Terms & Conditions
These terms and conditions (T&Cs) and the order form (Order Form) between you (Customer) and Real Links Limited, incorporated and registered in England and Wales with company number 10570135 whose registered office is at 86-90 Paul Street, London, England EC2A 4NE (Supplier) govern the terms and conditions between you and the Supplier for use of the Software and Services.
1.1 The definitions and rules of interpretation in this clause apply to these T&Cs.
Authorised Users: those employees and independent contractors of the Customer and/or other person nominated by the Customer as specified in the Order From who are authorised to use the Software through the Hosting Services under these T&Cs, as further described in clause 3.2(b).
Business Day: a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business.
Confidential Information: information that is proprietary or confidential and is either clearly labelled as such or identified as Confidential Information in clause 9.6 or clause 9.7.
Configuration Services: the configuration and related work referred to in clause 2, to be performed by the Supplier to configure the Software.
Customer Account Team: the individuals appointed by the Customer from time to time who shall serve as the Supplier’s primary contacts for the Supplier’s activities under these T&Cs.
Customer Data: the data inputted into the information fields of the Software by the Customer, by Authorised Users, or by the Supplier on the Customer’s behalf or other data relating to the Customer communicated to or processed or generated by the Supplier.
Customer’s Project Manager: the member of the Customer Account Team appointed in accordance with clause 5(b).
Effective Date: the effective date specified in the Order Form.
Hosting Services: the services that the Supplier provides to allow Authorised Users to access and use the Software, including hosting set-up and ongoing services, as described in Schedule 1.
Intellectual Property Rights: patents, utility models, rights to inventions, copyright and neighbouring and related rights, trademarks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets), and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.
Internal Mobility Software: has the meaning given to it in Schedule 2.
Maintenance and Support: any error corrections, updates and upgrades that the Supplier may provide or perform with respect to the Software and Hosting Services, as well as any other support or training services provided to the Customer under these T&Cs, all as described in Schedule 3.
Normal Business Hours: 9.30 am to 5.30 pm local UK time, each Business Day.
Referral Software: has the meaning given to it in Schedule 2.
Services: the Configuration Services, Hosting Services and/or Maintenance and Support as applicable, and all other obligations of the Supplier.
Software: the Supplier’s proprietary software in machine-readable object code form being the Referral Software and/or the Internal Mobility Software as specified in the Order Form, including any error corrections, updates, upgrades, modifications and enhancements to it provided to the Customer under these T&Cs. For the avoidance of doubt, references in this agreement to Software shall only be to the relevant Software specified in the Order Form.
Supplier Account Team: the individuals appointed by the Supplier from time to time who shall serve as the Customer’s primary contacts for the Customer’s activities under these T&Cs.
Supplier’s Project Manager: the member of the Supplier’s Account Team appointed in accordance with clause 2.2.
Term: as defined in clause 13.1 of these T&Cs.
Virus: any thing or device (including any software, code, file or programme) which may:
(a) prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device;
(b) prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by rearranging, altering or erasing the programme or data in whole or part or otherwise); or
(c) adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices.
1.2 Clause, Schedule and paragraph headings shall not affect the interpretation of these T&Cs.
1.3 A person includes a natural person, corporate or unincorporated body (whether or not having separate legal personality).
1.5 Unless the context otherwise requires, words in the singular shall include the plural and in the plural include the singular.
1.7 A reference to writing or written includes email.
1.11 Any words following the terms including, include, in particular, for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.
2.1 The personnel on the Supplier Account Team shall be notified to the Customer.
2.3 The Supplier shall submit the Software to the Customer, subject to such reasonable cooperation by the Customer as may be required. Within ten (10) Business Days of the Supplier’s delivery of the Software, the Customer shall review such Software to confirm that it functions in material conformance with the Software features set out in Schedule 2. If the Software fails to conform with the features set out in Schedule 2, the Customer shall give the Supplier a detailed description of any such non-conformance, in writing, within the ten-day review period.
2.4 With respect to any errors contained in the Software during the Configuration Services (an “Error”), the Supplier shall use reasonable endeavours to correct any Error within ten (10) Business Days of the Customer’s notification and, on completion, submit the corrected Software to the Customer. The provisions of this clause 2.4 shall then apply again, up to two additional times.
2.6 If the Supplier is unable to correct an Error after three attempts, then the Customer shall be entitled to terminate these T&Cs on written notice to the Supplier, provided such notice is provided within ten (10) Business Days after the third unsuccessful attempt to correct the Error. In the event of such termination the Supplier shall repay all unaccrued sums the Customer has paid the Supplier under these T&Cs.
3. Hosting Services, Maintenance and Support
3.2 In relation to Authorised Users:
(a) the Customer’s access to the Hosting Services shall be limited to Authorised Users;
(d) the Customer shall be responsible for all actions and/or omissions of the Authorised Users.
3.3 In relation to the Software:
iii. use the Software or Hosting Services to provide information and/or services to third parties;
iv. transfer, temporarily or permanently, any of its rights under these T&Cs; or
v. attempt to obtain, or assist third parties in obtaining, access to the Software; and
4.1 The Supplier undertakes that it will perform the Services with reasonable skill and care.
4.2 The Supplier shall comply with all applicable laws and regulations with respect to its activities under these T&Cs.
4.3 The undertaking at clause 4.1 shall not apply to the extent of any: (a) non-conformance which is caused by misuse of the Software; (b) use of the Software by any Authorised User or the Customer contrary to the terms of these T&Cs and/or the Supplier’s instructions; and/or (c) modification or alteration of the Software by any party other than the Supplier or the Supplier’s duly authorised contractors or agents.
4.4 These T&Cs shall not prevent the Supplier from entering into similar agreements with third parties or from independently developing, using, selling or licensing materials, products or services which are similar to those provided under these T&Cs.
(a) provide the Supplier with:
i. all necessary co-operation reasonably required; and
in order for the Supplier to render the Services, including Customer Data, security access information and software interfaces to the Customer’s other business applications;
(c) comply with all applicable laws and regulations with respect to its activities under these T&Cs;
(e) promote, market and give appropriate visibility of the Supplier’s Software to its employees in order to encourage use of such Software; and
(f) collaborate with Supplier to produce one case study after 1 month from commencement of the Period as set out in the Order Form, describing the benefits arising from the implementation of the Software. The case study will be created by Supplier through interviews and will be subject to final approval by Customer.
6.2 The Fees shall include eight (8) hours of work on the Configuration Services in accordance with the scope of work set out in Schedule 4. Any hours above this shall be charged at a rate of £90 per hour.
6.3 All amounts and fees stated or referred to in these T&Cs or the Order Form are exclusive of value added tax, which shall be added to the Supplier’s invoice(s) at the appropriate rate.
6.4 The Supplier shall invoice the Customer on the Effective Date and, where applicable, annually thereafter. Each invoice is due and payable 30 days after the invoice date. If the Supplier has not received payment within 30 days after the due date, and without prejudice to any other rights and remedies of the Supplier:
(a) the Supplier may suspend the supply of the Services (but shall recommence them at no further cost when the outstanding invoice has been paid); and
(b) interest shall accrue on a daily basis on such due amounts at an annual rate equal to 2% over the then current base lending rate of Barclays plc from time to time, commencing on the due date and continuing until fully paid, whether before or after judgment.
(a) the likely time required to implement the change;
(b) any variations to the fees arising from the change; and
(c) any other impact of the change on the terms of these T&Cs and/or the Order Form.
8.3 The Supplier acknowledges and agrees that the Customer owns all Intellectual Property Rights in the Customer Data. Except as expressly stated herein, these T&Cs do not grant the Supplier any rights to, or in, any Intellectual Property Rights, or any other rights or licences in respect of the Customer Data.
8.4 The Customer grants the Supplier the express right to use the Customer’s company name and logo for provision of the Services and in marketing, sales and public relations materials (including press releases) and other communications solely to identify the Customer as a customer of the Supplier. The Supplier grants the Customer the express right to use the Supplier’s company name and logo solely to identify the Supplier as a provider of services to the Customer. Other than as expressly stated herein, neither party shall use the other party’s marks, drawings or specifications without the prior written permission of the other party.
(a) is or becomes publicly known other than through any act or omission of the receiving party;
(b) was in the other party’s lawful possession before the disclosure;
(c) is lawfully disclosed to the receiving party by a third party without restriction on disclosure; or
9.8 This clause 9 shall survive termination of these T&Cs, however arising.
10. Data, data protection, security and integrity
10.1 The following definitions apply in respect of this clause 10 and applicable sub-clauses:
(b) "data" includes personal data; and
(d) “Shared Personal Data” means the personal data to be shared between the parties as controllers pursuant to the provision of the Services, as set out in Schedule 3; and
(e) “UK GDPR” means the GDPR as transposed into the national law of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018.
10.2 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. Except as expressly stated herein, these T&Cs do not grant the Supplier any rights to, or in, any Intellectual Property Rights or any other rights or licences in respect of the Customer Data. The parties acknowledge that no Intellectual Property Rights subsist in any Customer Data.
10.4 To the extent that:
(a) the Supplier processes personal data on behalf of the Customer in connection with the Services, the terms set out in the Data Processing Appendix to these T&Cs shall apply; and
(b) the Supplier is a controller of any personal data processed in connection with the provision of the Services, the provisions set out in clause 10.5 below shall apply.
10.5 The parties acknowledge and agree that:
(a) the sharing of the Shared Personal Data under these T&Cs is necessary to enable the Supplier to facilitate the provision of the Services;
(b) for the purposes of the Shared Personal Data both the Supplier and the Customer understand themselves to be acting as independent controllers for separate but related purposes and not as joint controllers for a joint purpose; and
(c) each shall process the Shared Personal Data and any other personal data for which each party is an independent controller in a manner that complies with the parties’ respective obligations under Data Protection Legislation and shall not act or omit to act such as to cause the other party’s processing of the Shared Personal Data to be in breach of Data Protection Legislation.
11. Anti-bribery
11.1 Each party hereby represents, covenants and warrants that:
(a) it shall not violate any applicable laws including (without limitation) any laws in regards to anti-corruption, anti-bribery and money laundering (any such violation being a material breach of these T&Cs), and shall promptly notify the other party in writing in the event of any actual or alleged violation of such laws; and
(b) during the term of these T&Cs, it shall not, nor shall any of its officers, directors, employees or contractors, engage (or cause another party to engage) in any activity that is, or is reasonably likely to be, in breach of this clause.
11.2 If either party is subject to any regulatory investigation as a result of a breach by the other party, the other party shall indemnify the party under investigation for any costs associated, and shall fully co-operate with, such investigation.
11.3 If either party receives any requests for bribes from any third party relevant to these T&Cs and the Order Form, such party shall promptly report this request to the other party.
11.4 If either party reasonably believes that a breach of any of the representations, covenants or warranties contained within this clause has occurred, or is reasonably likely to occur, said party may terminate these T&Cs and the Order Form immediately and pursue all available remedies.
11.5 Notwithstanding clause 11.4, in the event an applicable court of law or tribunal finds a breach of any representations, covenants or warranties under this clause 11 by a party, these T&Cs and the Order Form will automatically terminate and the party found to be in breach shall indemnify the other party and its directors, employees, affiliates and subsidiaries in respect of any damages, losses, fees and costs (including, without limitation, audit costs) incurred by that other party as a result of or in relation to such breach.
11.6 Supplier hereby represents that it has exercised independent judgment in providing the Services to Customer and has not been offered payment(s) or benefit(s) to enter into these T&Cs, except those contractual benefits expressly set out in these T&Cs and the Order Form.
12.1 The following provisions set out the entire financial liability of either party (including without limitation any liability for the acts or omissions of its employees, agents and sub-contractors) to the other in respect of:
(a) any breach of these T&Cs and/or the Order Form howsoever arising;
12.2 Nothing in these T&Cs excludes either party’s liability:
(a) for death or personal injury caused by that party’s negligence;
(b) for gross negligence or willful misconduct; or
(c) for fraud or fraudulent misrepresentation.
12.3 Subject to clause 12.2:
(a) Except as set forth in Section 12.2 above, neither party shall in any circumstances be liable for indirect or consequential loss, loss of revenue, loss of profits, loss of anticipated savings, loss of business, loss of opportunity or loss of goodwill.
(c) The Supplier shall not be liable for any failure in or interruption in the use of the Software caused directly or indirectly by the Customer’s equipment. communication networks, software environment or any actions or emissions by the Customer or any of its Authorised Users.
13.2 At the end of the Term, provision of the Services may be extended by the parties both agreeing to enter into a letter of renewal which sets out the fees to be paid by Customer, in which case, save as varied in such renewal letter, the terms of these T&Cs shall continue in effect for such extended term(s).
(k) any event occurs, or proceeding is taken, with respect to the other party in any jurisdiction to which it is subject that has an effect equivalent or similar to any of the events mentioned in clause (d) to clause (j) (inclusive);
13.4 On termination of these T&Cs and/or the Order Form for any reason:
(a) all licences granted under these T&Cs shall immediately terminate;
(b) each party shall return and make no further use of any equipment, property, materials and other items (and all copies of them) belonging to the other party; and
14. Force majeure
15. Waiver
17. Severance
18. Entire agreement
18.2 Each party acknowledges that in entering into the Order Form and these T&Cs it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in these T&Cs.
18.4 Nothing in this clause shall limit or exclude any liability for fraud.
18.5 In the event of any conflicts between these T&Cs and the Order Form, the terms of these T&Cs shall prevail.
19. Assignment
Neither party shall assign, transfer, mortgage, charge, or declare a trust of any or all of its rights and obligations under these T&Cs and/or the Order Form without the prior written consent of the other party (such consent not to be unreasonably withheld or delayed).
Nothing in these T&Cs is intended to, or shall be deemed to, establish any partnership or joint venture between any of the parties, constitute any party the agent of another party, nor authorise any party to make or enter into any commitments for or on behalf of any other party.
21. Variation
These T&Cs may be varied and/or updated by the Supplier from time to time. No variation of the Order Form shall be effective unless it is in writing and signed by the parties (or their authorised representatives).
Neither these T&Cs nor the Order Form confer any rights on any other person or party (other than the parties to these T&Cs a Order Form and (where applicable) their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.
23. Notices
24. Governing law
If a dispute arises out of or in connection with these T&Cs and/or the Order Form (a "Dispute") then the Parties shall follow the following procedure:
(a) either party shall give to the other written notice of the Dispute, setting out its nature and full particulars ("Dispute Notice"), together with relevant supporting documents. On service of the Dispute Notice, the Supplier’s Project Manager and the Customer’s Project Manager shall attempt in good faith to resolve the Dispute; and
(b) if the Supplier’s Project Manager and the Customer’s Project Manager are for any reason unable to resolve the Dispute within 21 days of it being referred to them, the parties shall be entitled to take such action as they consider appropriate to settle the Dispute.
26. Jurisdiction
B. Installation and configuration
C. Facility
D. Continuing Hosting Services
E. Back-up, archiving and recovery services
F. Release management and change control
The Referral Software consists of the following components:
· Web portal.
· White-labelling branding to the Customer’s group trading style.
· Job listings and editing.
· Job sharing and upload CV functionality for employees to refer contacts.
· Talent pool of employees’ connections synced with the platform and matching of connections to jobs.
· Customisable gamiification with a rewards shop, employee leaderboards and raffles.
· Updates on the status of referrals.
· Email notifications for employees.
· Content sharing functionality.
· Performance statistics & analytics.
The Internal Mobility Software consists of the following components:
· Web portal.
· White-labelling branding to the Customer’s group trading style.
· Job, project and mentor listings and editing.
· Matching of employees to jobs, projects and mentors.
· Talent pool of employees signed up on the platform.
· Application pages for employees.
· Updates on the status of applications.
· Email notifications for employees.
· Performance statistics & analytics.
1. Training
2.1 The Supplier shall use reasonable endeavours to ensure that maintenance of the hosting equipment, facility, Software or other aspects of the Hosting Services (other than emergency maintenance) that may require interruption of the Hosting Services (Maintenance Events) are not performed during Normal Business Hours. The Supplier may interrupt the Services to perform emergency maintenance at any time where required. In addition, the Supplier may interrupt the Hosting Services outside Normal Business Hours for unscheduled maintenance, provided that it has given the Customer at least one days’ advance notice. Any Maintenance Events that occur during Normal Business Hours, and which were not requested or caused by the Customer, shall be considered downtime for the purpose of service availability measurement. The Supplier shall at all times use all reasonable endeavours to keep any service interruptions to a minimum.
3. Maintenance
3.3 The Supplier shall maintain technical support on the most current releases of the Software.
3.4 The Supplier shall provide the Supplier with a web-based portal for the rationalisation of live Authorsied Users by removing or deactivating Authorsied Users who are no-longer employed by the Customer.
4.1 The Supplier shall provide the Customer with technical support services. The Customer shall have Customer support representatives (CSRs) who are authorised to contact the Supplier for technical support services. The Supplier shall provide technical support services to those CSRs. The Supplier shall provide the Supplier support engineers (SSEs) who are assigned to the Customer account. The SSEs shall handle support calls from the Customer’s CSRs.
4.2 Supplier technical support shall accept voicemail and email from CSRs between 9.30am to 5.30pm on Business Days. The Supplier shall use reasonable endeavours to process support requests, issue trouble ticket tracking numbers if necessary, determine the source of the problem and respond to the Customer. The Supplier technical support call centre shall respond to all support requests from CSRs within the time periods specified below, according to priority.
| Priority | Description | Response time | Target resolution time |
| Priority 1 | The entire Service is "down" and inaccessible. Priority 1 incidents shall be reported by telephone only. | Within two Normal Business Hours. | Four Normal Business Hours. Continuous effort after initial response and with Customer co-operation. |
| Priority 2 | Operation of the Services is severely degraded, or major components of the Service are not operational and work cannot reasonably continue. Priority 2 incidents shall be reported by telephone only. | Within four Normal Business Hours. | Within two Business Days after initial response. |
| Priority 3 | Certain non-essential features of the Service are impaired while most major components of the Service remain functional. | Within 12 Normal Business Hours. | Within seven Business Days after initial response. |
| Priority 4 | Errors that are non-disabling or cosmetic and clearly have little or no impact on the normal operation of the Services. | Within 24 Normal Business Hours. | Next release of Software. |
4.6 Before the Supplier or the Customer makes changes to integration interfaces between the Software and the Customer’s internal data stores or systems, the Supplier or the Customer shall provide notice to the other in order to ensure the continued operation of any integration interfaces affected by such changes. The Supplier shall provide the CSRs, or the Customer shall provide the SSEs, with at least 60 days’ advance notice of such changes. Such notice shall include at least the new interface specifications and a technical contact to answer questions on these changes. The Supplier or the Customer (as applicable) shall also provide up to 15 days of integration testing availability to ensure smooth transition from the previous interfaces to the new interfaces and the Customer shall pay for all such services relating to integration testing carried out by the Supplier at the Supplier’s then current daily fee rates.
5.1 The Supplier shall provide at least a 99% uptime service availability level (Uptime Service Level). Availability does not include Customer-caused outages or disruptions, scheduled or emergency maintenance, or outages or disruptions to force majeure events within the meaning of clause 14.
5.2 If availability falls below the Uptime Service Level (as defined in paragraph 0. of Schedule 3) in a given calendar month (Service Delivery Failure), the Supplier shall credit the Customer’s account by an amount calculated as the product of the total cumulative downtime (expressed as a percentage of the total possible uptime minutes in the month concerned) and the fees owed for that quarter (Service Credit).
5.3 The maximum Service Credit allowable in a given month is limited to an amount equal to the total fees paid by the Customer for that quarter.
Schedule 4
Configuration Services Scope of Work
The Software consists of the following components:
· White-labelling of the Software which includes updating the design of the Software to include the logo and colour scheme of the Customer.
· Completing any integration work specified in the Order Form.
· Setting up a custom domain for the Customer.
· Setting up of an authentication system for Customer’s Authorised Users to login into the Software.
Schedule 5
Details of Shared Personal Data
| Category of data subject | Categories of personal data | Purpose | Nature of sharing |
| Supplier’s employees and Customer’s employees | Name, contact details, job title | To enable the parties to communicate and facilitate the provision of the Services | Reciprocal (Supplier to Customer and vice versa) |
| Customer employees’ social media connections | Name, job title, employer, work history, experience and skills | To facilitate the provision of the Referral Software Services | Initially unilateral (Customer employees to Supplier only) and subsequently reciprocal after re-identification of data subject profile (Supplier to Customer and vice versa) |
Data Processing Appendix
1 Definitions and interpretation
1.1 In this Data Processing Appendix, unless the context otherwise requires, the following words have the following meanings:
| Controller | has the meaning set out in the Data Protection Legislation |
| Data Protection Legislation | means all applicable data protection and privacy legislation in force from time to time in the UK including UK GDPR; the Data Protection Act 2018; the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003 No. 2426) as amended; any other European Union legislation relating to Personal Data and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of Personal Data (including, without limitation, the privacy of electronic communications) |
| Data Subject | has the meaning set out in the Data Protection Legislation |
| Permitted Purposes | Processing the Personal Data for the purpose of, and to the extent required for, provision of the Services as further set out in the Schedule to this Data Processing Appendix |
| Personal Data | has the meaning set out in the Data Protection Legislation |
| Personal Data Breach | a breach of security leading to the accidental or unlawful destruction, loss, alteration or corruption of Personal Data or unauthorised disclosure of, or access to, Personal Data or the loss of availability of Personal Data and/or loss of resilience of Processing systems or in relation to the Services |
| Process, Processed or Processing | have the meaning set out in the Data Protection Legislation |
| Processor | has the meaning set out in the Data Protection Legislation |
| Regulatory Authority | any competent data protection or privacy authority by which the Customer or the Supplier is regulated |
| UK GDPR | means the General Data Protection Regulation 2016/679 as transposed into the national law of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018. |
| Valid Transfer Mechanism | a mechanism governing the transfer of Personal Data outside of the UK which is recognised by Data Protection Legislation as providing adequate protection for Personal Data, including (without limitation) transfers to countries that have been designated as adequate by the UK Government, use of model contract clauses approved by the UK Government and use of approved binding corporate rules |
2 Appointment and role of Supplier
2.1 The parties acknowledge that for the purposes of the Data Protection Legislation, the Customer is the Controller and Supplier is appointed as the Processor for the Processing activities listed in Schedule 1 (Data Processing Details).
3.1 Where the Customer expects that the Supplier will Process Personal Data, the Customer shall:
3.1.1 ensure that the Personal Data is accurate and up-to-date, and remains so during the period of the Processing;
3.1.2 ensure that all necessary consents under the Data Protection Legislation have been obtained for the supply of the Personal Data and its Processing by the Supplier and if requested by the Supplier shall promptly provide written confirmation of the same; and
3.1.3 not do anything in connection with the Personal Data that would or might cause the Supplier to be in breach of any Data Protection Legislation or other law and/or to incur liability to any Data Subject.
4.1 To the extent that the Supplier Processes Personal Data on behalf of the Customer in connection with this Data Processing Appendix, the Supplier shall:
4.1.1 solely Process the Personal Data for the purposes of fulfilling its obligations in this Data Processing Appendix in particular the Permitted Purposes and in compliance with the Customer’s written instructions as set out in this Data Processing Appendix;
4.1.2 ensure that any persons used by the Supplier to Process Personal Data are required to treat the Personal Data confidentially;
4.1.3 take appropriate technical and organisational measures against unauthorised or unlawful Processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data taking into account the nature of the Processing and harm that might result from such unauthorised or unlawful Processing, loss, destruction or damage and the nature of the Personal Data to be protected including without limitation, all such measures that may be required to ensure compliance with Data Protection Legislation;
4.1.4 taking into account the nature of the Processing activities undertaken by the Supplier and the information available to the Supplier:
(a) provide reasonable assistance and co-operation to enable the Customer to fulfil its obligations to respond to requests from individuals exercising their rights under the Data Protection Legislation;
(b) notify the Customer as soon as reasonably practicable if the Supplier or any sub-contractor engaged by on behalf of the Supplier suffers a Personal Data Breach in relation to Personal Data that is Processed in connection with this Data Processing Appendix;
(c) following a notification under clause 4.1.4 (b), provide reasonable co-operation, information and assistance to the Customer as may be necessary to enable the Customer to notify the applicable Regulatory Authority and Data Subjects of the Personal Data Breach to the extent such notification is required under the Data Protection Legislation;
4.1.5 assist the Customer with carrying out data protection impact assessments and consulting with the applicable Regulatory Authority where such assessments and/or consultation are required pursuant to the Data Protection Legislation, provided that the scope of such assistance shall be agreed by the parties in advance and the Customer shall pay the Supplier’s reasonable costs incurred in providing such assistance;
4.1.6 upon termination of this Data Processing Appendix, at the choice of the Customer delete or return all Personal Data to the Customer and delete existing copies, except that the Supplier shall be permitted to retain back-up copies of data in accordance with the Supplier’s normal back-up procedures;
4.1.7 upon reasonable request with not less than 4 weeks’ notice, and provided that the Customer shall not make more than one request in any rolling 12 month period, make available to the Customer all information necessary to demonstrate compliance with the obligations set out in this clause 4 in respect of Processing of Personal Data for the Permitted Purposes and allow for and contribute to audits, including inspections, conducted by or on behalf of the Customer.
5 Permitted Subcontractors and Transfers of Personal Data:
5.1 In performing its obligations under this Data Processing Appendix the Supplier may appoint one or more third parties as sub-Processors.
5.2 The Supplier remains responsible to Customer for the actions of its sub-Processors and shall remain bound by its obligations under clause 4 above.
5.3 The Supplier shall notify the Customer of any changes to the list of sub-Processors and shall give the Customer an opportunity to object to the appointment or replacement of a sub-Processor within 30 days of the notification. If the Customer objects to the appointment of a sub-Processor on reasonable grounds relating to data protection compliance, the parties shall work together in good faith to resolve the objection. If the objection cannot be resolved within a reasonable period of time, either i) the Supplier shall not use that sub-Processor; or ii) the Customer shall be entitled to terminate the portion of the Services that requires the use of that sub-Processor.
5.4 The Supplier shall put in place a written contract with any sub-Processor which includes obligations at least equivalent to those obligations required by the Data Protection Legislation.
5.5 The Customer acknowledges that such sub-Processor may be located outside the UK, in which case the Customer authorises the Supplier to transfer Personal Data to or access Personal Data from such locations provided that the Supplier has put in place and maintains a Valid Transfer Mechanism in relation to such transfers.
Subject always to its duties under clause 4 and under confidentiality obligations in the T&Cs, the Supplier may from time to time use Personal Data Processed pursuant to the provision of the Services to produce statistical analyses, market data and predictive models (Analytics). No Personal Data will be used for the purposes of Analytics.
Schedule to Data Processing Appendix
Data Processing Activities
| Permitted Purposes Please specify all purposes for which the Personal Data will be Processed by the Supplier | i. To provide Customer’s employees and contractors with access to the Referral Software including, but not limited to, the creation and maintenance of user accounts. ii. To provide Customer’s employees with access to the Internal Mobility Software including, but not limited to, the creation and maintenance of user accounts. |
| Categories of data Please specify the Personal Data that will be Processed by the Supplier | i. Name, job title, referral statuses, referral statistics, referral rewards history, user name and password ii. Name, job title, relevant skills, application forms and application statuses |
| Categories of Data Subjects Please specify the categories of Data Subjects whose Personal Data will be Processed by the Supplier | Both i & ii: Customer’s employees and contractors |
| Processing Operations Please specify all Processing activities to be conducted by the Supplier | Both i & ii: any use of the Personal Data for the purposes of providing the Services including without limitation collecting, storing, adapting or altering, retrieving, using disclosing or transmitting, destroying |
| Duration Please specify the length of time for which data Processing activities will be carried out | Both i & ii: the Term of the T&Cs |
| List of Sub-Processors | Amazon Web Services |
