the reviews referred to in clause 2.3.1 reveal that any Services have exceeded the Usage Allowance, then without prejudice to TM’s other rights, the Customer shall pay to TM an amount equal to such underpayment as calculated in accordance with TM’s Rate Card within ten (10) business days of the date of the relevant review.
2.4 The Customer shall not access, store, distribute or transmit any Viruses, or any other material during the course of its access to and/or use of the Platform and the Services that:
2.4.1 is malicious, unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;
2.4.2 facilitates illegal activity;
2.4.3 depicts sexually explicit images;
2.4.4 promotes unlawful violence;
2.4.5 is discriminatory based on age, race, gender reassignment, sex, religion or belief, sexual orientation, disability; or
2.4.6 is otherwise illegal or causes damage or injury to any person or property; and
TM and/or its Affiliates reserves the right, without liability or prejudice to its other rights to the Customer, to disable the Customer’s (or any User’s) access to any material that breaches the provisions of this clause.
2.5 The Customer and any User must not attempt to gain unauthorised access to the Platform, the Software or the Services, or any server, computer or database connected to the Platform, the Software or the Services. The Customer must not attack the Platform, the Software or the Services via a denial-of-service attack or a distributed denial-of service attack. If the Customer breaches this clause, the Customer’s right to use the Platform, the Software and the Services will cease immediately.
2.6 The Customer shall not:
2.6.1 except as may be allowed by any applicable law which is incapable of exclusion by agreement between the Parties and except to the extent expressly permitted under these Standard Terms and Conditions:
2.6.1.1 attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit or distribute all or any portion of the Platform, the Software or the Deliverables (as applicable) in any form or media or by any means;
2.6.1.2 attempt to decode, reverse engineer, disassemble, decompile, create derivative works from, convert or otherwise reduce to human-perceivable form the Platform, the Services or the Deliverables or any part of them;
2.6.1.3 access or use the Platform, the Services and/or Deliverables in order to build a product or service which competes with the Platform, the Services and/or the Deliverables;
2.6.1.4 remove TM’s trademark, copyright notices or any other proprietary notice from the Platform, Services and/or Deliverables.
2.6.1.5 use the Platform, the Services and/or Deliverables to provide services to third parties;
2.6.1.6 subject to clause 20.7, license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Subscription available to any third-party except the Users;
2.6.1.7 attempt to obtain, or assist third parties in obtaining, access to the Platform, Services and/or Deliverables, other than as provided under this clause 2; or
2.6.1.8 introduce or permit the introduction of a Virus or Vulnerability into TM’s network and information systems.
2.6.2 The Customer shall use reasonable endeavours to prevent any unauthorised access to, or use of, the Platform, Services and/or Deliverables and, in the event of any such unauthorised access or use, promptly notify TM.
3 Services
3.1 TM shall, during the Subscription Term, provide the Services and make available the Deliverables to the Customer on and subject to the terms of this Agreement.
3.2 TM has sole discretion and control over, and may modify at any time (with or without notice to the Customer), the functionality, performance, configuration, appearance and content of the Platform and/or the Services.
3.3 Access to the Platform shall be established by way of username and password access, given to the Customer by Distributor upon the signing of this Agreement. TM shall use reasonable commercial endeavours to maintain the Platform and the availability of the Services in accordance with the Service Levels, save for during planned maintenance.
3.4 In the event that the Platform is not operational due to an incident, TM shall notify the Customer of such and shall remedy such incident as soon as possible after the incident occurring.
3.5 TM shall, in accordance with Good Industry Practice, maintain and implement security policies, which include the implementation of firewall technology and intrusion detection software to protect against Viruses or security breaches. In the event of a Virus, a denial of service attack or an attack or threatened or suspected breach of security against TM’s system, TM will (i) take all necessary steps to halt such attack; (ii) immediately notify the Customer; and (iii) provide the Customer with a remediation plan to avert any such future attacks.
3.6 TM may, from time to time, provide interactive services on the Platform to enable it to provide the required services to the Customer. This could be in the form of real-time chat functions, phone calls or question & answer functions. TM will provide the Customer with clear information about the kind of service offered if it is moderated and what form of moderation is used (including whether human or technical).
3.7 To the extent any of the Services offer peer to peer communications, TM is under no obligation to oversee, monitor, verify or moderate any interactive service provided as part of the Subscription, and TM expressly excludes liability for any loss of damage arising from the use of any interactive service by the Customer or any User in contravention of TM’s standards and the Mandatory Policies, whether the service is moderated or not.
4 Data Backup
On a daily basis, TM shall perform backups of all Customer Data and any other information of the Customer provided to TM in relation to the Platform. Backups of Customer Data, including images, shall reside on TM's failover site.
5 Disaster Recovery
5.1 TM shall provide disaster recovery and backup capabilities and facilities through which it will be able to render the Platform to the Customer with minimal disruptions or delays in accordance with the Service Levels.
6 Business Continuity
6.1 TM shall, during the Subscription Term and in accordance with Good Industry Practice, maintain detailed and comprehensive contingency plans against events which could affect the ability of TM to perform and provide the Platform in accordance with the Service Levels.
7 TM Obligations
7.1 TM makes the Platform and the Services available with reasonable skill and care and shall ensure that the Services perform (in technical and functional respect) substantially in accordance with the description of the Services specified in the Distributor Order Form or as described at https://thomasmurray.com/service-module.
7.2 Subject to clause 7.4, TM shall:
7.2.1 at its sole discretion and at its own expense, use all commercially reasonable endeavours to correct any Defect in the Platform or relevant Service; or
7.2.2 terminate the relevant Service and refund to the Distributor (to be passed on to the Customer) any amounts paid in advance by the Distributor on a pro-rata basis to reflect the period of time between the date the Customer was unable to use the relevant Services as a direct result of a Defect and the remaining days of the pre-paid term, within forty five (45) days of TM receiving written notification of a Defect from the Distributor.
7.3 Subject to clause 7.4, the remedy set out in clause 7.2 shall be the Customer’s sole and exclusive remedy for any Defect.
7.4 The warranty at clause 7.1 shall not apply and TM shall not be liable and shall have no obligations under this Agreement in respect of any Defect caused by the Customer’s use of the Subscription contrary to TM’s instructions, or modification or alteration of the Platform, the Services and/or the Deliverables by any party other than TM or TM’s duly authorised contractors or agents, or for any Defect caused by any other event outside of TM's control.
7.5 Notwithstanding the foregoing, TM:
7.5.1 does not warrant that:
7.5.1.1 the Customer’s use of the Platform and the Services will be uninterrupted and error-free;
7.5.1.2 the Platform, Services, the Deliverables and/or the information obtained by the Customer therein will meet the Customer’s requirements;
7.5.1.3 the Software, Platform or Services will be free from Vulnerabilities or Viruses; or
7.5.1.4 the Software, Platform or Services will comply with any Heightened Cybersecurity Requirements.
7.6 is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communication networks and facilities, including the internet, and the Customer acknowledges that the Platform and the Services may be subject to limitations, delays and other problems inherent in the use of such communication facilities.
7.7 This Agreement shall not prevent TM from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under this Agreement. TM shall use reasonable endeavours to ensure that any other customers accessing the Platform and/or Services do so on the same, or substantially similar, contractual terms as this Agreement.
7.8 TM warrants that it has and will maintain all necessary licences, consents, and permissions necessary for the performance of its obligations under this Agreement.
7.9 Subject to clause 12 and except to the extent expressly set out in these Standard Terms and Conditions, TM gives no warranties, representations or other commitments to the Customer as to the functionality, performance, availability, transmission speeds, content, latency and/or accuracy of the Platform, Services and/or Deliverables.
7.10 Subject to clause 7.9 above, all warranties, conditions, representations, and terms (whether written or oral, express or implied by statute, common law, custom, trade usage, course of dealing or otherwise, including as to satisfactory quality, fitness for a particular purpose or use, accuracy, adequacy, completeness or timeliness) are hereby excluded to the fullest extent permitted by applicable law.
8 Customer Obligations
8.1 The Customer shall:
8.1.1 provide TM and Distributor with:
8.1.1.1 all necessary co-operation in all matters relating to this Agreement; and
8.1.1.2 all necessary access to such information as may be required by TM,
in order to provide access to the Platform and make use of the Services and Deliverables, including but not limited to Customer Data, security access information and configuration services;
8.1.2 appoint an authorised representative in relation to this Agreement who shall have the authority to liaise with Distributor on all matters relating to the Subscription;
8.1.3 without affecting its other obligations under this Agreement, comply with all applicable laws and regulations with respect to its activities under this Agreement;
8.1.4 carry out all other Customer responsibilities set out in these Standard Terms and Conditions in a timely and efficient manner. In the event of any delays in the Customer’s provision of such assistance as agreed by the Parties, TM may adjust any agreed timetable or delivery schedule as reasonably necessary;
8.1.5 ensure that the Users access the Platform and/or use the Services and the Deliverables in accordance with the terms of this Agreement and shall be responsible for any User’s breach of this Agreement;
8.1.6 obtain and shall maintain all necessary licenses, consents and permissions necessary for TM, its contractors and agents to perform their obligations under this Agreement, including without limitation the Services;
8.1.7 ensure that its network and systems comply with the relevant specifications provided by TM from time to time;
8.1.8 notify TM if any User suspects that any third-party knows their password; and
8.1.9 be solely responsible for procuring, maintaining and securing its network connections and telecommunications links from its systems to TM’s data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer’s network connections or telecommunications links or caused by the internet.
8.2 The Customer shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of all Customer Data. The Customer shall indemnify TM against any liability arising out of any Customer Data.
8.3 The Customer shall comply with the Mandatory Policies. In particular, whenever the Customer makes use of a feature as part of its use of the Platform and/or the Services that allows the Customer to upload Customer Data to the Platform, the Customer must comply with the content standards set out in TM’s Acceptable Use Policy.
9 General Warranties
9.1 Each Party represents and warrants to the other Party that in respect of itself:
9.1.1 it is duly incorporated and validly existing under the laws of the jurisdiction in which it is incorporated (or, if different, has its principal place of business) and is fully qualified and empowered to own its assets and carry out its business;
9.1.2 it has full power to enter into (and to exercise its rights and perform its obligations under) this Agreement and this Agreement when executed will constitute valid, lawful and binding obligations on it, in accordance with its terms; and
9.1.3 without affecting its other obligations under this Agreement, it shall perform its obligations hereunder in compliance with all applicable laws and regulations.
10 Payment
10.1 the Customer shall pay the Services Fees to the Distributor for the Subscription in accordance with this Agreement. If the Distributor has not received the payment by or on the due date, and without prejudice to any other rights and remedies of TM, TM may, without liability to the Customer, suspend the Subscription and any or all of the Services and disable the Customer’s account until payment in full is received.
11 Intellectual Property Rights - Ownership and Restrictions on Use
11.1 The Customer agrees and acknowledges that TM and/or its licensors own all Intellectual Property Rights in:
11.1.1 the Background IPRs,
11.1.2 the Platform,
11.1.3 the Services and Software;
11.1.4 Deliverables (excluding Customer Data) and all materials provided and/or made available as part of providing the Services; and
11.1.5 any/all adaptations, add-ons, modifications, updates, and/or enhancements to the Platform, Services, Deliverables and such materials (including at the request and/or suggestion of the Customer and/or User),
(the “TM’s IPR").
11.2 Except as expressly stated herein, this Agreement does not grant the Customer any rights to, under or in, any TM’s IPRs or any other rights or licenses in the same.
11.3 TM acknowledges and agrees that the Customer and/or its licensors own all Intellectual Property Rights in the Customer Data. The Customer hereby grants to TM and its Affiliates a fully-paid up, worldwide, non-exclusive, royalty-free, non-transferable license to use the Customer Data for the Subscription Term for the purpose of providing the Customer with access to and use of the Platform, Services and/or Deliverables.
11.4 For the avoidance of doubt, TM shall retain ownership of all Intellectual Property Rights in the Deliverables, excluding any Customer Data. TM hereby grants the Customer a fully paid-up, worldwide, non-exclusive, royalty free, non-transferable, non-sublicensable license during the Subscription Term to use and access the Deliverables for the purpose of receiving and using the Services and the Deliverables in its business.
11.5 The Customer agrees to protect (and to ensure that the Users and its employees, agents and consultants protect) any Intellectual Property Rights in, and the confidentiality of, TM’s IPR during and after the Subscription Term, and the Customer further agrees to honour all reasonable requests by TM to protect such rights and confidentiality.
11.6 TM shall be entitled to use the Customer’s name and trade marks in connection with providing the Services.
12 Limitation of Liabilities
12.1 Except as expressly and specifically provided in this Agreement:
12.1.1 the Customer assumes sole responsibility for results, information or content obtained from the use of the Subscription Services by the Customer, and for conclusions drawn from such use. TM shall have no liability for any damage caused by errors or omissions in any information, instructions or scripts provided in connection with the Customer’s use of the Platform and/or Services, or any actions taken by TM at the Customer's direction. TM is not providing any professional advice and/or recommendations on any matters arising out of this Agreement;
12.1.2 where the Platform and/or the Services contains links to or directs the Customer to other websites, resources or platforms provided by third parties, such links or directions are provided for information only and should not be interpreted by TM as approval of such websites, resources and platforms, or any information or content obtained from them. TM has no control over the contents of such websites, resources and platforms and shall have no liability in respect of the same; and
12.1.3 the Platform, the Services and the Deliverables are provided to the Customer on an "as is" basis.
12.2 Nothing in this Agreement shall limit or exclude the liability of any Party to the other in respect of:
12.2.1 fraud or fraudulent misrepresentation; or
12.2.2 death or injury to persons caused by negligence; or
12.2.3 any other liability, which cannot by law be limited or excluded.
12.3 In no event shall TM, its Affiliates, its Sources, or any other party involved in providing the Services hereunder have any liability in respect of all causes of action (whether such causes of action arise in tort (including for negligence or breach of statutory duty), contract (including under any indemnity or warranty), misrepresentation, restitution or otherwise) for:
12.3.1.1 any loss of profits or revenue,
12.3.1.2 business or business opportunities,
12.3.1.3 turnover or anticipated savings,
12.3.1.4 wasted expenditure (including management time),
12.3.1.5 increased costs or expenses, reputation or goodwill, or
12.3.1.6 any loss or corruption of data or information (in all cases, whether direct or indirect); and/or
12.3.1.7 any type of indirect, special, punitive, or consequential damages,
in each case, whether arising directly or indirectly under or in connection with these Standard Terms and Conditions, and whether or not reasonably foreseeable, reasonably contemplatable, actually foreseen or actually contemplated by a Party at the Agreement Date.
12.4 TM shall have no liability to the Customer unless the Customer serves notice within twelve (12) months of the date when the Customer became aware of the circumstances first giving rise to such claim or should reasonably have become so aware.
12.5 Subject to clause 12.2 and clause 12.3, the total aggregate liability of TM (and any of its Affiliates) to the Customer (and to any third-party claiming under or through the Customer) in each Contract Year and in respect of all causes of action (whether such causes of action arise in contract (including under any indemnity or warranty), tort, breach of statutory duty or otherwise, including any liability for negligence, howsoever caused), arising in that Contract Year (as determined at the date when the liability giving rise to the cause of action arose) out of or in connection with this Agreement shall in no event exceed the Service Fees paid by the Customer to the Distributor in respect of the Contract Year in question. The Sources shall have no liability whatsoever to the Customer.
12.6 Without prejudice to any of the foregoing, TM shall not be liable for breach of this Agreement arising from or in relation to:
12.6.1 the use of the Services by the Customer in breach of this Agreement;
12.6.2 any alterations to the Platform, any Service or Deliverable made by anyone other than TM or someone authorised by TM;
12.6.3 any delay or failure in the provision of the Platform or any Service to the Customer caused by anyone other than TM; or
12.6.4 any negligent act or omission by the Customer.
12.7 The Customer agrees to indemnify and hold harmless TM, its Affiliates, and its Sources from and against any losses, damages, claims, liabilities, and expenses (including but not limited to reasonable attorneys’ fees) arising from or which relates to: (i) the Customer’s use of the Platform, Services or any Deliverables, other than claims subject to the indemnification given by TM in clause 16 below; (ii) any Customer Data; and/or (iii) any use, by TM in accordance with this Agreement, of any logo provided by the Customer.
13 Commencement, term and termination
13.1 This Agreement shall commence on the Agreement Date and continue for the Subscription Term set out in the Distributor Order Form, following which this Agreement shall renew for additional consecutive periods of twelve (12) months (“Renewal Term”) in accordance with Distributors Rate Card from time to time in force, unless the Customer provides not less than 90 days’ written notice to TM to terminate its Subscription at the end of the relevant Subscription Term (or Renewal Term, as applicable).
13.2 Without affecting any other right or remedy available to it, either Party may terminate this Agreement with immediate effect by giving written notice to the other Party if:
13.2.1 the other Party fails to pay any amount due under the Distributor Order Form on the due date for payment and remains in default not less than fourteen (14) days after being notified in writing to make that payment;
13.2.2 the other Party commits a material breach of this Agreement (other than failure to pay any amounts due under this Agreement) and (if that breach is remediable) fails to remedy that breach within a period of thirty (30) days after being notified in writing to do so; or
13.2.3 the other Party:
13.2.3.1 suspends, or threatens to suspend, payment of its debts or is unable to pay its debts as they fall due or admits inability to pay its debts or (being a company) is deemed unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986;
13.2.3.2 commences negotiations with all or any class of its creditors with a view to rescheduling any of its debts, or makes a proposal for or enters into any compromise or arrangement with its creditors other than for the purpose of a schedule for a solvent amalgamation of that other Party with one or more other companies or the solvent reconstruction of that other Party;
13.2.3.3 applies to court for, or obtains, a moratorium under Part A1 of the Insolvency Act 1986;
13.2.3.4 a petition is filed, a notice is given, a resolution is passed, or an order is made, for or in connection with the winding up of the other Party other than for the sole purpose of a scheme for a solvent amalgamation of that other Party with one or more other companies or the solvent reconstruction of that other Party;
13.2.3.5 a creditor or encumbrancer of the breaching party attaches or takes possession of, or a distress, execution, sequestration or other such process is levied or enforced on or sued against, the whole or any part of its assets and such attachment or process is not discharged within fourteen (14) days;
13.2.3.6 an application is made to court, or an order is made, for the appointment of an administrator or if a notice of intention to appoint an administrator is given or if an administrator is appointed over the other Party;
13.2.3.7 a floating charge holder over the assets of the other Party has become entitled to appoint or has appointed an administrative receiver;
13.2.3.8 a person becomes entitled to appoint a receiver over the assets of the other Party or a receiver is appointed over the assets of the other Party;
13.2.3.9 suspends or threatens to suspend, or ceases or threatens to cease to carry on, all or a substantial part of its business; and/or
13.2.3.10 an event occurs, or proceeding is taken, with respect to the other Party in any jurisdiction to which it is subject that has an effect equivalent or similar to any of the events mentioned in clause 14.3.3.1 to 14.3.3.9 (inclusive).
13.3 TM may terminate this Agreement immediately by notice to the Customer if the Customer undergoes a Change of Control.
13.4 Upon termination or expiry of this Agreement:
13.4.1 all licenses granted under this Agreement shall immediately terminate and the Customer will no longer have any right to access or use the Platform, the Services and/or the Deliverables;
13.4.2 TM shall have the right to restrict or otherwise render inaccessible the Platform, the Services and any Deliverables;
13.4.3 notwithstanding any other provision to the contrary, on termination of this Agreement (howsoever arising), all payments payable to TM, being those that have accrued prior to termination as well as all sums remaining unpaid for the Services ordered under this Agreement plus related taxes and expenses, shall remain due and shall become immediately due and payable by the Customer;
13.4.4 each Party shall as soon as reasonably practicable return or destroy (as directed in writing by the other Party), all data, information, software, and other materials provided to it by the other Party in connection with this Agreement including all documents containing or based on the other Party’s Confidential Information (including copies).
13.5 If a Party is required by any law, regulation, or government or regulatory body to retain any documents that it would otherwise be required to return or destroy under clause 14.4.4 it shall notify the other Party in writing of that retention, giving details of the documents or materials that it must retain.
13.6 Any rights, remedies, obligations or liabilities of the Parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of this Agreement which existed at or before the date of termination shall not be affected or prejudiced.
13.7 Provisions which survive termination or expiration of this Agreement are those relating to limitation of liability, infringement, indemnity, confidentiality, payment and others which by their nature are intended to survive.
14 Third-Party Credits
14.1 The Customer agrees to include on all print and electronic materials produced by the Customer that include any third-party licensed Deliverables, a credit to the Sources of such components, to the extent that such Source is identified in the Service or otherwise identified by TM; provided, however, that the foregoing shall not be construed to modify the terms of clause 11 of this Agreement.
14.2 Nothing in this Agreement is intended to create or should be construed as creating a fiduciary relationship between the Parties nor does it create any actual or apparent agency, partnership or relationship. The Customer understands and agrees that neither TM, its Affiliates nor its Sources has consented to or will consent to being named an "expert" under applicable securities or other laws.
14.3 The Customer acknowledges and agrees that the Deliverables will contain additional disclaimers and limitations of liability, and that such additional disclaimers and limitations are hereby expressly incorporated into the terms of this Agreement.
15 Indemnity
15.1 The Customer shall defend, indemnify and hold harmless TM against claims, actions, proceedings, losses, damages, expenses and costs (including without limitation court costs and reasonable legal fees) arising out of or in connection with a breach of this Agreement or the Applicable Data Protection Laws or the Customer’s use of the Platform, the Services and/or the Deliverables.
15.2 TM shall ensure that:
15.2.1 the Customer is given prompt written notice of any such claim;
15.2.2 the Customer has sole control of the defence or settlement of such claim; and
15.2.3 TM provides reasonable cooperation to the Customer in the defence and settlement of such claim, at the Customer’s expense.
15.3 Subject to clause 12, TM shall indemnify and defend the Customer with respect to direct damages incurred by the Customer, including reasonable legal fees, as a result of any claim made against the Customer by a third-party to the extent that such claim alleges that the Customer’s use of the Services and/or Deliverables in accordance with the provisions of these Standard Terms and Conditions infringe any Intellectual Proprietary Right belonging to that third-party, provided that TM’s indemnity shall only apply if:
15.3.1 TM is given prompt written notice thereof;
15.3.2 TM has sole control of the defence or settlement of such claim; and
15.3.3 the Customer provides reasonable cooperation to TM in the defence and settlement of such claim, at TM’s expense.
15.4 In the event of such claim to which TM’s indemnity apply, TM may procure the right for the Customer to continue using the Services, replace or modify the Services so that they become non-infringing or, if such remedies are not reasonably available, terminate this Agreement with respect to the allegedly infringing Service by giving written notice to the Customer without any additional liability to the Customer and by refunding to the Customer the prorated share of any prepaid charges relating to such infringing Service.
15.5 TM will have no liability under the indemnity in clause 15.3 to the extent that the alleged infringement is based on:
15.5.1 the Customer’s use of the Services or the Deliverables outside the scope of this Agreement or contrary to TM’s instructions;
15.5.2 a modification of the Platform, the Services and/or the Deliverables by anyone other than TM;
15.5.3 the Customer’s use of the Platform, Services and/or Deliverables after notice of the alleged or actual infringement claim from TM or any appropriate authority; or
15.5.4 the Customer’s continued use of the Services after the Subscription ends or this Agreement has been terminated.
15.6 The Customer shall have no rights and remedies in respect of infringement of any third-party Intellectual Property Rights except as expressly set out in clause 15.3.
16 Changes
16.1 TM may, at its sole discretion, make changes to these Standard Contract Terms and Conditions or other documents referred to in any part of this Agreement from time to time.
16.2 In the event that TM makes a change to the terms of this Agreement:
16.2.1 TM shall provide the Customer with reasonable notice in writing by email and/or through the Platform; and
16.2.2 the Customer shall be entitled to terminate this Agreement by providing at least fourteen (14) days’ written notice of such termination to TM from the date that such change was notified by TM.
16.3 The Customer’s continued use of the Platform and/or Services after any changes have been made available at the location specified in clause 16.1 shall constitute acceptance by and on behalf of the Customer of the amended Agreement (or any part thereof).
17 Confidentiality
17.1 Each Party shall keep the other Party’s Confidential Information confidential and shall not:
17.1.1 use any Confidential Information except for its use to perform its obligations under this Agreement; or
17.1.2 disclose any Confidential Information in whole or in part to any third-party, except as expressly permitted by this clause 17.
17.2 A Party may disclose the other Party’s Confidential Information to Users and/or its representatives on a need to know basis, provided that:
17.2.1 it informs those Users/representatives of the confidential nature of the Confidential Information before disclosure; and
17.2.2 at all times, it is responsible for the User’s/representatives’ compliance with the confidentiality obligations set out in this clause 17.
17.3 A Party may disclose Confidential Information to the extent required by law, by any governmental or other regulatory authority, or by a court or other authority of competent jurisdiction provided that, to the extent it is legally permitted to do so, it gives the other Party as much notice of the disclosure as possible.
17.4 Each Party reserves all rights in its Confidential Information. No rights or obligations in respect of a Party’s Confidential Information, other than those expressly stated in this Agreement, are granted to the other Party, or are to be implied from this Agreement. The Customer acknowledges that details of the Services and the Deliverables and the results of any performance tests of the Platform or the Services, constitute TM’s Confidential Information. TM acknowledges that the Customer Data is the Confidential Information of the Customer.
17.5 Subject always to TM’s obligations under this clause 17 and clause 18, TM shall have the right to create, use and disclose any summaries, findings, analysis, benchmarks, patents, trends, knowledge, metadata, risk grades or other insights derived from the Services, Deliverables and responses received by the Customer under this Agreement by:
17.5.1 aggregating any such responses and Customer Data the Customer supplies with other data in a de-identified and fully and properly anonymised manner; and/or
17.5.2 comprising anonymous learnings, benchmarking against other market data, logs and data regarding use of TM’s Platform, the Services and the Deliverables,
provided that such insights data contains only fully and properly anonymised, aggregated data that does not identify the Customer, any Customer Personal Data or any original Customer Data. The Parties agree that such insights data shall belong to TM and TM may use it for any lawful purpose during and after the Subscription Term including, without limitation, disclosing such insights data to clients of TM’s monitoring programmes, developing, providing, operating, maintaining and improving its Platform, the Services and Deliverables and to create and distribute reports and other materials.
18 Data Protection
18.1 Both Parties will comply with all applicable requirements of the Applicable Data Protection Laws. This clause 18 is in addition to, and does not relieve, remove or replace, a Party's obligations or rights under Applicable Data Protection Laws.
18.2 The Parties have determined that for the purposes of Applicable Data Protection Laws TM shall be a Processor in respect of any Personal Data Processed by TM on the Customer’s behalf who is Controller. Each Party will adhere to the provisions of Schedule 2 (Data Processing Agreement).
18.3 Should the determination in clause 18.2 change, the Parties shall use all reasonable endeavours to make any changes that are necessary to this clause 18 and Schedule 2 (Data Processing Agreement) to ensure that all Personal Data Processing shall be compliant with the Applicable Data Protection Laws.
19 Announcements
No Party shall make, or permit any person to make, any public announcement concerning this Agreement without the prior written consent of the other Parties (such consent not to be unreasonably withheld, conditioned or delayed), except as required by law, any governmental or regulatory authority (including any relevant securities exchange), any court or other authority of competent jurisdiction.
20 Other Matters
20.1 Force Majeure. Other than in respect of the Customer’s obligation to pay the Services Fees, neither Party shall have any liability to the other under this Agreement if it is prevented from or delayed in performing its obligations, by acts, events, omissions or accidents beyond its reasonable control, including strikes, lock-outs or other industrial disputes, failure of a utility service or transport or telecommunications network, epidemic or pandemic, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood or storm.
20.2 Notices.
20.2.1 Any notice or other communication given to a Party under or in connection with this Agreement shall be in writing and shall be delivered by: (a) hand or pre-paid first-class post or other next working day delivery service at its registered office (if a company) or its principal place of business (in any other case); or (b) except with respect to the service of legal proceedings, e-mail to the addresses referred to in sub-clause (b) (below).
20.2.2 Any notice or communication shall be deemed to have been received:
(a) if delivered by hand, on signature of a delivery receipt or at the time the notice is left at the proper address;
(b) if sent by pre-paid first-class post or other next working day delivery service, at 9.00 am on the second working day after posting or at the time recorded by the delivery service; or
(c) if sent by e-mail to: (i) [insert TM’s email address]; or (ii) [insert Customer’s email address] an authorised representative of sufficient authority to give the notice, upon the generation of a receipt notice by the recipient's server or, if such notice is not generated, upon delivery to the recipient's server.
20.3 Amendment. No waiver, alteration, or amendment of any provision of this Agreement shall be effective unless authorised in writing by TM.
20.4 Severability.
20.4.1 If any provision of this Agreement is or becomes for any reason whatsoever invalid, illegal or unenforceable, it shall be divisible from this Agreement and shall be deemed to be deleted from it and the validity of the remaining provisions shall not be affected in any way.
20.4.2 If any provision or part-provision of this agreement is deemed deleted under clause 20.4.1 the Parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
20.5 Third-Party Rights. Unless it expressly states otherwise, this Agreement does not confer any rights on any person or party (other than the Parties to this Agreement and, where applicable, their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.
20.6 Governing Law and Jurisdiction.
20.6.1 This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales.
20.6.2 Any dispute or claim arising out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims) shall be subject to the non-exclusive jurisdiction of the courts of England, and the parties hereby irrevocably submit to the non-exclusive jurisdiction of the courts of England for these purposes.
20.7 Assignment. This Agreement may not be assigned by the Customer without the prior written consent of TM, such consent not to be unreasonably withheld.
20.8 Entire Agreement
20.8.1 This Agreement constitutes the entire agreement between the Parties with respect to its subject matter and shall supersede any other previous agreement, warranty, statement, representation, understanding or undertaking (in each case whether written or oral) given or made before the date of this Agreement by or on behalf of the Parties and relating to its subject matter including any proposals, circulars, prospectuses, or marketing documents.
20.8.2 Each Party confirms that it has not relied upon, and (subject to clause 20.8.4) shall have no remedy in respect of, any agreement, warranty, statement, representation, understanding or undertaking made by any party (whether or not that party is a party to this Agreement) unless that warranty, statement, representation, understanding or undertaking is expressly set out in this Agreement.
20.8.3 Subject to clause 20.8.4 neither Party shall be entitled to the remedies of rescission or damages for misrepresentation arising out of, or in connection with, any agreement, warranty, statement, representation, understanding or undertaking whether or not it is set out in this Agreement.
20.8.4 Nothing in this Agreement shall restrict or exclude any liability for (or remedy in respect of) fraud or fraudulent misrepresentation.
20.9 Survival of Terms and Accrued Rights. Termination or expiry of this Agreement, howsoever caused, shall not prejudice any obligations or rights of either of the Parties which may have accrued before termination or expiry and shall not affect any provision of this Agreement which is expressly, or by implication, intended to come into effect on, or to continue in effect after, such termination or expiry.
SCHEDULE 1 – Data Processing Agreement (“DPA”)
This Data Processing Agreement is made on [insert day and month] 2023.
Background
(A) The Parties have entered into an agreement that applies to access and use of the Platform (“Agreement”) on [insert date] that requires TM to process Personal Data on behalf of the Customer.
(B) This Data Processing Agreement (“DPA”) sets out the additional terms, requirements and conditions on which TM will process Personal Data when providing services under the Agreement. This DPA contains the mandatory clauses required by Article 28(3) of the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR) for contracts between controllers and processors and the General Data Protection Regulation ((EU) 2016/679).
1 Definitions and interpretation
1.1 In this DPA, capitalised terms have the following meanings:
1.1.1 “Business Purpose” means the services to be provided by TM to the Customer as described in the Agreement and any other purpose agreed between the Parties in writing.
1.1.2 “Commissioner” means the Information Commissioner (see Article 4(A3), UK GDPR and section 114, DPA 2018).
1.1.3 “Controller”, “Processor”, “Data Subject”, “Personal Data”, “Personal Data Breach” and “Processing” have the meaning given to them in the Applicable Data Protection Laws.
1.2 This DPA is subject to the terms of the of the Agreement and is incorporated into the Agreement.
1.3 The Annexes from part of this DPA and will have effect as if set out in full in the body of this DPA.
1.4 A reference to writing or written includes emails.
1.5 In the case of conflict or ambiguity between:
1.5.1 any provision contained in the body of this DPA and any provision contained in the Annexes, the provision in the body of this DPA will prevail;
1.5.2 any of the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA will prevail; and
1.5.3 any of the provisions of this DPA and any executed SCC, the provisions of the executed SCC will prevail.
2 Personal Data Types and Processing Purposes
2.1 The Parties acknowledge and agree that for the purposes of the Applicable Data Protection Laws:
2.1.1 the Customer is the Controller and TM is the Processor.
2.1.2 the Customer retains control of the Personal Data and remains responsible for its compliance obligations under the Applicable Data Protection Laws, including but not limited to providing any required notices and obtaining any required consents, and for the written processing instructions it gives to TM.
2.1.3 The Annex A sets out the scope, nature and purpose of processing by TM, the duration of the processing and the types of Personal Data and categories of Data Subject.
3 TM’s Obligations
3.1 TM will only process the Personal Data to the extent, and in such a manner, as is necessary for the Business Purposes in accordance with the Customer’s written instructions. TM must promptly notify the Customer if, in its opinion, the Customer’s instructions do not comply with the Applicable Data Protection Laws.
3.2 TM shall comply with written instructions from the Customer requiring TM to amend, transfer, delete or otherwise process the Personal Data, or to stop, mitigate or remedy any unauthorised processing.
3.3 TM will maintain the confidentiality of the Personal Data and will not disclose the Personal Data to third parties unless the Customer or this DPA specifically authorises the disclosure, or as required by domestic law, court or regulator (including the Commissioner).
3.4 TM must promptly notify the Customer of any changes to the Applicable Data Protection Laws that may reasonably be interpreted as adversely affecting TM’s performance of the Agreement or this DPA.
4 TM’s Employees
4.1 TM will ensure that all of its employees:
4.1.1 are informed of the confidential nature of the Personal Data and are bound by confidentiality obligations and use restrictions in respect of the Personal Data;
4.1.2 have undertaken training on the Applicable Data Protection Laws relating to handling Personal Data and how it applies to their particular duties; and
4.1.3 are aware both of TM's duties and their personal duties and obligations under the Applicable Data Protection Laws and this DPA.
5 Security
5.1 TM shall implement appropriate technical and organisational measures against unauthorised or unlawful processing, access, copying, modification, reproduction, display or distribution of the Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage of Personal Data including, but not limited to, the security measures set out in Annex 2.
5.2 TM shall implement such measures to ensure a level of security appropriate to the risk involved, including as appropriate:
5.2.1 the pseudonymisation and encryption of Personal Data;
5.2.2 the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
5.2.3 the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and
5.2.4 a process for regularly testing, assessing and evaluating the effectiveness of the security measures.
6 Personal Data Breach
6.1 TM shall without undue delay notify the Customer if it becomes aware of:
6.1.1 the loss, unintended destruction or damage, corruption, or unusability of part or all of the Personal Data. TM will restore such Personal Data as soon as possible.
6.1.2 any accidental, unauthorised or unlawful processing of the Personal Data; or
6.1.3 any Personal Data Breach.
6.2 Where TM becomes aware of (a), (b) or (c), it shall, without undue delay, also provide the Customer with the following information:
6.2.1 description of the nature of (a), (b) or (c), including the categories of in-scope Personal Data and approximate number of both Data Subjects and the Personal Data records concerned;
6.2.2 the likely consequences; and
6.2.3 a description of the measures taken or proposed to be taken to address (a), (b) or (c), including measures to mitigate its possible adverse effects.
6.3 Following any accidental, unauthorised or unlawful Personal Data processing or Personal Data Breach, the Parties will co-ordinate with each other to investigate the matter. Further, TM will reasonably co-operate with the Customer in the Customer's handling of the matter, including but not limited to:
6.3.1 making available all relevant records, logs, files, data reporting and other materials required to comply with all Applicable Data Protection Laws or as otherwise reasonably required by the Customer, providing these are not business confidential documents for TM; and
6.3.2 taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach or accidental, unauthorised or unlawful Personal Data Processing.
6.4 TM will not inform any third-party of any accidental, unauthorised or unlawful processing of all or part of the Personal Data and/or a Personal Data Breach without first obtaining the Customer's written consent, except when required to do so by domestic law.
6.5 TM agrees that the Customer has the sole right to determine:
6.5.1 whether to provide notice of the accidental, unauthorised or unlawful processing and/or the Personal Data Breach to any Data Subjects, the Commissioner, other in-scope regulators, law enforcement agencies or others, as required by law or regulation or in the Customer's discretion, including the contents and delivery method of the notice; and
6.5.2 whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy.
7 Cross-border transfer of Personal Data
7.1 Where such consent is granted, TM may only process, or permit the processing, of the Personal Data outside the EEA under the following conditions:
7.1.1 TM is processing the Personal Data in a territory which is subject to adequacy regulations under the Applicable Data Protection Laws that the territory provides adequate protection for the privacy rights of individuals. TM shall identify in Annex A the territory that is subject to such adequacy regulations; or
7.1.2 TM participates in a valid cross-border transfer mechanism under the Applicable Data Protection Laws, so that TM (and, where appropriate, the Customer) can ensure that appropriate safeguards are in place to ensure an adequate level of protection with respect to the privacy rights of individuals as required by Article 46 of the UK GDPR and EU GDPR.TM shall identify in Annex A the transfer mechanism that enables the parties to comply with these cross-border data transfer provisions and TM must immediately inform the Customer of any change to that status; or
7.1.3 the transfer otherwise complies with the Applicable Data Protection Laws for the reasons set out in Annex A.
7.2 If the Customer consents to appointment by TM of a subcontractor located outside the EEA in compliance with the provisions of clause 8 below, then the Customer authorises TM to enter into SCCs for the transfer of Personal Data to the subcontractor.
8 Subcontractors
8.1 The Customer authorises the appointment of the subcontractors listed in Annex A.
8.2 Subject to clause 8.1 above, TM may authorise other subcontractor to process the Personal Data if:
8.2.1 the Customer is provided with an opportunity to object to the appointment of each subcontractor within five (5) Business Days after TM supplies the Customer with full details in writing regarding such subcontractor;
8.2.2 TM enters into a written contract with the subcontractor that contains terms substantially the same as those set out in this DPA, in particular, in relation to requiring appropriate technical and organisational data security measures, and, upon the Customer’s written request, and ensure such subcontractor complies with all such terms; and
8.2.3 where the subcontractor fails to fulfil its obligations under the written agreement with TM which contains terms substantially the same as those set out in this DPA, TM remains liable to the Customer for the subcontractor’s performance of its agreement obligations.
9 Complaints, Data Subject Request and third-party rights
9.1 TM shall take such technical and organisational measures as may be appropriate to enable the Customer to comply with:
9.1.1 the rights of Data Subjects under the Applicable Data Protection Laws, including subject access rights, the rights to rectify, port and erase personal data, object to the processing and automated processing of personal data, and restrict the processing of personal data; and
9.1.2 information or assessment notices served on the Customer by the Commissioner or other relevant regulator under the Applicable Data Protection Laws.
9.2 TM must notify the Customer promptly in writing if it receives any complaint, notice or communication that relates directly or indirectly to the processing of the Personal Data or to either Party's compliance with the Applicable Data Protection Laws.
9.3 TM shall notify the Customer within five (5) Business Days if it receives a request from a Data Subject for access to their Personal Data or to exercise any of their other rights under the Applicable Data Protection Laws.
9.4 It shall be the Customer’s responsibility to reply to all such requests as required by the Applicable Data Protection Laws.
10 Term and Termination
10.1 This DPA will remain in full force and effect so long as:
10.1.1 the Agreement remains in effect; or
10.1.2 TM retains any of the Personal Data related to the Agreement in its possession or control (“Term”).
10.2 Any provision of this DPA that expressly or by implication should come into or continue in force on or after termination of the Agreement in order to protect the Personal Data will remain in full force and effect.
10.3 If a change in any Applicable Data Protection Laws prevents either party from fulfilling all or part of its Agreement obligations, the Parties may agree to suspend the processing of the Personal Data until that processing complies with the new requirements. If the Parties are unable to bring the Personal Data processing into compliance with the Applicable Data Protection Laws either Party may terminate the Agreement with immediate effect on written notice to the other Party.
11 Data Return and Destruction
11.1 At the Customer’s request, TM will give the Customer a copy of all or part of the Personal Data in its possession or control. To the extent that the Customer has not notified TM on the termination end date or expiry of the Agreement that it requires TM to return such Personal Data, TM shall securely delete or destroy all or any of the Personal Data related to this DPA in its possession or control.
11.2 If any law, regulation, or government or regulatory body requires TM to retain any documents or materials or Personal Data that TM would otherwise be required to return or destroy, it will notify the Customer in writing of that retention requirement, giving details of the documents, materials or Personal Data that it must retain, the legal basis for retention, and establishing a specific timeline for deletion or destruction once the retention requirement ends.
12 Records
12.1 TM will keep detailed, accurate and up-to-date written records regarding any processing of the Personal Data, including but not limited to, the access, control and security of the Personal Data, subcontractors, the processing purposes, categories of processing, any transfers of personal data to a third country and related safeguards, and a general description of the technical and organisational security measures referred to in clause 5.1 (“Records”).
12.2 TM will ensure that the Records are sufficient to enable the Customer to verify TM’s compliance with its obligations under this DPA and TM will provide the Customer with copies of the Records upon request.
13 Audit
13.1 Once a year, TM will conduct site audits of its Personal Data processing practices and the information technology and information security controls for all facilities and systems used in complying with its obligations under this DPA.
13.2 On the Customer’s written request, TM will make all of the relevant audit reports available to the Customer for review. The Customer will treat such audit reports as TM’s confidential information under the Agreement.
13.3 TM will address any exceptions noted in the audit reports with the development and implementation of a corrective action plan by TM’s management.
14 Liability
14.1 The liability of the Parties to one another shall be limited in accordance with the provisions of clause 12 (Limitation of Liability) of the Agreement in relation to all direct, indirect or consequential losses, damages, claims, fees (including but not limited to administrative, professional advisor or legal fees), penalties, expenses, taxes, costs and any third-party claims against one party, howsoever arising under or in connection with this DPA, whether as a result of a breach of any clause of this DPA by a Party, or any breach of Applicable Data Protection Laws.
15 Notice
15.1 Any notice given to a Party under or in connection with this DPA must be in writing and delivered to:
15.1.1 For the Customer: [insert email]
15.1.2 For TM: enquiries@thomasmurray.com
15.2 Clause 35 does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.
This DPA has been entered into on the date stated at the beginning of it.
Signed by [NAME]
Authorised signatory for and on behalf of [insert CUSTOMER company name] Signature
Signed by [NAME]
Authorised signatory for and on behalf of Thomas Murray Network Management Limited Signature
Annex A - DETAILS OF PROCESSING OF CUSTOMER PERSONAL DATA
Subject matter of processing:
The subject matter of the processing of Customer Personal Data is information related to Users of the Service Modules.
Scope and duration of the processing of Customer Personal Data
The scope and duration of the processing of the Customer Personal Data are set out in this DPA.
The nature and purpose of the processing of Customer Personal Data
The purpose of the processing of the Customer Personal Data is to identify individuals in order to create user accounts that provide them with an appropriate and authorised level of access to the Service Modules, and to enable them to submit and/or receive information relating to the third-party’s business activities, to log their activity for security audit purposes and to deliver to them by email notifications of changes to information consistent with their level of authorised access and their individual preferences.
The categories of Data Subject to whom the Customer Personal Data relates
The Customer’s and any of its Affiliates’ and the Customer’s directors, representatives, shareholders, investors, beneficial owners, agents, officers, employees, and contractors.
The types of Customer Personal Data to be processed
a) Name
b) job title
c) job function
d) role under the Agreement (e.g. primary relationship contact for TM)
e) department/team/office
f) marital status/title (e.g. Mr/Ms)
g) location/business address
h) email address
i) telephone number
j) IP address(es)
k) application permissions to access data/reports and carry out administrative functions
l) individual preferences regarding user interface language, report parameters and email notifications
No special categories of Customer Personal Data are processed under this Agreement.
Approved Subcontractors:
Name Purpose
Location of data Transfer mechanism
None at this time
Security measures
(a) Processing of Customer Personal Data must take place on data processing systems for which technical and organisational measures for protecting Customer Personal Data have been implemented. In this context, TM assures the Distributor that it will take all measures required for the processing of the Customer Personal Data on the data processing systems of TM in accordance with applicable Data Protection Laws and requirements, provided that, having regard to the state of technological development and the cost of implementing any measures, the measures must ensure a level of security appropriate to the harm that might result from unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the Customer Personal Data to be protected.
(b) TM implements measures designed to:
(i) deny unauthorised persons access to data-processing equipment used for processing Customer Personal Data (equipment access control);
(ii) prevent the unauthorised reading, copying, modification or removal of data media (data media control);
(iii) prevent the unauthorised input of Customer Personal Data and the unauthorised inspection, modification or deletion of stored Customer Personal Data (storage control);
(iv) prevent the use of automated data-processing systems by unauthorised persons using data communication equipment (user control);
(v) ensure that persons authorised to use an automated data-processing system only have access to the Customer Personal Data covered by their access authorisation (data access control);
(vi) ensure that it is possible to verify and establish to which individuals Customer Personal Data have been or may be transmitted or made available using data communication equipment (communication control);
(vii) ensure that it is subsequently possible to verify and establish which Customer Personal Data have been put into automated data-processing systems and when and by whom the input was made (input control);
(viii) prevent the unauthorised reading, copying, modification or deletion of Customer Personal Data during transfers of those data or during transportation of data media (transport control);
(ix) ensure that installed systems may, in case of interruption, be restored (recovery);
(x) ensure that the functions of the system perform, that the appearance of faults in the functions is reported (reliability) and that stored Customer Personal Data cannot be corrupted by means of a malfunctioning of the system (integrity).
(c) On request, TM will provide the Distributor with a comprehensive, up-to-date data protection and security plan for the data processing under the terms of this Schedule.
(d) No person will be appointed by TM to process the Customer Personal Data unless that person: (i) is competent and qualified to perform the specific tasks assigned to him TM; (ii) has been authorised by TM and (iii) has been fully instructed by TM in the procedures and statutory regulations relevant to the performance of the obligations of TM under this Schedule, in particular the limited purpose of the data processing.
(e) It is prohibited to make copies of any Customer Personal Data transmitted by the Distributor to TM, provided, however, that TM may retain copies of Customer Personal Data provided to it under a related contract in its servers for backup and archive purposes until the completion of the Services under the Agreement.
TM's legal basis for processing Personal Data outside the EEA in order to comply with cross-border transfer restrictions is that it is located in a country with a current determination of adequacy (list country): United Kingdom.