HOSTED CLOUD APPLICATION - TERMS OF USE
IMPORTANT: THIS IS A LEGALLY BINDING AGREEMENT
BY SUBSCRIBING TO USE THE APPLICATION OR BY ACCESSING
OR USING THE APPLICATION YOU INDICATE YOUR AGREEMENT TO THE FOLLOWING TERMS AND
CONDITIONS (THE “AGREEMENT”)
1.
DEFINITIONS
In
this Agreement the following terms have the following meanings:-
1.1.
“Application”
means the online, web-based application service, including offline components,
if any, provided by the Licensor as indicated in the online order form.
1.2.
“Data Protection
Legislation” means
1.2.1.
to the extent the
UK GDPR applies, the law of the United Kingdom or of a part of the United
Kingdom which relates to the protection of personal data.
1.2.2.
to the extent the
EU GDPR applies within the European Union and as applied within the EEA, the
law of the European Union as applied and if relevant supplemented in any member
state of the European Union or any country in membership of the EEA which
relates to the protection of personal data in that country.
1.3.
“Documentation” means
materials (whether printed or electronic) which we provide to you for the
purposes of describing the functionality or operation of the Application.
1.4.
“EEA Customer”
means You if to the extent that the Services are provided to you within the
EEA.
1.5.
EU Council
Decision means the EU Council decision referenced 2010/87/EU implementing data
protection Standard Contractual Clauses.
1.6.
“EU GDPR” means
the General Data Protection Regulation ((EU) 2016/679, as it has effect in EU law
and as applied in the member states of the EEA.
1.7.
“Fault” means any
failure of the Application to operate in all material respects in accordance
with the Documentation, but excluding any failure or error resulting from (a)
operator error or use of the Application in a manner inconsistent with the
Documentation; (b) any breach of the Agreement; (c) your failure to implement
recommendations in respect of Solutions or Faults previously advised by the
Licensor; (d) any improper use, misuse or unauthorised alteration of the
Application by you; or (e) your computer equipment or any third party services
or products not supplied or approved by the Licensor for use with the
Application.
1.9.
"Licensor"
means Parker Software Limited, Victoria Business Park, Prospect Way, Knypersley, Stoke-on-Trent, Staffordshire, ST8 7PL. United
Kingdom.
1.10.
“Solution” either
of the following outcomes (a) correction of a Fault; or (b) a workaround in
relation to a Fault (including a reversal of any changes to the Application if
deemed appropriate by the Licensor.
1.11.
“UK Customer”
means You to the extent that the Services are provided to you within the United
Kingdom.
1.12.
"You/Your"
means the sole trader, partnership or company who wishes to use the Application
on the terms of this Agreement.
1.13.
“Your Data” means
the data inputted by you or on your behalf for the purpose of using the
Application or facilitating your use of the Application or data retrieved by
you or on your behalf through the Application.
1.14.
“Hosted Cloud
Provider” will subject to clause 9.1.4 be:
1.14.1. for customers within the United Kingdom and EEA within the United Kingdom,
1.14.2. for customers outside of the United Kingdom and EEA will either be in United States of America or United Kingdom.
1.15.
“SCCs Current”
means the Standard Contractual Clauses appended to the EU Council Decision.
1.16.
“SCCs New” means
the Standard Contractual Clauses that are to be adopted by EU Council decision
in substitution for the SCCs Current.
1.17.
“Transition Date”
means in relation to the intended substitution of EU Council decision of 5th
February 2010 reference 2010/87 EU by a substitute decision (“substitute
decision”) having substantially the same effect as that decision the date
stipulated within the Substitute Decision as the effective date of that
decision.
1.18.
“Subscription Fee” and “Subscription Package”
shall each have the meaning given to them in the online order form.
1.19.
“UK GDPR” has the
meaning given to it in section 3(10) (as supplemented by section 205(4)) of the
Data Protection Act 2018).
2.
USE OF THE APPLICATION
2.1.
In consideration
of you abiding by the terms of this Agreement and paying the Subscription Fee
in accordance with the payment terms set out in the online order form, the
Licensor grants to you a limited, non-exclusive, non-transferable,
non-sublicensable right to access and use the Application and the Documentation
in accordance with the Subscription Package and subject to the provisions of
the Agreement.
2.2.
This Agreement
does not transfer or modify any ownership rights related to the Application,
which are exclusively held by the Licensor or its licensors.
2.3.
You shall keep
your user access information secure and confidential. You shall ensure that anyone that uses the Application
through your user access does so in accordance with this Agreement. You shall
be solely responsible for any third party using the Application through your
user access that fails to comply with this Agreement.
2.4.
You may use the
Application for your business purposes only.
2.5.
You shall not:
2.5.1.
attempt in any
way to circumvent or otherwise interfere with any security precautions,
procedural controls, or other measures related to or incorporated into the
Application (and the software used in support thereof) or attempt to gain
unauthorised access to the Application (and the software used in support
thereof) or its related information technology systems or networks;
2.5.2.
send spam or
otherwise duplicative or unsolicited messages in violation of applicable laws;
2.5.3.
send or store unlawful,
infringing, offensive, obscene, discriminatory, threatening or otherwise
unlawful, immoral or tortuous material;
2.5.4.
send or store
material containing software viruses, worms, Trojan horses or other harmful
computer code, files, scripts, agents or programs;
2.5.5.
interfere with or
disrupt the integrity or performance of the Application or its related information
technology systems or networks or the data contained therein; or
2.5.6.
modify, copy,
adapt, reproduce, disassemble, decompile, reverse engineer, transmit or
distribute any portion of the Application (and the software used in support
thereof).
2.6.
You shall:
2.6.1.
prevent
unauthorised access to, or use of, the Application, and notify us promptly of
any such unauthorised use; and
2.6.2.
comply with all
applicable laws and regulations with respect to your activities under the Agreement.
3.
SERVICES
3.1.
The Licensor shall
use reasonable endeavours to make the Application available for 99% of the time
in any given month, except for:
3.1.1.
planned
maintenance carried out during the maintenance window of 22.00 to 06.00 (UK
time); and
3.1.2.
unscheduled
maintenance which will wherever possible (but cannot guaranteed) be performed
outside the hours of 09.00 to 17.00 (UK time) Monday to Friday.
If, for any reason, the Licensor anticipates the
Application being unavailable for any extended period for maintenance, it will,
wherever possible, give you notice of such unavailability.
3.2.
If you find a
Fault with the Application you should promptly notify
the Licensor by sending an email to the email address notified to you by the
Licensor for such purposes. The Licensor
shall use reasonable endeavours to provide a Solution to such Fault. Time for the provision of such services shall
not be of the essence. You warrant that
there are no third parties who would have a claim against the Licensor as a result of its provision of such services to you.
3.3.
The Licensor
shall not be responsible for any charges, losses or delays resulting from it
being prevented from or delayed in performing its obligations under the Agreement
by any of your acts or omissions or by any of the acts or omissions of those
accessing the Application through your user access.
3.4.
Notwithstanding
the foregoing, the Licensor does not warrant that the Application and/or the
information obtained by you through it will meet your requirements or that its
operation will be uninterrupted or error free.
All warranties, representations or guarantees of any kind, express or
implied, including, but not limited to, any implied warranties of quality,
merchantability, fitness for a particular purpose or ability to achieve a
particular result are excluded.
4.
YOUR DATA
4.1.
As between the
Licensor and you, you shall own all right, title and interest in and to Your
Data and shall have sole responsibility for the legality, reliability,
integrity, accuracy and quality of Your Data.
4.2.
The Licensor may
access your user accounts, including Your Data, for the purposes of providing
the Application and performing its obligations under the Agreement. You grant to the Licensor the non-exclusive
right to use, copy, store, transmit and display Your Data to the extent
necessary to provide the Application and to perform its obligations under the Agreement.
4.3.
The Licensor will
use reasonable endeavours to archive Your Data on a regular basis and to retain
it for the period permitted by your Subscription Package. In the event of any loss or damage to Your
Data, your sole and exclusive remedy shall be for the Licensor to use
reasonable endeavours to restore such lost or damaged data from the latest
back-up of such data maintained by the Licensor in accordance with its
archiving procedures. The Licensor shall
not be responsible for any loss, destruction, alteration
or disclosure of Your Data caused by any third party (except for third parties authorised
to act on behalf of the Licensor).
4.4.
You agree to
provide any notices and obtain any consents related to your use of the
Application including those relating to the collection, use, transfer
and disclosure of personal information.
You shall, on request, provide the Licensor with evidence to its
reasonable satisfaction that you have such consents.
5.
SUBSCRIPTION FEE
5.1.
You will pay the
Subscription Fee in full (without any set-off, deduction or withholding) by
Direct Debit in accordance with the payment terms set out in the online order.
5.2.
All amounts and
fees stated or referred to in the Agreement are exclusive of, and you shall
pay, all applicable taxes, duties and levies ruling at the date of invoice or
payment (for payments made by Direct Debit).
5.3.
The Subscription
Fee shall be fixed for the Initial Term.
Thereafter the Licensor may increase the Subscription Fee at any time on
40 days’ written notice to you.
6.
OWNERSHIP
6.1.
You acknowledge
that the Application (including the software used in support thereof) is the
Licensor’s (or the Licensor’s licensors) confidential information and that you
shall treat it as such and not disclose it to any third party save for those
employees, agents, consultants and sub-contractors
that are aware that the Application is the Licensor’s (or the Licensor’s
licensors) confidential information and are bound to treat it as such. These obligations of confidentiality shall
not apply to the extent that the Application is already in the public domain or
to the extent that disclosure is required by law or a court of competent
jurisdiction.
6.2.
You will not
attempt in any way to remove, conceal or overwrite any
copyright notices or circumvent any technical protection measures incorporated
into the Application to protect the Intellectual Property rights in the
Application from being misappropriated.
7.
LIMITATION OF LIABILITY
7.1.
You accept
responsibility for the selection of the Application to achieve your intended
results and, except as expressly provided in the Agreement, you assume sole
responsibility for results obtained from your use of the Application.
7.2.
Subject to clause
7.3 and clause 7.4 below the Licensor’s maximum aggregate liability under or in
connection with the Agreement whether in contract, tort (including negligence)
or otherwise, shall in no circumstances exceed an amount equal to the annual Subscription
Fee.
7.3.
Nothing in this Agreement
shall limit or exclude the Licensor’s liability for:
7.3.1.
personal injury
or death caused directly by the negligence of the Licensor,
7.3.2.
fraud or
fraudulent misrepresentation; or
7.3.3.
any other
liability that cannot be excluded or limited by law.
7.4.
Subject to clause
7.3 above, in no event will the Licensor be liable to you for any:
7.4.1.
lost profits;
7.4.2.
lost savings;
7.4.3.
loss of data; or
7.4.4.
indirect,
special, incidental or consequential damages;
arising out of the use of or
inability to use the Application, even if the Licensor has been advised of the
possibility of such damages.
7.5.
Subject to clause
7.3, the Licensor shall be discharged of all liability arising under or in
connection with the Agreement unless (without extending statutory limitation)
proceedings are begun and served within 12 months after you became aware (or
should reasonably have become aware) of the facts giving rise to such
liability.
8.
TERMINATION
8.1.
The Agreement is,
subject to earlier termination in accordance with this clause 8, effective for
the Initial Term and shall continue thereafter subject to either party serving
30 days’ written notice to terminate on the other party.
8.2.
Without limiting
its other rights or remedies, the Licensor may suspend its performance of or (whether or not such performance has previously been
suspended) terminate the Agreement, without liability to you, by giving you
notice in writing at any time or times if you:
8.2.1.
fail to make any
payment when and as due or otherwise default in any of your obligations under
the Agreement;
8.2.2.
are unable to pay
your debts in the ordinary course of business;
8.2.3.
have a receiver,
manager, administrator, administrative receiver or trustee in bankruptcy (as
the case may be) appointed for all or any part of your undertaking, assets or
income, have a resolution passed or a petition presented to any court for your
winding up (compulsorily or voluntarily), enter into any composition or
arrangement with your creditors (whether formal or informal), have any
distraint or execution levied on any of your assets, suffer any action similar
to any of the foregoing in any jurisdiction; or
the Licensor bona fide believes
any of the foregoing matters may occur.
8.3.
The Agreement may
be terminated by either party where the other:
8.3.1.
breaches a
material obligation of the Agreement and, where the breach is remediable, the
party in breach has failed to remedy it within 28 days after written notice
giving full particulars of the breach; or
8.3.2.
repeatedly
breaches any of the terms of the Agreement in such a manner as to reasonably
justify the opinion that its conduct is inconsistent with it having the
intention or ability to give effect to the terms of the Agreement.
8.4.
If you terminate
the Agreement pursuant to clause 8.3, we shall refund you on a pro-rata basis
for any unused proportion of the Subscription Fee paid in advance.
8.5. On termination of the Agreement for any reason:
8.5.1.
you shall
immediately pay all outstanding amounts to the Licensor;
8.5.2.
all rights
granted to access or use the Application shall immediately terminate and you
shall immediately cease to access or use the Application;
8.5.3.
the Licensor may
destroy or otherwise dispose of any of Your Data that it has in its possession
or control unless it receives, no later than 14 days after the date of
termination, a written request for the delivery to you of the last back-up
(made before the date of termination) of Your Data. The Licensor shall use reasonable endeavours
to deliver the back-up to you in the format in which it has been backed up
within 45 days of receipt of your written request, provided
that you have, at that time, paid all fees and charges outstanding at
and resulting from termination (whether or not due at the date of
termination). You shall pay the
Licensor’s reasonable charges, costs and expenses incurred in returning or
disposing of Your Data; and
8.5.4.
the accrued
rights/remedies of the parties as at termination, or the continuation after
termination of any provision expressly stated to survive or implicitly
surviving termination, shall not be affected or prejudiced.
9.
DATA PROTECTION AND SECURITY
9.1.
To the extent
that the Licensor processes any “Personal Data” on your behalf when performing its
obligations under the Agreement, you and the Licensor record the intention that
you shall be the “Data Controller” and the Licensor shall be the “Data
Processor” (in each case as defined in the Data Protection Legislation) and in
any such case where required by the Data Protection Legislation:
9.1.1.
the Licensor
shall act only on your documented instructions (which you acknowledge and agree
shall include the terms of the Agreement);
9.1.2.
the Licensor has
in place appropriate technical and organisational security measures against
unauthorised or unlawful processing of Personal Data and against accidental
loss or destruction of, or damage to, Personal Data;
9.1.3.
the Licensor will
assist you with any subject access request that you receive relating to
Personal Data that the Licensor processes on your behalf under the Agreement;
9.1.4.1.
technical
support from Parker Software Inc under
arrangements contracted for by Licensor which incorporate SCCs Current; and
9.1.4.2.
in conjunction
with chat functionality provided the processing of Personal Data through the
service provided by [Twilio Inc] terms and conditions for which incorporate
SCC’s Current
9.1.5.
for United
Kingdom Customers the Licensor will not, unless you have specified that the
Hosted Cloud Location should be outside the United Kingdom cause or permit
Personal Data to be transferred outside the United Kingdom without your prior
written consent excluding:
9.1.5.1. technical support from Parker Software Inc under arrangements contracted for by Licensor which incorporate SCCs Current; and
9.1.5.2.
in conjunction
with chat functionality the processing of Personal Data through the service
provided by Twilio Inc terms and conditions for which have been contracted for
by Licensor upon terms that incorporate SCC’s Current
9.1.6.
the Licensor
shall ensure that access to the Personal Data that the Licensor processes on
your behalf under the Agreement shall be limited to its employees and permitted
sub-contractors (you hereby acknowledge and agree that the Hosted Cloud
Provider shall act as the Licensor’s subcontractor in order
to allow it to perform its obligations under the Agreement) who are
subject to binding written confidentiality obligations.
9.2.
You and the
Licensor shall comply at all times with the Data
Protection Legislation and shall not do anything to put the other party in
breach of its obligations under the Data Protection Legislation.
9.3.
In respect of any
actual or reasonably suspected unauthorised access to or acquisition of Your
Data or Personal Data that the Licensor processes on your behalf under the terms
of the Agreement the Licensor shall promptly notify you and provide you with
details of such breach.
9.4.
The Licensor
shall maintain, in accordance with the Data Protection Legislation, written
records of all categories of processing activities carried out on your behalf.
9.5.
The Licensor
shall, in accordance with the Data Protection Legislation, make available to
you such information as is reasonably necessary to demonstrate its compliance
with the obligations of Data Processors under the Data Protection Legislation.
9.6.
On and from the
Transition Date if you are an EEA Customer the SCCs Current provided for in the
Agreement shall cease to have application in relation to the processing of
Personal Data on and from that date Licensor undertaking to prepare and
incorporate into these terms and conditions those modules within SCCs New
relevant to a data controller and data processor relationship incorporating the
detail incorporated within Annexes A and B of the Agreement provided for within
SCCs Current and providing for the same substitution of the SCCs Current by
SCCs New in relation to transfers of data to Parker Software Inc and ensuring
so far as reasonably practicable the substitution by [Twilio Inc] of SCCs
Current by SCCs New between [Twilio Inc] and Licensor.
9.7.
On and from the
Transition Date or such other date as is
recommended or required by the UK Information Commissioner’s Office if you are a
United Kingdom Customer the SCCs Current provided for in the Agreement shall
cease to have application in relation to the processing of Personal Data on and
from such date as the Licensor may specify provided that with effect from that
date Licensor commits to and procures
the commitment of its subsidiary Parker Software Inc. relevant replacement
standard contractual clauses appropriate to a data controller and data
processor relationship incorporating the detail incorporated within Annexes A
and B of the Agreement provided for within SCCs Current. Licensor shall also
ensure so far as is reasonably practicable the substitution by Twilio Inc of
standard contractual clauses in appropriate form and content.
9.8.
Licensor agrees
that the SCCs Current and when adopted the SCCs New shall be interpreted and
governed by the laws of the EU or EEA member state in which you are
established.
9.9.
Licensor has
appointed an EU Representative for the purpose of the requirements of EU GDPR
the representative’s details are as follows: [PrighterGDPR-Rep by Maetzler Rechtsanwalts GmbH & Co KG, Schellinggasse
3/10,1010 Vienna, Austria. Prighter
| Compliance Landing Page of Parker Software Ltd]. Licensor will provide details of any change in the
identify of its appointed Authorised Representative as soon at the time any
change has effect.
10. THIRD
PARTIES
10.1.
The Parties
intend that subject to clause 3 of the SCCs Current and to any equivalent
provision incorporated into this Agreement under any SCCs New, no provision of
the Contract shall confer any benefit, nor be enforceable by any Person who is
not a party by virtue of this Agreement
and accordingly save as provided by the foregoing no term of this Agreement
shall give rise to any rights under the Contracts (Rights of Third Parties) Act
1999.
11. GENERAL
11.1.
The person
accepting the terms of the Agreement on your behalf confirms (i) that he/she is authorised to enter into this Agreement on
your behalf and to bind you to its terms and (ii) that you are not a consumer.
11.2.
You agree that
the Licensor shall have the right, after supplying undertakings as to
confidentiality, to audit your use of the Application in order
to verify compliance with the Agreement.
11.3.
If for any reason
any of the provisions hereof shall be deemed inoperative unenforceable or
invalid, the remaining provisions shall nonetheless remain in full force and
effect.
11.4.
This Agreement
constitutes the entire agreement between you and the Licensor. You acknowledge
that you have not relied on any statement, promise or representation made or
given by or on behalf of the Licensor which is not set out in this Agreement.
11.5.
No failure by the
Licensor (i) to insist that you perform any of your
obligations under the Agreement, or (ii) to enforce its rights against you, or
delay in doing so, shall be construed as a waiver of its rights against
you. A waiver of any right is only
effective if it is in writing. A waiver
of any right shall not prevent the Licensor from enforcing that or any other
right against you if you breach such right again on a separate occasion.
11.6.
The Licensor
shall not be liable or responsible for any failure to perform, or delay in
performance of, any of its obligations under the Agreement that is caused by
any act or event beyond its reasonable control, including failure of public or
private telecommunications networks.
11.7.
The Licensor may,
at any time, assign or transfer this Agreement or any part of it and/or any
rights and obligations arising under it (including the benefit of any guarantee
or warranty) to any person, firm or company and you shall if the Licensor
requires, enter into a novation agreement with the Licensor and the transferee
or such other documentation as is necessary to give effect to any such
assignment or transfer. You may only
transfer your rights or obligations under this Agreement to another person if
the Licensor agrees in writing.
11.8.
Subject to clause
9.8 the terms of this licence shall in all respects be governed by and
construed in accordance with English Law and the English courts shall have
exclusive jurisdiction.
Parker Software Limited
Registered in England under
Company Number 04525820
VAT Number GB797853061
Victoria Business Park
Prospect Way
Knypersley
Stoke-on-Trent
Staffordshire
ST8 7PL
United Kingdom
Appendix 1
Name
of the data exporting organisation (shall be as provided within the online order
form)
(the data exporter)
Name
of the data importing organisation: PARKER SOFTWARE LIMITED
Address: Victoria Business Park Prospect Way, Knypersley,
Stoke-On-Trent, ST8 7PL
Other
information needed to identify the organisation: (CRN: 04525820)
(the data importer)
For
the purposes of the Clauses:
(a)
personal data, special categories
of data, process/processing, controller, processor, data
subject and supervisory authority shall have the
same meaning as in Directive 95/46/EC of the European Parliament and of the
Council of 24 October 1995 on the protection of individuals with regard to the
processing of personal data and on the free movement of such data (1);
(b) the data exporter means the
controller who transfers the personal data;
(c)
the data importer means the
processor who agrees to receive from the data exporter personal data intended
for processing on its behalf after the transfer in accordance with its
instructions and the terms of the Clauses and who is not subject to a third
country's system ensuring adequate protection within the meaning of Article
25(1) of Directive 95/46/EC;
(d) the sub-processor means any
processor engaged by the data importer or by any other sub-processor of the
data importer who agrees to receive from the data importer or from any other
sub-processor of the data importer personal data exclusively intended for
processing activities to be carried out on behalf of the data exporter after
the transfer in accordance with its instructions, the terms of the Clauses and
the terms of the written subcontract;
(e)
the applicable data protection law means the
legislation protecting the fundamental rights and freedoms of individuals and,
in particular, their right to privacy with respect to the processing of
personal data applicable to a data controller in the Member State in which the
data exporter is established;
(f)
technical and organisational security measures means
those measures aimed at protecting personal data against accidental or unlawful
destruction or accidental loss, alteration, unauthorised disclosure or access,
in particular where the processing involves the transmission of data over a
network, and against all other unlawful forms of processing.
The
details of the transfer and in particular the special categories of personal
data where applicable are specified in ANNEX A which forms an
integral part of the Clauses.
3.
Third-party
beneficiary clause
The
data subject can enforce against the data exporter this clause 3, clause 4(b)
to clause 4(i), clause 5(a)
to clause 5(e) and clause 5(g)
to clause 5(j), clause
6.1
and clause
6.2, clause
7, clause
8.2
and clause
9
to clause
12
as third-party beneficiary.
The
data subject can enforce against the data importer this clause, clause 5(a)
to clause 5(e) and clause 5(g), clause
6, clause
7, clause
8.2
and clause
9
to clause
12,
in cases where the data exporter has factually disappeared or has ceased to
exist in law unless any successor entity has assumed the entire legal
obligations of the data exporter by contract or by operation of law, as a
result of which it takes on the rights and obligations of the data exporter, in
which case the data subject can enforce them against such entity.
3.1
The data subject
can enforce against the sub-processor this clause 3.1, clause 5(a)
to clause 5(e) and clause 5(g),
clause
6,
clause
7,
clause
8.2,
and clause
9
to clause
12,
in cases where both the data exporter and the data importer
have factually disappeared or ceased to exist in law or have become insolvent,
unless any successor entity has assumed the entire legal obligations of the
data exporter by contract or by operation of law as a result of which it takes
on the rights and obligations of the data exporter, in which case the data
subject can enforce them against such entity. Such third-party liability of the
sub-processor shall be limited to its own processing operations under the
Clauses.
4.
Obligations of
the data exporter
The
data exporter agrees and warrants:
(c)
that the data
importer will provide sufficient guarantees in respect of the technical and
organisational security measures specified in ANNEX B to this contract;
(e)
that it will
ensure compliance with the security measures;
(g)
to forward any
notification received from the data importer or any sub-processor pursuant to clause 5(b)
and clause
8.3
to the data protection supervisory authority if the data exporter decides to
continue the transfer or to lift the suspension;
(h)
to
make available to the data subjects upon request a copy of the Clauses, with
the exception of ANNEX
B
and a summary description of the security measures, as well as a copy of any
contract for sub-processing services which has to be made in accordance with
the Clauses, unless the Clauses or the contract contain commercial information,
in which case it may remove such commercial information;
(i)
that,
in the event of sub-processing, the processing activity is carried out in
accordance with clause
11
by a sub-processor providing at least the same level of protection for the
personal data and the rights of data subjects as the data importer under the
Clauses; and
(j)
that
it will ensure compliance with clause 4(a)
to clause 4(i).
5.
Obligations of
the data importer
The
data importer agrees and warrants:
(c)
that it has
implemented the technical and organisational security measures specified in ANNEX B before processing
the personal data transferred;
(d)
that it will
promptly notify the data exporter about:
(ii)
any accidental or
unauthorised access; and
(g)
to make available
to the data subject upon request a copy of the Clauses, or any existing
contract for sub-processing, unless the Clauses or contract contain commercial
information, in which case it may remove such commercial information, with the
exception of ANNEX B which shall be
replaced by a summary description of the security measures in those cases where
the data subject is unable to obtain a copy from the data exporter;
(i)
that the
processing services by the sub-processor will be carried out in accordance with
clause 11; and
6.1
The parties agree
that any data subject, who has suffered damage as a result of any breach of the
obligations referred to in clause 3 or in clause 11 by any party or
sub-processor is entitled to receive compensation from the data exporter for
the damage suffered.
6.2
If a data subject
is not able to bring a claim for compensation in accordance with paragraph 1
against the data exporter, arising out of a breach by the data importer or its
sub-processor of any of their obligations referred to in clause 3 or in clause 11 because the data
exporter has factually disappeared or ceased to exist in law or has become
insolvent, the data importer agrees that the data subject may issue a claim
against the data importer as if it were the data exporter, unless any successor
entity has assumed the entire legal obligations of the data exporter by
contract or by operation of law, in which case the data subject can enforce its
rights against such entity.
The data importer may
not rely on a breach by a sub-processor of its obligations in
order to avoid its own liabilities.
6.3
If a data subject
is not able to bring a claim against the data exporter or the data importer
referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor
of any of their obligations referred to in clause 3 or in clause 11 because both the
data exporter and the data importer have factually disappeared or ceased to
exist in law or have become insolvent, the sub-processor agrees that the data
subject may issue a claim against the data sub-processor with regard to its own
processing operations under the Clauses as if it were the data exporter or the
data importer, unless any successor entity has assumed the entire legal
obligations of the data exporter or data importer by contract or by operation
of law, in which case the data subject can enforce its rights against such
entity. The liability of the sub-processor shall be limited to its own
processing operations under the Clauses.
7.1
The data importer
agrees that if the data subject invokes against it third-party
beneficiary rights and/or claims compensation for damages under the Clauses,
the data importer will accept the decision of the data subject:
8.
Cooperation with
supervisory authorities
8.3
The data importer
shall promptly inform the data exporter about the existence of legislation
applicable to it or any sub-processor preventing the conduct of an audit of the
data importer, or any sub-processor, pursuant to paragraph 2. In such a case
the data exporter shall be entitled to take the measures foreseen in clause 5(b).
The
parties undertake not to vary or modify the Clauses. This does not preclude the
parties from adding clauses on business related issues where required as
long as they do not contradict the Clauses.
11.2
The prior written
contract between the data importer and the sub-processor shall also provide for
a third-party beneficiary clause as laid down in clause 3 for cases where the
data subject is not able to bring the claim for compensation referred to in
paragraph 1 of clause 6 against the data
exporter or the data importer because they have factually disappeared or have
ceased to exist in law or have become insolvent and no successor entity has
assumed the entire legal obligations of the data exporter or data importer by
contract or by operation of law. Such third-party liability of the
sub-processor shall be limited to its own processing operations under the
Clauses.
11.4
The data exporter
shall keep a list of sub-processing agreements concluded under the Clauses and
notified by the data importer pursuant to clause 5(j), which shall be
updated at least once a year. The list shall be available to the data
exporter's data protection supervisory authority.
12.
Obligation after
the termination of personal data processing services
ANNEX A
to the Standard
Contractual Clauses
This Annex forms part of the
Clauses and must be completed and signed by the parties.
NB: In
accordance with Article 5 of the implementing decision adopting the Clauses and
for business reasons no signatures are required to confirm the legal
effectiveness of the Clauses.
The Member States may
complete or specify, according to their national procedures, any additional
necessary information to be contained in this ANNEX A.
The data importer expresses
its agreement in principle to the incorporation of any national procedures at
the request of the data exporter. The
data exporter is responsible for making known to the data importer any such
matters which shall then be agreed and adopted by the Parties.
Data exporter
The data exporter is the
party entering into this contract with Parker Software Limited (and referred to
as You).
Data importer
The data importer is Parker
Software Limited (please specify briefly your
activities relevant to the transfer):
Data is taken from the WhosOn tracking code and the live chat session transferred
to and stored within the Data Exporter’s WhosOn cloud
database section.
Data subjects
The personal data transferred
concern the following categories of data subjects (please specify): Your employees
and third parties who are users of the services we provide.
Categories of data
The personal data transferred
concern the following categories of data (please specify):
Names, contact details and
other personal data (including potentially sensitive personal data) which service
users choose to share via web chat.
Special categories of data (if appropriate)
The personal data transferred concern the
following special categories of data (please specify): Any data shared via web
chat that service users choose to share via web chat.
Processing operations
The personal data transferred
will be subject to the following basic processing activities (please specify):
Data is transferred from the source to the
Data Exporter’s WhosOn database. This is then
accessible through the WhosOn Client and WhosOn web reports to the Data Exporter’s chat operators. Data
may also be accessed for support purposes by personnel of the data importer’s
subsidiary located in the United States Parker Software Inc.
Chat data is processed through a service
provided by Twilio Inc who are the data importer’s subprocessor
for the management of chat functionality. Sendgrid
will store chat envelope data but not the content of messages for a period of
three days (for reference purposes).
ANNEX B
to the Standard
Contractual Clauses
This ANNEX B forms part of the Clauses and must be completed and signed by the
parties.
NB: In accordance with
Article 5 of the implementing decision adopting the Clauses and for business
reasons no signatures are required to confirm the legal effectiveness of the
Clauses.
Description of the technical and organisational
security measures implemented by the data importer in accordance with clause 4(d)
and clause 5(c) (or documents/legislation attached):
In order to access the data importer’s processing activities
Parker Software Inc. has to route its connections through a VPN with the data importer’s
head office which then connects to the data exporter’s cloud account over
another VPN to Parker Software Ltd’s Private cloud environment
within Microsoft Azure UK Ltd.
Access to the data exporter’s
cloud account is granted to Technical support team members only, who go through
more vigorous background checking and training processes. This background check
includes: 7 year county and federal criminal
conviction search and social security trace, 3 year employment verification and
a 7 panel drug test. The training includes EU data protection principles and
regulations, refresher courses are provided annually.
Staff are also prohibited
from downloading or transferring any data from the environment, any suspected
breach of this is investigated without delay and punishments can include
termination of employment.