Data Processing Agreement between my company and Your Key Info Limited
Definitions and interpretation
Personal data types and processing purposes
Provider's obligations
Provider's employees
Security
Personal Data Breach
Transfers of personal data
Subcontractors
Complaints, data subject requests and third-party rights
Term and termination
Data return and destruction
Records
Audit
Warranties
Notice
ANNEX Personal Data Processing Purposes and Details
This agreement is dated as per the accepted terms and conditions
PARTIES
My Company as inputted as my company into the ‘create account’ element of this document (Customer)
Your Key Information Limited incorporated and registered in England and Wales with company number 12459700 registered office as indicated on the home page (Provider)
BACKGROUND
The Customer and the Provider entered into Software Licence Agreement (Master Agreement) that will require the Provider to process Personal Data on behalf of the Customer. This Personal Data Processing Agreement (Agreement) sets out the additional terms, requirements and conditions on which the Provider will process Personal Data when providing services under the Master Agreement. This Agreement contains the mandatory clauses required by Article 28(3) of the General Data Protection Regulation ((EU) 2016/679) for contracts between controllers and processors.
AGREED TERMS Definitions and interpretation
The following definitions and rules of interpretation apply in this Agreement.
Definitions:
Authorised Persons: the persons or categories of persons that the Customer authorises to give the Provider personal data processing instructions by providing them with access to the Your Key Info software.
Business Purposes: the services described in the Master Agreement and in Annex A.
Data Subject: an individual who is the subject of Personal Data.
Personal Data: means any information relating to an identified or identifiable natural person that is processed by the Provider as a result of, or in connection with, the provision of the services under the Master Agreement; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing, processes and process: either any activity that involves the use of Personal Data or as the Data Protection Legislation may otherwise define processing, processes or process. It includes any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, stage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Processing also includes transferring Personal Data to third parties.
Data Protection Legislation: all applicable data protection and privacy legislation in force from time to time in the UK including the General Data Protection Regulation ((EU) 2016/679); the Data Protection Act 2018; the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended.
Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed. This Agreement is subject to the terms of the Master Agreement and is incorporated into the Master Agreement. Interpretations and defined terms set forth in the Master Agreement apply to the interpretation of this Agreement. The Annexes form part of this Agreement and will have effect as if set out in full in the body of this Agreement. Any reference to this Agreement includes the Annexes. A reference to writing or written includes faxes and email. In the case of conflict or ambiguity between: any provision contained in the body of this Agreement and any provision contained in the Annexes, the provision in the body of this Agreement will prevail; the terms of any accompanying invoice or other documents annexed to this Agreement and any provision contained in the Annexes, the provision contained in the Annexes will prevail; any of the provisions of this Agreement and the provisions of the Master Agreement, the provisions of this Agreement will prevail. Personal data types and processing purposes The Customer and the Provider acknowledge that for the purpose of the Data Protection Legislation, the Customer is the controller and the Provider is the processor.
The Customer retains control of the Personal Data and remains responsible for its compliance obligations under the applicable Data Protection Legislation, including providing any required notices and obtaining any required consents, and for the processing instructions it gives to the Provider.
ANNEX A describes the subject matter, duration, nature and purpose of processing and the Personal Data categories and Data Subject types in respect of which the Provider may process to fulfil the Business Purposes of the Master Agreement. Provider's obligations The Provider will only process the Personal Data to the extent, and in such a manner, as is necessary for the Business Purposes in accordance with the Customer's written instructions from Authorised Persons. The Provider will not process the Personal Data for any other purpose or in a way that does not comply with this Agreement or the Data Protection Legislation. The Provider must promptly notify the Customer if, in its opinion, the Customer's instruction would not comply with the Data Protection Legislation. The Provider must promptly comply with any Customer request or instruction from Authorised Persons requiring the Provider to amend, transfer, delete or otherwise process the Personal Data, or to stop, mitigate or remedy any unauthorised processing. The Provider will maintain the confidentiality of all Personal Data and will not disclose Personal Data to third parties unless the Customer or this Agreement specifically authorises the disclosure, or as required by law. If a law, court, regulator or supervisory authority requires the Provider to process or disclose Personal Data, the Provider must first inform the Customer of the legal or regulatory requirement and give the Customer an opportunity to object or challenge the requirement, unless the law prohibits such notice.
The Provider will reasonably assist the Customer with meeting the Customer's compliance obligations under the Data Protection Legislation, taking into account the nature of the Provider's processing and the information available to the Provider, including in relation to Data Subject rights, data protection impact assessments and reporting to and consulting with supervisory authorities under the Data Protection Legislation. The Provider must promptly notify the Customer of any changes to Data Protection Legislation that may adversely affect the Provider's performance of the Master Agreement.
Provider's employees The Provider will ensure that all employees: are informed of the confidential nature of the Personal Data and are bound by confidentiality obligations and use restrictions in respect of the Personal Data; have undertaken training on the Data Protection Legislation relating to handling Personal Data and how it applies to their particular duties; and are aware both of the Provider's duties and their personal duties and obligations under the Data Protection Legislation and this Agreement.
Security: The Provider must at all times implement appropriate technical and organisational measures against unauthorised or unlawful processing, access, disclosure, copying, modification, storage, reproduction, display or distribution of Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage of Personal Data. The Provider must implement such measures to ensure a level of security appropriate to the risk involved, including as appropriate: the pseudonymisation and encryption of personal data; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and a process for regularly testing, assessing and evaluating the effectiveness of security measures.
Personal Data Breach: The Provider will promptly and without undue delay notify the Customer if any Personal Data is lost or destroyed or becomes damaged, corrupted, or unusable. The Provider will restore such Personal Data at its own expense. The Provider will within 12 hours and without undue delay notify the Customer if it becomes aware of: any accidental, unauthorised or unlawful processing of the Personal Data; or any Personal Data Breach.
Where the Provider becomes aware of (a) and/or (b) above, it shall, without undue delay, also provide the Customer with the following information: description of the nature of (a) and/or (b), including the categories and approximate number of both Data Subjects and Personal Data records concerned; the likely consequences; and description of the measures taken, or proposed to be taken to address (a) and/or (b), including measures to mitigate its possible adverse effects. Immediately following any unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties will co-ordinate with each other to investigate the matter.
The Provider will reasonably co-operate with the Customer in the Customer's handling of the matter, including: assisting with any investigation; providing the Customer with physical access to any facilities and operations affected; facilitating interviews with the Provider's employees, former employees and others involved in the matter; making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by the Customer; and taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach or unlawful Personal Data processing.
The Provider will not inform any third party of any Personal Data Breach without first obtaining the Customer's prior written consent, except when required to do so by law. The Provider agrees that the Customer has the sole right to determine: whether to provide notice of the Personal Data Breach to any Data Subjects, supervisory authorities, regulators, law enforcement agencies or others, as required by law or regulation or in the Customer's discretion, including the contents and delivery method of the notice; and whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy. The Provider will cover all reasonable expenses associated with the performance of the obligations under clause 6.2 and clause 6.4 unless the matter arose from the Customer's specific instructions, negligence, wilful default or breach of this Agreement, act or omission by an Authorised Person in which case the Customer will cover all reasonable expenses.
The Provider will also reimburse the Customer for actual reasonable expenses that the Customer incurs when responding to a Personal Data Breach to the extent that the Provider caused such a Personal Data Breach, including all costs of notice and any remedy as set out in clause 6.6.
Transfers of personal data: The Provider (or any subcontractor) must not transfer or otherwise process Personal Data outside the European Economic Area (EEA). The Provider (or any subcontractor) will not transfer any Personal Data to any third party within the UK without the express consent of the Data Subject.
Subcontractors: The Provider may only authorise a third party (subcontractor) to process the Personal Data if: the Customer is provided with an opportunity to object to the appointment of each subcontractor within 10 after the Provider supplies the Customer with full details regarding such subcontractor; the Provider enters into a written contract with the subcontractor that contains terms substantially the same as those set out in this Agreement, in particular, in relation to requiring appropriate technical and organisational data security measures, and, upon the Customer's written request, provides the Customer with copies of such contracts; the Provider maintains control over all Personal Data it entrusts to the subcontractor; and the subcontractor's contract terminates automatically on termination of this Agreement for any reason.
Those subcontractors approved as at the commencement of this Agreement are as set out in ANNEX A. The Provider must list all approved subcontractors in Annex A and include any subcontractor's name and location and contact information for the person responsible for privacy and data protection compliance. Where the subcontractor fails to fulfil its obligations under such written agreement, the Provider remains fully liable to the Customer for the subcontractor's performance of its agreement obligations. The Parties consider the Provider to control any Personal Data controlled by or in the possession of its subcontractors. On the Customer's written request, the Provider will audit a subcontractor's compliance with its obligations regarding the Customer's Personal Data and provide the Customer with the audit results. Complaints, data subject requests and third party rights The Provider must, at no additional cost, take such technical and organisational measures as may be appropriate, and promptly provide such information to the Customer as the Customer may reasonably require, to enable the Customer to comply with: the rights of Data Subjects under the Data Protection Legislation, including subject access rights, the rights to rectify and erase personal data, object to the processing and automated processing of personal data, and restrict the processing of personal data; and information or assessment notices served on the Customer by any supervisory authority under the Data Protection Legislation.
The Provider must notify the Customer immediately if it receives any complaint, notice or communication that relates directly or indirectly to the processing of the Personal Data or to either party's compliance with the Data Protection Legislation. The Provider must notify the Customer within 5 working days if it receives a request from a Data Subject for access to their Personal Data or to exercise any of their related rights under the Data Protection Legislation. The Provider will give the Customer its full co-operation and assistance in responding to any complaint, notice, communication or Data Subject request. The Provider must not disclose the Personal Data to any Data Subject or to a third party other than at the Customer's request or instruction, as provided for in this Agreement or as required by law. Term and termination This Agreement will remain in full force and effect so long as: The Master Agreement remains in effect; or the Provider retains any Personal Data related to the Master Agreement in its possession or control (Term).
Any provision of this Agreement that expressly or by implication should come into or continue in force on or after termination of the Master Agreement in order to protect Personal Data will remain in full force and effect. The Provider's failure to comply with the terms of this Agreement is a material breach of the Master Agreement. In such event, the Customer may terminate the Master Agreement effective immediately on written notice to the Provider without further liability or obligation. If a change in any Data Protection Legislation prevents either party from fulfilling all or part of its Master Agreement obligations, the parties will suspend the processing of Personal Data until that processing complies with the new requirements.
If the parties are unable to bring the Personal Data processing into compliance with the Data Protection Legislation within 30 days, they may terminate the Master Agreement on written notice to the other party. Data return and destruction At the Customer's request, the Provider will give the Customer a copy of or access to all or part of the Customer's Personal Data in its possession or control in the format and on the media reasonably specified by the Customer. On termination of the Master Agreement for any reason or expiry of its term, the Provider will securely delete or destroy or, if directed in writing by the Customer, return and not retain, all or any Personal Data related to this Agreement in its possession or control.
If any law, regulation, or government or regulatory body requires the Provider to retain any documents or materials that the Provider would otherwise be required to return or destroy, it will notify the Customer in writing of that retention requirement, giving details of the documents or materials that it must retain, the legal basis for retention, and establishing a specific timeline for destruction once the retention requirement ends. The Provider will certify in writing that it has destroyed the Personal Data within 21 days after it completes the destruction.
Records: The Provider will keep detailed, accurate and up-to-date written records regarding any processing of Personal Data it carries out for the Customer, including but not limited to, the access, control and security of the Personal Data, approved subcontractors and affiliates, the processing purposes, categories of processing, any transfers of personal data to a third country and related safeguards, and a general description of the technical and organisational security measures referred to in clause 5.1 (Records).
The Provider will ensure that the Records are sufficient to enable the Customer to verify the Provider's compliance with its obligations under this Agreement and the Provider will provide the Customer with copies of the Records upon request. The Customer and the Provider must review the information listed in the Annexes to this Agreement to confirm its current accuracy and update it when required to reflect current practices.
Audit: The Provider will permit the Customer and its third-party representatives to audit the Provider's compliance with its Agreement obligations, on at least 21 days' notice, during the Term. The Provider will give the Customer and its third-party representatives all necessary assistance to conduct such audits. The assistance may include, but is not limited to: physical access to, remote electronic access to, and copies of the Records and any other information held at the Provider's premises or on systems storing Personal Data; access to and meetings with any of the Provider's personnel reasonably necessary to provide all explanations and perform the audit effectively; and inspection of all Records and the infrastructure, electronic data or systems, facilities, equipment or application software used to store, process or transport Personal Data. The notice requirements in clause 13.1 will not apply if the Customer reasonably believes that a Personal Data Breach occurred or is occurring, or the Provider is in breach of any of its obligations under this Agreement or any Data Protection Legislation. If a Personal Data Breach occurs or is occurring, or the Provider becomes aware of a breach of any of its obligations under this Agreement or any Data Protection Legislation, the Provider will: promptly, conduct its own audit to determine the cause; produce a written report that includes detailed plans to remedy any deficiencies identified by the audit; provide the Customer with a copy of the written audit report; and remedy any deficiencies identified by the audit within 21 days.
At least once a year, the Provider will conduct site audits of its Personal Data processing practices and the information technology and information security controls for all facilities and systems used in complying with its obligations under this Agreement, including, but not limited to, obtaining a network-level vulnerability assessment performed by a recognised third-party audit firm based on recognised industry best practices. On the Customer's written request, the Provider will make all of the relevant audit reports available to the Customer for review, including as applicable.
The Customer will treat such audit reports as the Provider's confidential information under this Agreement. The Provider will promptly address any exceptions noted in the audit reports with the development and implementation of a corrective action plan by the Provider's management. Warranties The Provider warrants and represents that: its employees, subcontractors, agents and any other person or persons accessing Personal Data on its behalf are reliable and trustworthy and have received the required training on the Data Protection Legislation relating to the Personal Data; it and anyone operating on its behalf will process the Personal Data in compliance with the Data Protection Legislation and other laws, enactments, regulations, orders, standards and other similar instruments; it has no reason to believe that the Data Protection Legislation prevents it from providing any of the Master Agreement's contracted services; and considering the current technology environment and implementation costs, it will take appropriate technical and organisational measures to prevent the unauthorised or unlawful processing of Personal Data and the accidental loss or destruction of, or damage to, Personal Data, and ensure a level of security appropriate to: the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; the nature of the Personal Data protected; and comply with all applicable Data Protection Legislation and its information and security policies, including the security measures required in clause 5.1.
The Customer warrants and represents that the Provider's expected use of the Personal Data for the Business Purposes and as specifically instructed by the Customer will comply with the Data Protection Legislation. Notice Any notice or other communication given to a party under or in connection with this Agreement must be in writing and delivered to:
For the Customer: the email address entered into the agreement at the time of accepting the terms.
For the Provider: info@yourkeyinfo.com clause 15.1 does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution. A notice given under this agreement is not valid if sent by email. This agreement has been entered into on the date stated at the beginning of it. Personal Data Processing Purposes and Details Subject matter of processing: Personal Data i.e. Individual workers contact details. Duration of Processing: 12 months Nature of Processing: Collection and retention of data necessary for the completion and production of “Key Information Document” and “Key Facts” documentation required by legislation and thereafter transfer of data to selected third party for the purposes of entering into an employment contract. Business Purposes: necessary to perform the contract for work finding services; to comply with the obligations imposed by the Conduct of Employment Agency and Employment Business Regulations 2003; legitimate business interests of the Customer acting as an Employment Business in placing the Data Subject on Assignment; transfer of data to third party payroll company as prospective employer.
Personal Data Categories: Name, Address, email address, Phone number, DOB, NI Number. Data Subject Types: Contingent / Agency Workers i.e. Individual work seekers looking for temporary work.
Software licence agreement between Your Key Information Limited and my company
Interpretation
Delivery, acceptance and installation
Licence
Maintenance releases
Fees
Confidentiality and publicity
Supplier's warranties
Limits of liability
Intellectual property rights
Waiver
Remedies
Entire agreement
Variation
Severance
Counterparts
Third-party rights
No partnership or agency
Force majeure 1
Notices
Governing law and jurisdiction
PARTIES
My Company as inputted as my company into the ‘create account’ element of this document (Customer)
Your Key Information Limited incorporated and registered in England and Wales with company number 12459700 registered office as indicated on the home page (Supplier)
BACKGROUND
The Supplier is the entire legal and beneficial owner and licensor of Your Key Information document production
software and is willing to license the Customer to use these products.Agreed terms Interpretation: The definitions and rules of interpretation in this clause apply in this licence. Acceptance Date: the date on which the Customer is deemed to have accepted the Software under clause 2.2.
Affiliate: any business entity from time to time controlling, controlled by, or under common control with, either party.
Business Day: a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business
Fee: the licence fee payable by the Customer to the Supplier under clause
Intellectual Property Rights: patents, utility models, rights to inventions, copyright and related rights, trademarks and service marks, trade names and domain names, rights in get-up, goodwill and the right to sue for passing off or unfair competition, rights in designs, rights in computer software, database rights, rights to preserve the confidentiality of information (including know-how and trade secrets) and any other intellectual property rights, including all applications for (and rights to apply for and be granted), renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist, now or in the future, in any part of the world.
Maintenance Release: release of the Software that corrects faults, adds functionality or otherwise amends or upgrades the Software, but which does not constitute a New Version.
New Version: any new version of the Software which from time to time is publicly marketed and offered for purchase by the Supplier in the course of its normal business, being a version which contains such significant differences from the previous versions as to be generally accepted in the marketplace as constituting a new product.
Open-Source Software: open-source software as defined by the Open Source Initiative (http://opensource.org) or the Free Software Foundation (http://www.fsf.org).
Site: the premises from which the Customer carries out its business as stated above or as notified to the Supplier in writing from time to time.
Software: the computer programs listed in www.yourkeyinfo.com and any Maintenance Release which is acquired by the Customer during the subsistence of this licence.
Source Code Materials: the source code of the Software, and all technical information and documentation required to enable the Customer to modify and operate it.
Specification: the document detailing the specification of the Software which forms www.yourkeyinfo.com.
Holding company and subsidiary mean a "holding company" and "subsidiary" as defined in section 1159 of the Companies Act 2006. In the case of a limited liability partnership which is a subsidiary of a company or another limited liability partnership, section 1159 of the Companies Act 2006 shall be amended so that: (a) references in sub sections 1159(1)(a) and (c) to voting rights are to the members' rights to vote on all or substantially all matters which are decided by a vote of the members of the limited liability partnership; and (b) the reference in section 1159(1)(b) to the right to appoint or remove a majority of its board of directors is to the right to appoint or remove members holding a majority of the voting rights.
Clause, Schedule and paragraph headings shall not affect the interpretation of this agreement.
Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall
include the singular;A reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time; a reference to one gender shall include a reference to the other genders; and any words following the terms including, include, in particular, for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms. In the case of conflict or ambiguity between any provision contained in the body of this licence and any provision contained in the schedules or appendices, the provision in the body of this licence shall take precedence.
A person includes a natural person, corporate or unincorporated body (whether or not having separate legal personality) and that person's personal representatives, successors and permitted assigns.
References to clauses and Schedules are to the clauses and Schedules of this agreement and references to paragraphs are to paragraphs of the relevant Schedule. The Schedules and Annexes form part of this licence and shall have effect as if set out in full in the body of this licence. Any reference to this licence includes the Schedules and Annexes.
Delivery, acceptance and installation The Supplier shall deliver one copy of the Software electronically online at www.yourkeyinfo.com. The Customer shall be deemed to have accepted the Software if the Customer commences operational use of the Software.
Licence In consideration of the Fee paid by the Customer to the Supplier, receipt of which the Supplier hereby acknowledges, the Supplier grants to the Customer a non-exclusive licence to use the Software.
In relation to scope of use: for the purposes of clause 3.1, use of the Software shall be restricted to use of the Software in object code form for the purpose of processing the Customer's data for the normal business purposes of the Customer (which shall not include allowing the use of the Software by, or for the benefit of, any person other than an employee of the Customer), the Customer may not use the Software other than as specified in clause 3.1 and clause 3.2(a) without the prior written consent of the Supplier, and the Customer acknowledges that additional fees may be payable on any change of use approved by the Supplier.
The Customer may make backup copies of the Software as may be necessary for its lawful use. The Customer shall record the number and location of all copies of the Software and take steps to prevent unauthorised copying. except as expressly stated in this clause 3, the Customer has no right (and shall not permit any third party) to copy, adapt, reverse engineer, decompile, disassemble, modify, adapt or make error corrections to the Software in whole or in part except to the extent that any reduction of the Software to human readable form (whether by reverse engineering, decompilation or disassembly) is necessary for the purposes of integrating the operation of the Software with the operation of other software or systems used by the Customer, unless the Supplier is prepared to carry out such action at a reasonable commercial fee or has provided the information necessary to achieve such integration within a reasonable period, and the Customer shall request the Supplier to carry out such action or to provide such information (and shall meet the Supplier's reasonable costs in providing that information) before undertaking any such reduction.
The Customer may not use any such information provided by the Supplier or obtained by the Customer during any such reduction permitted under clause 3.2(d) to create any software whose expression is substantially similar to that of the Software nor use such information in any manner which would be restricted by any copyright subsisting in it. The Supplier may at any time sub-license, assign, novate, charge or deal in any other manner with any or all of its rights and obligations under this licence, provided it gives written notice to the Customer. Each party confirms it is acting on its own behalf and not for the benefit of any other person. The Customer shall: ensure that the number of persons using the Software does not exceed the product bandings unless the correct fee is paid in advance and will keep a complete and accurate record of the Customer's copying and disclosure of the Software and its users, and produce such record to the Supplier on request from time to time; notify the Supplier as soon as it becomes aware of any unauthorized use of the Software by any person; pay, for broadening the scope of the licences granted under this licence to cover the unauthorized use, an amount equal to the fees which the Supplier would have levied (in accordance with its normal commercial terms then current) had it licensed any such unauthorised use on the date when such use commenced together with interest at the rate provided for in clause 5.3, from such date to the date of payment.
Maintenance releases: The Supplier will provide the Customer with all Maintenance Releases generally made available to its customers. The Supplier warrants that no Maintenance Release will adversely affect the then existing facilities or functions of the Software. The Customer shall install all Maintenance Releases as soon as reasonably practicable after receipt.
Fees: The Customer shall pay to the Supplier licence fees of (see the website bands, users versus fees) to white label the product. All sums payable under this licence are exclusive of VAT, for which the Customer shall be responsible.
Confidentiality and publicity: Each party shall, during the term of this licence and thereafter, keep confidential all, and shall not use for its own purposes (other than implementation of this licence) nor without the prior written consent of the other disclose to any third party (except its professional advisors or as may be required by any law or any legal or regulatory authority) any, information of a confidential nature (including trade secrets and information of commercial value) which may become known to such party from the other party and which relates to the other party or any of its Affiliates, unless that information is public knowledge or already known to such party at the time of disclosure, or subsequently becomes public knowledge other than by breach of this licence, or subsequently comes lawfully into the possession of such party from a third party. Each party shall use its reasonable endeavours to prevent the unauthorised disclosure of any such information.
Supplier's warranties: The Supplier warrants that the Software will conform in all material respects to the description. The Supplier does not warrant that the use of the Software will be uninterrupted or error-free. The Customer accepts responsibility for the selection of the Software to achieve its intended results and acknowledges that the Software has not been developed to meet the individual requirements of the Customer. The Customer acknowledges that any Open-Source Software provided by the Supplier is provided "as is" and expressly subject to the disclaimer in clause 7.5. All other conditions, warranties or other terms which might have effect between the parties or be implied or incorporated into this licence or any collateral contract, whether by statute, common law or otherwise, are hereby excluded, including the implied conditions, warranties or other terms as to satisfactory quality, fitness for purpose or the use of reasonable skill and care.
Limits of liability: Except as expressly stated in clause 8.2: the Supplier shall not in any circumstances have any liability for any losses or damages which may be suffered by the Customer (or any person claiming under or through the Customer), whether the same are suffered directly or indirectly or are immediate or consequential, and whether the same arise in contract, tort (including negligence) or otherwise howsoever, which fall within any of the following categories: special damage even if the Supplier was aware of the circumstances in which such special damage could arise; loss of profits; loss of anticipated savings; loss of business opportunity; loss of goodwill; loss or corruption of data, provided that this clause 8.1(a) shall not prevent claims for loss of or damage to the Customer's tangible property that fall within the terms of clause 8.1(b) or any other claims for direct financial loss that are not excluded by any of categories (i) to (vi) inclusive of this clause 8.1(a)]; the total liability of the Supplier, whether in contract, tort (including negligence) or otherwise and whether in connection with this licence or any collateral contract, shall in no circumstances exceed a sum equal to the Fee; and the Customer agrees that, in entering into this licence, either it did not rely on any representations (whether written or oral) of any kind or of any person other than those expressly set out in this licence or (if it did rely on any representations, whether written or oral, not expressly set out in this licence) that it shall have no remedy in respect of such representations and (in either case) the Supplier shall have no liability in any circumstances otherwise than in accordance with the express terms of this licence. The exclusions in clause 7.5 and clause 8.1 shall apply to the fullest extent permissible at law, but the Supplier does not exclude liability for: death or personal injury caused by the negligence of the Supplier, its officers, employees, contractors or agents; fraud or fraudulent misrepresentation; breach of the obligations implied by section 12 of the Sale of Goods Act 1979 or section 2 of the Supply of Goods and Services Act 1982; or any other liability which may not be excluded by law.
All references to "the Supplier" in this clause 8 shall, for the purposes of this clause and clause 16 only, be treated as including all employees, subcontractors and suppliers of the Supplier and its Affiliates, all of whom shall have the benefit of the exclusions and limitations of liability set out in this clause, in accordance with clause 16.
Intellectual property rights: The Customer acknowledges that all Intellectual Property Rights in the Software and any Maintenance Releases belong and shall belong to the Supplier, and the Customer shall have no rights in or to the Software other than the right to use it in accordance with the terms of this licence. The Supplier undertakes at its own expense to defend the Customer or, at its option, settle any claim or action brought against the Customer alleging that the possession or use of the Software (or any part thereof) in accordance with the terms of this licence infringes the UK Intellectual Property Rights of a third party (Claim) and shall be responsible for any reasonable losses, damages, costs (including legal fees) and expenses incurred by or awarded against the Customer as a result of or in connection with any such Claim.
For the avoidance of doubt, clause 9.2 shall not apply where the Claim in question is attributable to possession or use of the Software (or any part thereof) by the Customer other than in accordance with the terms of this licence, use of the Software in combination with any hardware or software not supplied or specified by the Supplier if the infringement would have been avoided by the use of the Software not so combined, or use of a non-current release of the Software.
If any third party makes a Claim, or notifies an intention to make a Claim against the Customer, the Supplier's obligations under clause 9.2 are conditional on the Customer: as soon as reasonably practicable, giving written notice of the Claim to the Supplier, specifying the nature of the Claim in reasonable detail; not making any admission of liability, agreement or compromise in relation to the Claim without the prior written consent of the Supplier (such consent not to be unreasonably conditioned, withheld or delayed); giving the Supplier and its professional advisers access at reasonable times (on reasonable prior notice) to its premises and its officers, directors, employees, agents, representatives or advisers, and to any relevant assets, accounts, documents and records within the power or control of the Customer, so as to enable the Supplier and its professional advisers to examine them and to take copies (at the Supplier's expense) for the purpose of assessing the Claim; and subject to the Supplier providing security to the Customer to the Customer's reasonable satisfaction against any claim, liability, costs, expenses, damages or losses which may be incurred, taking such action as the Supplier may reasonably request to avoid, dispute, compromise or defend the Claim.
If any Claim is made, or in the Supplier's reasonable opinion is likely to be made, against the Customer, the Supplier may at its sole option and expense: procure for the Customer the right to continue to use the Software (or any part thereof) in accordance with the terms of this licence; modify the Software so that it ceases to be infringing; replace the Software with non-infringing software; or terminate this licence immediately by notice in writing to the Customer and refund any of the Fee paid by the Customer as at the date of termination (less a reasonable sum in respect of the Customer's use of the Software to the date of termination) on return of the Software and all copies thereof, provided that if the Supplier modifies or replaces the Software, the modified or replacement Software must comply with the warranties contained in clause 7.1 and the Customer shall have the same rights in respect thereof as it would have had under those clauses had the references to the date of this licence been references to the date on which such modification or replacement was made.
Notwithstanding any other provision in this agreement, clause 9.2 shall not apply to the extent that any claim or action referred to in that clause arises directly or indirectly through the possession or use of any Third-Party Software or through the breach of any Third-Party Additional Terms by the Customer.
This clause 9 constitutes the Customer's exclusive remedy and the Supplier's only liability in respect of Claims and, for the avoidance of doubt, is subject to clause 8.1. Waiver No failure or delay by a party to exercise any right or remedy provided under this agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy. Remedies Except as expressly provided in this agreement, the rights and remedies provided under this agreement are in addition to, and not exclusive of, any rights or remedies provided by law.
Entire agreement: This licence, the schedules and the documents annexed as appendices to this licence or otherwise referred to herein contain the whole agreement between the parties relating to the subject matter hereof and supersede all prior agreements, arrangements and understandings between the parties relating to that subject matter. Each party acknowledges that, in entering into this licence and the documents annexed to it, it does not rely on any statement, representation, assurance or warranty (whether it was made negligently or innocently) of any person (whether a party to this licence or not) (Representation) other than as expressly set out in this licence or those documents. Each party agrees that the only rights and remedies available to it arising out of or in connection with a Representation shall be for breach of contract as expressly provided in this licence. Nothing in this clause shall limit or exclude any liability for fraud.
Variation: No variation of this agreement shall be effective unless it is in writing and signed by the parties (or their authorised representatives).
Severance: If any provision or part-provision of this agreement is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of this agreement. If any provision or part-provision of this agreement is deemed deleted under clause 14.1 the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
Counterparts: This agreement may be executed in any number of counterparts, each of which when executed shall constitute a duplicate original, but all the counterparts shall together constitute the one agreement.
Third-party rights: A person who is not a party to this agreement shall not have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this agreement, but this does not affect any right or remedy of a third party which exists, or is available, apart from that Act.
No partnership or agency: Nothing in this agreement is intended to, or shall be deemed to, establish any partnership or joint venture between any of the parties, constitute any party the agent of another party, or authorise any party to make or enter into any commitments for or on behalf of any other party. Each party confirms it is acting on its own behalf and not for the benefit of any other person. Force majeure Neither party shall be in breach of this agreement nor liable for delay in performing, or failure to perform, any of its obligations under this agreement if such delay or failure result from events, circumstances or causes beyond its reasonable control. In such circumstances.
Notices: Any notice given to a party under or in connection with this contract shall be in writing and shall be delivered by email to the email address indicated on the ‘my account page’. Any notice shall be deemed to have been received, if there is no error message after sending. This clause does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution. For the purposes of this clause, "writing" shall include e-mail. Governing law and jurisdiction This agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales. The parties irrevocably agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this agreement or its subject matter or formation (including non-contractual disputes or claims). This licence has been entered into on the date stated at the beginning of it.