Order Terms & Conditions
STANDARD TERMS & CONDITIONS
Version 26 November 2024
THIS AGREEMENT is made on the Commencement Date between:
SELECTABASE LTD,
The Archive Centre, Honeywood Road, Dover, CT16 3EH (the “Supplier”)
and
THE CUSTOMER
1. Definitions
The following terms shall have the following meanings:
- Agreement: The agreement between the Supplier and the Customer pursuant to clause 2.
- Commencement Date: The date of acceptance by the Supplier of the Customer Order Form.
- Confidential Information: Any and all information relating to trade secrets, operations, processes, plans, intentions, product information, prices, know-how, designs, customer lists, market opportunities, transactions, affairs, and/or business of the parties and/or to their customers, suppliers, clients or Group Companies in any medium or format, including any personal data pertaining to the Customers.
- Credits: Credits for the Data or other Services for which the Supplier may accept prepayment, as more particularly set out in the Customer Order Form.
- Controller: A data controller as defined by the Data Protection Legislation.
- Customer Order Form: The form prepared by the Supplier and accepted by the Customer, which sets out the details of the supply of Services or Data from the Supplier and which, together with these terms, forms the contract.
- Customer: Any person named as the Customer in the Customer Order Form.
- Data Protection Legislation: The applicable legislation protecting individuals’ fundamental rights and freedoms, including but not limited to the UK GDPR, the GDPR, and any national legislation supplementing the GDPR in Member States of the EEA.
- Data Subject: As defined in the applicable Data Protection Legislation.
- Data: The list rental data as set out in the Customer Order Form and supplied to the Customer, which may include Personal Data.
- Fee: The current applicable rate as set out in the Customer Order Form.
- GDPR: The Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC.
- UK GDPR: The GDPR as transposed into United Kingdom national law by operation of section 3 of the European Union (Withdrawal) Act 2018, together with the UK Data Protection Act 2018, and other relevant legislation in force from time to time.
- ICO: The Information Commissioner’s Office, the competent data protection authority within the United Kingdom (UK).
- Improper Use: Any use of the Services in an unlawful, immoral, disreputable, or threatening manner, or using the Data in a manner that contravenes any rules or regulations from time to time issued by any body regulating the conduct of the Customer’s business or the use of the Data, including breaches of Clause 4 and 13 of this Agreement or using the Services other than in accordance with the terms of this Agreement.
- Latest Delivery Date: (i) In the case of Services requiring a single delivery, 28 days after the Payment Date; (ii) in the case of repeated delivery, within 28 days of the start of each month, unless in either case extended delivery has been agreed in writing by both parties in accordance with Clause 2.7.
- Licence: The licence described in clause 3.
- Media: The method, records, or other materials and documents by which the Services are delivered to the Customer, including but not limited to downloads or email.
- Payment Card: Any credit card or charge card of the Customer that may be used by the Supplier to make payments under this Agreement, subject to the provisions of Clause 5.5.
- Payment Date: The date for payment for the Services as set out in the Customer Order Form.
- Period: The period specified in the Customer Order Form from and including the Commencement Date as the period for which the Customer may use the Services, unless the Services are provided for an immediate single use.
- Permitted Purpose: The specified method of direct marketing as set out in the Customer Order Form.
- Personal Data: Personal data as defined by the Data Protection Legislation.
- Postal Data: Data supplied by the Supplier to the Customer containing the mailing addresses of consumers.
- Processor: A data processor as defined by the Data Protection Legislation.
- Reseller Agreement: The additional set of terms the Customer agrees to be bound by. The Reseller Agreement is available at https://test.selectabase.co.uk/terms-and-conditions/.
- Services: The services accepted and described on the Customer Order Form and with reference to the relevant sections of the Website.
- Shared Personal Data: The personal data shared between the parties under this Agreement.
- Supervisory Authority: The relevant competent data protection authority in a territory; in the UK, this is the ICO.
- Supplier: Selectabase Ltd or any person assigned the benefit of this Agreement.
- Territory: Europe.
- Third Party: An individual, firm, limited company, or other party specified in the Customer Order Form that will use or access the Data on behalf of the Customer but does not have the right to use the Data for its own purposes.
- Users: The Customer or any Third Party who uses the Services and/or the Data of the Supplier on behalf of the Customer.
- Virus: A computer virus that interferes with or has the capacity to interfere with a computer’s correct and proper functioning.
- Website: https://test.selectabase.co.uk/ or such domain as may be chosen by the Supplier from time to time to market the Services.
2. Supply of Services
2.1 In consideration of payment of the Fee, the Supplier agrees to provide the Services and Data, subject to the remainder of this clause and the Licence.
2.2 Before accepting a Customer Order Form and for agreements with periodic payments, the Supplier reserves the right to conduct credit checks and due diligence to ensure compliance with Data Protection Legislation. The Supplier may cancel the Agreement or apply additional terms if the Customer fails such checks.
2.3 Orders will be delivered via a secure online login. The Customer must notify the Supplier if the download has not been received or is inaccessible within 28 days of the Latest Delivery Date.
2.4 The Supplier does not warrant the accuracy of the Data provided and does not undertake to replace names where the Data is inaccurate or contains errors.
2.5 Where fundamental discrepancies in the Data are evidenced within 3 months of the Latest Delivery Date, the Supplier may replace names at its discretion.
2.6 If the Data is not supplied by the Latest Delivery Date due to reasons beyond the Supplier’s control (excluding non-payment or a faulty address provided by the Customer), the Customer may terminate the Agreement with no further claim.
2.7 The Supplier will inform the Customer of any delays likely to cause late delivery. If an extension is agreed, the new date shall be the Latest Delivery Date.
2.8 For some Services, the Customer must re-download Data before subsequent use. The Customer is responsible for checking and cleaning Data before reuse.
3. Licence
3.1 The Licence for the Customer to use the Services will be set out in the Customer Order Form and will apply to the Territory only.
3.2 The Licence is non-transferable unless otherwise agreed, and the Customer may only take such copies of the Data as are reasonably required for the use of the Data in accordance with this Agreement and may only use the Data for the Permitted Purpose or as otherwise agreed between the parties.
3.3 The Licence for the Customer to use the Services shall expire:
3.3.1 In the case of single use: 3 months after the date of initial delivery, via any media, of the Data or Services specified in the Customer Order;
3.3.2 In the case of Agreements that permit multiple usage of the Services: 12 months after the date of initial delivery of the Data or Services specified in the Customer Order Form; and
3.3.3 Where the Customer has identified that it does not intend to use the Data or Services solely for its own internal business purposes on the Customer Order Form, then as per the provisions contained within the Reseller Agreement.
3.4 For the avoidance of doubt, the single use of the Data referred to in Clause 3.3.1 means:
3.4.1 Where only the mailing address is supplied, the once-only use of each address for a mail campaign only;
3.4.2 Where only the telephone number is supplied, the once-only use of each telephone number in a telemarketing campaign;
3.4.3 Where the telephone number and the mailing address are supplied, the once-only use of the mailing address in a mailing campaign and the once-only use of the telephone number in a telemarketing campaign;
3.4.4 Where an email address is supplied, the once-only use of each address for an email campaign only.
3.5 The Permitted Purpose shall not entitle the Customer to use the Data to create any business directory, telephone directory, listings, or classified directory in any media or format.
3.6 The Permitted Purpose shall not permit the Customer to use the Data, the Services, and the Supplier materials for profiling or enhancement of the Customer’s or Third Party User’s files for segmentation purposes.
3.7 Notwithstanding any other provision of this Agreement, where the Supplier provides Data to the Customer for the purpose of deduplication or any other similar or analogous purpose, the Customer shall, unless expressly agreed otherwise in writing by the Supplier, only be permitted to use that Data for the process of such deduplication or the similar or analogous purpose for which the Data has been supplied and not for any other purpose whatsoever.
3.8 The Customer must not (and will not allow any third party to) adapt, alter, modify, reverse engineer, decompile, or otherwise interfere with the Data and/or the Supplier Materials without the prior written consent of the Supplier or as otherwise permitted by law.
3.9 In the case of a machine and/or site-specific Licence, the Customer may only use the Data and/or the Supplier Materials on the equipment and/or at the site (as the case may be) specified in the Customer Order Form.
4. Usage
4.1 Users shall not be permitted to use the Data:
4.1.1 For the purposes of providing any bureau services to any third party;
4.1.2 On any laptop or portable device save for in accordance with Clause 4.2;
4.1.3 For the purposes of assessing creditworthiness or for tracing debtors;
4.1.4 For the sublicensing, selling, or otherwise disclosing or making available to any third party acting (in the Supplier’s reasonable opinion) as a credit reference agency or as a supplier of information used for assessing creditworthiness;
4.1.5 In combination with any third-party data source, including without limitation data derived from lifestyle surveys or credit assessment, unless otherwise approved in writing by the Supplier in advance; or
4.1.6 For marketing to anyone under 18 years of age.
4.2 The Supplier may permit Users where appropriate to use the Data on a laptop or portable device, provided that the relevant User:
4.2.1 Ensures that they implement robust encryption protection with a minimum strength of AES-256 (or such other best practice encryption standards as may, in the reasonable opinion of the Supplier, be applicable from time to time) on each such laptop or portable device;
4.2.2 Includes a clause mandating such encryption requirements in a prominent position in the agreement signed between the Customer and the User;
4.2.3 Includes a prominent reminder of such encryption requirements with each download of Data that the User makes as appropriate via the Supplier’s Services;
4.2.4 Limits the number of Data records that may be downloaded by a User to 50,000 records per download and enforces this via technical controls; and
4.2.5 Takes reasonable steps to exercise such audit rights in the event that the Supplier becomes aware of any breach by the User or upon request from the Supplier.
4.3 It is a condition of the provision of the Services that prior to such provision, the Customer shall specify in writing to the Supplier the full name and address of Users and such information concerning such Users as the Supplier shall reasonably require. If no other details are provided by the Customer, the Customer shall be deemed to be the only user of the Services and shall not be permitted to allow any other third party to use the Services or Data on its behalf.
4.4 At a reasonable time prior to such use, the Customer shall provide to the Supplier a sample of all promotional material to be delivered to any Data Subjects, and the Customer further expressly agrees that it shall not, and Users shall not, send out any promotional material if so required by the Supplier.
4.5 Users shall not use the Data or Services for any Improper Use.
4.6 The Customer shall procure that Users fully comply with the obligations of the Customer under this Agreement as if they were each a party hereto, and the Customer shall supply Users with a copy of these terms and conditions.
4.7 All Media must be returned to the Supplier’s normal address, destroyed, or permanently deleted within one month of the use of the Data. Where the Media is destroyed, the Supplier (if so requested) must provide the Customer with evidence of this.
4.8 The Services are not intended to be used as the sole basis for any business decision and are based upon data which is provided by third parties, the accuracy and/or completeness of which it would not be reasonably possible and/or economically viable for the Supplier to guarantee. The Supplier’s services also involve models and techniques based on statistical analysis, probability, and predictive behaviour. The Supplier is therefore not able to accept any liability for:
4.8.1 Any inaccuracy, incompleteness, or other error in the Data which arises as a result of data provided to the Supplier by any third party; or
4.8.2 Any failure of the Services to achieve any particular result for the Customer.
4.9 The Customer may use the Data as provided to the Customer as part of the Services, as set out in the Customer Order Form. The Customer shall not sell, transfer, sublicense, distribute, commercially exploit, or otherwise make available to, or use for the benefit of, any third party any of the Services or the Data, and will not allow any third party to adapt, alter, modify, reverse engineer, decompile, or otherwise interfere with the Data without the prior written consent of the Supplier.
4.10 Where the Data supplied by the Supplier to the Customer contains Postal Data, unless expressly agreed otherwise in writing by the Supplier, the Customer shall only be permitted to market to that Postal Data by mail or post by using the Supplier’s own print and post services and not its own postal or mailing services or those of any third party.
5. Charges
5.1 All fees, charges, and other sums payable are payable in advance of delivery by any medium and/or by the Payment Date, whichever is the sooner, unless otherwise stated within the Customer Order Form, and are subject to VAT at the rate then currently applicable.
5.2 The Customer shall have no right of set-off against the Supplier in respect of any claims it may have against the Supplier (whether in connection with this Agreement or otherwise).
5.3 Interest at the rate of 4% per annum above the base rate of Barclays Bank Plc from time to time is payable on all sums outstanding after the Payment Date, or in accordance with the Late Payment of Commercial Debts (Interest) Regulations 2002, if greater.
5.4 Where the Agreement provides for periodic payments (e.g., continuous authority) for Payment Card payments, the Supplier reserves the right to:
5.4.1 Attempt to take payment from the Customer’s nominated Payment Card, if this payment method is being used, until full payment has been made;
5.4.2 Amend the payment period for subsequent payments so that an earlier Payment Date is required for subsequent periods; and
5.4.3 If payment is again not made by the Payment Date, terminate the Agreement in accordance with Clause 10.2.
5.5 Where any transaction by a Payment Card is declined or continuous authority is revoked, the Customer warrants to make payment for the Services rendered by the Supplier by an alternative Payment Card, transfer of funds, or any other method of payment explicitly agreed by the Supplier. Where no such payment is received, the Supplier will recover the owing amount as a debt from the Customer and/or its agents, plus interest and any costs incurred by the Supplier in recovering the amount.
5.6 If the Supplier agrees to supply the Data for the purpose of deduplication against other data held by the Customer and on the basis that the Customer shall only pay a proportion of the price reflecting the Net Names actually used, any claim for credit for the unused portion of the Data must:
5.6.1 Be made within a period not exceeding three months from the date of delivery, unless otherwise agreed in writing by the Supplier; and
5.6.2 Be supported by a deduplication report or certificate from a recognised data processing bureau or other independent agency approved by the Supplier.
6 . Compliance and Audit
6.1 Each party shall, in connection with the provision or use of the Data or the Services, comply with all legislation, regulations, and other rules having equivalent force which are applicable to that party.
6.2 In addition, the Customer shall:
6.2.1 Notify all relevant details of any processing of the Shared Personal Data to the relevant Supervisory Authority, where Data Protection Legislation so requires, and only process such Shared Personal Data in accordance with the terms of its notification; and
6.2.2 Comply with its obligations in respect of the rights of the individuals to whom the Shared Personal Data relates.
6.3 The Supplier shall (in circumstances where it is a data Processor) process any Shared Personal Data contained within the Customer’s Data only in accordance with the instructions of the Customer. The Customer shall be deemed to have instructed the Supplier to process any such Shared Personal Data to the extent reasonably necessary for the provision of the Services.
6.4 Each party warrants that it shall take appropriate technical and organisational measures against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, the Personal Data of the other party. The Customer shall from time to time provide the Supplier with details of the security measures undertaken by the Customer to protect Personal Data and implement such measures as the Supplier may reasonably require in order to ensure compliance with this Clause 6.4.
6.5 Each party shall promptly provide to the other copies of all subject access requests which it receives in connection with the Services or Shared Personal Data. However, the managing of the Data Subject requests is the responsibility of the Customer.
6.6 In order to protect the integrity of the Data used in connection with the Services, the Customer shall: 6.6.1 Comply with the Supplier’s reasonable instructions and guidelines relating to data security; and 6.6.2 Not copy, interfere with, and/or use in any unauthorised way any digital certificate, web certificate or any other security device provided by the Supplier.
6.7 If any Third-Party Data or software becomes permanently unavailable to the Supplier, the Supplier shall be entitled to do one of the following on giving three months’ prior notice to the Customer:
6.7.1 Modify the affected Services as necessary to accommodate such changes or unavailability; or
6.7.2 Terminate this Agreement (without liability) in respect of those Services which are affected by such changes or unavailability.
6.8 In exercising its rights under Clause 6.7, the Supplier will consult with the Customer and act reasonably and in a way that is consistent with its treatment of its other Customers.
6.9 The Customer shall keep adequate records of Users to be provided to the Supplier at their reasonable request when exercising their audit rights under this Agreement. The Customer shall permit the Supplier and its authorised agents during the continuance of this Agreement and for a period of 3 months thereafter to enter upon the premises of the Customer upon reasonable prior written notice for the purpose of ascertaining whether the provisions of this Agreement have been and are being complied with by the Customer, and to allow the Supplier and its authorised agents to inspect the Customer’s records (including those kept in accordance with this Clause 6.9).
6.10 Any audit to be conducted by the Supplier shall be carried out by a third party (appointed by the Supplier), if the Customer reasonably objects to such audit being carried out by the Supplier. The Customer shall pay the reasonable costs of the third-party audit if such audit identifies significant non-compliance with the provisions of this Agreement.
6.11 The Customer shall promptly:
6.11.1 Audit a User’s compliance with these terms, if the Supplier notifies the Customer that it reasonably believes a User may have breached them; and
6.11.2 Provide written details of the outcome of the audit to the Supplier. The reasonable costs of such audit will be paid by the Customer if the User has breached these terms or by the Supplier if the User has not breached these terms.
6.12 The Customer shall promptly provide to the Supplier full details of all complaints relating to the Services made by a User or an individual to whom the Services relate. The Customer shall co-operate with the Supplier and the User to resolve any complaints.
6.13 If the Supplier receives a complaint relating to the Services, the Customer shall co-operate with the Supplier and the User to resolve that complaint and shall respond promptly, and in any event within 5 working days, to any request for information relating to the complaint.
6.14 Nothing in Clauses 6.9 or 6.10 shall require the Supplier to monitor prices or provide any other information which could be used directly or indirectly to fix the prices of the Services.
6.15 The Customer shall conduct due diligence in relation to all Users as required by the Supplier from time to time. Such due diligence to be defined at the time of the request and reasonably agreed between the parties.
6.16 If the Supplier reasonably believes the Services have been used in serious breach of this Agreement by the User, in the absence of any other remedy, the Supplier shall be entitled to suspend provision of the Services, and the Customer shall procure that the User shall cooperate fully with the Supplier’s investigations into such use. The Supplier and the Customer shall use all reasonable endeavours to resolve the investigations and recommence provision of the Services without delay.
7. Indemnity
7.1 The Customer shall fully indemnify and keep fully indemnified the Supplier against all and any actions, proceedings, claims, and demands brought against the Supplier or the Supplier’s sources by any User, save that this indemnity shall not apply to the extent that the claim arises as a result of a breach of this Agreement by the Supplier.
8. Copyright and other Intellectual Property
8.1 All intellectual property rights, database rights, and title in the Data, software, and all other materials contained in the Supplier’s website or delivered as part of the Services will remain vested in the Supplier (or the Supplier’s licensors or suppliers). Nothing in this Agreement is intended to affect or give rise to any assignment of copyright or other intellectual property right, howsoever conferred, acquired, or obtained. The Customer hereby acknowledges that it acquires no such proprietary rights. To the extent that any such rights vest in the Customer by operation of law, the Customer hereby assigns such rights to the Supplier.
8.2 Neither the Customer nor any User may sell, lease, hire, loan, pledge, gift, or otherwise make available, dispose of, or part with possession of any of the Services or Data in any manner or on any medium in whole or in part, or allow any other person to use or copy the Services in whole or in part, except with the Supplier’s prior written consent.
8.3 The products, technology, or processes described on the Website may be the subject of other intellectual property rights reserved by the Supplier or by other third parties. No licence is granted in respect of those intellectual property rights. Images on the Website are protected by copyright and may not be reproduced or appropriated in any manner without written permission from their respective owner(s).
8.4 The Customer acknowledges and agrees that it shall not acquire or claim any title to any of the other party’s intellectual property rights (or those of the other party’s licensors) by virtue of the rights granted to it under this Agreement or through its use of such intellectual property rights.
8.5 The Customer agrees that it will not, at any time, do or omit to do anything which is likely to prejudice the Supplier’s ownership (or the other party’s licensors’ ownership) of such intellectual property rights.
8.6 The Customer agrees not to remove, suppress, or modify in any way any proprietary marking, including any trademark or copyright notice, on or in the materials of the other party, and agrees to incorporate any such proprietary markings in any copies it takes of such materials..
9. Verification
9.1 The Services may contain a small amount of false information or “check Data.” The Customer shall ensure that Users do not knowingly delete any such false information and will notify the Supplier immediately upon becoming aware of any such misuse of the Services.
10. Termination
10.1 This Agreement shall remain in force for the period specified in the Customer Order Form except as provided in this Agreement.
10.2 The Supplier may terminate this Agreement immediately at any time upon the occurrence of any of the following events:
10.2.1 The Customer fails to make any payment due;
10.2.2 A material breach of these terms and any special terms applying to a service, whether or not such breach is remediable, but if capable of remedy such breach has not been remedied 7 days after written notice has been delivered to the Customer;
10.2.3 A resolution for the Customer’s winding up being passed, except for the purpose of a reconstruction or amalgamation;
10.2.4 The Customer being unable to pay its debts within the meaning of the Insolvency Act 1986 Section 123;
10.2.5 An encumbrancer taking possession, or a receiver or administrative receiver being appointed, or a petition being presented for the appointment of an administrative receiver in respect of the whole or any part of the Customer’s undertaking or assets; or
10.2.6 A material misrepresentation by the Customer.
10.3 The Supplier may also terminate this Agreement if it is unable to supply the Data in accordance with the Customer Order Form for reasons beyond its control, whereupon it will refund any payment received from the Customer in respect of any unsupplied Data without liability for any other loss accrued by the Customer, and without prejudice to Clause 14.
10.4 Termination of this Agreement for any reason shall be without prejudice to the accrued rights of either party as at the date of termination.
10.5 Any waiver by the Supplier of any breach of this Agreement by the Customer shall not operate as a waiver of any other past or future breach.
11. Consequences upon Termination
11.1 Upon termination or expiry of this Agreement, the Customer and Users shall:
11.1.1 Destroy, or if requested by the Supplier, return to the Supplier any Data, whether it be on paper or any other physical or tangible medium, within 14 days’ notice of the termination;
11.1.2 Permanently delete or procure the permanent deletion of all Data from all computer files and computers, and if required to do so by the Supplier, provide written evidence in such form as the Supplier may reasonably require that such deletion has been effected;
11.1.3 Return to the Supplier all and any magnetic media where property in the said media remains with the Supplier, and the Customer shall ensure that such media are adequately labelled and packaged to avoid damage; and
11.1.4 Make payment for the balance of any sums owed to the Supplier in respect of unpaid charges for the Services rendered or Data provided to the Customer by the Supplier within 14 days of termination.
11.2 Where termination occurs as a result of one of the reasons stated in Clauses 10.2.1, 10.2.2, or 10.2.6, the Supplier reserves the right to seek damages for breach of contract.
12. Cancellation
12.1 Standard Orders
Payment is due immediately. In anticipation of payment, the Customer’s order will be processed and prepared in accordance with the Customer Order Form. The order will be fulfilled upon receipt of payment. If the Customer cancels their order, they remain liable for the full payment, regardless of whether the order has been fully completed or not.
12.2 Rolling Monthly Subscriptions
12.2.1 Rolling monthly subscriptions have a minimum contract period as specified in the Customer Order, during which cancellations cannot be processed.
12.2.2 After the minimum contract period, the Customer may cancel their subscription by logging into their account and managing their subscription online.
12.2.3 Payments are due monthly in advance and are non-refundable once the subscription cycle begins, regardless of the timing of the cancellation.
12.2.4 Subscription services will continue on a rolling monthly basis until cancelled by the Customer in accordance with these terms.
13. Data Protection and Advertising Standards
13.1 The Supplier, Customer, and Users agree to comply with their obligations under Data Protection Legislation.
13.2 The Customer warrants that Users shall at all times comply with all relevant advertising standards and direct marketing guidelines, regulations, and legislation (as such guidelines, regulations, and legislation are amended, consolidated, extended, or replaced from time to time), including Data Protection Legislation, and will ensure that if the Customer passes to the Supplier any Personal Data, each individual who is the subject of such Personal Data has given consent to the processing by the Supplier of such Personal Data. The Customer shall, upon the request of the Supplier, provide sufficient evidence that it has complied with such legislation and has obtained all relevant consents and approvals.
13.3 Without prejudice to the generality of Clause 13.1, the Customer shall itself carry out such checks and searches as may be required under the Privacy and Electronic Communication (EC Directive) Regulations 2003 prior to the use of the Data, and each party shall comply with all relevant codes of practice with respect to its use of the Data, including the “Direct Marketing Association (UK) Limited Code of Practice,” Telephone Preference Service rules, Fax Preference Service rules, “The British Code of Advertising Practice,” “The British Code of Sales Promotion Practice,” and “The Advertising Association’s Standards of Practice in List and Database Management” (as such codes are amended and re-drafted from time to time). Notwithstanding the foregoing, the Supplier shall carry out such checks and searches prior to the supply of the Data and afterwards, but the Supplier does not warrant that they will be complete or accurate, although it will use its best commercial endeavours to ensure that they are.
13.4 If either party or any person claiming rights through the other party breaches any of the above, it must immediately rectify the breach and fully indemnify the other party against any fines, costs, claims, demands, and expenses incurred by the other party as a result of the relevant party’s breach, and in the case of the Customer, procure that Users also rectify any breaches for which they are responsible. The Customer shall fully indemnify the Supplier against any fines, costs, claims, demands, and expenses incurred by the Supplier as a result of such breach and, in the event of any failure to procure such indemnity, they will themselves be liable.
13.5 The Supplier warrants that all necessary consents have been obtained from Data Subjects (in the past six months) to marketing in connection with this Agreement (which, for the avoidance of doubt, enables the Customer to contact such Data Subjects for the Permitted Purpose) and that all such consents are compliant with Data Protection Legislation and other UK direct marketing and/or privacy legislation and applicable guidance.
13.6 The further obligations of the parties under Data Protection Legislation are set out in the Appendix hereto..
14. Limitation of Liability
14.1 Subject to Clauses 14.3 and 14.4, under no circumstances will either party or any source of the Data comprised in the Services be liable for any Consequential Loss that may arise from the use of the Data or other materials included in the Services or available on the Website. “Consequential Loss” shall, for these purposes, mean pure economic loss, loss of profits, and losses arising from business interruption or damages in respect of any breach of the terms of this Agreement.
14.2 Without prejudice to any other terms in this Agreement, the aggregate liability of either party in respect of claims of whatsoever nature arising out of or in respect of any breach by a party of any obligations or duty relating to the Data or its sale, supply, or use (including without limitation any liability of the Supplier for negligence or breach of copyright) under the terms of this Agreement (excluding breach of the Data Protection Act) or otherwise shall not in any circumstances exceed the total sum payable by the Customer to the Supplier under this Agreement in any calendar year in which any liability arises.
14.3 These provisions shall not apply to any liability in respect of death or personal injury arising out of the negligence of either party, its servants, or agents.
14.4 Nothing in the Agreement limits or excludes either party’s liability to relevant Data Subjects or to a Supervisory Authority under this Agreement or under UK Data Protection Legislation.
14.5 The Supplier shall use all reasonable endeavours to complete the Services and supply the Services to the Customer in accordance with any agreed timetable. However, the Customer expressly agrees that time shall not be of the essence in relation to the Supplier’s obligations under this Agreement, and that upon leaving the premises of the Supplier, the Media shall be at the risk of the Customer.
14.6 Nothing in this clause shall remove or reduce the requirement for a party to mitigate any losses.
15. Confidentiality
15.1 The Customer undertakes for itself and shall procure the undertaking of all Users for and on its behalf:
15.1.1 That it shall not, and Users shall not (without the prior written consent of the Supplier), reuse, copy, reproduce, publish, or transmit the Services (or any part thereof) in any manner whatsoever except as provided in this Agreement;
15.1.2 That it shall not, and Users shall not disclose, communicate, or make available any part of the Services or any Confidential Information (as defined hereunder) to any party not authorised under this Agreement to receive it, provided always that the Customer shall be permitted to disclose the Data to Users specified in this Agreement solely in accordance with Clause 4.3;
15.1.3 That it will prevent unauthorised access to the Confidential Information and not use the Confidential Information other than for the purposes set out in this Agreement; and
15.1.4 That it will take all reasonable steps to prevent unauthorised access to the Confidential Information.
15.2 For the purposes of sub-Clause 15.1.3, the expression “Confidential Information” shall mean:
15.2.1 Any information concerning the Supplier’s (or the Supplier’s sources and providers of Data or other material used in the Services) trade secrets or business dealings, transactions, or affairs which may come to the notice of the Customer;
15.2.2 Any information or know-how relating to the methods or techniques used by the Supplier (or the Supplier’s sources and providers of Data or other material used in the Services) in devising and developing the Services and any media documents or other materials comprising any part of such information and/or know-how made available by the Supplier hereunder; and/or
15.2.3 Any user identification code, password, or any other piece of information provided as part of the Supplier’s security procedures.
15.3 The Supplier shall have the right to disable any user identification code or password, whether chosen by the Customer or allocated by the Supplier, at any time, if in its opinion the Customer has failed to comply with any of the provisions of this Clause 15 or for any other reason.
15.4 The provisions of sub-Clause 15.1.2 shall not apply to any Confidential Information to the extent that the Customer is required to divulge the same by a court, tribunal, or governmental authority with competent jurisdiction.
16. Severance
16.1 If any part of this Agreement is found to be invalid or unenforceable by any court or other competent body, such invalidity or unenforceability shall not affect the other provisions of this Agreement, and such other provisions shall remain in full force and effect.
16.2 If any part of this Agreement is found to be invalid or unenforceable by any court or other competent body but would be valid or enforceable if some part of the provision were deleted, the provision in question shall be treated as having been amended as necessary to make it valid and enforceable.
16.3 In the circumstances referred to in Clause 16.1, and if Clause 16.2 does not apply, the parties agree to attempt to substitute for any invalid or unenforceable provision a valid and enforceable provision which achieves to the greatest extent possible the same effect as would have been achieved by the invalid or unenforceable provision.
17. Viruses
17.1 The Supplier shall not be liable to the Customer or any other party for any cost, damage, or expense howsoever arising as a result of any Virus, irrespective of the source of that Virus.
17.2 The Customer must not misuse the Supplier’s site by knowingly introducing viruses, trojans, worms, logic bombs, or other material which is malicious or technologically harmful. The Customer must not attempt to gain unauthorised access to the Supplier’s site, the server on which the site is stored, or any server, computer, or database connected to the site. The Customer must not attack the Supplier’s site via a denial-of-service attack, a distributed denial-of-service attack, or any other or similar occurrences.
17.3 By breaching the provisions of Clause 17.2, the Customer would commit a criminal offence under the Computer Misuse Act 1990. The Supplier will report any such breach to the relevant law enforcement authorities and will co-operate with those authorities by disclosing the Customer’s identity to them. In the event of such a breach, the Customer’s right to use the Supplier’s site will cease immediately.
18. Force Majeure
18.1 The Supplier shall not be liable for any failure of or delay in the performance of this Agreement for the period that such failure or delay is beyond its reasonable control, materially affects the performance of any of its obligations under this Agreement, and could not reasonably have been foreseen or provided against.
18.2 The internet or the Supplier’s systems, servers, and equipment may from time to time be inoperative, in full or in part, as a consequence of, but not limited to, mechanical breakdown, maintenance, hardware or software upgrades, telecommunication connection problems, or any function beyond the Supplier’s control. The Supplier will not be liable for any failure of the internet or any inability to provide continuous, error-free, uninterrupted services under any circumstances. In an exceptional case or circumstance beyond the Supplier’s control, the Supplier shall be entitled to cancel this Agreement or delay the performance thereof for as long as necessary.
19. Limitation of Assignment
19.1 This Agreement and the benefit of any rights and licences granted by the Supplier to the Customer by this Agreement shall be personal to the Customer, and the Customer shall not assign the benefit of the Agreement, either in whole or in part, except with the Supplier’s previous written consent.
20. Agreement Terms
20.1 The parties’ contract upon this Agreement, which shall prevail over any inconsistent terms which the Customer may seek to introduce. Such inconsistent terms shall have no effect. The Supplier may, by mutual agreement with the Customer, enter into separate contracts, but unless specified therein, the terms of this Agreement shall take precedence. The data processing agreement in the Appendix to this Agreement shall form part of this Agreement. To the extent of any conflict between the provisions of the main body of this Agreement and the provisions of the data processing agreement, the provisions of the main body of this Agreement shall prevail to the extent permitted by applicable law.
21. Agreement Variation
21.1 No variation to the terms or conditions of this Agreement shall be effective against the Supplier unless expressly agreed in writing by both parties. This Agreement supersedes all agreements and understandings between the parties, whether written or verbal, unless otherwise agreed by the Supplier. The Supplier may change the terms (other than Clauses 13 and 14, and the Appendix) of this Agreement in accordance with market practice and its commercial requirements and may notify such changes on the Website.
22. Waiver
22.1 If the Supplier waives a breach of contract by the Customer, that waiver is limited to that particular breach, and no delay by the Supplier acting upon a breach of contract will be regarded as a waiver.
23. Other Services of Supplier
23.1 The Supplier may inform the Customer from time to time by mail, email, fax, telephone, SMS, or any other suitable medium of the Supplier’s products and services. If the Customer does not wish to receive this service or part of this service, the Customer should inform the Supplier in writing at the Supplier’s address.
24. Proper Law and Jurisdiction
24.1 This Agreement is made in England according to English law and is subject to the exclusive jurisdiction of the English Courts.
25. Notices
25.1 Any notices to be sent by one party to the other in connection with this Agreement shall be in writing and shall be delivered personally or sent by special delivery post (or equivalent service offered by the postal service from time to time) or email or fax to the addresses of each party or as otherwise notified in accordance with the provisions of this Clause 25.
25.2 Notices shall be deemed to have been duly given as follows:
25.2.1 If delivered personally, upon delivery; 25.2.2 If sent by post, two clear days after the date of posting;
25.2.3 If sent by email, when transmitted, provided that a confirmation of receipt notice is received by the sender;
25.2.4 If sent by fax, when transmitted, provided that a confirmatory copy is sent by special delivery by the end of the next business day after transmission.
25.3 If either party notifies the other party of a change to its details, such notification shall only be effective on the date specified in such notice or seven days after notice is given, whichever is later.
25.4 If the address for service of notices under this Clause is outside the United Kingdom, the Customer elects the person or organisation named in the Customer Order Form for the purposes of accepting service of notices within the United Kingdom on the Customer’s behalf. Any notices sent to in accordance with this Clause are deemed given in accordance with Clause 25.2.
APPENDIX: Data Protection Appendix
These Clauses form part of the standard terms and conditions of the Agreement and are entered into on the same date as the Commencement Data of the Agreement .
1. Definitions and Interpretation
- Applicable Law: Means all laws, rules, regulations (including Data Protection Legislation), codes of practice, or other requirements of regulatory authorities, as amended from time to time and applicable to a party.
- Data Exporter: Shall mean the party who discloses Shared Personal Data to the other party.
- Data Importer: Shall mean the party who agrees to receive from the Data Exporter personal data for further processing in accordance with the terms of these clauses.
- Data Transfer: Means a transfer of Personal Data between a party to the Agreement in circumstances where both: 1.1 The Data Protection Legislation requires the transfer from the Data Exporter to the Data Importer to be on terms or under an arrangement that ensures an adequate level of protection for the rights and freedoms of Data Subjects in relation to the processing of Personal Data; and 1.2 The transfer is not subject to any of the permitted derogations or conditions contained in Data Protection Legislation (including without limitation consent of the Data Subject) such that in the absence of the obligations created by the Agreement, the export of the Personal Data would be in breach of the Data Protection Laws.
- International Organisation: Has the meaning given to it in Data Protection Legislation.
- Main Agreement: Means the Agreement.
- Permitted Recipients: Means the parties to the Agreement, the employees of each party which need access to the Shared Personal Data for the purposes for which it was shared, any third parties engaged to perform obligations in connection with the Agreement, and any professional advisors of either party.
- Personal Data Breach: A breach of security leading to the accidental, unauthorised, or unlawful destruction, loss, alteration, disclosure of, or access to, the Shared Personal Data.
- Processing, Processes, and Process: Means any activity that involves the use of Personal Data, or as the relevant Data Protection Legislation may otherwise define the terms processing, processes, or process. It includes obtaining, recording, or holding the data, or carrying out any operation or set of operations on the data, including organising, amending, retrieving, using, disclosing, erasing, or destroying it. Processing also includes transferring Personal Data to third parties.
- Supplementary Measures: Means the European Data Protection Board (EDPB) (as applicable) recommendations on supplementary measures to assist Controllers and Processors acting as Data Exporters with their duty to identify and implement appropriate supplementary measures where they are needed to ensure an essentially equivalent level of protection to the Personal Data they transfer to third countries.
- TIA: Means a transfer impact assessment or transfer risk assessment, which is an assessment of the privacy protections of the laws and regulations of a recipient country outside of the EU/EEA and/or UK (as appropriate).
1.1 Unless otherwise expressly stated in this Appendix:
1.1.1 Clauses herein are referenced as paragraphs and clauses in the Agreement as clauses.
1.1.2 Capitalised terms not defined herein have the definition accorded to them in the Agreement.
1.1.3 Defined data protection terms that are not used in the relevant data protection law shall have the meaning which most nearly approximates to the UK GDPR equivalent.
2. General
2.1 This Appendix is in addition to, and does not relieve, remove, or replace, a party’s obligations or rights under the Data Protection Legislation. This Appendix shall prevail over any other provision of the Agreement in the event of any conflict as far as it relates to the subject matter of the Appendix or the relevant paragraph herein.
2.2 Neither party has reason to believe, at the time of entering into this Appendix, of the existence of any local laws that would have a substantial adverse effect on the guarantees provided for under the Appendix or the Agreement, and it will inform the other party (which will pass such notification on to the Supervisory Authority where required) if it becomes aware of any such laws.
2.3 When a party is subject to more than one data protection legislation regime, it shall, as far as possible, meet all its obligations under all applicable Data Protection Legislation. Where there is a conflict of requirements under data protection legislation regimes, a party shall adhere to the data protection legislation elements of each regime which applies the strictest level of data protection and data subject rights to a Data Subject’s Personal Data.
2.4 Each party will identify to the other a contact point within its organisation authorised to respond to enquiries concerning processing of the Personal Data and will co-operate in good faith with each other, the Data Subject, and the Supervisory Authority concerning all such enquiries within a reasonable time.
2.5 The details of the sharing of the Shared Personal Data are specified in Annex A. The parties agree that Annex A may contain confidential business information, which they will not disclose to third parties, except as required by law or in response to a Supervisory Authority, competent regulatory, or government agency.
2.6 The parties agree that, where the Supplier is a Processor of the Shared Personal Data, Section 1 shall apply, and where the Supplier is a Controller of the Shared Personal Data, Section 2 shall apply.
3. Status
3.1 For the purposes of Data Protection Legislation and the Agreement, the Customer acknowledges that each of the Supplier and Customer will be acting as separate Data Controllers in respect of the Shared Personal Data for the purposes of the Agreement.
3.2 As a Data Controller, the Customer shall comply with the provisions of all applicable privacy and data protection laws, regulations, or best practice (including without limitation the Data Protection Legislation) in the use and processing of any Shared Personal Data.
3.3 Notwithstanding the Supplier’s acknowledgement that it will be acting as a separate Data Controller in respect of the Shared Personal Data for the purpose of this Agreement, to the extent that there are any particular circumstances in which the Supplier processes the Shared Personal Data as a Data Processor on the Customer’s behalf (including circumstances where the Customer is acting as a Data Controller), the Supplier warrants and agrees that it will do so only in accordance with the Customer’s instructions and the paragraphs set out in Section 1 below.
4. Data Transfers
4.1 The Processor shall not transfer any Shared Personal Data to any country or territory outside the United Kingdom or to any International Organisation without the prior written authorisation of the Data Exporter.
4.2 A Controller may transfer any Shared Personal Data to any country or territory outside the United Kingdom or to any International Organisation, provided they do so in accordance with Data Protection Legislation and where required, complete a Transfer Impact Assessment (TIA) and incorporate any Supplementary Measures identified in such TIA.
5. Section 1 Data Processing
5.1 General
5.1.1 These paragraphs in Section 1 apply where the Supplier is the Processor, and the Customer is the Controller of the Shared Personal Data.
5.1.2 This Section 1 shall prevail over any other provision of the Agreement in the event of any conflict as far as that conflict relates to the sharing of the Shared Personal Data between a Processor and a Controller.
5.1.3 Without prejudice to the generality of paragraph 5.1.1, the Customer shall ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Shared Personal Data to the Supplier.
5.2 Processor Obligations
5.2.1 Without prejudice to the generality of paragraph 5.1, the Supplier will, in relation to any Shared Personal Data processed in connection with the performance by the Supplier of its obligations under the Agreement:
5.2.1.1 Process that Shared Personal Data only on the documented written instructions of the Customer, unless the Supplier is otherwise required by Applicable Law (and shall inform the Customer of that legal requirement before processing, unless Applicable Law prohibits the Supplier from so notifying the Customer);
5.2.1.2 Ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Shared Personal Data and against accidental loss or destruction of, or damage to, Shared Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction, or damage, and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Shared Personal Data, ensuring confidentiality, integrity, availability, and resilience of its systems and services, ensuring that availability of and access to Shared Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
5.2.1.3 Ensure that all personnel who have access to and/or process Shared Personal Data are obliged to keep the Shared Personal Data confidential;
5.2.1.4 Not process and/or transfer, or otherwise directly or indirectly disclose, any Shared Personal Data in or to countries outside the United Kingdom or to any International Organisation without the prior authorisation of the Customer;
5.2.1.5 Assist the Customer, at the Customer’s cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments, and consultations with Supervisory Authorities;
5.2.1.6 Notify the Customer without undue delay on becoming aware of a Personal Data Breach affecting the Shared Personal Data;
5.2.1.7 At the written direction of the Customer, on the end of the provision of the services relating to the processing of Shared Personal Data, at the Customer’s cost and the Customer’s option, the Supplier shall either return all of the Shared Personal Data to the Customer or securely dispose of the Shared Personal Data (and thereafter promptly delete all existing copies of it), except to the extent that any applicable law requires the Supplier to store such Shared Personal Data. This paragraph 5.2.1.7 shall survive termination or expiry of this Agreement;
5.2.1.8 Have in place procedures so that any third party it authorises to have access to the Shared Personal Data, including Processors, will respect and maintain the confidentiality and security of the Shared Personal Data.
5.2.2 The Supplier shall, in accordance with Data Protection Legislation, make available to the Customer such information that is in its possession or control as is necessary to demonstrate its compliance with the obligations placed on it under this paragraph 5.2 and Data Protection Legislation and will allow for and contribute to audits, including inspections, by the Customer (or another auditor mandated by the Customer) for this purpose (subject to a maximum of one audit request in any 12-month period under this paragraph 5.2.2). To the extent consistent with the foregoing, the Supplier shall, however, be entitled to withhold information where it is commercially sensitive or confidential to it or its other customers.
5.2.3 The Customer consents to the Supplier appointing the third-party processors listed in Annex I.A as third-party processors of Shared Personal Data under this Appendix. The Supplier confirms that it has entered or (as the case may be) will enter into a written agreement with the third-party processor incorporating terms which are substantially similar to those set out in this Section 1 between the Customer and the Supplier. The Supplier shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this paragraph 5.2.3.
5.3 International Transfers
5.3.1 The Supplier, when acting as a processor, shall not transfer any Customer Personal Data to any country or territory outside the United Kingdom or to any International Organisation without the prior written authorisation of the Data Exporter.
6. Section 2 – Data Sharing Between Controllers
6.1 General
6.1.1 These clauses in Section 2 apply where the Supplier is a Controller, and the Customer is a Controller of the Shared Personal Data.
6.1.2 This clause sets out the framework for the sharing of Personal Data between the parties as Controllers.
6.1.3 Each party acknowledges that the Data Exporter will regularly disclose to the other party Shared Personal Data collected by the Data Exporter for the Permitted Purpose.
6.1.4 Each party shall comply with all the obligations imposed on a Controller under the Data Protection Legislation, and any material breach of the Data Protection Legislation by one party shall, if not remedied within thirty days of written notice from the other party, give grounds to the other party to terminate the Agreement with immediate effect.
6.1.5 Each party shall:
(a) Ensure that it has all necessary notices, consents, and lawful bases in place to enable the lawful disclosure of the Shared Personal Data to the Permitted Recipients for the Permitted Purpose;
(b) Ensure Shared Personal Data has been collected, processed, and transferred in accordance with the Data Protection Legislation;
(c) Give full information to any Data Subject whose Personal Data may be processed under the Agreement of the nature of such processing. This includes giving notice that, on the termination of the Agreement, Personal Data relating to them may be retained by or, as the case may be, transferred to one or more of the Permitted Recipients, their successors, and assignees;
(d) Process the Shared Personal Data only for the Permitted Purpose;
(e) Not disclose or allow access to the Shared Personal Data to anyone other than the Permitted Recipients;
(f) Ensure that all Permitted Recipients are subject to written contractual obligations concerning the Shared Personal Data (including obligations of confidentiality) which are no less onerous than those imposed by the Agreement;
(g) Ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the other party, to protect against unauthorised or unlawful processing of Shared Personal Data and against accidental loss or destruction of, or damage to, Shared Personal Data.
6.1.6 Each party shall assist the other in complying with all applicable requirements of the Data Protection Legislation. In particular, each party shall:
(a) Provide the Data Importer, when so requested, with copies of relevant data protection laws or references to them (where relevant, and not including legal advice) of the country in which the Data Exporter is established;
(b) Consult with the other party about any notices given to Data Subjects in relation to the Shared Personal Data;
(c) Assist the other party, at the cost of the other party, in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, personal data breach notifications, data protection impact assessments, and consultations with the Commissioner or other regulators;
(d) Notify the other party without undue delay on becoming aware of any breach of the Data Protection Legislation;
(e) At the written direction of the Data Discloser, delete or return Shared Personal Data and copies thereof to the Data Discloser on termination of the Agreement unless required by law to store the Shared Personal Data;
(f) Use compatible technology for the processing of Shared Personal Data to ensure that there is no lack of accuracy resulting from personal data transfers;
(g) Maintain complete and accurate records and information to demonstrate its compliance with this Section 2 and allow for audits by the other party or the other party’s designated auditor;
(h) Provide the other party with contact details of at least one employee as a point of contact and responsible manager for all issues arising out of the Data Protection Legislation, including the joint training of relevant staff, the procedures to be followed in the event of a data security breach, and the regular review of the parties’ compliance with the Data Protection Legislation;
(i) The Customer will respond to any request from a Data Subject, unless the parties have agreed that the Supplier will so respond, in which case the Customer will be responsible for all costs. Responses will be made within a reasonable time at the cost of the Customer. The Customer will provide the other party with reasonable assistance in complying with any Data Subject rights request;
(j) Promptly inform the other party about the receipt of any Data Subject rights request;
(k) Not disclose, release, amend, delete, or block any Shared Personal Data in response to a Data Subject rights request without first consulting the other party, wherever possible.
6.2 International Transfers
6.2.1 A Controller may transfer any Shared Personal Data to any country or territory outside the United Kingdom or to any International Organisation, provided they do so in accordance with Data Protection Legislation and, where required, complete a TIA, substantially similar to that set out by the ICO for UK Data transfers (intl-transfer-risk-assessment-tool-20210804.pdf) and incorporate any Supplementary Measures identified in such TIA.
6.2.2 Any Data Transfer made under clause 6.2.2 shall be subject to paragraphs 6.3 to 6.5 (as applicable). Paragraph 6.3 applies to Personal Data subject to the GDPR, and Paragraph 6.4 applies to Personal Data subject to the GDPR and UK GDPR.
6.3 EU SCCs Module One Incorporation
6.3.1 In this paragraph, “2021 EU SCCs” means Module One (Controller to Controller) of the standard contractual clauses set out in Commission Implementing Decision (EU) 2021/914. The Supplier shall comply with the Data Importer’s obligations, and the Customer shall comply with the Data Exporter’s obligations, set out in the 2021 EU SCCs, which are hereby incorporated into and form part of this Agreement. In such incorporated 2021 EU SCCs:
(a) For the purposes of Annex I.A, the Data Exporter is a Controller, and the Data Importer is a Controller, and the name, address, contact person’s details, and relevant activities for each of them is as set out in Annex I.A;
(b) For the purposes of Annex I.A, the details of the Data Protection Officer and representative in the European Union of the Data Exporter are as set out in Annex I.A;
(c) For the purposes of Annex I.B, the description of transfers shall be as set out in Annex I.A;
(d) For the purposes of Annex II, the technical and organisational measures referred to in Annex II shall apply;
(e) Clause 7 (Docking clause) shall not apply;
(f) The optional provisions in Clause 11(a) shall not apply;
(g) For the purposes of Clause 13(a), the second paragraph of text shall apply (but the first and third paragraphs shall not apply);
(h) For the purposes of Clause 13 and Annex I.C, the competent Supervisory Authority shall be the Data Protection Commission of the Republic of Ireland;
(i) For the purposes of Clause 17, the governing law shall be the law of the Republic of Ireland;
(j) For the purposes of Clause 18(b), the relevant courts shall be those of the Republic of Ireland;
(k) The signatures (in any form, including handwritten or electronic) given in connection with the execution of this Agreement by a party and the dates of such signatures shall apply (respectively) as the ‘Signature and date’ required from that party under Annex I.A.
6.4 UK GDPR – Clause to Incorporate UK Addendum for Module One of the 2021 EU SCC
6.4.1 In this paragraph, “UK Addendum” means the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (version B.1.0) issued by the United Kingdom’s Information Commissioner. The Customer shall comply with the Importer’s obligations, and the Supplier shall comply with the Exporter’s obligations, set out in the UK Addendum, which is hereby incorporated into and forms part of this Agreement. In such incorporated UK Addendum:
(a) The full legal name, main address, and official registration number of the Importer and the Exporter are as set out in Annex I.A; and the Start Date is the Commencement Date as defined in the Main Agreement;
(b) The full name, job title, and contact details (including email) of the key contact of each of the Importer and Exporter are as set out in Annex I.A;
(c) For the purposes of the Addendum EU SCCs (as such term is defined in the UK Addendum), Module One (Controller to Controller) is in operation, Clause 7 (Docking clause) shall not apply, and the optional provisions in Clause 11(a) shall not apply;
(d) For the purposes of the Appendix Information (as such term is defined in the UK Addendum), the parties are listed and described in Annex I.A; name, address, contact person’s details (i.e., contact person’s name, position, and contact details) and activities relevant to the data transferred under the UK Addendum for each party; the applicable technical and organisational measures are set out in Annex II;
(e) For the purposes of Part 1, the Supplier may terminate the UK Addendum pursuant to Section 19 of such UK Addendum; and (f) The relevant boxes and information in Tables One to Three of such incorporated UK Addendum shall be deemed completed accordingly.
ANNEX A
1. Annex I.A Parties
(a) The Customer warrants to the Supplier that it shall provide the Supplier with the Customer details set out in the table below on or before the Commencement Date.
(b) The Customer shall fully indemnify and keep fully indemnified on demand and hold harmless the Supplier against all and any damages, liabilities, demands, costs, and expenses, including all legal and other professional fees, costs and expenses, claims, actions, and proceedings (including all consequential, direct, indirect, special, or incidental loss or punitive damages or loss, fines, penalties, interest, and loss of profit or any other form of economic loss, including loss of reputation) arising from the Customer’s failure to provide the Customer details in accordance with paragraph 1(a) above.
Supplier Details | |
Address: | The Archive Centre, Honeywood Road, Dover, CT16 3EH |
Company: | Selectabase Ltd |
Email: | [email protected] |
Relevant Activities: | Provision of the Services. |
Data Protection Officer: | See Privacy Policy |
EU & UK Representative: | See Privacy Policy |
Customer Details | |
Information required: Key Contact Name, Company Name, Position, Email, Relevant Activities, Data Representative. |
Annex I.B Description of the Data Sharing & Processing
1. Subject matter of the processing: Any Personal Data shared and processed in the course of the Supplier providing Services to the Customer.
2. Duration of the processing: The duration of the provision of the Services by the Supplier to the Customer.
3. Nature of the processing: The provision of any one or more of the following services (the “Services”) by the Supplier to the Customer as agreed between the parties:
- Print, fulfilment, and general mailing house services
- Data checking including flagging of TPS, MPS, gone aways, deceased, email verification, line number testing, and data enhancement
4. Purpose of the processing: The provision of the Services by the Supplier to the Customer.
5. Types of personal data shared and processed:
- Names
- Titles
- Email addresses
- Company and legal entity names
- Phone numbers
- Addresses
- Date of birth
- Contact name & job function
- Job title
- Legal status
- Number of directors
- Any other Personal Data processed by the Data Processor on behalf of the Data Controller from time to time
Categories of data subjects:
- Consumer and business prospect data
2. Annex II. Technical and Organisational Measures (TOMS)
3.1 Supplier TOMS
Visit the following link to view Supplier Technical and Organisational Measures (TOMS).