VIROCOM TERMS AND CONDITIONS
This Agreement is entered into between Virocom Limited, a company registered in England and Wales with company registration number 5055945, of 9 Hestia House, City Walk, London SE1 3ES (we, us or our) and you, the business set out in a Service Application Form (you or your), together the Parties and each a Party.
You can contact us at support@virocom.co.uk or on 0345 678 8898
Background
A. We are a well-established, progressive and trusted managed service provider.
B. You have requested us to provide you and your Authorised Users with access to the Services, in accordance with this Agreement and the Service Application Form.
1. Acceptance
1.1 You accept this Agreement by the earlier of:
(a) signing and returning a Service Application Form to us, including by email or any electronic executions platform acceptable to us;
(b) confirming by email that you accept a Service Application Form;
(c) instructing us (whether orally or in writing) to proceed with the supply of the Services the subject of a Service Application Form; and
(d) making part or full payment of the Fees.
2. Goods and/or Services
2.1 In consideration of your payment of the Fees, we will provide the Goods and/or Services in accordance with this Agreement (including the Service Application Form) and all applicable Laws, whether ourselves or through our Personnel.
2.2 We warrant that the Goods and/or Services will be provided using reasonable care and skill.
2.3 In consideration of your payment of the Fees, we will provide the Goods and/or Services in accordance with this Agreement, whether ourselves or through our Personnel.
2.4 We agree to provide the Goods and/or Services for the Term.
2.5 We will not be responsible for any Goods and/or Services unless expressly set out in the inclusions in the Service Application Form.
2.6 If this Agreement or the Service Application Form expresses a time within which the Goods and/or Services are to be provided, we will use reasonable endeavours to provide the Goods and/or Services by such time, but you agree that such time is an estimate only.
2.7 Subject to any other provisions of this Agreement, we will commence providing the Goods and/or Services within a reasonable time after the start date of the Service Application Form, or as otherwise agreed between the Parties in the Service Application Form.
3. Authorised Users
3.1 You agree that your access to and use of some parts of the Services must be in accordance with the number of Authorised Users (where applicable), as set out in the relevant Service Application Form.
3.2 You will ensure each Authorised User complies with the terms of this Agreement.
3.3 You may, at any time, request an increase in the number of Authorised Users by contacting us at support@virocom.co.uk, and this will be considered a Variation in accordance with clause 15.
4. Third Party Inputs
4.1 You acknowledge and agree that the Goods and/or Services may interact with, or be reliant on, certain Third Party Inputs, including your operating system, web browser, and CRM.
4.2 You acknowledge and agree that, unless we have expressly agreed to provide the goods and/or services described in this clause 4.2 in the Service Application Form:
(a) you are responsible for obtaining and managing all licences for the relevant Third Party Inputs;
(b) you are responsible for paying all fees related to the Third Party Inputs; and
(c) you agree to comply with terms and conditions applicable to the relevant Third Party Inputs at all times.
4.3 To the maximum extent permitted by law, we will not be liable for, and you waive and release us from and against, any Liability caused or contributed to by, arising from or connected with any Third Party Inputs, subject to clause 4.4.
4.4 Should any unavailability, error or change to a Third Party Input have a substantial and adverse impact on your use and enjoyment of the Goods and/or Services:
(a) you agree to notify us in writing within 10 days of the change coming into effect; and
(b) following receipt of such notice by us, the Parties will use all reasonable endeavours to work together to resolve the matter.
4.5 This clause 4 will survive the termination or expiry of this Agreement.
5. Installation and Connectivity Services
5.1 This clause 5 applies to the extent that you engage us to provide installation and/or connectivity services.
5.2 You agree that our provision of installation and/or connectivity services will be subject to:
(a) availability at selected coverage areas;
(b) further qualification, feasibility studies, surveys, including, but not limited to, such qualification, studies or surveys undertaken by our supplier or any other relevant telecommunications provider;
(c) our Supplier’s approval; and
(d) owner or occupier approval at the Premises,
and the provisions of this clause 5.2 are conditions precedent to our supply of the Services under this Agreement.
5.3 If we are unable to provide the Services, including due to reasons set out in clause 5.2, we may cancel the Services and terminate this Agreement in accordance with 25.3, without penalty.
5.4 You agree:
(a) to comply with our reasonable instructions; and
(b) to provide us and our Personnel with reasonable, convenient and safe access to your Premises and Systems to supply the installation and/or connectivity services, and at the times agreed between the Parties.
5.5 During the Term, you authorise us (including our Personnel) to act as your agent for the limited purpose of entering into, contracts with suppliers of goods and/or services the subject of the installation and/or connectivity services on your behalf.
5.6 You acknowledge and agree that internet lines are not supplied by us, and to the maximum extent permitted by law, we will not be liable for, and you waive and release us from and against, any Liability caused or contributed to by, arising from or connected with service issues of your internet provider.
5.7 You agree that if you (or any of your Personnel) undertake any installation or connectivity works, you are responsible for engaging a duly qualified and registered contractor, and you must ensure that such installation or connectivity works complies with any relevant standards and guidelines.
6. Broadband, Mobile, IoT and Telephony Services
6.1 This clause 6 applies to the extent that we agree to provide you with any broadband and/or telephony services (including any SIM cards).
6.2 You agree that:
(a) we use Suppliers for provision of the Services, and our provision of the Services to you may be contingent on, or impacted by, our Supplier;
(b) your chosen Services and the Premises (including any technical or physical parameters (quality and length of copper wires, electrical interference)) will have an impact on the Network bandwidth, speeds and coverage of the Services;
(c) the Network is not secure and you transmit material through the Network at your own risk;
(d) we do not supervise, edit or control the nature, content and form of any material available to be accessed through the Services and we are not responsible for this material;
(e) data and throughput experienced may depend on the number of users accessing the Network or your hardware or software;
(f) any provision of a maximum data rate is not guaranteed;
(g) we may access and store certain content accessible through use of the Services (known as caching);
(h) we may be required to intercept communications over, or using the Services, as directed by any government agency or as may be required by any Laws and you will do all things reasonable to assist us with this;
(i) the operation or performance of the Services can be adversely impacted by the service, equipment or network of our Suppliers or any Third Party Inputs;
(j) we may not be able to supply the Services in the event of a power outage or maintenance; and
(k) we, or our Supplier, may perform scheduled and unscheduled maintenance or updates to the Network and we will use reasonable efforts to notify you of any such maintenance.
6.3 If any faults are experienced in relation to the Services, please contact us. When we become aware of a fault, we will notify the Supplier (or network provider) and request that the fault be corrected promptly, but we will not bear any further liability or responsibility.
6.4 You must provide (and ensure that any Authorised User provides) all reasonable assistance to enable us or our Personnel, or where necessary a supplier, to investigate and repair a fault.
6.5 If we investigate a fault and determine that the fault is attributable to a breach of this Agreement by you (or an Authorised User), or a negligent or fraudulent act or omission by you (or an Authorised User) then we may charge you for any costs that we incur in investigating and repairing the fault.
7. Implementation Services
7.1 This clause 7 applies to the extent that you engage us to provide any implementation services (e.g. to implement any software).
7.2 You agree to (prior to commencement of such services):
(a) make a backup of any relevant data in your Systems which is to be the subject of, or to be used in the performance of, the Services;
(b) make a written note or make a backup of any configuration settings or information stored in your Systems;
(c) make a plan to restore your Systems in the event that they are corrupted or lost;
(d) notify any relevant parties of any planned outages or downtime necessary for the performance of the implementation services;
(e) provide us with all information that is within your knowledge in relation to your System which would be reasonably necessary for us to know in order to perform the implementation services; and
(f) where the equipment in your System is a computer, download and install any available:
(1) security and protection updates for the operating system you use; and
(2) updates to virus checking and other computer protection software you use.
7.3 You acknowledge and agree that not undertaking your obligations under clause 7.2 may impact on the results or the performance of the Services, and we will not be liable to you for any Liability to the extent caused or contributed to by your failure to comply with clause 7.2.
7.4 This clause 7 will survive the termination or expiry of this Agreement.
8. Managed Services
8.1 This clause 8 applies to the extent you engage us to provide managed services to you.
8.2 In order to provide managed services, we will set you and your Authorised Users up on our managed services platform (as detailed in the Service Application Form). Subject to your compliance with this Agreement, we grant you and your Authorised Users a personal, non-exclusive, royalty free, revocable, worldwide, non-transferable licence to use our platform solely for the purpose of benefiting from our managed services. All other uses are prohibited without our prior written consent.
8.3 In order for you to receive the managed services, an Authorised User must place a request in writing to support@virocom.co.uk (Support Request).
8.4 We agree to respond to any such Support Request in a timely manner, noting that we use a severity rating system to prioritise requests and we will respond to more urgent requests first (as determined by us at our sole discretion).
8.5 Where set out in the Service Application Form that we are to provide onsite Support Services, we will send one or more of our Personnel (the Provided Personnel) to your Premises on the agreed days and during the agreed hours, and you agree:
(a) that you are responsible for coordinating, supervising and instructing the Provided Personnel’s performance of the Support Services while they are on your Premises;
(b) to provide the Provided Personnel with access to any Systems necessary to perform the support services;
(c) to provide the Provided Personnel with a safe working environment, free from harm;
(d) to comply with all applicable occupational, health and safety Laws and provide the Provided Personnel with a comprehensive safety induction for the Premises where the Provided Personnel are providing the support services; and
(e) to have adequate insurance to cover:
(1) loss or damage to your property or the property of any other persons which may be operated, used or handled by the Provided Personnel;
(2) death or personal injury (to your Personnel or any other person) caused or contributed to or by the Provided Personnel while providing support services; and
(3) all other insurances as may be required by Law.
8.6 We will use our best endeavours to make the support services available to you during the Term.
8.7 You agree to the reasonable usage of the Support Services. Where we consider your usage of the Support Services to be unreasonable, or unreasonably above average (compared with our other customers):
(a) we agree to notify you in writing of our concerns; and
(b) following your receipt of such notice, the Parties will use all reasonable endeavours to work together to resolve the matter.
8.8 If:
(a) we have provided you with the notice in accordance with clause 8.7(a); and
(b) the Parties are unable to resolve the matter pursuant to clause 8.7(b),
we may (at our discretion):
(a) adjust our response time accordingly; and/or
(b) vary the Fees to reflect your increased use of our limited resources, effective on and from us giving you written notice of the new Fees; or
(c) terminate this Agreement by giving 30 days’ notice in writing to you, in which case clause 25.2(b) will apply.
9. Hosting and Back-Up Services
9.1 This clause 9 applies to the extent you engage us to provide any hosting and/or back up services.
9.2 We reserve the right to perform maintenance and upgrades at any time and from time to time. We will use commercially reasonable endeavours to:
(a) provide you with reasonable notice of maintenance and upgrades relevant to the hosting and back-up services by sending you an email about any scheduled maintenance or upgrades that will result in a substantially detrimental business impact for you; or
(b) notify you as soon as practicable after becoming aware of the need for unscheduled maintenance relevant to the hosting and back-up services that will result in a substantially detrimental business impact for you.
9.3 In the event of a failure in the hosting and back-up services, we will use commercially reasonable endeavours to restore Your Data that is affected by the failure. However, you acknowledge that there may be situations in which Your Data cannot be recovered or Your Data retained may be out of date. To the maximum extent permitted by law, you agree that this clause 9.3 sets out our entire obligation with respect to disaster recovery and loss of Your Data in connection with the hosting and back-up services.
9.4 If you require hosting or back-up of anything not expressly listed in the relevant Service Application Form, it will be dealt with as a Variation in accordance with clause 15.
9.5 When providing hosting and back-up services we will record your use of our hosting and back-up services, including any extra failure support requested by you and, if at any time, the work we record exceeds the hosting and back-up services ordered by you in the current Service Application Form, we will notify you and such excess services will be dealt with as a Variation in accordance with clause 15.
10. Development Services
10.1 This clause 10 applies to the extent that you engage us to provide you with any development services (i.e. developing software for you).
10.2 For the purpose of this clause “Developed IP” means the Intellectual Property that we develop for you as a direct result of the performance of the development services, and excludes Our Materials and Your Materials.
10.3 You agree that any dates for completion are an estimate only, and may be impacted by a failure by you to meet your obligations under this Agreement. As such, we will not be liable in relation to, and you waive and release us from, any loss or Liability incurred in relation to any delay in the performance of the development services.
10.4 Ownership of all Intellectual Property Rights in the Developed IP will vest in us upon creation. We grant you a non-exclusive, revocable, worldwide, non-sublicensable and non-transferable right and licence to use the Developed IP (and any of Our Materials incorporated in the deliverables) solely for the purposes for which they were developed and for your use and enjoyment of the Services, as contemplated by this Agreement
10.5 This clause 10 will survive the termination or expiry of this Agreement.
11. Acceptance Testing
11.1 For the purpose of this clause:
“Acceptance Tests” means the tests to determine whether the Services meet any specifications for the Services as particularised in the Service Application Form, or if no specifications or criteria are specified in the Service Application Form, the criteria, reasonably determined by us, which the Services are to be measured against.
11.2 The Services that are subject to the Acceptance Tests are as set out in the relevant Service Application Form.
11.3 Before the Services to which the Acceptance Tests apply, are to be completed, we will provide you with access to the Services for the purpose of performing the Acceptance Tests. Within 5 Business Days of us granting you such access, you agree to:
(a) notify us of your acceptance of the Services; or
(b) notify us of your rejection of the Services, which cannot be unreasonably given, and provide us with the reasons for your rejection.
11.4 If you do not notify us of your acceptance or rejection of the Services to which the Acceptance Tests apply within 5 Business Days of us granting you access to the Services, you agree you will be deemed to have accepted those Services.
11.5 If the Services fail to meet the Acceptance Tests you can:
(a) accept the Services, and they will be deemed to have passed the Acceptance Tests;
(b) notify us of the failure; or
(c) accept the Services on the basis that you will allow us to set a timeframe to amend the error or non-compliance.
11.6 If you notify us of the failure in accordance with clause 11.5(b), we agree to amend the Services and resubmit them to you within a reasonable timeframe in order to re-perform the Acceptance Tests in accordance with clauses 11.1-11.5.
11.7 If you use the Services in a non-test, live or production environment prior to acceptance, such Services will be deemed to be accepted upon such use.
12. Goods
12.1 This clause 12 applies to the extent that you order any Goods (including hardware, SIM cards, or any Goods that we are to install) from us.
12.2 For the purpose of this clause:
“Manufacturer Defect” means a defect in the Goods that is covered by the manufacturer under the Manufacturer’s Warranty; and
“Manufacturer’s Warranty” means the warranty offered to you by the manufacturer of the Goods (if any), which is between the manufacturer and you.
12.3 We will deliver the Goods, in accordance with the terms as specified in the relevant Service Application Form.
12.4 Title in the Goods will pass from us to you on the later of delivery of the Goods to you, and payment of the relevant Fees for the Goods in full, in accordance with this Agreement.
12.5 Risk in the Goods will pass from us to you on delivery, or installation of the Goods, in accordance with this Agreement.
12.6 We will use reasonable endeavours to deliver the Goods to the delivery location by the delivery time as agreed between the Parties. You agree we will not be liable for any loss suffered by you arising out of any delay to deliver the Goods.
12.7 We may pass on to you a Manufacturer’s Warranty with respect to the Goods. Please refer to the relevant Manufacturer’s Warranty card provided by the manufacturer of the Goods.
12.8 You agree that any Manufacturer Defects in the Hardware are covered by the Manufacturer’s Warranty alone, we do not provide any warranty with respect to the Goods.
12.9 We will use our reasonable commercial endeavours to assist you in bringing warranty claims to a manufacturer under a Manufacturer’s Warranty, however, the Manufacturer Warranty is between you and the manufacturer and we have no obligations to you under the Manufacturer’s Warranty.
13. Hardware Installation and Management Services
13.1 This clause 13 applies to the extent that you engage us to provide any hardware installation and management services.
13.2 In order for us to perform any hardware installation and management services, you must provide us with all things reasonably required to perform any hardware installation and management services, including:
(a) purchasing and providing the hardware and any related components (i.e. cables, CDs and instructions);
(b) providing sufficient space for us to perform the hardware installation and management services; and
(c) providing access to a computer, the internet, email, a phone and/or any information reasonably required by us.
13.3 We will not be liable for any failure to perform any hardware installation and management services where the hardware in respect of which we provide any hardware installation and management services requires technical support beyond the scope of our obligations due to its age, configuration or implementation, other than where such hardware has been provided by us. In this situation, we will work with you to proactively identify appropriate replacement solutions.
14. Procurement Services
14.1 This clause 14 applies to the extent that you engage us to procure goods or services on your behalf.
14.2 For the purposes of this clause:
“Procured Goods” means those goods which we recommend to you as part of the Procurement Services, as particularised in the relevant Service Application Form; and
14.3 “Procured Services” means those services (including any software) which we recommend to you as part of the Procurement Services, as particularised in the relevant Service Application Form.
14.4 You acknowledge and agree that the Procurement Services only applies to any Procured Goods or Procured Services explicitly set out in the relevant Service Application Form.
14.5 During the Term, you authorise us (including our Personnel) to act as your agent for the limited purpose of entering into contracts with suppliers of Procured Goods or Procured Services on your behalf.
14.6 You acknowledge and agree that the Procured Goods and Procured Services are not supplied by us, and to the maximum extent permitted by law, we will not be liable for, and you waive and release us from and against, any Liability caused or contributed to by, arising from or connected with the Procured Goods or Procured Services.
14.7 We may provide you with additional terms and conditions that may relate to the Procured Goods or Procured Services. You acknowledge and agree that any such additional terms and conditions are entered into between you and the relevant supplier of the Procured Goods or Procured Services.
14.8 In order for us to perform any procurement services, you must provide us with all things reasonably required to perform the procurement services, and you agree that:
(a) this Agreement is not cancellable once confirmed, even where the Procured Goods or Procured Services may not have been delivered;
(b) original equipment manufacturers (OEMs) for the Procured Goods may change the specifications of the Procured Goods ordered, without notice during a Service Application Form Term;
(c) we only supply to business-to-business customers;
(d) any quotes issued by us are always subject to any OEM fluctuations; and
(e) you will need to comply with any end user license agreement (EULA) provided by us or an OEM in respect of the Procured Goods or Services.
15. Variations
15.1 You may request a variation or change to the Services, including the timing for the provision of the Services, (Variation), by providing written notice to us, with details of the Variation (Variation Request). We will not be obliged to comply with a Variation Request unless we accept the Variation Request in writing. The Parties agree to comply with this Agreement as varied by any Variation Request accepted in writing.
15.2 If we reasonably consider that any instruction or direction from you constitutes a Variation, then we will not be obliged to comply with such instruction or direction unless a Variation Request has been issued and accepted by us in accordance with clause 15.1.
15.3 Any Variation will apply within a reasonable time after our acceptance of your Variation Request, and if applicable, any increase to the Fees will be charged on a pro-rata basis if such increase occurs during the then-current Fee period.
16. Your Obligations and Representations
16.1 You agree:
(a) to comply with this Agreement and all applicable Laws;
(b) to provide all assistance, information, documentation, access, facilities and other things reasonably necessary to enable us to comply with our obligations under this Agreement or at Law;
(c) to permit our Personnel to have access to any reasonable computing, office productivity software tools, telecommunication, email and internet facilities necessary for the purposes of supplying the Goods and/or Services;
(d) to provide us and our Personnel with reasonable, convenient and safe access to your Premises and Systems to the extent reasonably necessary in order for us to supply the Goods and/or Services, and at the times agreed between the Parties;
(e) to ensure all information provided to us is kept up-to-date and the email address you provide is valid and regularly checked;
(f) to make any changes to your Systems, such as System upgrades, that may be required to support the delivery and operation of any Goods and/or Services;
(g) to ensure that any Systems used in connection with the Goods and/or Services have all necessary approvals and comply with all Laws;
(h) that you have reviewed and understand the terms of this Agreement (including our Privacy Policy), and that you (including your Personnel and Authorised Users) will use the Goods and/or Services in accordance with them;
(i) other than as expressly permitted by this Agreement, not cause or permit any software or hardware provided or managed as part of the Goods and/or Services to be altered, repaired, serviced or moved except by the authorised seller, an authorised repairer, the manufacturer or persons approved by us;
(j) to notify us of any breach or suspected breach of this Agreement by you (including your Personnel or an Authorised User), within 48 hours of becoming aware or any such breach or suspected breach; and
(k) that you are responsible for all Authorised Users and other users within your organisation or within your control using the Goods and/or Services, including your Personnel.
16.2 You acknowledge and agree that:
(a) the technical processing and transmission of the Goods and/or Services, including Your Data, may be transferred unencrypted and involve transmissions over various networks; and changes to conform and adapt to technical requirements of connecting networks or devices;
(b) the Goods and/or Services are provided to you and your Authorised Users, solely for your (and your Authorised Users’) benefit and you will not (or you will not attempt to) disclose, or provide access to, our Goods and/or Services to third parties without our prior written consent;
(c) any information, advice, material, work and services (including the Goods and/or Services) provided by us under this Agreement does not constitute legal, financial, merger, due diligence or risk management advice;
(d) you will be responsible for the use of any part of the Goods and/or Services by your Authorised Users and any other person you provide with access to the Goods and/or Services, and you must ensure that no person uses any part of the Goods and/or Services:
(1) to break any Law or infringe any person’s rights (including Intellectual Property Rights);
(2) to transmit, publish or communicate material that is defamatory, offensive, abusive, indecent, menacing or unwanted; or
(3) in any way that damages, interferes with or interrupts the supply of the Services; and
(e) you will not alter or modify the Goods and/or Services in any way that is not contemplated by the purposes of the Goods and/or Services.
17. Payment
17.1 You agree to pay us the Fees, and any other amount payable to us under this Agreement, in accordance with the Payment Terms (as that term is defined below).
17.2 If any payment has not been made in accordance with the Payment Terms, we may (at our absolute discretion, and without prejudice to any of our rights or remedies under this Agreement or at law):
(a) after a period of 5 Business Days from the relevant due date, cease providing the Goods and/or Services, and recover, as a debt due and immediately payable from you, our reasonable additional costs of doing so (including all recovery costs); and/or
(b) charge interest at a rate equal to 8% above the Bank of England’s base rate, from time to time, but at 8% a year for any period when that base rate is below 0%, per annum, calculated daily and compounding monthly, on any such amounts unpaid after the due date for payment in accordance with the Payment Terms.
17.3 Where we provide ongoing services, you agree that we may vary the Fees by providing written notice to you of such variation. Where we provide this notice, the new Fees will take effect on and from the end of the Initial Term or the then Renewal Period. If you do not agree to any Fee variation, you may terminate this Agreement in accordance with clause 25.1(b).
17.4 To the maximum extent permitted by law, there will be no refunds or credits for any unused Goods and/or Services (or part thereof).
18. Warranties
18.1 We agree:
(a) that we are properly constituted and have the right and authority to enter into this Agreement;
(b) that we will use reasonable efforts to ensure all of our obligations under this Agreement will be carried out by suitably competent and trained Personnel and in an efficient and professional manner;
(c) that all pre-existing Intellectual Property Rights in the Goods and/or Services (with the exception of the property rights in any Third-Party Inputs) will be owned, held or licensed by us;
(d) that the provision of the Goods and/or Services does not and will not infringe any other person’s Intellectual Property Rights; and
(e) that the Goods and/or Services will operate and be provided in accordance with this Agreement.
18.2 You represent, warrant and agree that:
(a) you will provide us with any information that we require in order to provide the Goods and/or Services to you;
(b) you have all hardware, software and services which are necessary to access and use the Goods and/or Services and they meet the minimum requirements as notified by us to you (other than those required to be provided by us under this Agreement);
(c) there are no legal restrictions preventing you from entering into this Agreement;
(d) all information and documentation that you provide to us in connection with this Agreement is true, correct and complete and that we will rely on such information and documentation in order to provide the Goods and/or Services;
(e) if applicable, you hold a valid company number which has been advised to us; and
(f) if applicable, you are registered for VAT purposes.
19. Intellectual Property
Our Intellectual Property Rights
19.1 As between the Parties, you acknowledge and agree that we own all Intellectual Property Rights in:
(a) Our Materials;
(b) New Materials;
(c) Analytics; and
(d) any Feedback,
and as between the Parties, these Intellectual Property Rights will at all times vest, or remain vested, in us upon creation. Nothing in this Agreement constitutes a transfer or assignment of such Intellectual Property Rights. To the extent that ownership of these Intellectual Property Rights does not automatically vest in us, you hereby assign all such Intellectual Property Rights to us and agree to do all other things necessary to assure our title to such rights.
19.2 In the use of any Intellectual Property Rights in connection with this Agreement, you agree that you must not (and you must ensure that your Personnel and any Authorised Users do not) commit any intellectual property breach. Where you reasonably suspect that such a breach may have occurred, you must notify us immediately.
19.3 You agree that we may use Feedback in any manner which we see fit (including to develop new features) and no benefit will be due to you as a result of any use by us of any Feedback.
Your Intellectual Property Rights
19.4 As between the Parties, you will continue to own all Intellectual Property Rights in Your Materials.
19.5 You grant us a non-exclusive, irrevocable, worldwide, non-sublicensable (other than to our “group” companies, as that term is defined in the Companies Act) and non-transferable right and licence for the duration of the Term (and for a reasonable time thereafter), to use Your Materials, solely for the purpose of performing our obligations or exercising our rights under this Agreement, and as otherwise contemplated by this Agreement.
19.6 If you (if you are an individual) or any of your Personnel have any Moral Rights in any material provided, used or prepared in connection with this Agreement, , you agree to (and you agree to ensure that your Personnel) waive those Moral Rights and waive all rights to object to derogatory treatment of such material.
Your Data
19.7 As between the Parties:
(a) Your Data is and will remain your property; and
(b) you retain any and all rights, title and interest in and to Your Data, including all copies, modifications, extensions and derivative works.
19.8 You grant us a limited licence to copy, transmit, store, back-up and/or otherwise access or use Your Data during the Term (and for a reasonable period after the Term):
(a) to supply the Goods and/or Services to you (including to enable you and your Personnel to access and use the Goods and/or Services), and otherwise perform our obligations under this Agreement;
(b) to diagnose problems with the Goods and/or Services;
(c) to enhance and otherwise modify the Goods and/or Services;
(d) to perform Analytics;
(e) to develop other services, provided we de-identify Your Data; and
(f) as reasonably required to perform our obligations under this Agreement.
19.9 You acknowledge and agree that:
(a) we are not responsible for the integrity or existence of any data on the Computing Environment, network or any device controlled by you, your Authorised Users or your Personnel; and
(b) we assume no responsibility or Liability for Your Data or the Computing Environment. You are solely responsible for Your Data and the consequences of using, disclosing, storing or transmitting it. It is your responsibility to back-up Your Data.
19.10 You represent, warrant, acknowledge and agree that:
(a) you have obtained all necessary rights, releases and permissions to provide or have Your Data provided to us and to grant the rights granted to us in this Agreement;
(b) Your Data (and its transfer to and/or use, collection, storage or disclosure by us as contemplated by this Agreement) does not and will not violate any Laws (including those relating to export control and electronic communications) or the rights of any third party, including any Intellectual Property Rights, rights of privacy, or rights of publicity; and
(c) the operation of the Goods and/or Services is reliant on the accuracy and completeness of Your Data, and the provision by you of Your Data that is inaccurate or incomplete may affect the use, output and operation of the Goods and/or Services.
19.11 This clause 19 will survive termination or expiry of this Agreement.
20. Analytics
20.1 You acknowledge and agree that we may monitor, analyse and compile statistical and performance information based on and/or related to your use of the Goods and/or Services, in an aggregated and anonymised format (Analytics). You agree that we may make such Analytics publicly available, provided that it:
(a) does not contain any identifying information; and
(b) is not compiled using a sample size small enough to make underlying portions of Your Data identifiable.
20.2 We, and our licensors own all right, title and interest in and to the Analytics and all related software, technology, documentation and content used or provided in connection with the Analytics, including all Intellectual Property Rights in the foregoing.
20.3 We may use and disclose to our service providers anonymous data about your access and use of the Goods and/or Services for the purpose of helping us improve the Goods and/or Services. Any such disclosure will not include details of your, or any Authorised Users’, identity or Personal Data.
21. Confidential Information
21.1 Each Receiving Party agrees:
(a) not to disclose the Confidential Information of the Disclosing Party to any third party (subject to subclause 21.1(c);
(b) to protect the Confidential Information of the Disclosing Party from any unauthorised disclosure;
(c) to only disclose the Confidential Information to those of its Personnel who need to know the Confidential Information in connection with this Agreement, provided those persons keep the Confidential Information confidential in accordance with this clause 21; and
(d) to only use the Confidential Information of the Disclosing Party for the purpose of performing obligations, or exercising rights or remedies, under this Agreement.
21.2 The obligations in clause 21.1 do not apply to Confidential Information that:
(a) is required to be disclosed in order for the Parties to comply with their obligations under this Agreement;
(b) is authorised in writing to be disclosed by the Disclosing Party;
(c) is in the public domain and/or is no longer confidential, except as a result of a breach of this Agreement or other duty of confidence; or
(d) must be disclosed by Law or by a regulatory authority, including under subpoena, provided that (to the extent permitted by Law) the Receiving Party has given the Disclosing Party notice prior to disclosure.
21.3 Each Party agrees that monetary damages may not be an adequate remedy for a breach of this clause 21. A Party is entitled to seek an injunction, or any other remedy available at law or in equity, at its discretion, to protect itself from a breach (or continuing breach) of this clause 21.
21.4 This clause 21 will survive the termination or expiry of this Agreement.
22. Restrictive Covenants
22.1 You (whether inadvertently, directly or indirectly), must not, during the Restraint Period, induce or solicit our Personnel (who were Personnel at the date of termination or expiry of these Terms or within the 12 months prior), to leave their employment, agency or contractual arrangement with us.
22.2 You agree that, in consideration of this Agreement:
(a) the terms of this clause 22 are reasonable given the nature of our business, are necessary to protect our legitimate business interests and do not unreasonably restrict your right to carry on your profession or trade;
(b) we may seek legal remedies (including equitable remedies) for a breach of this clause 22; and
(c) on request, you agree to provide us with evidence sufficient to enable us to confirm your compliance with this clause 22.
22.3 For the purposes of this clause 15 , Restraint Period means the Term, and:
(a) 12 months after the Term of these Terms, or (if that duration is deemed unreasonable);
(b) 9 months after the Term of these Terms, or (if that duration is deemed unreasonable); and
(c) 6 months after the Term of these Terms.
22.4 Without limiting any of our other rights or remedies, if you do not comply with any provision of this clause 22 and you engage our Personnel directly in any capacity (including in a contractor or employee relationship), you agree to pay us half of the amount of that relevant Personnel’s annual salary with us, as a debt immediately due and payable to us, and you agree that such amount is a genuine pre-estimate of loss that we may suffer or incur as a result of your non-compliance with this clause 22.
22.5 This clause 22 will survive the termination or expiry of this Agreement.
23. Privacy
23.1 Each Party agrees to comply with all Data Protection Legislation.
23.2 To the extent we need to process personal data for you under this Agreement, the Parties agree that the Data Processing Agreement at Attachment 1 is incorporated into this Agreement and to comply with the terms and Conditions of our Data Processing Agreement (available here[LV1] ).
24. Limitations on liability
24.1 Despite anything to the contrary, to the maximum extent permitted by law:
(a) neither Party will be liable for Consequential Loss;
(b) a Party’s liability for any Liability under this Agreement will be reduced proportionately to the extent the relevant Liability was caused or contributed to by the acts or omissions of the other Party (or any of its Personnel), including any failure by the other Party to mitigate its loss; and
(c) our aggregate liability for any Liability arising from or in connection with this Agreement will be limited to the Fees paid by you to us in respect of the supply of the relevant Goods and/or Services to which the Liability relates and in any event, our aggregate liability for all Liabilities arising from or in connection with this Agreement will be limited to 100% of the Fees due and payable by you to us in the first 12 months of the Term
24.2 This clause 23.2 will survive the termination or expiry of this Agreement.
25. Term and Termination
25.1 This Agreement will commence on the date it is accepted in accordance with its terms, and continue:
(a) where you have engaged us to provide one-off Goods and/or Services, until the Goods and/or Services the subject of the Service Application Form have been completed in accordance with their terms as reasonably determined by us; and
(b) where you have engaged us to provide ongoing Goods and/or Services under a Service Application Form, the Service Application Form will set out the term of the Goods and/or Services and we will commence the provision of the Goods and/or Services on the Service Application Form start date (install date of services) and continue providing them for the period set out in the Service Application Form (Initial Term). On the expiry of the Initial Term, this Agreement will automatically be renewed for subsequent periods of the same length (each a Renewal Period), unless either Party provides 90 days’ written notice before the end of the Initial Term or the end of the then-current Renewal period (as applicable) that it does not wish to renew this Agreement,
unless this Agreement is otherwise earlier terminated in accordance with its terms (Term).
25.2 This Agreement or any Service Application Form will terminate immediately upon written notice by a Party (Non-Defaulting Party) if:
(a) the other Party (Defaulting Party) breaches a material term of this Agreement or the Service Application Form and that breach has not been remedied within 10 Business Days of the Defaulting Party being notified of the breach by the Non-Defaulting Party; or
(b) the Defaulting Party is unable to pay its debts as they fall due.
25.3 We may terminate this Agreement immediately upon written notice and without penalty where we are unable to provide the Goods and/or Services, including:
(a) due to reasons set out in clause 5.2,
(b) if it is necessary to do so to comply with any law or an order or request of any government or regulatory body, to protect any person, equipment or the Network and/or to attend to any emergency;
(c) if a Supplier ceases providing their goods and/or services to us; and/or
(d) for any other reason outside our control which has the effect of compromising our ability to provide the Goods and/or Services.
25.4 Upon expiry or termination of this Agreement:
(a) we will immediately cease providing the Goods and/or Services;
(b) we will be entitled to anonymise or permanently delete all Your Data within 90 days from expiry or termination of this Agreement;
(c) to the maximum extent permitted by law, you agree that any payments made by you to us are not refundable to you;
(d) you are to pay for all Goods and/or Services provided prior to termination, including Goods and/or Services which have been provided and have not yet been invoiced to you, and all other amounts due and payable under this Agreement (including Fees for the remainder of the Term had the Agreement not been terminated, other than were this Agreement is terminated by you pursuant to clause 25.2);
(e) where you engage us to provide Broadband, Mobile, IoT and Telephony Services, to pay us a fee of £20.27 per device to port the device to a new network;
(f) to the maximum extent permitted by law, you will pay us for any third party charges or expenses to which we are committed, including without limitation any charges imposed on us by such third parties arising from the cancellation. You agree that this represents a genuine pre-estimate of our loss as a result of termination of this Agreement and/or any Service Application Form;
25.5 If requested by the Disclosing Party, the Receiving Party must destroy or return to the Disclosing Party all of its Confidential Information, except that the Recipient may keep a copy of such Confidential Information to the extent required by law or pursuant to its information technology back-up procedures, provided always that the Receiving Party retains such Confidential Information in accordance with clause 21.
25.6 Where this Agreement is terminated by us pursuant to clause 25.2, you agree to pay us:
(a) the Fees for the remainder of the Term; and
(b) our additional costs, reasonably incurred, and which arise directly from such termination, (including recovery fees).
25.7 Termination of this Agreement will not affect any rights or liabilities that a Party has accrued under it.
25.8 This clause 25 will survive the termination or expiry of this Agreement.
26. Suspension
26.1 We may, in our absolute discretion, and without prejudice to our other rights and remedies, immediately cease, limit or suspend the supply of any Goods and/or Services without giving you prior written notice:
(a) in circumstances where we reasonably suspect that there has been unauthorised use of the Goods and/or Services (including but not limited to, as a result of a hacking incident or fraudulent or illegal use);
(b) if required by any relevant Laws;
(c) for emergencies;
(d) a breach of clause 17 and for any Force Majeure Events; or
(e) if our Supplier suspends or terminates the supply of any goods and/or services to us (which may include the Goods and/or Services).
26.2 You agree that we may suspend the Goods and/or Services for any period we consider reasonably necessary.
26.3 If you rectify the reasons for suspension under clause 26.1, then we may, at our discretion, recommence the provision of the Goods and/or Services as soon as reasonably practicable.
27. General
27.1 Access: The Goods and/or Services may be accessed in England and Wales, and overseas. We make no representation that the Goods and/or Services comply with the Laws (including Intellectual Property Laws) of any country outside of England and Wales. If you access the Goods and/or Services from outside England and Wales, you do so at your own risk and you are responsible for complying with the Laws in the place you access the Goods and/or Services.
27.2 Amendment: Subject to clause 15, this Agreement may only be amended by written instrument executed by the Parties.
27.3 Assignment: Subject to clause 27.4 and 27.13, a Party must not assign, novate or deal with the whole or any part of its rights or obligations under this Agreement without the prior written consent of the other Party (such consent is not to be unreasonably withheld).
27.4 Assignment of Debt: You agree that we may assign or transfer any debt owed by you to us, arising under or in connection with this Agreement, to a debt collector, debt collection agency, or other third party.
27.5 Counterparts: This Agreement may be executed in any number of counterparts that together will form one instrument.
27.6 Disputes: A Party may not commence court proceedings relating to any dispute, controversy or claim arising from, or in connection with, this Agreement (including any question regarding its existence, validity or termination) (Dispute) without first meeting with a senior representative of the other Party to seek (in good faith) to resolve the Dispute. If the Parties cannot agree how to resolve the Dispute at that initial meeting, either Party may refer the matter to a mediator. If the Parties cannot agree on who the mediator should be, either Party may ask the Centre for Effective Dispute Resolution to appoint a mediator. The mediator will decide the time, place and rules for mediation. The Parties agree to attend the mediation in good faith, to seek to resolve the Dispute. The costs of the mediation will be shared equally between the Parties. Nothing in this clause will operate to prevent a Party from seeking urgent injunctive or equitable relief from a court of appropriate jurisdiction. This clause will survive termination or expiry of this Agreement.
27.7 Electronic Execution: This Agreement may be executed using an Electronic Signature. The Parties acknowledge and agree that if a Party executes this Agreement using an Electronic Signature, then the Party is taken to have entered into this Agreement in electronic form and the Electronic Signature is deemed to be an original execution of the Agreement by the Party. “Electronic Signature” means an electronic method of signing that identifies the person and indicates their intention to sign this Agreement which may include software programs such as Docusign.
27.8 Email: You agree that we are able to send electronic mail to you and receive electronic mail from you. To the maximum extent permitted by law, you release us from any Liability you may have as a result of any unauthorised copying, recording, reading or interference with that document or information after transmission, for any delay or non-delivery of any document or information and for any damage caused to your system or any files by a transfer.
27.9 Entire agreement: This Agreement contains the entire understanding between the Parties, and supersedes and extinguishes all previous discussions, communications, negotiations, understandings, representations, warranties, commitments and agreements, whether written or oral, in respect of its subject matter. Each Party agrees that it will have no remedies in respect of any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in this Agreement.
27.10 Force Majeure: A Party will not be liable for any delay or failure to perform its obligations under this Agreement if such delay or failure is caused or contributed to by a Force Majeure Event, provided that the Party seeking to rely on the benefit of this clause:
(a) as soon as reasonably practicable, notifies the other party in writing details of the Force Majeure Event, and the extent to which it is unable to perform its obligations; and
(b) uses reasonable endeavours to minimise the duration and adverse consequences of the Force Majeure Event.
27.11 Where the Force Majeure Event prevents a Party from performing a material obligation under this agreement for a period in excess of 60 days, then the other Party may by notice terminate this Agreement, which will be effective immediately, unless otherwise stated in the notice. This clause will not apply to a Party’s obligation to pay any amount that is due and payable to the other Party under this Agreement.
27.12 Further assurance: Each Party must promptly do all things and execute all further instruments necessary to give full force and effect to this Agreement and their obligations under it.
27.13 Subcontracting: We may subcontract the provision of any part of the Goods and/or Services without your prior written consent. We agree that any subcontracting does not discharge us from any liability under this Agreement and that we are liable for the acts and omissions of our subcontractor.
27.14 Governing law: This Agreement is governed by the laws of England and Wales. Each Party irrevocably and unconditionally submits to the exclusive jurisdiction of the courts operating in England and Wales and any courts entitled to hear appeals from those courts and waives any right to object to proceedings being brought in those courts.
27.15 Illegal Requests: We reserve the right to refuse any request for or in relation to any Goods and/or Services that we deem inappropriate, unethical, unreasonable, illegal or otherwise non-compliant with this Agreement.
27.16 Notices: Any notice given under this Agreement must be in writing addressed to the addresses set out in this Agreement, or the relevant address last notified by the recipient to the Parties in accordance with this clause. Any notice may be sent by standard post or email, and will be deemed to have been served on the expiry of 48 hours in the case of post, or at the time of transmission in the case of transmission by email.
27.17 Publicity: With your prior written consent, you agree that we may advertise or publicise the broad nature of our provision of the Goods and/or Services to you, including on our website or in our promotional material.
27.18 Relationship of Parties: This Agreement is not intended to create a partnership, joint venture, employment or agency relationship between the Parties.
27.19 Waiver: Any failure or delay by a Party in exercising a power or right (either wholly or partially) in relation to this Agreement does not operate as a waiver or prevent that Party from exercising that power or right or any other power or right. A waiver must be in writing and will be effective only to the extent specifically stated.
27.20 Severance: If a provision of this Agreement is held to be void, invalid, illegal or unenforceable, that provision is to be read down as narrowly as necessary to allow it to be valid or enforceable, failing which, that provision (or that part of that provision) will be severed from this Agreement without affecting the validity or enforceability of the remainder of that provision or the other provisions in this Agreement.
27.21 VAT: All amounts payable by a Party under this Agreement are inclusive of amounts in respect of value added tax chargeable from time to time (VAT), unless otherwise stated. Where any taxable supply for VAT purposes is made under this Agreement by a Party to the other Party, the paying Party agrees, on receipt of a valid VAT invoice from the payee, to pay to the payee such additional amounts in respect of VAT as are chargeable on the relevant supply at the same time as payment is due.
28. Definitions
In this Agreement, unless the context otherwise requires, capitalised terms have the meanings given to them in the Schedule or the Service Application Form, and:
Agreement means these terms and conditions, the Service Application Form, all schedules, annexures and attachments included, or referred to, in this agreement.
Attachment means an attachment to this Agreement.
Authorised User, if applicable, means a user permitted to access and use the Goods and/or Services, as further particularised in the Service Application Form.
Business Day means a day on which banks are open for general banking business in England and Wales, excluding Saturdays, Sundays and public holidays.
Commencement Date means the date this Agreement is signed by the last of the Parties.
Computing Environment means your computing environment including all hardware, software, information technology and telecommunications services and Systems.
Confidential Information means information which:
(a) is disclosed to the Receiving Party in connection with this Agreement at any time;
(b) relates to the Disclosing Party’s business, assets or affairs; or
(c) relates to the subject matter of, the terms of and/or any transactions contemplated by this Agreement,
whether or not such information or documentation is reduced to a tangible form or marked in writing as “confidential”, and howsoever the Receiving Party receives that information.
Consequential Loss means, whether under statute, contract, equity, tort (including negligence), indemnity or otherwise:
(a) any loss or damage that cannot be considered to arise according to the usual course of things from the relevant breach, act or omission, whether or not such loss or damage may reasonably be supposed to have been in the contemplation of the Parties at the time they entered into this Agreement as the probable results of the relevant breach, act or omission; and/or
(b) without limiting subclause (a), any real or anticipated loss of profit, loss of benefit, loss of revenue, loss of business, loss of goodwill, loss of opportunity, loss of savings, loss of reputation, loss of use and/or loss or corruption of data.
However, the Parties agree that your obligation to pay us the Fees under this Agreement will not constitute “Consequential Loss”.
Data Protection Legislation means the laws and regulations applicable to the processing of Personal Data by the Parties in connection with this Agreement, including, without limitation, the Data Protection Act 2018.
Disclosing Party means the Party disclosing Confidential Information to the Receiving Party.
Feedback means any idea, suggestion, recommendation or request by you or any of your Personnel or Authorised Users, your customers, whether made verbally, in writing, directly or indirectly, in connection with the Goods and/or Services.
Fees means the price set out in the relevant Service Application Form, as adjusted in accordance with this Agreement.
Force Majeure Event means any event or circumstance which is beyond a Party’s reasonable control including but not limited to, acts of God including fire, hurricane, typhoon, earthquake, landslide, tsunami, mudslide or other catastrophic natural disaster, civil riot, civil rebellion, revolution, terrorism, insurrection, militarily usurped power, act of sabotage, act of a public enemy, war (whether declared or not) or other like hostilities, ionising radiation, contamination by radioactivity, nuclear, chemical or biological contamination, any widespread illness, quarantine or government sanctioned ordinance or shutdown, pandemic (including COVID-19 and any variations or mutations to this disease or illness) or epidemic.
Goods means any goods you order from us in a Service Application Form, as varied in accordance with the terms of this Agreement.
Goods and/or Services means the goods and/or services to be provided by us to you under this Agreement, as expressly set out in the Service Application Form, as adjusted in accordance with these Terms.
Harmful Code means any computer program or virus or other code that is harmful, destructive, disabling or which assists in or enables theft, alternation, denial of service, unauthorised access to or disclosure, destruction or corruption of information or data.
Intellectual Property means any copyright, registered or unregistered designs, patents or trade marks, business names, get-up, goodwill, domain names, know-how, inventions, processes, trade secrets or Confidential Information, circuit layouts, software, computer programs, databases or source codes, including any application, or right to apply, for registration of, and any improvements, enhancements or modifications of, the foregoing.
Intellectual Property Rights means, for the duration of the rights in any part of the world, any industrial or intellectual property rights, whether registrable or not, and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future, including in respect of Intellectual Property.
Laws means all applicable laws, regulations, codes, guidelines, policies, protocols, consents, approvals, permits and licences, and any requirements or directions given by any government or similar authority with the power to bind or impose obligations on the relevant Party in connection with this Agreement or the provision of the Services.
Liability means any expense, cost, liability, loss, damage, claim, notice, entitlement, investigation, demand, proceeding or judgment (whether under statute, contract, equity, tort (including negligence), misrepresentation, restitution, indemnity or otherwise), howsoever arising, whether direct or indirect and/or whether present, unascertained, future or contingent and whether involving a third party or a Party to this Agreement or otherwise.
Moral Rights means any moral rights, including those conferred by Chapter IV of the Copyright, Designs and Patents Act 1988.
New Materials means all Intellectual Property developed, adapted, modified or created by or on behalf of us or you or any of your or our respective Personnel in connection with this Agreement or the supply of the Goods and/or Services, whether before or after the date of this Agreement and any improvements, modifications or enhancements of such Intellectual Property, but excludes Our Materials and Your Materials.
Network means the telecommunication run by our Supplier, in respect of which we are providing resale services.
Our Materials means all Intellectual Property which is owned by or licensed to us and any improvements, modifications or enhancements of such Intellectual Property.
Payment Terms means the payment terms for the Fees, as set out in the Service Application Form.
Personal Data has the meaning given to it in the Data Protection Act 2018.
Personnel means, in respect of a Party, any of its employees, consultants, suppliers, subcontractors or agents, but in respect of you, does not include us.
Premises means any premises the subject of the Goods and/or Services.
Privacy Policy means any privacy policy set out on our Site;
Receiving Party means the Party receiving Confidential Information from or on behalf of the Disclosing Party.
Services means any services you order from us in a Service Application Form, as varied in accordance with the terms of this Agreement.
Service Application Form means the Service Application Form that you agree to, that sets out the Goods and/or Services we will provide to you and any relevant commercial terms.
Supplier means a telecommunications service provider, who we use in order to supply the Goods and/or Services to you.
System means all hardware, software, networks, telecommunications and other IT systems used by a Party from time to time, including a network.
Third Party Inputs means third parties or any goods and services provided by third parties, including hardware, internet service providers, internal systems, customer relationship management software, email providers, cloud storage systems, or other third party systems which the provision of the Goods and/or Services may be contingent on, or impacted by.
Variation has the meaning given in clause 15.1.
Variation Request has the meaning given in clause 15.1.
Your Data means the information, materials, logos, documents, qualifications and other Intellectual Property or data inputted by you, your Personnel and Authorised Users into the Goods and/or Services or stored by or generated by your use of the Goods and/or Services, including any Personal Data collected, used, disclosed, stored or otherwise handled in connection with this Agreement. Your Data does not include (i) the Analytics, or (i) any data, information or materials that we generate (or that is generated on our behalf) in connection with the Goods and/or Services and that is not provided to you or that you do not have access to.
Your Materials means all Intellectual Property owned or licensed by you or your Personnel before the Commencement Date (which is not connected to this Agreement) and/or developed by or on behalf of you or your Personnel independently of this Agreement and any improvements, modifications or enhancements of such Intellectual Property.
29. Interpretation
In this Agreement, unless the context otherwise requires:
(a) words like including and for example are not words of limitation;
(b) a reference to this Agreement or any other document includes the document, all schedules and all annexures as novated, amended, supplemented, varied or replaced from time to time;
(c) a reference to any legislation or law includes subordinate legislation or law and all amendments, consolidations, replacements or re-enactments from time to time;
(d) a reference to a person includes a natural person, body corporate, partnership, joint venture, association, government or statutory body;
(e) a reference to a party (including a Party) to a document includes that party’s executors, administrators, successors and permitted assigns;
(f) a reference to a covenant, obligation or agreement of two or more persons binds or benefits them jointly and severally;
(g) a reference to “Goods and Services” or “Goods or Services” includes “Goods and/or Services”;
(h) a reference to time is to local time in England; and
(i) a reference to £ or pounds refers to the currency of England from time to time.
ATTACHMENT 1 – DATA PROCESSING AGREEMENT
This DPA is entered into between the Parties in the Virocom Terms and Conditions (Linked Agreement). This DPA supplements the Linked Agreement entered into between the Parties and applies to the provision of Services under the Linked Agreement.
Background
A. The Parties have entered into the Linked Agreement for the provision of Services.
B. In the processing of Company Personal Data in connection with the Linked Agreement.
C. The Parties would like to implement this DPA to set out each Party’s rights and obligations in connection with the Processing of Company Personal Data under the Linked Agreement.
1. Commencement and Term
1.1 This DPA will commence on the date it is executed between the Parties and will continue for as long as the Linked Agreement remains in effect, or the Processor retains any of the Company Personal Data in its possession or control (whichever is the longer) (Term).
1.2 By entering into this DPA, each Party agrees to be bound by the terms and conditions set out in this DPA, in exchange for the other Party also agreeing to be bound by this DPA.
2. Roles of the Parties Processing of Personal Data
2.1 The Parties acknowledge and agree that in connection with the Linked Agreement and the provision of Goods and/or Services, where we need to process personal data on your behalf, we are the data processor and you are the data controller.
2.2 Each Party agrees to comply with Applicable Data Protection Law in the Processing of Company Personal Data.
2.3 The Controller instructs the Processor to process Personal Data in accordance with this DPA (including in accordance with Annex 1).
2.4 The Processor agrees to not process Company Personal Data other than on the Controller’s documented instructions, and to the extent applicable, clause 11 of this DPA.
3. Processor Personnel
3.1 The Processor agrees to take reasonable steps to ensure the reliability of any of the Contracted Processor’s Personnel who may have access to the Company Personal Data, ensuring in each case that:
(a) access is strictly limited to those individuals who need to know / access the relevant Company Personal Data, as strictly necessary for the purposes of the Linked Agreement; and
(b) the relevant Personnel are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
4. Security
4.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Processor agrees to implement appropriate technical and organisational measures in relation to the Company Personal Data to ensure a level of security appropriate to that risk in accordance with Applicable Data Protection Law, and as further particularised in Annex 2.
4.2 In assessing the appropriate level of security, the Processor agrees to take into account the risks that are presented by Processing, in particular from a Personal Data Breach.
5. Sub-Processing
5.1 The Controller authorises the Processor’s engagement of the Sub-Processors already engaged by the Processor at the date of this DPA that are set out in Annex 3.
5.2 Where the Processor wishes to engage a new Sub-Processor, the Processor agrees to provide written notice to the Controller of the details of the engagement of the Sub-Processor at least 14 days’ prior to engaging the new Sub-Processor (including details of the processing it will perform). The Controller may object in writing to the Processor’s appointment of a new Sub-Processor within 7 days of such notice, provided that such objection is based on reasonable grounds relating to data protection. In such event, the Parties will discuss such concerns in good faith with a view to achieving resolution. If the Parties are not able to achieve resolution, the Processor may, at its election:
(a) not appoint the proposed Sub-Processor;
(b) not disclose any Company Personal Data it processes on the Controller’s behalf to the proposed Sub-Processor; or
(c) inform the Controller that it may terminate the Linked Agreement (including this DPA) for convenience, in which case, clause 13.2 will apply.
5.3 The Controller agrees that the remedies described above in clauses 5.2(a)-(c) are the only remedies available to the Controller if it objects to any proposed Sub-Processor by the Processor.
5.4 Where the Processor engages a Sub-Processor to process Company Personal Data, the Processor agrees to enter into a written agreement with the Sub-Processor containing data protection obligations no less protective that those in this DPA with respect to the Company Personal Data (including in relation to Restricted Transfers), and to remain responsible to the Controller for the performance of such Sub-Processor’s data protection obligations under such terms.
6. Data Subject Rights
6.1 Taking into account the nature of the Processing, the Processor agrees to assist the Controller by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller’s obligations, as reasonably understood by the Controller, to respond to requests to exercise Data Subject rights under the Applicable Data Protection Law.
6.2 The Processor agrees to:
(a) promptly notify the Controller if it receives a request from a Data Subject under any Applicable Data Protection Law in respect of Company Personal Data; and
(b) ensure that it does not respond to that request except on the documented instructions of the Controller or as required by Applicable Data Protection Law to which the Processor is subject, in which case the Processor shall, to the extent permitted by Applicable Data Protection Law, inform the Controller of that legal requirement before the Contracted Processor responds to the request.
7. Personal Data Breach
7.1 The Processor agrees to notify the Controller without undue delay upon the Processor becoming aware of a Personal Data Breach affecting Company Personal Data, providing the Controller with sufficient information to allow the Controller to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
7.2 The Processor agrees to co-operate with the Controller and take reasonable commercial steps as are directed by the Controller to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
7.3 If the Controller decides to notify a Supervisory Authority, Data Subjects or the public of a Company Personal Data Breach, the Controller agrees to provide the Processor with advance copies of the proposed notices and, subject to Applicable Data Protection Law (including any mandated deadlines under the UK GDPR), allow the Processor an opportunity to provide any clarifications or corrections to those notices.
8. Data Protection Impact Assessment and Prior Consultation
The Processor agrees to provide reasonable assistance to the Controller with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which the Controller reasonably considers to be required by article 35 or 36 of the UK GDPR or equivalent provisions of any other Data Protection Law (to the extent the Controller does not otherwise have access to the relevant information and such information is in the Processor’s control).
9. Deletion or return of Personal Data
Subject to this clause 9, and subject to any document retention requirements at law, the Processor agrees to promptly and in any event within 10 business days of the date of cessation of any Services involving the Processing of Company Personal Data (Cessation Date), delete and procure the deletion of all copies of those Company Personal Data.
10. Audit Rights
10.1 Subject to this clause 10, where required by law, the Processor shall make available to the Controller on request all information reasonably necessary to demonstrate compliance with this DPA, and shall allow for and contribute to audits, including inspections, by the Controller or an auditor mandated by the Controller in relation to the Processing of the Company Personal Data by the Contracted Processors.
10.2 Where clause 10.1 applies, any audit (or inspection):
(a) must be conducted during the Processor’s regular business hours, with reasonable advance notice (which shall not be less than 30 business days);
(b) will be subject to the Processor’s reasonable confidentiality procedures;
(c) must be limited in scope to matters specific to the Controller and agreed in advance with the Processor;
(d) must not require the Processor to disclose to the Controller any information that could cause the Processor to breach any of its obligations under Applicable Data Protection Law;
(e) to the extent the Processor needs to expend time to assist the Controller with the audit (or inspection), will be funded by the Controller, in accordance with pre-agreed rates; and
(f) may only be requested by the Controller a maximum of one time per year, except where required by a competent Supervisory Authority or where there has been a Personal Data Breach in relation to Company Personal Data, caused by the Processor.
10.3 Information and audit rights of the Controller only arise under section 10.1 to the extent that the Linked Agreement does not otherwise give it information and audit rights meeting the relevant requirements of Applicable Data Protection Law.
11. Restricted Transfers
The Parties agree that where the transfer of Company Personal Data between the Parties is a Restricted Transfer, it will be subject to the UK Addendum (and documents or legislation referred to within it), which shall be deemed to be incorporated into this DPA, and:
(a) the Tables in Part 1 of the UK Addendum shall be populated with the relevant information set out in the Annexes to this DPA; and
(b) the UK Addendum is considered an appropriate safeguard.
12. Liability
Despite anything to the contrary in the Linked Agreement or this DPA, to the maximum extent permitted by law, the Liability of each Party and its affiliates under this DPA is subject to the exclusions and limitations of Liability set out in the Linked Agreement.
13. Termination
13.1 Each Party agrees that a failure or inability to comply with the terms of this DPA and/or the Applicable Data Protection Law constitutes a material breach of the Linked Agreement. In such event, the Controller may, without penalty:
(a) require the Processor to suspend processing of Company Personal Data until such compliance is restored; or
(b) terminate the Linked Agreement effective immediately on written notice to the Processor.
13.2 In the case of such suspension or termination, the Processor shall provide a prompt pro-rata refund of all sums paid in advance under the Linked Agreement which relate to the period of suspension or the period after the date of termination (as applicable).
13.3 Notwithstanding the expiry or termination of this DPA, this DPA will remain in effect until, and will terminate automatically upon, deletion by the Processor of all Company Personal Data covered by this DPA, in accordance with this DPA.
14. General
14.1 Amendment: Other than as expressly permitted under this DPA and to the extent permitted by law, this DPA may only be amended by written instrument executed by the Parties.
14.2 Assignment: A Party must not assign or deal with the whole or any part of its rights or obligations under this DPA without the prior written consent of the other Party (such consent not to be unreasonably withheld).
14.3 Confidentiality: Each Party agrees to keep this DPA and any information it receives about the other Party and its business in connection with this DPA (Confidential Information) confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that:
(a) disclosure is required by law; or
(b) the relevant information is already in the public domain.
14.4 Contracts (Rights of Third Parties) Act 1999: Notwithstanding any other provision of this DPA, nothing in this DPA confers or is intended to confer any right to enforce any of its terms on any person who is not a party to it.
14.5 Counterparts: This DPA may be executed in any number of counterparts that together will form one instrument.
14.6 Order of Precedence: In the event of any conflict or inconsistency between the agreements entered into between the Parties, the Addendum shall prevail, then the Annexes, followed by this DPA and then the Linked Agreement.
14.7 Governing law and disputes: This DPA is governed by the laws of England and Wales. Each Party irrevocably and unconditionally submits to the exclusive jurisdiction of the courts operating in England and Wales and any courts entitled to hear appeals from those courts and waives any right to object to proceedings being brought in those courts.
14.8 Notices: Any notice given under this DPA must be in writing addressed to the relevant address last notified by the recipient to the Parties. Any notice may be sent by standard post or email, and will be deemed to have been served on the expiry of 48 hours in the case of post, or at the time of transmission in the case of transmission by email.
14.9 Severance: If a provision of this DPA is held to be void, invalid, illegal or unenforceable, that provision is to be read down as narrowly as necessary to allow it to be valid or enforceable, failing which, that provision (or that part of that provision) will be severed from this DPA without affecting the validity or enforceability of the remainder of that provision or the other provisions in this DPA.
15. Definitions and Interpretation
15.1 In this DPA, unless the context otherwise requires, all terms have the meanings given to them in the Annexures, and:
Applicable Data Protection Law means the laws and regulations applicable to the processing of Personal Data by the Parties in connection with the Linked Agreement, including the Data Protection Act 2018 (including the UK GDPR), and where applicable, the EU GDPR.
Company Personal Data means any Personal Data Processed by a Contracted Processor on behalf of a Controller in connection with the Linked Agreement (and where the Processor is also acting as a Controller, any Personal Data it processes in connection with the Linked Agreement).
Contracted Processor means the Processor or a Sub-Processor.
Controller means you, when you are performing the role of a Controller as that term is defined under the UK GDPR.
Data Subject means any individual person that is identified or identifiable by way of Personal Data.
DPA means this Data Processing Agreement and all Annexes attached to it.
EU GDPR means Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation).
Liability means any expense, cost, liability, loss, damage, claim, notice, entitlement, investigation, demand, proceeding or judgment (whether under statute, contract, equity, tort (including negligence), misrepresentation, restitution, indemnity or otherwise), howsoever arising, whether direct or indirect and/or whether present, unascertained, future or contingent and whether involving a third party or a Party to this DPA or otherwise.
Linked Agreement means the Virocom Master Services Agreement that this DPA is attached to.
Personnel means in respect of a Contracted Processor, any of its employees, consultants, and subcontractors.
Processor means us, when we are performing the role of a Processor, as that term is defined by the UK GDPR.
Restricted Transfer means a transfer of personal data from the United Kingdom to any other country which is not subject to adequacy regulations pursuant to Section 17A of the United Kingdom Data Protection Act 2018.
Services means the services the subject of the Linked Agreement.
Sub-Processor means any person appointed by or on behalf of the Processor to process Company Personal Data on behalf of the Controller in connection with the Linked Agreement.
UK GDPR means the EU GDPR as incorporated into United Kingdom law by virtue of Section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018.
UK Addendum means the international data transfer addendum to the European Commission’s standard contractual clauses for international data transfers approved by the Information Commissioner’s Office under section 119A of the Data Protection Act 2018 on 21 March 2022 (version B.1.0), and as updated from time to time.
15.2 The terms, “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processing” and “Supervisory Authority” shall have the same meaning as in the EU GDPR or UK GDPR, as applicable.
15.3 The word include shall be construed to mean include without limitation.
ANNEX 1
DESCRIPTION OF TRANSFER
Personal Data Transferred
· Identity Data including first name, last name, and job title.
· Contact Data of our business contact representatives including billing addresses, email addresses and telephone numbers.
· Identity data and email address of any Authorised Users of our Services.
· Technical and Usage Data including internet protocol (IP) address, login data, browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour, information about user access and use of our website, including through the use of Internet cookies, communications with our website, the type of browser used by users, the type of operating system used by users and the domain name of users’ Internet service provider.
· Profile Data including usernames and passwords for our platform, purchases or orders made with us, support requests made with us, content posted and shared through our Services.
Special Categories of Personal Data and criminal convictions and offences
Special Categories of Data will not be processed.
Relevant Data Subjects
· authorised users of the Services;
· anyone about whom personal data is input into the Service; and
· business contact representatives.
Frequency of the transfer
On the instructions of each Service Application Form
Nature of the transfer
As specified in the Linked Agreement, the relevant Service Application Form and this DPA, including without limitation, use by us of Company Personal Data to provide our Services in accordance with the Linked Agreement or as compelled by law.
Purpose of processing
The purpose of the transfer and processing are as specified in the Linked Agreement and this DPA.
Duration of the Processing
The term of the Linked Agreement and for a period of 90 days after termination or expiry of the Linked Agreement.
ANNEX 2
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
TECHNICAL AND ORGANISATIONAL MEASURES
DETAILS
Designated data protection officer (if required) or privacy manager
· Paul Byron, [email - paul.bryon@virocom.co.uk, Telephone - 020 3589 6554]
· Albana Ismajli, [email - alban.ismajli@virocom.co.uk, Telephone - 020 3589 6556]
Security certifications
· ISO 9001 and ISO 27001
Internal policies e.g. security policy, data retention and deletion policies
· Cloud Backups are conducted every evening at 21:00 across the servers listed below using the program ‘Backup Manager’ which is installed on all machines. Files that are backed up are on a 45 day retention basis using military grade AES 256-bit encryption by the provider VSL-Net / Vitanium and is ISO9001 and ISO 27001 compliant. Data is deleted using their server processes and then available to be overwritten with new data.
Local machines that are re-issued when new users come on board or require machine swaps are provided with new machines that have been fully wiped using the built in Microsoft Windows application to destroy data and re-install the operating system.
All client contact and identification data should be destroyed from Virocom’s system after they have reached 7 years, providing that the data is still not required, as is the case of existing customers
All access to any information service is strictly controlled through Azure Active Directory authentication. Access to the ERP system is controlled through assigned, encrypted username and password.
Product security features
· Complex password security based comprised of at least 1 capital, 8 digits, 1 number and at least 1 special character.
Network security
· Access to our network infrastructure is either by VPN or physically being at the equipment which is located in our co-location suites at Telehouse North or Virtus Enfield. Both of which are only accessible via an assigned list of allowed users.
365 Infrastructure for hosting is provided via Microsoft Azure and under the security policy below: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
· Penetration tests are performed annually
Physical security and disaster recovery
· Physical locks – all access to Virocoms’ office is restricted using physical locks which only employees can access.
· Security alarms – the office building has motion alarms that alert building management who respond to alarms 24 hours a day, 7 days a week, 365 days a year.
· Security video surveillance – the internal office entry / exit points and network room have continuous video surveillance. The office building has external video surveillance and an agreement is in place with building management to access surveillance footage in the event that it is needed.
· Fire alarms and sprinkler system – fire alarms are installed throughout the office and extinguishers are in place.
· Physical files containing Personal Data are stored in secured areas.
Human resources security
· Appropriate background checks are conducted on all employees in accordance with documented policies.
· Business obtains written commitment of employees and contractors to maintain confidentiality in employment contracts and contractors agreements.
· Access is revoked on a timely basis in accordance with security procedures upon the departure of any personnel.
· Password policy that prohibits the sharing of passwords, outlines processes after a disclosure of a password and requires the regular change of passwords.
· Deliver regular (at least annually) information security awareness training to all employees.
