HOSTED CLOUD APPLICATION - TERMS OF USE

 

IMPORTANT: THIS IS A LEGALLY BINDING AGREEMENT

BY SUBSCRIBING TO USE THE APPLICATION OR BY ACCESSING OR USING THE APPLICATION YOU INDICATE YOUR AGREEMENT TO THE FOLLOWING TERMS AND CONDITIONS (THE “AGREEMENT”)

 

1.         DEFINITIONS

In this Agreement the following terms have the following meanings:-

1.1.      “Application” means the online, web-based application service, including offline components, if any, provided by the Licensor as indicated in the online order form.

1.2.      “Data Protection Legislation” means

1.2.1.              to the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom which relates to the protection of personal data.

1.2.2.              to the extent the EU GDPR applies within the European Union and as applied within the EEA, the law of the European Union as applied and if relevant supplemented in any member state of the European Union or any country in membership of the EEA which relates to the protection of personal data in that country.

1.3.      “Documentation” means materials (whether printed or electronic) which we provide to you for the purposes of describing the functionality or operation of the Application.

1.4.      “EEA Customer” means You if to the extent that the Services are provided to you within the EEA.

1.5.      EU Council Decision means the EU Council decision referenced 2010/87/EU implementing data protection Standard Contractual Clauses.

1.6.      “EU GDPR” means the General Data Protection Regulation ((EU) 2016/679, as it has effect in EU law and as applied in the member states of the EEA.

1.7.      “Fault” means any failure of the Application to operate in all material respects in accordance with the Documentation, but excluding any failure or error resulting from (a) operator error or use of the Application in a manner inconsistent with the Documentation; (b) any breach of the Agreement; (c) your failure to implement recommendations in respect of Solutions or Faults previously advised by the Licensor; (d) any improper use, misuse or unauthorised alteration of the Application by you; or (e) your computer equipment or any third party services or products not supplied or approved by the Licensor for use with the Application.

1.8.      “Initial Term” the initial fixed term of 1 month commencing on the date indicated in the online order form.

1.9.      "Licensor" means Parker Software Limited, Victoria Business Park, Prospect Way, Knypersley, Stoke-on-Trent, Staffordshire, ST8 7PL. United Kingdom.

1.10.   “Solution” either of the following outcomes (a) correction of a Fault; or (b) a workaround in relation to a Fault (including a reversal of any changes to the Application if deemed appropriate by the Licensor.

1.11.   “UK Customer” means You to the extent that the Services are provided to you within the United Kingdom.

1.12.   "You/Your" means the sole trader, partnership or company who wishes to use the Application on the terms of this Agreement.

1.13.   “Your Data” means the data inputted by you or on your behalf for the purpose of using the Application or facilitating your use of the Application or data retrieved by you or on your behalf through the Application.

1.14.   “Hosted Cloud Provider” will subject to clause 9.1.4 be:

1.14.1.            for customers within the United Kingdom and EEA within the United Kingdom,

1.14.2.            for customers outside of the United Kingdom and EEA will either be in United States of America or United Kingdom.

1.15.   “SCCs Current” means the Standard Contractual Clauses appended to the EU Council Decision.

1.16.   “SCCs New” means the Standard Contractual Clauses that are to be adopted by EU Council decision in substitution for the SCCs Current.

1.17.   “Transition Date” means in relation to the intended substitution of EU Council decision of 5th February 2010 reference 2010/87 EU by a substitute decision (“substitute decision”) having substantially the same effect as that decision the date stipulated within the Substitute Decision as the effective date of that decision.

1.18.    “Subscription Fee” and “Subscription Package” shall each have the meaning given to them in the online order form.

1.19.   “UK GDPR” has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018).

2.         USE OF THE APPLICATION

2.1.      In consideration of you abiding by the terms of this Agreement and paying the Subscription Fee in accordance with the payment terms set out in the online order form, the Licensor grants to you a limited, non-exclusive, non-transferable, non-sublicensable right to access and use the Application and the Documentation in accordance with the Subscription Package and subject to the provisions of the Agreement.

2.2.      This Agreement does not transfer or modify any ownership rights related to the Application, which are exclusively held by the Licensor or its licensors.

2.3.      You shall keep your user access information secure and confidential.  You shall ensure that anyone that uses the Application through your user access does so in accordance with this Agreement. You shall be solely responsible for any third party using the Application through your user access that fails to comply with this Agreement.

2.4.      You may use the Application for your business purposes only.

2.5.      You shall not:

2.5.1.        attempt in any way to circumvent or otherwise interfere with any security precautions, procedural controls, or other measures related to or incorporated into the Application (and the software used in support thereof) or attempt to gain unauthorised access to the Application (and the software used in support thereof) or its related information technology systems or networks;

2.5.2.        send spam or otherwise duplicative or unsolicited messages in violation of applicable laws;

2.5.3.        send or store unlawful, infringing, offensive, obscene, discriminatory, threatening or otherwise unlawful, immoral or tortuous material;

2.5.4.        send or store material containing software viruses, worms, Trojan horses or other harmful computer code, files, scripts, agents or programs;

2.5.5.        interfere with or disrupt the integrity or performance of the Application or its related information technology systems or networks or the data contained therein; or

2.5.6.        modify, copy, adapt, reproduce, disassemble, decompile, reverse engineer, transmit or distribute any portion of the Application (and the software used in support thereof).

2.6.      You shall:

2.6.1.        prevent unauthorised access to, or use of, the Application, and notify us promptly of any such unauthorised use; and

2.6.2.        comply with all applicable laws and regulations with respect to your activities under the Agreement.

3.         SERVICES

3.1.      The Licensor shall use reasonable endeavours to make the Application available for 99% of the time in any given month, except for:

3.1.1.        planned maintenance carried out during the maintenance window of 22.00 to 06.00 (UK time); and

3.1.2.        unscheduled maintenance which will wherever possible (but cannot guaranteed) be performed outside the hours of 09.00 to 17.00 (UK time) Monday to Friday.

If, for any reason, the Licensor anticipates the Application being unavailable for any extended period for maintenance, it will, wherever possible, give you notice of such unavailability.

3.2.      If you find a Fault with the Application you should promptly notify the Licensor by sending an email to the email address notified to you by the Licensor for such purposes.  The Licensor shall use reasonable endeavours to provide a Solution to such Fault.  Time for the provision of such services shall not be of the essence.  You warrant that there are no third parties who would have a claim against the Licensor as a result of its provision of such services to you.

3.3.      The Licensor shall not be responsible for any charges, losses or delays resulting from it being prevented from or delayed in performing its obligations under the Agreement by any of your acts or omissions or by any of the acts or omissions of those accessing the Application through your user access.

3.4.      Notwithstanding the foregoing, the Licensor does not warrant that the Application and/or the information obtained by you through it will meet your requirements or that its operation will be uninterrupted or error free.  All warranties, representations or guarantees of any kind, express or implied, including, but not limited to, any implied warranties of quality, merchantability, fitness for a particular purpose or ability to achieve a particular result are excluded.

4.         YOUR DATA

4.1.      As between the Licensor and you, you shall own all right, title and interest in and to Your Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of Your Data. 

4.2.      The Licensor may access your user accounts, including Your Data, for the purposes of providing the Application and performing its obligations under the Agreement.  You grant to the Licensor the non-exclusive right to use, copy, store, transmit and display Your Data to the extent necessary to provide the Application and to perform its obligations under the Agreement.

4.3.      The Licensor will use reasonable endeavours to archive Your Data on a regular basis and to retain it for the period permitted by your Subscription Package.  In the event of any loss or damage to Your Data, your sole and exclusive remedy shall be for the Licensor to use reasonable endeavours to restore such lost or damaged data from the latest back-up of such data maintained by the Licensor in accordance with its archiving procedures.  The Licensor shall not be responsible for any loss, destruction, alteration or disclosure of Your Data caused by any third party (except for third parties authorised to act on behalf of the Licensor).

4.4.      You agree to provide any notices and obtain any consents related to your use of the Application including those relating to the collection, use, transfer and disclosure of personal information.  You shall, on request, provide the Licensor with evidence to its reasonable satisfaction that you have such consents.

5.         SUBSCRIPTION FEE

5.1.      You will pay the Subscription Fee in full (without any set-off, deduction or withholding) by Direct Debit in accordance with the payment terms set out in the online order.

5.2.      All amounts and fees stated or referred to in the Agreement are exclusive of, and you shall pay, all applicable taxes, duties and levies ruling at the date of invoice or payment (for payments made by Direct Debit).

5.3.      The Subscription Fee shall be fixed for the Initial Term.  Thereafter the Licensor may increase the Subscription Fee at any time on 40 days’ written notice to you.

6.         OWNERSHIP

6.1.      You acknowledge that the Application (including the software used in support thereof) is the Licensor’s (or the Licensor’s licensors) confidential information and that you shall treat it as such and not disclose it to any third party save for those employees, agents, consultants and sub-contractors that are aware that the Application is the Licensor’s (or the Licensor’s licensors) confidential information and are bound to treat it as such.  These obligations of confidentiality shall not apply to the extent that the Application is already in the public domain or to the extent that disclosure is required by law or a court of competent jurisdiction.   

6.2.      You will not attempt in any way to remove, conceal or overwrite any copyright notices or circumvent any technical protection measures incorporated into the Application to protect the Intellectual Property rights in the Application from being misappropriated.

7.         LIMITATION OF LIABILITY

7.1.      You accept responsibility for the selection of the Application to achieve your intended results and, except as expressly provided in the Agreement, you assume sole responsibility for results obtained from your use of the Application.

7.2.      Subject to clause 7.3 and clause 7.4 below the Licensor’s maximum aggregate liability under or in connection with the Agreement whether in contract, tort (including negligence) or otherwise, shall in no circumstances exceed an amount equal to the annual Subscription Fee.

7.3.      Nothing in this Agreement shall limit or exclude the Licensor’s liability for:

7.3.1.        personal injury or death caused directly by the negligence of the Licensor,

7.3.2.        fraud or fraudulent misrepresentation; or

7.3.3.        any other liability that cannot be excluded or limited by law.

7.4.      Subject to clause 7.3 above, in no event will the Licensor be liable to you for any:

7.4.1.        lost profits;

7.4.2.        lost savings;

7.4.3.        loss of data; or

7.4.4.        indirect, special, incidental or consequential damages;

arising out of the use of or inability to use the Application, even if the Licensor has been advised of the possibility of such damages.

7.5.      Subject to clause 7.3, the Licensor shall be discharged of all liability arising under or in connection with the Agreement unless (without extending statutory limitation) proceedings are begun and served within 12 months after you became aware (or should reasonably have become aware) of the facts giving rise to such liability.

8.         TERMINATION

8.1.      The Agreement is, subject to earlier termination in accordance with this clause 8, effective for the Initial Term and shall continue thereafter subject to either party serving 30 days’ written notice to terminate on the other party.

8.2.      Without limiting its other rights or remedies, the Licensor may suspend its performance of or (whether or not such performance has previously been suspended) terminate the Agreement, without liability to you, by giving you notice in writing at any time or times if you:

8.2.1.        fail to make any payment when and as due or otherwise default in any of your obligations under the Agreement;

8.2.2.        are unable to pay your debts in the ordinary course of business;

8.2.3.        have a receiver, manager, administrator, administrative receiver or trustee in bankruptcy (as the case may be) appointed for all or any part of your undertaking, assets or income, have a resolution passed or a petition presented to any court for your winding up (compulsorily or voluntarily), enter into any composition or arrangement with your creditors (whether formal or informal), have any distraint or execution levied on any of your assets, suffer any action similar to any of the foregoing in any jurisdiction; or

the Licensor bona fide believes any of the foregoing matters may occur. 

8.3.      The Agreement may be terminated by either party where the other:

8.3.1.        breaches a material obligation of the Agreement and, where the breach is remediable, the party in breach has failed to remedy it within 28 days after written notice giving full particulars of the breach; or

8.3.2.        repeatedly breaches any of the terms of the Agreement in such a manner as to reasonably justify the opinion that its conduct is inconsistent with it having the intention or ability to give effect to the terms of the Agreement.

8.4.      If you terminate the Agreement pursuant to clause 8.3, we shall refund you on a pro-rata basis for any unused proportion of the Subscription Fee paid in advance.

8.5.      On termination of the Agreement for any reason:

8.5.1.        you shall immediately pay all outstanding amounts to the Licensor;

8.5.2.        all rights granted to access or use the Application shall immediately terminate and you shall immediately cease to access or use the Application;

8.5.3.        the Licensor may destroy or otherwise dispose of any of Your Data that it has in its possession or control unless it receives, no later than 14 days after the date of termination, a written request for the delivery to you of the last back-up (made before the date of termination) of Your Data.  The Licensor shall use reasonable endeavours to deliver the back-up to you in the format in which it has been backed up within 45 days of receipt of your written request, provided that you have, at that time, paid all fees and charges outstanding at and resulting from termination (whether or not due at the date of termination).  You shall pay the Licensor’s reasonable charges, costs and expenses incurred in returning or disposing of Your Data; and

8.5.4.        the accrued rights/remedies of the parties as at termination, or the continuation after termination of any provision expressly stated to survive or implicitly surviving termination, shall not be affected or prejudiced. 

9.         DATA PROTECTION AND SECURITY

9.1.      To the extent that the Licensor processes any “Personal Data” on your behalf when performing its obligations under the Agreement, you and the Licensor record the intention that you shall be the “Data Controller” and the Licensor shall be the “Data Processor” (in each case as defined in the Data Protection Legislation) and in any such case where required by the Data Protection Legislation:

9.1.1.        the Licensor shall act only on your documented instructions (which you acknowledge and agree shall include the terms of the Agreement);

9.1.2.        the Licensor has in place appropriate technical and organisational security measures against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data;

9.1.3.        the Licensor will assist you with any subject access request that you receive relating to Personal Data that the Licensor processes on your behalf under the Agreement;

9.1.4.        for EEA Customers the Licensor will not, unless you have specified that the Hosted Cloud Location should be outside the EEA, cause or permit Personal Data to be transferred outside the EEA without your prior written consent excluding:

9.1.4.1.                 technical support from Parker Software Inc under arrangements contracted for by Licensor which incorporate SCCs Current; and

9.1.4.2.                in conjunction with chat functionality provided the processing of Personal Data through the service provided by [Twilio Inc] terms and conditions for which incorporate SCC’s Current

9.1.5.        for United Kingdom Customers the Licensor will not, unless you have specified that the Hosted Cloud Location should be outside the United Kingdom cause or permit Personal Data to be transferred outside the United Kingdom without your prior written consent excluding:

9.1.5.1.                 technical support from Parker Software Inc under arrangements contracted for by Licensor which incorporate SCCs Current; and

9.1.5.2.                in conjunction with chat functionality the processing of Personal Data through the service provided by Twilio Inc terms and conditions for which have been contracted for by Licensor upon terms that incorporate SCC’s Current

9.1.6.        the Licensor shall ensure that access to the Personal Data that the Licensor processes on your behalf under the Agreement shall be limited to its employees and permitted sub-contractors (you hereby acknowledge and agree that the Hosted Cloud Provider shall act as the Licensor’s subcontractor in order to allow it to perform its obligations under the Agreement) who are subject to binding written confidentiality obligations.

9.2.      You and the Licensor shall comply at all times with the Data Protection Legislation and shall not do anything to put the other party in breach of its obligations under the Data Protection Legislation.

9.3.      In respect of any actual or reasonably suspected unauthorised access to or acquisition of Your Data or Personal Data that the Licensor processes on your behalf under the terms of the Agreement the Licensor shall promptly notify you and provide you with details of such breach. 

9.4.      The Licensor shall maintain, in accordance with the Data Protection Legislation, written records of all categories of processing activities carried out on your behalf.

9.5.      The Licensor shall, in accordance with the Data Protection Legislation, make available to you such information as is reasonably necessary to demonstrate its compliance with the obligations of Data Processors under the Data Protection Legislation.

9.6.      On and from the Transition Date if you are an EEA Customer the SCCs Current provided for in the Agreement shall cease to have application in relation to the processing of Personal Data on and from that date Licensor undertaking to prepare and incorporate into these terms and conditions those modules within SCCs New relevant to a data controller and data processor relationship incorporating the detail incorporated within Annexes A and B of the Agreement provided for within SCCs Current and providing for the same substitution of the SCCs Current by SCCs New in relation to transfers of data to Parker Software Inc and ensuring so far as reasonably practicable the substitution by [Twilio Inc] of SCCs Current by SCCs New between [Twilio Inc] and Licensor.

9.7.      On and from the Transition Date  or such other date as is recommended or required by the UK Information Commissioner’s Office if you are a United Kingdom Customer the SCCs Current provided for in the Agreement shall cease to have application in relation to the processing of Personal Data on and from such date as the Licensor may specify provided that with effect from that date  Licensor commits to and procures the commitment of its subsidiary Parker Software Inc. relevant replacement standard contractual clauses appropriate to a data controller and data processor relationship incorporating the detail incorporated within Annexes A and B of the Agreement provided for within SCCs Current. Licensor shall also ensure so far as is reasonably practicable the substitution by Twilio Inc of standard contractual clauses in appropriate form and content.

9.8.      Licensor agrees that the SCCs Current and when adopted the SCCs New shall be interpreted and governed by the laws of the EU or EEA member state in which you are established.

9.9.      Licensor has appointed an EU Representative for the purpose of the requirements of EU GDPR the representative’s details are as follows: [PrighterGDPR-Rep by Maetzler Rechtsanwalts GmbH & Co KG, Schellinggasse 3/10,1010 Vienna, Austria. Prighter | Compliance Landing Page of Parker Software Ltd]. Licensor will provide details of any change in the identify of its appointed Authorised Representative as soon at the time any change has effect.

10.      THIRD PARTIES

10.1.   The Parties intend that subject to clause 3 of the SCCs Current and to any equivalent provision incorporated into this Agreement under any SCCs New, no provision of the Contract shall confer any benefit, nor be enforceable by any Person who is not a party by virtue of this Agreement and accordingly save as provided by the foregoing no term of this Agreement shall give rise to any rights under the Contracts (Rights of Third Parties) Act 1999.

 

11.      GENERAL

11.1.   The person accepting the terms of the Agreement on your behalf confirms (i) that he/she is authorised to enter into this Agreement on your behalf and to bind you to its terms and (ii) that you are not a consumer.

11.2.   You agree that the Licensor shall have the right, after supplying undertakings as to confidentiality, to audit your use of the Application in order to verify compliance with the Agreement.

11.3.   If for any reason any of the provisions hereof shall be deemed inoperative unenforceable or invalid, the remaining provisions shall nonetheless remain in full force and effect.

11.4.   This Agreement constitutes the entire agreement between you and the Licensor. You acknowledge that you have not relied on any statement, promise or representation made or given by or on behalf of the Licensor which is not set out in this Agreement.

11.5.   No failure by the Licensor (i) to insist that you perform any of your obligations under the Agreement, or (ii) to enforce its rights against you, or delay in doing so, shall be construed as a waiver of its rights against you.  A waiver of any right is only effective if it is in writing.  A waiver of any right shall not prevent the Licensor from enforcing that or any other right against you if you breach such right again on a separate occasion.

11.6.   The Licensor shall not be liable or responsible for any failure to perform, or delay in performance of, any of its obligations under the Agreement that is caused by any act or event beyond its reasonable control, including failure of public or private telecommunications networks.

11.7.   The Licensor may, at any time, assign or transfer this Agreement or any part of it and/or any rights and obligations arising under it (including the benefit of any guarantee or warranty) to any person, firm or company and you shall if the Licensor requires, enter into a novation agreement with the Licensor and the transferee or such other documentation as is necessary to give effect to any such assignment or transfer.  You may only transfer your rights or obligations under this Agreement to another person if the Licensor agrees in writing.

11.8.   Subject to clause 9.8 the terms of this licence shall in all respects be governed by and construed in accordance with English Law and the English courts shall have exclusive jurisdiction.

 

 

 

 

Parker Software Limited

Registered in England under Company Number 04525820

VAT Number GB797853061

Victoria Business Park

Prospect Way

Knypersley

Stoke-on-Trent

Staffordshire

ST8 7PL

United Kingdom

marketing@parkersoftware.com


 

Appendix 1

For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection

Name of the data exporting organisation (shall be as provided within the online order form)

(the data exporter)

 

Name of the data importing organisation: PARKER SOFTWARE LIMITED

Address:   Victoria Business Park Prospect Way, Knypersley, Stoke-On-Trent, ST8 7PL

Other information needed to identify the organisation: (CRN: 04525820)

(the data importer)

HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in ANNEX A.

1.             Definitions

For the purposes of the Clauses:

(a)        personal data, special categories of data, process/processing, controller, processor, data subject and supervisory authority shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1);

(b)       the data exporter means the controller who transfers the personal data;

(c)        the data importer means the processor who agrees to receive from the data exporter personal data intended for processing on its behalf after the transfer in accordance with its instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

(d)       the sub-processor means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with its instructions, the terms of the Clauses and the terms of the written subcontract;

(e)        the applicable data protection law means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

(f)         technical and organisational security measures means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

2.             Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in ANNEX A which forms an integral part of the Clauses.

3.             Third-party beneficiary clause

The data subject can enforce against the data exporter this clause 3, clause 4(b) to clause 4(i), clause 5(a) to clause 5(e) and clause 5(g) to clause 5(j), clause 6.1 and clause 6.2, clause 7, clause 8.2 and clause 9 to clause 12 as third-party beneficiary.

The data subject can enforce against the data importer this clause, clause 5(a) to clause 5(e) and clause 5(g), clause 6, clause 7, clause 8.2 and clause 9 to clause 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

3.1          The data subject can enforce against the sub-processor this clause 3.1, clause 5(a) to clause 5(e) and clause 5(g), clause 6, clause 7, clause 8.2, and clause 9 to clause 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

4.             Obligations of the data exporter

The data exporter agrees and warrants:

(a)        that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

(b)        that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;

(c)        that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in ANNEX B to this contract;

(d)        that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

(e)        that it will ensure compliance with the security measures;

(f)         that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

(g)        to forward any notification received from the data importer or any sub-processor pursuant to clause 5(b) and clause 8.3 to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;

(h)        to make available to the data subjects upon request a copy of the Clauses, with the exception of ANNEX B and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

(i)         that, in the event of sub-processing, the processing activity is carried out in accordance with clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subjects as the data importer under the Clauses; and

(j)         that it will ensure compliance with clause 4(a) to clause 4(i).

5.             Obligations of the data importer

The data importer agrees and warrants:

(a)        to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(b)        that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(c)        that it has implemented the technical and organisational security measures specified in ANNEX B before processing the personal data transferred;

(d)        that it will promptly notify the data exporter about:

(i)         any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;

(ii)        any accidental or unauthorised access; and

(iii)       any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;

(e)        to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

(f)         at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;

(g)        to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of ANNEX B which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

(h)        that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;

(i)         that the processing services by the sub-processor will be carried out in accordance with clause 11; and

(j)         to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.

6.             Liability

6.1          The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in clause 3 or in clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.

6.2          If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or its sub-processor of any of their obligations referred to in clause 3 or in clause 11 because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, in which case the data subject can enforce its rights against such entity.

The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.

6.3          If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in clause 3 or in clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.

7.             Mediation and jurisdiction

7.1          The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

(a)        to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

(b)        to refer the dispute to the courts in the Member State in which the data exporter is established.

7.2          The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

8.             Cooperation with supervisory authorities

8.1          The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

8.2          The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.

8.3          The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in clause 5(b).

9.             Governing Law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

10.          Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clauses.

11.          Sub-processing

11.1        The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor's obligations under such agreement.

11.2        The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

11.3        The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.

11.4        The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.

12.          Obligation after the termination of personal data processing services

12.1        The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

12.2        The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.

ANNEX A      to the Standard Contractual Clauses

This Annex forms part of the Clauses and must be completed and signed by the parties.

NB: In accordance with Article 5 of the implementing decision adopting the Clauses and for business reasons no signatures are required to confirm the legal effectiveness of the Clauses.

The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this ANNEX A.

The data importer expresses its agreement in principle to the incorporation of any national procedures at the request of the data exporter. The data exporter is responsible for making known to the data importer any such matters which shall then be agreed and adopted by the Parties.

 

Data exporter      

The data exporter is the party entering into this contract with Parker Software Limited (and referred to as You).

Data importer      

The data importer is Parker Software Limited (please specify briefly your activities relevant to the transfer):

Data is taken from the WhosOn tracking code and the live chat session transferred to and stored within the Data Exporter’s WhosOn cloud database section.

Data subjects      

The personal data transferred concern the following categories of data subjects (please specify):   Your employees and third parties who are users of the services we provide.

Categories of data        

The personal data transferred concern the following categories of data (please specify):

Names, contact details and other personal data (including potentially sensitive personal data) which service users choose to share via web chat.

Special categories of data (if appropriate)

The personal data transferred concern the following special categories of data (please specify): Any data shared via web chat that service users choose to share via web chat.

 

Processing operations 

The personal data transferred will be subject to the following basic processing activities (please specify):

Data is transferred from the source to the Data Exporter’s WhosOn database. This is then accessible through the WhosOn Client and WhosOn web reports to the Data Exporter’s chat operators. Data may also be accessed for support purposes by personnel of the data importer’s subsidiary located in the United States Parker Software Inc.

 

Chat data is processed through a service provided by Twilio Inc who are the data importer’s subprocessor for the management of chat functionality. Sendgrid will store chat envelope data but not the content of messages for a period of three days (for reference purposes).  

 

 

ANNEX B      to the Standard Contractual Clauses

This ANNEX B forms part of the Clauses and must be completed and signed by the parties.

NB: In accordance with Article 5 of the implementing decision adopting the Clauses and for business reasons no signatures are required to confirm the legal effectiveness of the Clauses.

 

Description of the technical and organisational security measures implemented by the data importer in accordance with clause 4(d) and clause 5(c) (or documents/legislation attached):

In order to access the data importer’s processing activities Parker Software Inc. has to route its connections through a VPN with the data importer’s head office which then connects to the data exporter’s cloud account over another VPN to Parker Software Ltd’s Private cloud environment within Microsoft Azure UK Ltd.

Access to the data exporter’s cloud account is granted to Technical support team members only, who go through more vigorous background checking and training processes. This background check includes: 7 year county and federal criminal conviction search and social security trace, 3 year employment verification and a 7 panel drug test. The training includes EU data protection principles and regulations, refresher courses are provided annually.

Staff are also prohibited from downloading or transferring any data from the environment, any suspected breach of this is investigated without delay and punishments can include termination of employment.