Terms & Conditions

ACCELLIER LIMITED (T/A Thrive ERP) ONLINE TERMS AND CONDITIONS

V1.0 – 02-03-2021

 

BACKGROUND

The Customer wishes to engage the Company to deliver Company Services (as defined below) on the terms and conditions of this Agreement.

• DEFINITIONS AND INTERPRETATION.

In this Agreement (except where the context otherwise requires) the following words and expressions shall have the following meanings: 

“Agreement”       this document, which together form the entire agreement between the Parties;

“Business Day” means any day during Normal Business Hours other than a Saturday, Sunday or bank or other public holiday in England and Wales.

“Confidential 

Information” means all information of a confidential nature (however recorded or preserved) disclosed by one Party (the “Disclosing Party“) or its employees, officers, representatives or advisers (together “Representatives“) to the other Party (the “Receiving Party“) (whether before or after the date of this Agreement) including but not limited to, information concerning products, services, Users, business accounts, financial or other dealings, computer systems, test data, software service code, business methods and development plans and in the case of Company, the Company Services.

“Company” as named in the applicable Work Order.

“Company 

Services” means the products and/or services to be provided by the Company to the Customer as detailed in the applicable Work Order and in any corresponding exhibits.

“Customer” as named in the applicable Work Order.

“Data” means any personal data that is gathered or transferred through the delivery of the Company Services.

“Data Protection 

Laws” means all data protection laws,  regulations, rules and other binding restrictions, including the Data Protection Act 1998 before 25 May 2018 and, from 25 May 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) and any implementing, derivative or related legislation, rule or regulation of the European Union (“Union”), a Union member state (“Member State”), or the United Kingdom (“UK”), applicable to the processing of personal data under this Agreement.

“Effective Date” means the date on which the Work Order is duly signed by the Parties. 

“Fees” means the fees payable by the Customer for the Company Services as set out in Work Order and payable in accordance with Clause 6.

“Force Majeure” means an event outside of the control of a Party, including riot, civil unrest, military action or terrorism; damage to or destruction of premises or equipment; earthquake, storm, flood or other natural disaster; deliberate sabotage of, or malicious damage to equipment or data; industrial action, strikes or lock-outs by employees of third parties; inability to obtain supplies of power, fuel, or transport; exercise of emergency powers by any governmental authority of the territory whether national, regional or local.

“Good Industry 

Practice”             means in relation to any undertaking and any circumstances, the exercise of that degree of professionalism, skill, diligence, prudence and foresight which would reasonably and ordinarily be expected from a skilled and experienced person engaged in the same type of activity under the same or similar circumstances required to match the practices and professional standards of best practice organisations.

“Intellectual 

Property Rights” means all patents, copyright and related rights (including rights in computer software and websites), database rights, design rights, trademarks, service marks, trade names, domain names, rights in reputation, rights in undisclosed or confidential information (such as know-how, trade secrets and inventions and other rights of an equivalent or similar nature (in each case whether registered or unregistered) and all applications for such rights as may exist anywhere in the world. 

“Normal 

Business Hours” means 9.00am to 5.30pm, Monday to Friday GMT, excluding bank or public holidays in England and Wales.

 

“Party” means Company or the Customer as the case may be (and “Parties” will be construed accordingly) and reference to a Party includes reference to its successors and permitted assigns.

 

“Work Order” means a Work Order to this Agreement which contains the Company Service-specific commercial and legal terms. 

 

“Term” means the term of the Work Order (including this Agreement) as set out in the Work Order and any such agreed extensions from time-to-time. 

 

“User” means the Customer’s officers, employees and any person whose services are contracted principally to the Customer, who the Customer grants access to the Company Services in accordance with this Agreement. 

 

“VAT” means value added tax and/or any equivalent and/or any sales taxes, duties and/or levies imposed by any authority, government or government agency in any jurisdiction.

2. THE COMPANY SERVICES

1. In consideration of the payment of the Fees by the Customer to the Company, the Company shall deliver the Company Services to the Customer in accordance with any service descriptions or specifications set out in this Agreement, the Work Order and any supplementary documents.  

1. This Agreement shall encompass any and all delivery methods provided to the Customer for the Company Services, including, but not limited to, online, batch, XML, assisted searching, machine-to-machine searches, and any other means which may become available.
2. The Company Services may be delivered by any of the Company’s affiliates under this Agreement and in accordance with the relevant Work Order provided that: 

(a) Company procures that the Company affiliate shall comply with all the obligations placed upon Company pursuant to this Agreement to the same extent as if the Company affiliate was a party to this Agreement in its own right; 

(b) Company assumes all responsibility for the acts and omissions of the Company affiliate, its employees, agents or subcontractors in relation to the Company affiliate’s delivery of the Company Services; and

(c) Company shall be liable towards the Customer for any and all losses, claims, demands and expenses arising out of or in connection with the Company affiliate’s delivery of the Company Services subject to Company’s limitation of liabilities set out in this Agreement.

1. THE COMPANY’S UNDERTAKINGS, OBLIGATIONS AND DISCLAIMER

1. Company shall:

1. provide the Company Services in accordance with this Agreement; and
2. provide any support and other services in accordance with the relevant Work Order. 

1. Company undertakes that it will employ Good Industry Practice standards in the delivery of the Company Services in order to ensure that the Company Services are free of errors, defects and/or viruses (Note: This covers software codes that we are developing and we cannot guarantee that any 3rd party applications whether open source, proprietary software or Software-as-a-Service operate error free or bug free).

1. THE CUSTOMER’S OBLIGATIONS AND UNDERTAKING 

The Customer undertakes that it shall:

1. not use the Company Services for any illegal or inappropriate purposes;
2. not use the Company Services for marketing purposes or resell or broker the Company Services to any third party, or for any personal (non-business) purposes; 
3. not, nor attempt to:

4.3.1 interfere with or disrupt the proper operation of Company’s software, hardware, systems or networks, including (but not limited to) not knowingly or negligently transmitting files that may interrupt, damage, destroy or limit the functionality of any computer software, hardware, systems or networks, including corrupted files or files that contain viruses, trojans, worms, spyware or other malicious content;

4.3.2 gain unauthorised access to Company’s computer system or the computer system(s) of any other user, to which the Customer does not have access rights;

4.3.3 take any action which does or may cause Company’s service to Users to be interrupted or degraded;

1. not use (and shall ensure that the Users do not use) the Company Services to do any of the following:  

4.4.1 convey any false, unlawful, harassing, defamatory, abusive, hateful, racial, threatening, harmful, vulgar, obscene, seditious or otherwise objectionable or offensive material of any kind or nature; or

4.4.2 knowingly or negligently upload or download files that contain software or other material protected by Intellectual Property Rights (or by rights of confidentiality or privacy of publicity, where applicable) unless the Customer owns or controls the rights thereto or have received all necessary consents.

1. SECURITY OF THE COMPANY SERVICES

Customer acknowledges and agrees that Company may, from time to time, deliver all (or any portion) of the Company Services from a location that is hosted by a third party on behalf of Company.  As at the execution of this Agreement, Company has contracted with such third parties to provide a secure site at which its equipment is located and hosted, and to host its disaster recovery site.  Company shall, at all times, remain responsible for ensuring any such hosting is done in compliance with this Agreement.

1. FEES

1. The Customer shall pay Company the Fees for access to and use of the Company Services.  
2. Company shall invoice the Customer electronically for the Fees in accordance with the Work Order. Unless otherwise stated in the applicable Work Order, the Customer shall pay Company all sums due under this Agreement on presentation of the Company’s invoice for Professional Services and Software Development. All fees for Managed Application Services will be collected by Direct Debit. 
3. All payments required to be made under this Agreement are stated exclusive of VAT and any other applicable taxes in all relevant jurisdictions which, if applicable, shall be paid by the Customer in addition at the rates prevailing from time to time. 
4. If the Customer fails to pay when due any amount payable by the Customer under this Agreement, Company will be entitled to charge the Customer interest on the overdue amount from the due date up to the date of actual payment, after as well as before judgment, at the rate of eight per cent (8%) per annum. Such interest will accrue on a daily basis, will be compounded quarterly and will be payable by the Customer on demand. 
5. The Customer’s obligation to pay invoiced amounts is not subject to any offset, defence or counterclaim. 
6. Where the Customer disputes any amount invoiced in good faith, it shall notify the Company as soon as reasonably practicable, however, not later than within 5 Business Days, and shall pay the balance of the invoice which is not in dispute by the due date. The Customer’s failure to pay the disputed Fees pending resolution of the dispute shall not be deemed to be a breach of this Agreement.
7. In relation to the invoice disputed in good faith, interest under clause 6.6 shall be payable upon resolution of the dispute, on sums found or agreed to be due, from the date the dispute is resolved until the date of actual payment. 

1. INTELLECTUAL PROPERTY
   1. The Customer acknowledges that all Intellectual Property Rights in the Company Services are owned by the Company. 
   2. The Customer shall not remove, edit or otherwise interfere with any copyright notices, names, marks, logos or branding on the Company Services.
   3. Notwithstanding any open source materials used in the delivery of the Company Services, the Customer shall not (and shall ensure that the Users shall not): 
      1. copy, record, edit, alter or translate any of the Company Services, including the underlying software or any part of the Company Services except to the extent expressly permitted by law;
      2. reverse engineer, disassemble or otherwise attempt to derive source code for the Company Services in whole or in part except to the extent expressly permitted by law or under the terms of and the licences of any open source software on which the Company Services is based; and  
      3. in any manner damage or impair any of the Company’s Intellectual Property Rights.
      4. create a database from the results of the Company Services. 
   4. Neither Party shall be permitted to identify the other Party by name as a client or supplier (as applicable) of the other nor to include the other Party’s name and logo, in any marketing material which it produces without the prior written consent of the other, such consent not to be unreasonably withheld or delayed. 
2. DATA PROTECTION
   1. For the purposes of this Agreement, the lowercase terms ”controller”, ”processor”, “data subject”, “personal data”, “personal data breach” and “processing” (“process” and “processed” to be construed accordingly) shall have the meanings ascribed to them in the Data Protection Laws, and where the Data Protection Laws use the terms “personal information”, “data controller” or “data processor”, they shall be read as personal data, controller and processor, respectively.   
   2. Each Party shall comply with its respective obligations under the Data Protection Laws in respect of any personal data processed in relation to this Agreement.
   3. The Customer represents and warrants that it has the right to collect, process, and use personal data for the purpose(s) for which it is accessing the Company Services and that it has complied with all other obligations under applicable laws that relate to its access to and use of the Company Services, including, without limitation, that before it provides any personal data to Company, it shall: 
      1. make due notification to any relevant regulator including its use and processing of the personal data and comply at all times with the Data Protection Laws; 
      2. ensure it is not subject to any prohibition or restriction which would: (i) prevent or restrict it from disclosing or transferring the personal data to Company, as required under this Agreement; or (ii) prevent or restrict either Party from processing the personal data as envisaged under this Agreement; 
      3. ensure that all required notices have been given and, as applicable, all required authorisations or consents have been obtained, and are sufficient in scope to enable each Party to process the personal data as required in order to obtain the benefit of its rights, and to fulfil its obligations, under this Agreement in accordance with the Data Protection Laws, including the transfer of such personal data to and by Company and Company’s third party service providers in any jurisdiction. 
   4. To the extent that the Company acts as a processor of personal data on behalf of the Customer under this Agreement, the Parties shall process such personal data in accordance with the Data Processing Addendum to this Agreement.
3. AUDIT

Both parties understand that in order to ensure compliance with laws applicable to this Agreement each parties own internal policies, a Party (“Auditing Party”) may conduct periodic reviews of the other Party’s (“Audited Party”) use and/or delivery (as the case may be) of the Company Services and may, upon reasonable notice, audit the Audited Party’s records, processes and procedures related to the delivery, use, storage and disposal of the Company Services, including any applicable administrative, physical and technical information security safeguards.

1. CONFIDENTIALITY
   1. During the course of this Agreement, the Receiving Party may have access to, or have disclosed to it, Confidential Information of the Disclosing Party. The Receiving Party shall keep the Disclosing Party’s Confidential Information confidential and, except with the prior written consent of the Disclosing Party shall: 
      1. not use or exploit the Confidential Information in any way except for the performance of this Agreement;
      2. not disclose or make available the Confidential Information, in whole or in part, to any third party, except as expressly permitted by this Agreement;
      3. not copy, reduce to writing or otherwise record the Confidential Information except as necessary in order to perform and/or obtain the benefit of this Agreement; and
      4. Unless a higher standard is required by this Agreement, apply the same security measures and degree of care to the Confidential Information as the Receiving Party applies to its own confidential information of a similar nature.
   2. The Receiving Party may only disclose the Disclosing Party’s Confidential Information to its representatives who need to know the Confidential Information for the purposes of this Agreement.  If the Receiving Party needs to disclose any of the Disclosing Party’s Confidential Information to a representative, it must procure that the representative is first bound by obligations of confidentiality and restrictions on use which are no less onerous than those imposed on the Receiving Party under this Clause 10 and restrict any further disclosure of that Confidential Information by the representative.
   3. Clause 10.1 above shall not apply to any information that:
      1. is or becomes generally available to the public, other than as a result of its disclosure by the Receiving Party and/or its representatives in breach of this Agreement or of any other undertaking of confidentiality addressed to the Disclosing Party (except that any compilation of any otherwise public information in a form not publicly known shall nevertheless be treated as Confidential Information); or
      2. was available to the Receiving Party on a non-confidential basis prior to the disclosure by the Disclosing Party; or
      3. was lawfully in the possession of the Receiving Party before the information was disclosed to it by the Disclosing Party; or
      4. was independently developed without use of any Confidential Information of the Disclosing Party by employees of the Receiving Party who had no access to such Confidential Information; or
      5. the Parties agree in writing is not confidential or may be disclosed.
   4. The Receiving Party may disclose Confidential Information belonging to the Disclosing Party to the extent required by law; any governmental or other regulatory authority (including any relevant securities exchange, or by a court or other authority of competent jurisdiction) provided that, to the extent it is legally permitted to do so, it gives the Disclosing Party as much notice of this disclosure as possible and, where notice of disclosure is not prohibited and is given in accordance with this Clause, it takes into account the reasonable requests of the Disclosing Party in relation to the content of this disclosure.
2. DURATION AND TERMINATION
   1. This Agreement shall commence on the Effective Date and shall continue thereafter in accordance with the Work Order term unless terminated by either Party in accordance with clauses 11.2 or 11.3 below or any other term of this Agreement. Any renewal provisions shall be set out in the Work Order. 
   2. Either Party may terminate this Agreement immediately upon written notice to the other where the other Party is in material or persistent breach of any of the terms of this Agreement and fails to remedy such breach (if capable of remedy) within thirty (30) days of receiving written notice of the breach from the terminating Party.
   3. Either Party may terminate this Agreement immediately on giving notice in writing if any of the following events (or any event analogous to any of the following in a jurisdiction other than England & Wales) occurs in respect of the other Party:
      1. a proposal is made for a voluntary arrangement within Part I of Insolvency Act 1986 or of any other composition scheme or arrangement with, or assignment for the benefit of, its creditors;
      2. a shareholders’ meeting is convened for the purpose of considering a resolution that it be wound up or a resolution for its winding-up is passed (other than as part of, and exclusively for the purpose of, a bona fide reconstruction or amalgamation);
      3. a petition is presented for its winding up (which is not dismissed within fourteen (14) days of its service) or an application is made for the appointment of a provisional liquidator or a creditor’s meeting is convened pursuant to section 98 of the Insolvency Act 1986;
      4. a receiver, administrative receiver or similar officer is appointed over the whole or any part of its business or assets;
      5. an application is made either for the appointment of an administrator or for an administration order, an administrator is appointed, or notice of intention to appoint an administrator is given;
      6. it is or becomes insolvent within the meaning of section 123 Insolvency Act 1986; or
      7. a moratorium comes into force pursuant to Schedule A1 of the Insolvency Act 1986. 
3. EFFECT OF TERMINATION
   1. Upon termination of the contract for any reason, the Company can if requested provide the Customer with a ‘MySQL database dump of all data within 48 hours of it being requested or on a mutually agreed date and state any additional assistance required may be provided at our standard hourly rate (currently £45 +VAT per hour) and lead times. We will (if requested) also provide customers with a copy of their application and license numbers for any 3rd party modules that may have been installed.
   2. Within 7 days from the date of termination delete all applications, databases, uploaded files and backups from our systems.
4.  LIMITATION OF LIABILITY AND INDEMNITY
   1. Nothing contained in this Agreement shall restrict either Party’s liability for death or personal injury resulting from any act, omission or negligence of that Party or its officers, agents, employees or subcontractors; for any fraudulent misrepresentation; any breach of the obligations implied by section 12 Sale of Goods Act 1979 or section 2 Supply of Goods and Services Act 1982; and/or any other liability that cannot be excluded by law.
   2. the Company shall not be liable to the Customer for any claim to the extent that the same is or can be characterised as a claim – regardless of the form of action, whether in contract, strict liability or tort (including negligence), and regardless of whether Company knew or had reason to know of the possibility of the loss, injury, or damage in question – for (or arising from): 
      1. loss of profits or anticipated savings; 
      2. loss of goodwill or injury to reputation; 
      3. loss of business opportunity;
      4. losses suffered by third parties; or 
      5. indirect, consequential or special loss or damage, 
   3. Subject to Clauses 13.1 and 13.2, both Party’s aggregate liability in respect of all losses, damages, costs, expenses or claims arising out of or in connection with this Agreement (whether for breach of contract, in negligence or any other tort, under statute or otherwise at all, or in respect of any indemnities given) shall not exceed £1,000,000 per event or series of connected events. 
5. FORCE MAJEURE
   1. If either Party is affected by Force Majeure, it shall forthwith notify the other Party of the nature and extent thereof.
   2. Neither Party shall be deemed to be in breach of this Agreement, or otherwise be liable to the other, by reason of any delay in performance, or non-performance, of any of its obligations hereunder other than a payment obligation to the extent that such delay or non-performance is due to any Force Majeure of which it has notified the other Party in accordance with Clause 14.1 and the time for performance of that obligation shall be extended accordingly.
   3. If the Force Majeure event in question prevails for a continuous period in excess of thirty (30) days, the Parties shall enter into bona fide discussions with a view to alleviating its effects, or to agreeing upon such alternative arrangements as may be fair and reasonable. If the Parties are unable to alleviate the effects of the Force Majeure or to agree on alternative arrangements within ninety (90) days of the commencement of the event of Force Majeure, then either Party may terminate this Agreement on thirty (30) days prior written notice to the other. 
6. ENTIRE AGREEMENT
   1. This Agreement constitutes the entire agreement and understanding between the Parties in respect of the matters dealt with in it and supersedes any previous agreement, understanding, representation or negotiation whether oral or written between the Parties relating to such matters.
   2. Each Party acknowledges and agrees that in entering into this Agreement it does not rely on, and shall have no remedy in respect of, any statement, representation, warranty or understanding (whether negligently or innocently made) of any person (whether party to this Agreement or not) other than as expressly set out in this Agreement.
7. VARIATION AND CHANGE TO SERVICES

No variation of this Agreement shall be valid unless it is in writing and signed by a duly authorised representative of each Party.

1. WAIVER AND REMEDIES

Any failure to exercise or any delay in exercising a right or remedy provided by this Agreement or at law or in equity shall not constitute a waiver of the right or remedy or a waiver of any other rights or remedies.  A waiver of a breach of any of the terms of this Agreement or of a default under this Agreement shall not constitute a waiver of any other breach or default and shall not affect the other terms of this Agreement.

1. THIRD PARTY RIGHTS

No term of this Agreement is intended to confer a benefit on, or be enforceable by, any person who is not a Party to this Agreement whether under the Contracts (Rights of Third Parties) Act 1999 or otherwise.

1. NO PARTNERSHIP

Nothing in this Agreement is intended to create an agency relationship, a partnership or joint venture of any kind between the Parties. 

1. TRANSFER

Company may not assign, sub-contract or transfer in any way any of its rights, liabilities and/or obligations under this Agreement on a temporary or permanent basis to any third party without the prior written consent of the Customer, except that Company may, to the extent that this does not prejudice ongoing compliance with the Data Protection Laws and/or the terms of this Agreement, sub-contract the performance of any of its obligations under this Agreement, and/or assign the benefit and burden of this Agreement to a company within Company’s corporate group.

1. SEVERABILITY

If any part of this Agreement is found by a court of competent jurisdiction or other competent authority to be invalid or unenforceable then such part shall be severed from the remainder of this Agreement which shall remain valid and enforceable to the fullest extent permitted by law. 

1. CUSTOMER REFERENCE 

The Customer agrees with the following:

1. To provide to Company and/or to a prospective Company customer with such information as may reasonably be requested relating to the Customer’s use of the Company Services, including without limitation, product functionality and the financial and operational benefits resulting from the Customer’s use of Company Services (“Customer Reference”); and
2. Company may list the Customer’s name and use Customer’s approved logo in Company’s customer list as published in marketing and advertising materials, including on Company’s websites. The Customer will deliver to Company an updated name or logo as needed if updated by the Customer. All rights in and associated with the Customer’s name and trademarks, except those granted in the Agreement and herein, are hereby reserved by the Customer.

1. ANTI-BRIBERY AND ANTI-SLAVERY PROVISIONS
   1. The Parties undertake to each other not to give, offer, agree or promise to give, or authorise the giving directly or indirectly, of any money or other thing of value to anyone as an inducement or reward for favourable action or forbearance from action or the exercise of influence.
   2. Both parties are subject to the provisions of the Modern Slavery Act 2015 and accordingly shall undertake certain due diligence checks upon its supply chain.  
   3. Failure to comply with the provisions of any modern slavery and/or anti-bribery and/or corruption laws and/or any breach of a Party’s anti-bribery and/or modern slavery policies shall entitle the other Party to terminate this Agreement for material breach in accordance with clause 11.3 of this Agreement.
2. GOVERNING LAW AND JURISDICTION
   1. This Agreement and any non-contractual obligations arising out of or in connection with it shall be governed by and interpreted in accordance with the laws of England and Wales.
   2. Each Party irrevocably submits to the non-exclusive jurisdiction of the Courts of England and Wales over any claims or matters arising under or in connection with this Agreement.

 

DATA PROCESSING ADDENDUM

1. Definitions

All capitalized terms used but not defined herein shall have the same meaning as set forth in the Agreement.

1. Scope and Roles

This Data Processing Addendum applies to the processing of personal data, within the scope of the Data Protection Laws, by the Company on behalf of the Customer under the Agreement. In this context, the Customer is the controller or processor of customer personal data and Company is the processor of such personal data. 

1. Processing

1. The Company shall implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the Data Protection Laws and ensure the protection of the rights of the data subject.
2. The Company shall not engage another processor without prior specific or general written authorisation of the Customer. In the case of general written authorisation, Company shall inform the Customer of any intended changes concerning the addition or replacement of other processors, thereby giving the Customer the opportunity to object to such changes in the manner more specifically set forth herein.
3. The processing of personal data on the Customer’s behalf by Company shall be governed by this Data Processing Addendum.  In particular, Company shall:

1. process the personal data only on documented instructions from the Customer, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by the Union, UK or Member State law governing such personal data; in such a case, Company shall inform the Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
2. ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
3. take all measures required pursuant to Article 32 of the GDPR;
4. respect the conditions referred to in paragraphs 2 and 5 in this section C for engaging another processor;
5. taking into account the nature of the processing, assist the Customer by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Customer’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR;
6. assist the Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of processing and the information available to the Company;
7. at the choice of the Customer, delete or return all the personal data to the Customer after the end of the provision of services relating to processing and delete existing copies unless Union, UK or governing Member State law requires storage of the personal data;
8. make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer. 

1. Company shall immediately inform the Customer if, in its opinion, an instruction from the Customer to Company infringes the GDPR or other Union, UK or governing Member State data protection provisions. 
2. Where Company engages another processor for carrying out specific processing activities on behalf of the Customer, the same data protection obligations as set out in this Data Processing Addendum shall be imposed on that other processor by way of a contract or other legal act under Union, UK or governing Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR. Where that other processor fails to fulfil those data protection obligations, Company shall (subject to the terms of the Agreement) remain fully liable to the Customer for the performance of that other processor’s obligations.

1. Processing Details

1. The subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data, the categories of data subjects and the obligations and rights of the Customer are set forth in the Agreement, including this Data Processing Addendum, in particular:

1. The subject-matter of the processing under this Addendum is the personal data provided by the Customer to Company in respect of the products and services under the Agreement.
2. The duration of the processing is the duration of the provision of the products and services under the Agreement.
3. The nature and purpose of the processing is in connection with the provision of the products and services under the Agreement.
4. The types of personal data processed under the Agreement includes general personal data such as full name, address, email addresses, telephone number, mobile phone number.

The following types of personal data are EXCLUDED (unless agreed in advance in writing): race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership details, genetic data, biometric data (where this is being used for identification purposes), health data, personal finance data, sex life or sexual orientation data, criminal convictions and offenses.

1. The categories, excluding sensitive or high-risk personal data (unless agreed in advance in writing) of data subjects may include customers and other individuals about whom personal data is submitted to Company by or at the direction of the Customer as part of the products or services.  

1. The Agreement including this Data Processing Addendum, along with the Customer’s use and configuration in the Company Services, are the Customer’s complete and final documented instructions to Company for the processing of personal data. Additional or alternate instructions must be agreed upon separately in writing by the parties. Company will ensure that its personnel engaged in the processing of personal data will process personal data only on the Customer’s documented instructions, unless required to do so by Union, UK, governing Member State or other applicable law.

(a) Common data processing tasks that are included as standard are data cleaning & migration work (where requested), server and database maintenance, support activities (pre and post sales).

1. On expiration or termination of the Customer’s use of the products and services, Company shall delete or return personal data in accordance with the terms and timelines for the products and services set forth in the Agreement, unless Union, UK, governing Member State, or other applicable law requires storage of the personal data. 

1. Sub-processing

The Customer hereby provides general authorisation to engage other processors for the processing of the Customer personal data in accordance with this Data Processing Addendum. Upon Customer request, Company will promptly disclose to Customer any such processors. 

1. Data Subject Rights

Company shall, to the extent legally permitted, promptly notify the Customer of any data subject requests received by Company and reasonably cooperate with the Customer to fulfil its obligations under the Data Protection Laws in relation to such requests.

1. Transfer

Company will ensure that, to the extent that any personal data originating from the UK or European Economic Area (EEA) is transferred to a country or territory outside the UK or EEA that has not received a binding adequacy decision by the European Commission or a competent national data protection authority, such transfer will be subject to appropriate safeguards that provide an adequate level of protection in accordance with the Data Protection Laws (including Article 46 of the GDPR).

1. Security of Processing

1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Parties shall implement appropriate technical and organisational measures as requested by the Data Controller to ensure a level of security appropriate to the risk, including inter alia as appropriate: 

1. any files containing personal data shared with the Company will only be stored on laptops with encryption enabled and will be deleted immediately after any data cleaning, manipulation or import/export task has been completed.
2. monthly updates (fixes and security patches) on operating system, database, web server when new updates are available.
3. shared database structure with each customer having their own schema (e.g. data not visible/accessible to other customers);
4. software firewalls are used on all servers.
5. customers are offered free use of our VPN (Virtual Private Network) server to authenticate offices/users accessing applications.
6. encryption of server HDD’s (Hard Disk Drives).
7. encryption of backup data-in-transit and data-at-rest.
8. the ability to ensure the ongoing, integrity, availability and resilience of processing systems and services so far as the contracted security services permit.
9. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.

1. The Parties shall take steps to ensure that any natural person acting under the authority of the Customer or Company who has access to personal data does not process them except on instructions from the Customer, unless he or she is required to do so by Union, UK or governing Member State law.

1. Personal Data Breach

Company will notify the Customer without undue delay after becoming aware of a personal data breach and shall reasonably respond to the Customer’s request for further information so that the Customer may fulfil its obligations under the Data Protection Laws (including Articles 33 and 34 of the GDPR)

1. Audit

Audits shall be: 

1. subject to the execution of appropriate confidentiality undertakings or relying on similar obligations in the Agreement;
2. conducted no more than once per year unless a demonstrated reasonable belief of non-compliance with the Agreement has been made, upon thirty (30) days written notice and having provided a plan for such review; and
3. conducted at a mutually agreed upon time and in an agreed upon manner.

1. Conflict

If there is any conflict or inconsistency between the terms of this Data Processing Addendum and the rest of the Agreement, the terms of this Data Processing Addendum will control to the extent required by law.

Managed Application Services Addendum – V2.0 – 02/03/2021

 

This Addendum sets forth additional or amended terms and conditions for the delivery of Support Services which are in addition to, and without limitation of, the terms and conditions set forth in the Online Terms and Conditions agreement between the customer and Accellier Ltd for the Company Services (such services agreement, the “Agreement”).  

1. The Support Services 

1. A description of the Support Services is set out in the relevant (application specific e.g. Vtiger CRM, SuiteCRM, Dolibarr ERP, Joget etc) Managed Service Description and Master Service Level Agreement.
2. The Company shall perform the Support Services during the Support Hours as specified in the relevant Managed Service Description and Master Service Level Agreement.
3. The Customer shall report any fault requiring Support Services via an authorised contact either by e-mail to support@accellier.com, by telephone or through the Company’s Client Portal, providing a detailed description of any such fault and the circumstances in which it arose and shall submit sufficient material and information to enable Company’s support staff to duplicate the problem. 
4. When appropriate, the Company shall endeavor to give an estimate of how long a fault may take to resolve. The Company’s support staff shall use their reasonable endeavors to resolve the fault as soon as reasonably practicable within the Support Hours.
5. If agreed between the parties in writing, the Company shall provide the Support Services outside the Support Hours for the additional fee specified in the Vtiger CRM Managed Service Description and Master Service Level Agreement.

1. Excluded Company responsibilities under the Support Services

2.1      The Company shall be under no obligation to provide the Support Services in respect of problems arising out of (a) tampering, modification, alteration or addition to the hardware or software, which is undertaken maliciously or otherwise by persons outside of the control of the Company or its authorised representatives or (b) the Customer’s programs or hardware or (c) resolution of problems or server ‘clean up’ arising out of (i) compromise of application attributed to any script or code created or loaded by the Customer or their users; or (ii) compromise of an application attributed to any user password guessed or cracked and used to access the application. Where such additional Support Services are required, and if the Company chooses to provide these additional Support Services, these services will be charged at the emergency hourly rate in force at the time that the service is provided or (d) any other areas specifically agreed between the parties in writing.

2.2 Any time spent by the Company investigating such faults arising through circumstances described in clause 2.1 of this Addendum will be chargeable at the Company’s then current rates (a copy of which can be provided upon request).

 

2.3 The Company shall invoice such charges at its discretion and such sums shall be paid by the Customer in accordance with the payment terms set out in the Online Terms and Conditions.

2.4 The Company shall not be obliged to make modifications as part of the Support Services in relation to, the Customer’s computer hardware, operating system software, or third-party application software or any data feeds or external data, unless specified in Vtiger CRM Managed Service Description and Master Service Level Agreement.

1. Disclaimer and Company Warranties

3.1    The Company warrants to the Customer that all Support Services supplied under this Addendum will be carried out with reasonable care and skill by personnel whose qualifications and experience will be appropriate for the tasks to which they are allocated.

3.2     The Customer acknowledges that it is the responsibility of the Customer to ensure that the facilities and functions of the Support Services as described in Managed Service Description and Master Service Level Agreement shall meet its requirements.

3.3     Except as expressly provided in this Agreement, no warranty, condition, undertaking or term, express or implied, statutory or otherwise as to the satisfactory quality, fitness for purpose or ability to achieve a particular result, of the Support Services is given or assumed by the Company and all such warranties conditions undertakings and terms are excluded to the fullest extent permitted by law.

3.4      The Company does not warrant that all errors can and will be corrected. The Company shall use its reasonable endeavors to correct errors, so long as the errors are replicable by the Company or to provide a patch or to bypass such errors.

3.5      The Company’s sole obligation under the warranty in this clause 6 shall be to remedy the defect. The Company shall have no obligation or liability under clause 6 unless the Customer notifies the Company of any defect within 1 month of the date on which the Customer became aware of or ought reasonably to have become aware of the defect.

1. Customer Warranties and Obligations

4.1 The Customer warrants that it has not relied on any oral representation made by the Company or upon any descriptions, illustrations or specifications contained in any catalogues and publicity material produced by the Company which are only intended to convey a general idea of the products and services mentioned.

4.2 The Customer warrants that it shall comply in all material respects with all applicable laws, regulations and mandatory codes of conduct (whether statutory or otherwise) of the United Kingdom, and that all licenses, permissions and consents required for carrying on its business have been obtained and are in full force and effect.

4.3 The Customer shall effect and maintain adequate security measures to safeguard the Company’s applications from access or use by any unauthorised person and ensure that all passwords are at all times kept confidential and are in accordance with required industry standards, used properly and not disclosed to unauthorised people and if the Customer has any reason to believe that any password has become known to someone not authorised to use it or if any password is being or is likely to be used in an unauthorised way or of any other breach of security then the Customer shall inform the Company immediately.

4.4 The Customer shall by arrangement, grant access to its systems at all times to enable Company to carry out the Support Services;

4.5 The Customer shall when required, enable logins or passwords to be available to Company staff (who will have their own administrator level logons);

4.6 The Customer shall comply with all reasonable instructions of the Company with regard to the provision of the Support Services and the use of any Company server; and

4.7 The Company shall allow the Company access to such information as may be reasonably required by the Company in order to effectively deliver the Services.

1. General

The provisions set forth in this Addendum are in addition to, and unless expressly provided to the contrary, without limitation of, the provisions set forth in the Agreement.  In the event of a direct conflict between this Addendum and the Online Terms or any other document, the applicable portion of this Addendum shall prevail.