Terms & Conditions
These terms and conditions (T&Cs) and the order form (Order
Form) between you (Customer) and Real Links Limited, incorporated
and registered in England and Wales with company number 10570135 whose
registered office is at 86-90 Paul Street, London, England EC2A 4NE (Supplier) govern the terms and
conditions between you and the Supplier for use of the Software and Services.
1.1
The definitions and rules of interpretation in this clause apply to
these T&Cs.
Authorised Users: those employees and
independent contractors of the Customer and/or other person nominated by the Customer
as specified in the Order From who are authorised to use the Software through
the Hosting Services under these T&Cs, as further described in clause 3.2(b).
Business Day: a day other than a
Saturday, Sunday or public holiday in England when banks in London are open for
business.
Confidential Information: information that is
proprietary or confidential and is either clearly labelled as such or
identified as Confidential Information in clause 9.6 or clause 9.7.
Configuration Services: the configuration and
related work referred to in clause 2, to be performed by the Supplier to
configure the Software.
Customer Account Team: the individuals appointed
by the Customer from time to time who shall serve as the Supplier’s primary
contacts for the Supplier’s activities under these T&Cs.
Customer Data: the data inputted into the
information fields of the Software by the Customer, by Authorised Users, or by
the Supplier on the Customer’s behalf or other data relating to the Customer
communicated to or processed or generated by the Supplier.
Customer’s Project Manager: the member of the Customer
Account Team appointed in accordance with clause 5(b).
Effective Date: the effective date specified
in the Order Form.
Hosting Services: the services that the
Supplier provides to allow Authorised Users to access and use the Software,
including hosting set-up and ongoing services, as described in Schedule 1.
Intellectual Property Rights: patents, utility models,
rights to inventions, copyright and neighbouring and related rights, trademarks
and service marks, business names and domain names, rights in get-up and trade
dress, goodwill and the right to sue for passing off or unfair competition,
rights in designs, database rights, rights to use, and protect the
confidentiality of, confidential information (including know-how and trade
secrets), and all other intellectual property rights, in each case whether
registered or unregistered and including all applications and rights to apply
for and be granted, renewals or extensions of, and rights to claim priority
from, such rights and all similar or equivalent rights or forms of protection
which subsist or will subsist now or in the future in any part of the world.
Internal Mobility Software: has the meaning given to it in Schedule 2.
Maintenance and Support: any error corrections,
updates and upgrades that the Supplier may provide or perform with respect to
the Software and Hosting Services, as well as any other support or training
services provided to the Customer under these T&Cs, all as described in Schedule 3.
Normal Business Hours: 9.30 am to 5.30 pm local
UK time, each Business Day.
Referral Software: has the meaning given to it in Schedule 2.
Services: the
Configuration Services, Hosting Services and/or Maintenance and Support as
applicable, and all other obligations of the Supplier.
Software: the
Supplier’s proprietary software in machine-readable object code form being the Referral
Software and/or the Internal Mobility Software as specified in the Order Form, including
any error corrections, updates, upgrades, modifications and enhancements to it
provided to the Customer under these T&Cs. For the avoidance of doubt,
references in this agreement to Software shall only be to the relevant Software
specified in the Order Form.
Supplier Account Team: the individuals appointed
by the Supplier from time to time who shall serve as the Customer’s primary
contacts for the Customer’s activities under these T&Cs.
Supplier’s Project Manager: the member of the Supplier’s
Account Team appointed in accordance with clause 2.2.
Term: as defined in
clause 13.1 of these T&Cs.
Virus: any thing or device
(including any software, code, file or programme) which may:
(a)
prevent, impair or otherwise adversely affect the operation of any
computer software, hardware or network, any telecommunications service,
equipment or network or any other service or device;
(b)
prevent, impair or otherwise adversely affect access to or the operation
of any programme or data, including the reliability of any programme or data
(whether by rearranging, altering or erasing the programme or data in whole or
part or otherwise); or
(c)
adversely affect the user experience, including worms, trojan horses,
viruses and other similar things or devices.
1.2
Clause, Schedule and paragraph headings shall not affect the
interpretation of these T&Cs.
1.3
A person includes a natural
person, corporate or unincorporated body (whether or not having separate legal
personality).
1.5
Unless the context otherwise requires, words in the singular shall
include the plural and in the plural include the singular.
1.7
A reference to writing or written includes email.
1.11
Any words following the terms including,
include, in particular, for example or any similar expression shall be construed as illustrative and shall
not limit the sense of the words, description, definition, phrase or term
preceding those terms.
2.1
The personnel on the Supplier Account Team shall be notified to the
Customer.
2.3
The Supplier shall submit the Software to the Customer, subject to such
reasonable cooperation by the Customer as may be required. Within ten (10)
Business Days of the Supplier’s delivery of the Software, the Customer shall
review such Software to confirm that it functions in material conformance with the
Software features set out in Schedule 2. If the Software fails to conform with
the features set out in Schedule 2, the Customer shall give the Supplier a
detailed description of any such non-conformance, in writing, within the ten-day
review period.
2.4
With respect to any errors contained in the Software during the
Configuration Services (an “Error”), the Supplier shall use reasonable
endeavours to correct any Error within ten (10) Business Days of the Customer’s
notification and, on completion, submit the corrected Software to the Customer.
The provisions of this clause 2.4 shall then apply again, up to two additional times.
2.6
If the Supplier is unable to
correct an Error after three attempts, then the Customer shall be entitled to
terminate these T&Cs on written notice to the Supplier, provided such
notice is provided within ten (10) Business Days after the third unsuccessful
attempt to correct the Error. In the event of such termination the Supplier shall
repay all unaccrued sums the Customer has paid the Supplier under these
T&Cs.
3.
Hosting Services, Maintenance and Support
3.2
In relation to Authorised Users:
(a) the Customer’s access to the
Hosting Services shall be limited to Authorised Users;
(d)
the Customer shall be responsible for all actions and/or omissions of
the Authorised Users.
3.3
In relation to the Software:
iii.
use the Software
or Hosting Services to provide information and/or services to third parties;
iv.
transfer,
temporarily or permanently, any of its rights under these T&Cs; or
v.
attempt to obtain,
or assist third parties in obtaining, access to the Software; and
4.1
The Supplier undertakes that it will perform the Services with
reasonable skill and care.
4.2
The Supplier shall comply with all applicable laws and regulations with
respect to its activities under these T&Cs.
4.3
The undertaking at clause 4.1 shall not apply to the extent of any: (a) non-conformance which is
caused by misuse of the Software; (b) use of the Software by any Authorised
User or the Customer contrary to the terms of these T&Cs and/or the Supplier’s instructions; and/or (c)
modification or alteration of the Software by any party other than the Supplier
or the Supplier’s duly authorised contractors or agents.
4.4
These T&Cs shall not prevent the Supplier from entering into similar
agreements with third parties or from independently developing, using, selling
or licensing materials, products or services which are similar to those provided under these T&Cs.
(a) provide the Supplier with:
i.
all necessary
co-operation reasonably required; and
in order for the Supplier to
render the Services, including Customer Data, security access information and
software interfaces to the Customer’s other business applications;
(c) comply with all applicable
laws and regulations with respect to its activities under these T&Cs;
(e)
promote, market and give appropriate visibility of the Supplier’s Software
to its employees in order to encourage use of such Software; and
(f)
collaborate with Supplier to produce one case study after 1 month from
commencement of the Period as set out in the Order Form, describing the
benefits arising from the implementation of the Software. The case study will
be created by Supplier through interviews and will be subject to final approval
by Customer.
6.2
The Fees shall include eight (8) hours of work on the Configuration
Services in accordance with the scope of work set out in Schedule 4. Any hours
above this shall be charged at a rate of £90 per hour.
6.3
All amounts and fees stated or referred to in these T&Cs or the
Order Form are exclusive of value added tax, which shall be added to the
Supplier’s invoice(s) at the appropriate rate.
6.4
The Supplier shall invoice the Customer on the Effective Date and, where
applicable, annually thereafter. Each invoice is due and payable 30 days after
the invoice date. If the Supplier has not received payment within 30 days after
the due date, and without prejudice to any other rights and remedies of the
Supplier:
(a)
the Supplier may suspend the supply of the Services (but shall
recommence them at no further cost when the outstanding invoice has been paid);
and
(b)
interest shall accrue on a daily basis on such
due amounts at an annual rate equal to 2% over the then current base lending
rate of Barclays plc from time to time, commencing on the due date and
continuing until fully paid, whether before or after judgment.
(a) the likely time required to
implement the change;
(b) any variations to the fees arising
from the change; and
(c) any other impact of the
change on the terms of these T&Cs and/or the Order Form.
8.3
The Supplier acknowledges and agrees that the Customer owns all Intellectual
Property Rights in the Customer Data. Except as expressly stated herein, these
T&Cs do not grant the Supplier any rights to, or in, any Intellectual
Property Rights, or any other rights or licences in respect of the Customer
Data.
8.4
The Customer grants the Supplier the express right to use the Customer’s
company name and logo for provision of the Services and in marketing, sales and
public relations materials (including press releases) and other communications
solely to identify the Customer as a customer of the Supplier. The Supplier
grants the Customer the express right to use the Supplier’s company name and
logo solely to identify the Supplier as a provider of services to the Customer.
Other than as expressly stated herein, neither party shall use the other
party’s marks, drawings or specifications without the prior written permission
of the other party.
(a) is or becomes publicly known
other than through any act or omission of the receiving party;
(b) was in the other party’s
lawful possession before the disclosure;
(c) is lawfully disclosed to the
receiving party by a third party without restriction on disclosure; or
9.8
This clause 9 shall survive termination of these T&Cs, however arising.
10.
Data, data protection, security and integrity
10.1
The following definitions apply in respect of this clause 10 and
applicable sub-clauses:
(b) "data" includes
personal data; and
(d)
“Shared Personal Data” means the personal data to be shared between the
parties as controllers pursuant to the provision of the Services, as set out in
Schedule 3; and
(e)
“UK GDPR” means the GDPR as transposed into the national law of the
United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act
2018.
10.2
The Customer shall own all rights, title and interest in and to all of the Customer
Data and shall have sole responsibility for the legality, reliability,
integrity, accuracy and quality of the Customer Data. Except as expressly
stated herein, these T&Cs do not grant the Supplier any rights to, or in,
any Intellectual Property Rights or any other rights or licences in respect of
the Customer Data. The parties acknowledge that no Intellectual Property Rights
subsist in any Customer Data.
10.4
To the extent
that:
(a)
the Supplier
processes personal data on behalf of the Customer in connection with the
Services, the terms set out in the Data Processing Appendix to these T&Cs shall
apply; and
(b) the Supplier is a controller of any personal data processed in connection with the provision of the Services, the provisions set out in clause 10.5 below shall apply.
10.5
The parties acknowledge and agree that:
(a)
the sharing of the
Shared Personal Data under these T&Cs is necessary to enable the Supplier
to facilitate the provision of the Services;
(b)
for the purposes
of the Shared Personal Data both the Supplier and the Customer understand
themselves to be acting as independent controllers for separate but related
purposes and not as joint controllers for a joint purpose; and
(c)
each shall process
the Shared Personal Data and any other personal data for which each party is an
independent controller in a manner that complies with the parties’ respective
obligations under Data Protection Legislation and shall not act or omit to act
such as to cause the other party’s processing of the Shared Personal Data to be
in breach of Data Protection Legislation.
11.
Anti-bribery
11.1
Each party hereby represents, covenants and
warrants that:
(a)
it shall not violate any applicable laws including (without limitation)
any laws in regards to anti-corruption, anti-bribery
and money laundering (any such violation being a material breach of these
T&Cs), and shall promptly notify the other party in writing in the event of
any actual or alleged violation of such laws; and
(b)
during the term of these T&Cs, it shall not, nor shall any of its
officers, directors, employees or contractors, engage (or cause another party
to engage) in any activity that is, or is reasonably likely to be, in breach of
this clause.
11.2 If either party is
subject to any regulatory investigation as a result of a breach by the other
party, the other party shall indemnify the party under investigation for any
costs associated, and shall fully co-operate with, such investigation.
11.3
If either party receives any requests for bribes from any third party
relevant to these T&Cs and the Order Form, such party shall promptly report
this request to the other party.
11.4
If either party reasonably believes that a breach of any of the representations,
covenants or warranties contained within this clause has occurred, or is
reasonably likely to occur, said party may terminate these T&Cs and the
Order Form immediately and pursue all available remedies.
11.5
Notwithstanding clause 11.4, in the event an applicable court of law or
tribunal finds a breach of any representations, covenants or warranties under
this clause 11 by a party, these T&Cs and the Order Form will automatically
terminate and the party found to be in breach shall indemnify the other party
and its directors, employees, affiliates and subsidiaries in respect of any
damages, losses, fees and costs (including, without limitation, audit costs)
incurred by that other party as a result of or in relation to such breach.
11.6
Supplier hereby represents that it has exercised independent judgment in
providing the Services to Customer and has not been offered payment(s) or
benefit(s) to enter into these T&Cs, except those
contractual benefits expressly set out in these T&Cs and the Order Form.
12.1
The following provisions set out the entire financial liability of
either party (including without limitation any liability for the acts or
omissions of its employees, agents and sub-contractors) to the other in respect
of:
(a) any breach of these T&Cs
and/or the Order Form howsoever arising;
12.2
Nothing in these T&Cs excludes either party’s liability:
(a) for death or personal injury
caused by that party’s negligence;
(b)
for gross negligence or willful misconduct; or
(c) for fraud or fraudulent
misrepresentation.
12.3
Subject to clause 12.2:
(a) Except as set forth in
Section 12.2 above, neither party shall in any circumstances be liable for indirect
or consequential loss, loss of revenue, loss of profits, loss of anticipated savings, loss of
business, loss of opportunity or loss of goodwill.
(c)
The Supplier shall not be liable for any failure in or interruption in
the use of the Software caused directly or indirectly by the Customer’s
equipment. communication networks, software environment or any actions or
emissions by the Customer or any of its Authorised Users.
13.2
At the end of the Term, provision of the Services may be extended by the
parties both agreeing to enter into a letter of
renewal which sets out the fees to be paid by Customer, in which case, save as
varied in such renewal letter, the terms of these T&Cs shall continue in
effect for such extended term(s).
(k) any event occurs, or
proceeding is taken, with respect to the other party in any jurisdiction to
which it is subject that has an effect equivalent or similar to any of the
events mentioned in clause (d) to clause (j) (inclusive);
13.4
On termination of these T&Cs and/or the Order Form for any reason:
(a) all licences granted under these
T&Cs shall immediately terminate;
(b) each party shall return and
make no further use of any equipment, property, materials and other items (and
all copies of them) belonging to the other party; and
14.
Force majeure
15.
Waiver
17.
Severance
18.
Entire agreement
18.2
Each party acknowledges that in entering into the Order Form and these
T&Cs it does not rely on, and shall have no remedies in respect of, any
statement, representation, assurance or warranty (whether made innocently or
negligently) that is not set out in these T&Cs.
18.4
Nothing in this clause shall limit or exclude any liability for fraud.
18.5
In the event of any conflicts between these T&Cs and the Order Form,
the terms of these T&Cs shall prevail.
19.
Assignment
Neither party shall assign, transfer, mortgage, charge, or declare a
trust of any or all of its rights and obligations under these T&Cs and/or the Order Form
without the prior written consent of the other party (such consent not to be
unreasonably withheld or delayed).
Nothing
in these T&Cs is intended to, or shall be deemed to, establish any
partnership or joint venture between any of the parties, constitute any party
the agent of another party, nor authorise any party to make or enter into any commitments for or on behalf of any other party.
21.
Variation
These
T&Cs may be varied and/or updated by the Supplier from time to time. No variation of the Order
Form shall be effective unless it is in writing and signed by the parties (or
their authorised representatives).
Neither
these T&Cs nor the Order Form confer any rights on any other person or
party (other than the parties to these T&Cs a Order Form and (where
applicable) their successors and permitted assigns) pursuant to the Contracts
(Rights of Third Parties) Act 1999.
23.
Notices
24.
Governing law
If a
dispute arises out of or in connection with these T&Cs and/or the Order
Form (a "Dispute") then
the Parties shall follow the following procedure:
(a)
either party shall give to the other written notice of the Dispute,
setting out its nature and full particulars ("Dispute Notice"),
together with relevant supporting documents. On service of the Dispute Notice,
the Supplier’s Project Manager and the Customer’s Project Manager shall attempt
in good faith to resolve the Dispute; and
(b)
if the Supplier’s Project Manager and the Customer’s Project Manager are
for any reason unable to resolve the Dispute within 21 days of it being
referred to them, the parties shall be entitled to take such action as they
consider appropriate to settle the Dispute.
26.
Jurisdiction
B.
Installation
and configuration
C.
Facility
D.
Continuing
Hosting Services
E.
Back-up,
archiving and recovery services
F.
Release
management and change control
The Referral Software consists of the
following components:
·
Web portal.
·
White-labelling branding to the Customer’s group trading style.
·
Job listings and editing.
·
Job sharing and upload CV functionality for employees to refer contacts.
·
Talent pool of employees’ connections synced with the platform and
matching of connections to jobs.
·
Customisable gamiification with a rewards shop, employee leaderboards
and raffles.
·
Updates on the status of referrals.
·
Email notifications for employees.
·
Content sharing functionality.
·
Performance statistics & analytics.
The Internal Mobility Software consists of the following components:
·
Web portal.
·
White-labelling branding to the Customer’s group trading style.
·
Job, project and mentor listings and editing.
·
Matching of employees to jobs, projects and mentors.
·
Talent pool of employees signed up on the platform.
·
Application pages for employees.
·
Updates on the status of applications.
·
Email notifications for employees.
·
Performance statistics & analytics.
1.
Training
2.1
The Supplier shall use reasonable endeavours to ensure that maintenance
of the hosting equipment, facility, Software or other aspects of the Hosting
Services (other than emergency maintenance) that may require interruption of
the Hosting Services (Maintenance Events) are not performed during Normal Business Hours. The Supplier may
interrupt the Services to perform emergency maintenance at any time where
required. In addition, the Supplier may interrupt the Hosting Services outside
Normal Business Hours for unscheduled maintenance, provided
that it has given the Customer at least one days’ advance notice. Any
Maintenance Events that occur during Normal Business Hours, and which were not
requested or caused by the Customer, shall be considered downtime for the
purpose of service availability measurement. The Supplier shall at all times use all reasonable endeavours to keep any
service interruptions to a minimum.
3.
Maintenance
3.3
The Supplier shall maintain technical support on the most current
releases of the Software.
3.4
The Supplier shall provide the Supplier with a web-based portal for the
rationalisation of live Authorsied Users by removing or deactivating Authorsied
Users who are no-longer employed by the Customer.
4.1
The Supplier shall provide the Customer with technical support services.
The Customer shall have Customer support representatives (CSRs) who are authorised to contact the Supplier for technical support
services. The Supplier shall provide technical support services to those CSRs.
The Supplier shall provide the Supplier support engineers (SSEs) who are assigned to the Customer account. The SSEs shall handle
support calls from the Customer’s CSRs.
4.2
Supplier technical support shall accept voicemail and email from CSRs between
9.30am to 5.30pm on Business Days. The Supplier shall use reasonable endeavours
to process support requests, issue trouble ticket tracking numbers if
necessary, determine the source of the problem and respond to the Customer. The
Supplier technical support call centre shall respond to all support requests
from CSRs within the time periods specified below, according to priority.
|
Priority |
Description |
Response time |
Target resolution time |
|
Priority 1 |
The
entire Service is "down" and inaccessible. Priority 1 incidents
shall be reported by telephone only. |
Within
two Normal Business Hours. |
Four
Normal Business Hours. Continuous effort after initial response and with
Customer co-operation. |
|
Priority 2 |
Operation
of the Services is severely degraded, or major components of the Service are
not operational and work cannot reasonably continue.
Priority 2 incidents shall be reported by telephone only. |
Within
four Normal Business Hours. |
Within
two Business Days after initial response. |
|
Priority 3 |
Certain
non-essential features of the Service are impaired while most major
components of the Service remain functional. |
Within
12 Normal Business Hours. |
Within
seven Business Days after initial response. |
|
Priority 4 |
Errors
that are non-disabling or cosmetic and clearly have little or no impact on
the normal operation of the Services. |
Within
24 Normal Business Hours. |
Next
release of Software. |
4.6
Before the Supplier or the Customer makes changes to integration
interfaces between the Software and the Customer’s internal data stores or
systems, the Supplier or the Customer shall provide notice to the other in
order to ensure the continued operation of any integration interfaces affected
by such changes. The Supplier shall provide the CSRs, or the Customer shall provide
the SSEs, with at least 60 days’ advance notice of such changes. Such notice
shall include at least the new interface specifications and a technical contact
to answer questions on these changes. The Supplier or the Customer (as
applicable) shall also provide up to 15 days of integration testing
availability to ensure smooth transition from the previous interfaces to the
new interfaces and the Customer shall pay for all such services relating to
integration testing carried out by the Supplier at the Supplier’s then current
daily fee rates.
5.1
The Supplier shall provide at least a 99% uptime service availability
level (Uptime Service Level).
Availability does not include Customer-caused outages or disruptions, scheduled
or emergency maintenance, or outages or disruptions to force majeure events
within the meaning of clause 14.
5.2
If availability falls below the Uptime Service Level (as defined in
paragraph 0. of Schedule 3) in a given calendar month (Service Delivery Failure), the Supplier
shall credit the Customer’s account by an amount calculated as the product of
the total cumulative downtime (expressed as a percentage of the total possible
uptime minutes in the month concerned) and the fees owed for that quarter (Service Credit).
5.3
The maximum Service Credit allowable in a given
month is limited to an amount equal to the total fees paid by the Customer for
that quarter.
Schedule 4
Configuration
Services Scope of Work
The Software consists of
the following components:
·
White-labelling of the Software which
includes updating the design of the Software to include the logo and colour
scheme of the Customer.
·
Completing any integration work specified in the Order Form.
·
Setting up a custom domain for the Customer.
·
Setting up of an authentication system for Customer’s Authorised Users
to login into the Software.
Schedule 5
Details of Shared Personal
Data
|
Category of data subject |
Categories of personal
data |
Purpose |
Nature of sharing |
|
Supplier’s employees and
Customer’s employees |
Name,
contact details, job title |
To
enable the parties to communicate and facilitate the provision of the
Services |
Reciprocal
(Supplier to Customer and vice versa) |
|
Customer employees’ social
media connections |
Name,
job title, employer, work history, experience and skills |
To
facilitate the provision of the Referral Software Services |
Initially
unilateral (Customer employees to Supplier only) and subsequently reciprocal
after re-identification of data subject profile (Supplier to Customer and
vice versa) |
Data Processing Appendix
1
Definitions and
interpretation
1.1
In
this Data Processing Appendix, unless the context otherwise requires, the
following words have the following meanings:
|
Controller |
has the meaning set out in the Data Protection
Legislation |
|
Data Protection Legislation |
means all applicable data protection and privacy
legislation in force from time to time in the UK including UK GDPR; the Data
Protection Act 2018; the Privacy and Electronic Communications Directive
2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and
Electronic Communications Regulations 2003 (SI 2003 No. 2426) as amended; any
other European Union legislation relating to Personal Data and all other
legislation and regulatory requirements in force from time to time which
apply to a party relating to the use of Personal Data (including, without
limitation, the privacy of electronic communications) |
|
Data Subject |
has the meaning set out in the Data Protection
Legislation |
|
Permitted Purposes |
Processing the Personal Data for the purpose of,
and to the extent required for, provision of the Services as further set out
in the Schedule to this Data Processing Appendix |
|
Personal Data |
has the meaning set out in the Data Protection
Legislation |
|
Personal Data Breach |
a breach of security leading to the accidental or
unlawful destruction, loss, alteration or corruption of Personal Data or
unauthorised disclosure of, or access to, Personal Data or the loss of
availability of Personal Data and/or loss of resilience of Processing systems
or in relation to the Services |
|
Process, Processed or Processing |
have the meaning set out in the Data Protection
Legislation |
|
Processor |
has the meaning set out in the Data Protection
Legislation |
|
Regulatory Authority |
any competent data protection or privacy
authority by which the Customer or the Supplier is regulated |
|
UK
GDPR |
means
the General Data Protection Regulation 2016/679 as transposed into the national law of the
United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act
2018. |
|
Valid Transfer Mechanism |
a mechanism governing the transfer of Personal
Data outside of the UK which is recognised by Data Protection Legislation as
providing adequate protection for Personal Data,
including (without limitation) transfers to countries that have been
designated as adequate by the UK Government, use of model contract clauses
approved by the UK Government and use of approved binding corporate rules |
2
Appointment and role of
Supplier
2.1
The
parties acknowledge that for the purposes of the Data Protection Legislation,
the Customer is the Controller and Supplier is appointed as the Processor for
the Processing activities listed in Schedule 1 (Data Processing Details).
3.1
Where
the Customer expects that the Supplier will Process Personal Data, the Customer
shall:
3.1.1
ensure
that the Personal Data is accurate and up-to-date, and remains so during the
period of the Processing;
3.1.2
ensure
that all necessary consents under the Data Protection Legislation have been
obtained for the supply of the Personal Data and its Processing by the Supplier
and if requested by the Supplier shall promptly provide written confirmation of
the same; and
3.1.3
not
do anything in connection with the Personal Data that would or might cause the
Supplier to be in breach of any Data Protection Legislation or other law and/or
to incur liability to any Data Subject.
4.1
To
the extent that the Supplier Processes Personal Data on behalf of the Customer
in connection with this Data Processing Appendix, the Supplier shall:
4.1.1
solely
Process the Personal Data for the purposes of fulfilling its obligations in
this Data Processing Appendix in particular the Permitted Purposes and in
compliance with the Customer’s written instructions as set out in this Data
Processing Appendix;
4.1.2
ensure
that any persons used by the Supplier to Process Personal Data are required to
treat the Personal Data confidentially;
4.1.3
take
appropriate technical and organisational measures against unauthorised or
unlawful Processing of Personal Data and against accidental loss or destruction
of, or damage to, Personal Data taking into account the nature of the
Processing and harm that might result from such unauthorised or unlawful
Processing, loss, destruction or damage and the nature of the Personal Data to
be protected including without limitation, all such measures that may be
required to ensure compliance with Data Protection Legislation;
4.1.4
taking into account the nature of the
Processing activities undertaken by the Supplier and the information available
to the Supplier:
(a)
provide
reasonable assistance and co-operation to enable the Customer to fulfil its
obligations to respond to requests from individuals exercising their rights
under the Data Protection Legislation;
(b)
notify
the Customer as soon as reasonably practicable if the Supplier or any
sub-contractor engaged by on behalf of the Supplier suffers a Personal Data
Breach in relation to Personal Data that is Processed in connection with this
Data Processing Appendix;
(c)
following
a notification under clause 4.1.4 (b), provide reasonable co-operation,
information and assistance to the Customer as may be necessary to enable the
Customer to notify the applicable Regulatory Authority and Data Subjects of the
Personal Data Breach to the extent such notification is required under the Data
Protection Legislation;
4.1.5
assist
the Customer with carrying out data protection impact assessments and
consulting with the applicable Regulatory Authority where such assessments
and/or consultation are required pursuant to the Data Protection Legislation,
provided that the scope of such assistance shall be agreed by the parties in
advance and the Customer shall pay the Supplier’s reasonable costs incurred in
providing such assistance;
4.1.6
upon
termination of this Data Processing Appendix, at the choice of the Customer
delete or return all Personal Data to the Customer and delete existing copies,
except that the Supplier shall be permitted to retain back-up copies of data in
accordance with the Supplier’s normal back-up procedures;
4.1.7
upon
reasonable request with not less than 4 weeks’ notice, and provided that the
Customer shall not make more than one request in any rolling 12
month period, make available to the Customer all information necessary
to demonstrate compliance with the obligations set out in this clause 4 in
respect of Processing of Personal Data for the Permitted Purposes and allow for
and contribute to audits, including inspections, conducted by or on behalf of
the Customer.
5
Permitted Subcontractors
and Transfers of Personal Data:
5.1
In
performing its obligations under this Data Processing Appendix
the Supplier may appoint one or more third parties as sub-Processors.
5.2
The
Supplier remains responsible to Customer for the actions of its sub-Processors
and shall remain bound by its obligations under clause 4 above.
5.3
The
Supplier shall notify the Customer of any changes to the list of sub-Processors
and shall give the Customer an opportunity to object to the appointment or
replacement of a sub-Processor within 30 days of the notification. If the
Customer objects to the appointment of a sub-Processor on reasonable grounds
relating to data protection compliance, the parties shall work together in good
faith to resolve the objection. If the objection cannot be resolved within a
reasonable period of time, either i) the Supplier
shall not use that sub-Processor; or ii) the Customer shall be entitled to
terminate the portion of the Services that requires the use of that
sub-Processor.
5.4
The
Supplier shall put in place a written contract with any sub-Processor which
includes obligations at least equivalent to those obligations required by the
Data Protection Legislation.
5.5
The
Customer acknowledges that such sub-Processor may be located outside the UK, in
which case the Customer authorises the Supplier to transfer Personal Data
to or access Personal Data from such locations provided that the Supplier has
put in place and maintains a Valid Transfer Mechanism in relation to such
transfers.
Subject
always to its duties under clause 4 and under confidentiality obligations in the T&Cs,
the Supplier may from time to time use Personal Data Processed pursuant to the
provision of the Services to produce statistical analyses, market data and
predictive models (Analytics). No Personal Data will be used for the purposes
of Analytics.
Schedule to Data Processing
Appendix
Data Processing Activities
|
Permitted Purposes Please specify all purposes for which the Personal Data will be
Processed by the Supplier |
i.
To provide Customer’s employees and contractors
with access to the Referral Software including, but not limited to, the
creation and maintenance of user accounts. ii.
To provide Customer’s employees with access to
the Internal Mobility Software including, but not limited to, the creation
and maintenance of user accounts. |
|
Categories of data Please specify the Personal Data that will be Processed by the
Supplier |
i.
Name, job title, referral statuses, referral
statistics, referral rewards history, user name and
password ii.
Name, job title, relevant skills, application
forms and application statuses |
|
Categories of Data Subjects Please specify the categories of Data Subjects whose Personal Data
will be Processed by the Supplier |
Both i & ii: Customer’s employees and contractors |
|
Processing Operations Please specify all Processing activities to be conducted by the
Supplier |
Both i & ii: any use of the Personal Data for the purposes of
providing the Services including without limitation collecting, storing,
adapting or altering, retrieving, using disclosing or transmitting,
destroying |
|
Duration Please specify the length of time for which data Processing activities
will be carried out |
Both i & ii: the Term of the T&Cs |
|
List of Sub-Processors |
Amazon Web Services |
