1. DEFINITIONS AND INTERPRETATION
1.1 In these Terms unless the context otherwise requires the following words shall have the following meanings:
“Access Date”
|
The date on which the Client first gains access to the Application
|
“Analytical Dataset”
|
Has the meaning given in clause 6.2
|
“Application”
|
means the web-based or mobile application developed and maintained by Articheck, which assists Clients with the management of their collections of Artifacts by recording the condition of Artifacts by the creation of Reports and shipment tracking.
|
“Artifact”
|
Means any object of general interest in any format using any medium, owned or possessed by the Client in relation to which it wishes to create Reports.
|
“Authorised User”
|
means an any individual authorised by the Client who meets the requirements of clause 6 and is registered to receive a User ID to access and use the Application on behalf of the Client
|
“Business Day”
|
means a day other than a Saturday, Sunday or public holiday, when banks in England are open for business
|
“Client”
|
Means the person or entity named as client in the Contract Details
|
“Client Data”
|
the data (including Personal Data) provided by the Client for the purpose of using the Application or creating Reports
|
“Commencement Date”
|
the date on which this Contract comes into effect, which shall be the date on which it is signed or the Access Date, whichever is the earlier
|
“Confidential Information”
|
information that is proprietary or confidential to either party and is either clearly labelled as such or identified as Confidential Information in clause 7.5. Reports shall be the Confidential Information of the Client
|
“Contract”
|
Means the Contract Details and these Terms of Business
|
“Contract Details”
|
Means the details of the Client, its selected subscription to the Application and other agreed terms such as Usage Limits, whether set out in a formal proposal prepared by Articheck, or completed by the Client on the Articheck website
|
“Data Protection Legislation”
|
means all applicable data protection and privacy legislation, regulations and guidance including Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”) and the Privacy and Electronic Communications (EC Directive) Regulations including any law based on or seeking to enact any such provisions in the United Kingdom to the GDPR and any applicable guidance or codes of practice issued by the European Data Protection Board or Information Commissioner from time to time (all as amended, updated or re-enacted from time to time)
|
“End User Notice”
|
The notification regarding acceptable use presented to each Authorised User at the time of their initial log in into the Application, which is available on the Articheck website and which may be amended at any time by Articheck
|
“Fees”
|
means the charges as set out in the Contract Details
|
“Good Industry Practice”
|
means the use of standards, practices, methods and procedures conforming to Data Protection Legislation and the exercise of that degree of skill, care, diligence, prudence and foresight which would reasonably and ordinarily be expected from a skilled and experienced person engaged in the provision of similar services to an entity of a similar size and nature as Articheck under the same or similar circumstances
|
“Initial Term”
|
the initial term of this Contract as set out in the Contract Details
|
“Intellectual Property Rights”
|
means all trade secrets, patents and patent applications, trademarks and service marks (whether registered or unregistered and including any goodwill acquired in such trademarks and service marks), trade names, business names, internet domain names, e-mail address names, copyrights (including rights in computer software, object code and source code), moral rights, database rights, design rights, rights in know- how, rights in confidential information, rights in inventions (whether patentable or not) and all other intellectual property and proprietary rights (whether registered or unregistered, and any application for the foregoing), and all other equivalent or similar rights which may subsist anywhere in the world.
|
“Licence”
|
means the permission to access and use the Application granted to the Client and its Authorised Users in accordance with the terms of this Contract
|
“Malware”
|
anything or device (including any software, malware, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, Trojan horses, viruses, malicious code and other similar things or devices.
|
“Normal Business Hours”
|
9 am to 6.00 pm UK time, each Business Day, with extended hours as may be set out in the Contract Details
|
“parties”
|
Means the parties to this Contract, being Articheck and the Client
|
“Personal Data”
|
Shall have the definition given in Data Protection Legislation
|
“Renewal Term”
|
the period described in the Contract Details, and “Renewal Date” shall be construed accordingly
|
“Report”
|
any report created by the Client using the Application, such as reports relating to the condition of Artifacts or their maintenance or conservation, or their transportation
|
“Service Level Objective”
|
means the service level objectives set out in Schedule 1
|
“Term”
|
the period of time during which this Contract remains in force, being the Initial Term and any Renewal Terms
|
“Usage Limits”
|
Means the various limits on usage as set out on the Contract Details, relating to the maximum number of Authorised Users or Reports permitted under this Contract during the Initial or Renewal Term, as appropriate
|
“User ID”
|
means the unique user identification assigned to an Authorised User to be used as log-in credentials for access and use of the Application
|
1.2 Clause, schedule and paragraph headings shall not affect the interpretation of this Contract.
1.3 A person includes an individual, corporate or unincorporated body (whether or not having separate legal personality), and a reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.
1.4 Unless the context otherwise requires, words in the singular shall include the plural, and a reference to one gender shall include a reference to the other genders.
1.5 A reference to a statute or statutory provision is a reference to it as amended from time to time.
1.6 A reference to writing or written includes e-mail.
2. THE APPLICATION
2.1 In consideration of the Client’s acceptance of this Contract and the Client’s payment of the Fees set out in the Contract Details, Articheck shall provide access to the Application subject to the Usage Limits and hereby grants to the Client a non-exclusive and non-transferable Licence to use the Application on the terms set out in this Contract. The rights provided under this clause are granted to the Client and to any other wholly-owned entity within the Client’s group of companies.
2.2 This Contract shall not prevent Articheck from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under this Contract.
2.3 Articheck shall use reasonable endeavours to make the Application available at all times except during times of scheduled maintenance. Articheck shall use all reasonable endeavours to keep any service interruptions to a minimum and achieve the Service Level Objectives. If Articheck fails to meet a Service Level Objective then, without prejudice to the remainder of this clause Articheck shall use all reasonable endeavours to minimise the impact of such failure on the Client, and prevent such failure from recurring.
2.4 Articheck warrants that:
2.4.1 the Application:
(i) was developed in accordance with Good Industry Practice;
(ii) complies with all applicable laws and regulations with respect to its functioning under this Contract; and
(iii) not infringe upon any Intellectual Property Rights of any third party
2.4.2 it has and will maintain all necessary licences, consents, and permissions necessary for the performance of its obligations under this Contract.
2.5 If Articheck receives written notice of any breach of warranty from the Client by Articheck, then Articheck shall at its own expense and within a reasonable time after receiving the notice use reasonable endeavours to remedy the defect in question. When notifying a defect the Client shall (so far as it is able) provide Articheck with a documented example.
2.6 Except as expressly provided in this Contract no warranty, condition, undertaking or term, express or implied, statutory or otherwise, as to the condition, performance, satisfactory quality or fitness for purpose of the Application is given by Articheck and all such warranties, conditions, undertakings and terms are excluded (notwithstanding anything contained in any Schedule).
2.7 Articheck will have no obligation for any failure of the Application to operate substantially in accordance with this Contract if the failure:
2.7.1 is due to a breach by the Client of this Contract;
2.7.2 is caused by the Client’s negligence, abuse, misapplication, or misuse of the Application;
2.7.3 relates to or arises from the Client’s own computer equipment or computing environment;
2.7.4 cannot be remedied using commercially reasonable endeavours.
2.8 The Client understands that, other than the iOS mobile version, the Application is not accessible offline, and the Client shall remain responsible for being able to access the internet. The Client must ensure that its computer equipment and any third party software upon which the Application relies (such as an internet browser) are not malfunctioning in a way that adversely affects the operation of the Application. Articheck will provide all reasonable assistance to Client to ensure Client can comply with this clause.
2.9 The Client shall reasonably co-operate with Articheck’s personnel in the diagnosis of any error or defect (or apparent error or defect arising from another cause) in the Application to the extent necessary to enable Articheck to perform its obligations under this Contract.
2.10 Articheck represents and warrants that the servers upon which the Application is hosted have been scanned for Malware using reputable commercially-available Malware-detection devices and software on a regular basis, and any detected Malware shall be promptly dealt with.
2.11 The Client is responsible for taking commercially reasonable measures to prevent Malware from entering its systems and to ensure the security of its systems and its access to and connection with the Application.
2.12 The Client shall not, and shall not allow any Authorised User or third party to, in whole or in part:
2.12.1 (except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties) alter, adapt, merge, modify, port, translate, decompile, disassemble, create derivative works from or reverse engineer the Application, or otherwise attempt to derive the source code or engage in any other activities to obtain underlying information that is not visible to a user in connection with normal use of the Application, or make any copy of the Application or any part thereof in any form;
2.12.2 transfer, sublicense, rent, lease, distribute, sell, or grant any rights or otherwise commercially exploit, or make the Application available to anyone, except as expressly permitted;
2.12.3 publicise or distribute any code or algorithms or information used by the Application or knowingly take any action that would cause any element of the Application to be placed in the public domain, except as expressly permitted;
2.12.4 gain or attempt to gain unauthorised access to the Application;
2.12.5 remove any proprietary notices or marks from the Application or Reports without Articheck’s prior consent;
2.12.6 use or access the Application to build or commission a software application or process that competes with the Application; or
2.12.7 engage in any activity which would be unlawful or would constitute a breach of any applicable law or regulation or result in Articheck being in a breach of any application law or regulation;
2.12.8 attempt to interfere with the proper functioning of the Application or attempt to disrupt, diminish the quality of, interfere with the performance of, or impair the functionality of, the Application, including transmitting any Malware;
2.12.9 attempt to circumvent, disable, or otherwise interfere with security-related features of the Application or features that enforce limitations on use of the Application
2.12.10 access, store, distribute or transmit any Malware, or any material during the course of its use of the Application that are illegal or cause damage or injury to any person or property including the Application.
2.13 Articheck reserves the right, without liability or prejudice to its other rights, to suspend or disable the Client’s access to the Application where there is reasonable evidence that the Client is in breach of the provisions of the Contract.
3. AUTHORISED USERS
3.1 The Client shall designate its Authorised Users subject to the agreed limit of such users and may make changes at any time. The Client shall be responsible for maintaining a current and accurate written list of Authorised Users and shall provide such list to Articheck on request.
3.2 Authorised Users shall be the only users of the Application, and Authorised Users must access the Application solely for the benefit of the Client.
3.3 To be an Authorised User, an individual must:
3.3.1 have authorisation from the Client to access and use the Application;
3.3.2 complete the registration process, and keep such registration information current during the Term; and
3.3.3 have a User ID, such as his or her email, to enable his or her access to the Application.
3.4 The Client is responsible for all damage and losses arising as a result of Authorised Users’ access to and use of the Application, such as, for instance, the granting of access to Client Data to third parties by an Authorised User in breach of this Contract and Data Protection Legislation. Any breach of this Contract by any Authorised User will be deemed to be a breach of this Contract by the Client, and the Client will be liable for any losses arising.
3.5 The Client shall notify Articheck as soon as reasonably possible if the Client becomes aware of any unauthorised use of the whole or any part of the Application by any of the Client’s employees, contractors or officers, or anyone else.
3.6 The Client shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Application, and in the event of any such unauthorised access or use, promptly notify Articheck.
3.7 In relation to the Authorised Users, the Client undertakes that:
3.7.1 It shall procure that each Authorised User abides by the End User Notice;
3.7.2 it shall not knowingly permit anyone other than an Authorised User to use or access the Application;
3.7.3 each Authorised User shall keep a secure password for his use of the Application and that each Authorised User shall keep his password confidential and not share their log-in credentials with anyone else, including other Authorised Users or Client personnel;
3.7.4 Authorised Users shall use only their own User IDs and never share their User ID; keep their respective User ID and password information secure and confidential; to use strong passwords and change their password as frequently as is reasonably required by Articheck;
3.7.5 It shall adopt and maintain reasonable security precautions for User IDs to prevent their disclosure to and use by unauthorised persons and promptly notify Articheck upon becoming aware that the security or integrity of a User ID or password has been compromised;
3.7.6 it shall permit Articheck to audit the Client’s use of the Application in order to monitor compliance of both parties with the terms of this Contract;
;
3.7.7 if any of the audits referred to above reveal that any password has been provided to any individual who is not an Authorised User, then without prejudice to Articheck’s other rights, Articheck may remove or disable access for that Authorised User.
3.8 The Client shall not, and shall not permit any Authorised User or third party to, access or use the Application in any way that:
3.8.1 infringes, misappropriates or violates any Intellectual Property Rights or publicity, privacy or other right of Articheck or any third party; or
3.8.2 violates any applicable laws, statutes, ordinances, rules or regulations or any judicial or administrative orders.
3.9 In addition to any other rights Articheck may have, Articheck may, without liability, remove or disable access by any Authorised User who violates the foregoing restrictions.
4. PAYMENT OF FEES
4.1 All amounts payable to Articheck by the Client under this Contract are (except where specifically agreed to the contrary) exclusive of applicable Value Added Tax.
4.2 The Client shall pay the Fees set out
in the Contract Details
in accordance with the process, payment frequencies and milestones set out in the Contract Details
. Invoices shall be settled by the due date stated on the invoice.
4.3 In the event of late payment of any sum validly due under this Contract Articheck reserves the right (in addition to its other rights) to charge interest from the due date in accordance with the Late Payment of Commercial Debts (Interest) Act 1998 on the outstanding balance until payment is received in full by Articheck.
4.4 Articheck may review and increase the Fees at the end of the Initial Term or each Renewal Term, as appropriate, and shall notify the Client at least 30 days before implementing any increase.
5. INTELLECTUAL PROPERTY RIGHTS
5.1 The Application, all Intellectual Property Rights contained in or used by Application, Articheck’s Confidential Information, the Analytical Dataset and all other materials provided by Articheck and accessible to the Client and Authorised Users are and will remain the exclusive property of Articheck or its licensors, as applicable.
Where the Application displays the Client’s logo at the Client’s request, all rights to the logo or other branding remain the property of the Client.
5.2 The format, look-and-feel, appearance, headings, fonts, logos and all other Intellectual Property Rights whatsoever embedded or subsisting in the Reports – apart from the Client Data – are the property of Articheck.
Articheck hereby grants to the Client a permanent, irrevocable, worldwide licence to use the Reports for any purpose whatsoever, subject to having paid all amounts properly due and owing to Articheck.
5.3 The Client only has a limited and temporary right to the Application under this Contract for the duration of the Term, however Reports which are printed or downloaded during the Term may be retained in perpetuity.
5.4 The Client shall not challenge or contest the rights to or ownership of the Application by Articheck or otherwise attempt to assert any proprietary rights in the Application.
5.5 The Client is and will remain the sole owner of the Client Data, and grants to Articheck a limited licence to use the Client Data (and any other Intellectual Property Rights owned by the Client reasonably required by Articheck for performing its obligations under this Contract) for the purposes of this Contract, in particular for the purpose of compiling Reports as requested by the Client.
5.6 Any designations and proprietary notices placed by Articheck on the Application or Reports shall not be removed or altered and Articheck asserts all moral rights to be identified as the author of the Application which has generated the Report.
5.7 The Application may include elements subject to various “open source” licenses and/or third party licenses and is made available pursuant to the terms of those licenses without warranty of any kind, including express or implied warranties or warranties of merchantability or fitness for a particular purpose.
The Client acknowledges that the Application may contain data from third parties but Articheck bears no liability for any errors or omissions in such data. The acquisition of the data may be subject to licensing terms which are more onerous or restrictive than the existing licensing terms in this Contract.
Articheck will bring such terms to the attention of the Client in a timely manner, and the Client hereby agrees to be bound by such terms.
5.8 The Client agrees that Articheck may include the Client’s name and logo on Articheck’s website, social media pages and in promotional materials, such inclusion being limited only to express the fact that the Client is a user of the Application, and not for any other purpose.
6. CLIENT DATA
6.1 The Client shall own all right, title and interest in and to all of its Client Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of its Client Data.
6.2 The Client grants to Articheck a limited permission to use Client Data to create a dataset (“Analytical Dataset”), stripped of all identifiers relating to the Client and the Artifacts. Articheck shall use the Analytical Dataset entirely for research and statistical purposes, including the generation of comparative data which may be published or made available to third parties.
6.3 Articheck shall, in providing access to the Application comply with Data Protection Legislation and with its Data Protection & Privacy Policy relating to the privacy and security of any Personal Data processed by the Application, which is available on the Articheck website.
Articheck reserves the right to amend its policies as required.
6.4 If Articheck processes any Personal Data on the Client’s behalf when performing its obligations under this Contract, the parties record their intention that the Client shall be the data controller and Articheck shall be a data processor and in any such case:
6.4.1 the Client acknowledges and agrees that the Personal Data shall be stored within the EU but may be accessed or processed in accordance with applicable legislation outside the EU or the country where the Client and the Authorised Users, as well as Articheck personnel are located in order to provide access to the Application, and perform Articheck’s obligations under this Contract;
6.4.2 the Client shall ensure that the Client is entitled to transfer the relevant Personal Data to Articheck so that Articheck may lawfully use, process and transfer the Personal Data in accordance with this Contract on the Client’s behalf;
6.4.3 the Client shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
6.4.4 Articheck shall process Personal Data only in accordance with the terms of this Contract and any lawful instructions reasonably given by the Client from time to time;
6.4.5 each party shall take appropriate administrative, physical technical and organisational measures against unauthorised or unlawful processing of the Personal Data and Client Data or its accidental loss, destruction or damage; and
6.4.6 the Parties agree to regulate the processing of Personal Data under the terms of Schedule 2.
6.5 The Client represents that the Client either has established or will promptly establish appropriate confidentiality, privacy and security policies and safeguards consistent with Data Protection Legislation, and industry standards and that the Client will educate Authorised Users on these policies and safeguards.
6.6 In the event of any loss or damage to Client Data, the Client’s sole and exclusive remedy shall be for Articheck to use reasonable commercial endeavours to restore the lost or damaged Client Data from the latest back-up of such Client Data maintained by Articheck in accordance with the archiving procedure. Articheck shall not be responsible for any loss, destruction, alteration or disclosure of Client Data caused by any third party (except those third parties sub-contracted by Articheck).
6.7 Notwithstanding the terms of this clause, Articheck shall retain a copy of all Reports created by the Application in a locked and non-editable form, and shall be permitted to use them solely for insurance, audit, and legal purposes, and always subject to Articheck’s obligations in relation to confidentiality.
7. CONFIDENTIALITY
7.1 Each party may be given access to Confidential Information from the other party in order to perform its obligations under this Contract as well as the operation of the Application. A party’s Confidential Information shall not be deemed to include information that:
7.1.1 is or becomes publicly known other than through any act or omission of the receiving party;
7.1.2 was in the other party’s lawful possession before the disclosure;
7.1.3 is lawfully disclosed to the receiving party by a third party without restriction on disclosure;
7.1.4 is independently developed by the receiving party, which independent development can be shown by written evidence; or
7.1.5 is required to be disclosed by law, by any court of competent jurisdiction or by any regulatory or administrative body.
7.2 Each party shall hold the other’s Confidential Information in confidence and, unless required by law, not make the other’s Confidential Information available to any third party or use the other’s Confidential Information for any purpose other than the implementation of this Contract.
7.3 Each party shall take all reasonable steps to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of this Contract.
7.4 Neither party shall be responsible for any loss, destruction, alteration or disclosure of Confidential Information caused by any third party. Notwithstanding the foregoing, Articheck shall at all times be liable for the conduct of its subcontractors.
7.5 The Client acknowledges that details of the Application constitute Articheck’s Confidential Information, and Articheck acknowledges that the Client Data and all data contained in Reports are the Confidential Information of the Client. The Analytical Dataset shall be considered the Confidential Information of Articheck and not the Confidential Information of the Client.
7.6 This clause 7 shall survive for five (5) years after termination of this Contract, however arising.
8. LIABILITY
8.1 Articheck shall indemnify the Client in respect of any losses, costs (including reasonable legal fees), expenses, damages or liability suffered by the Client to the extent these arise as a result of:
8.1.1 any death or personal injury caused to any person by the negligence of Articheck or its employees;
8.1.2 any breach by Articheck of its obligations, warranties and representations under Clause 7 (Confidentiality); and
8.1.3 or, in connection with, any breach of Data Protection Legislation caused by:
(i) Articheck’s breach of the processes and policies set out or referred to in Schedule 2 or elsewhere in this Contract ; and
(ii) Articheck, through its acts or omissions, being in breach of, or otherwise causing Client to be in breach of the Data Protection Legislation, save where Articheck’s breach or non-compliance is solely attributable to Client’s breach of its obligations under this Contract.
8.2 In the event of any infringement of any third party’s intellectual property rights, Articheck will at its own expense:
8.2.1 modify or replace the Application or any infringing part of it with a compatible, functionally equivalent and non-infringing application; or
8.2.2 secure the right of the Client to continue using the Application.
8.3 Should the remedies in clause 8.2 not be reasonably available within 30 days of the notification of the infringement to Articheck then this Contract may be immediately terminated in whole or in part by either party and the Client shall be entitled to a refund for sums already paid for the unused part of the term on a pro-rata basis.
8.4 Articheck shall defend, indemnify and hold harmless the Client against any direct losses, costs (including all legal fees), expenses, damages or liability resulting from or incurred by the Client as a direct result of any alleged or actual infringement of any third party’s Intellectual Property Rights or any valid claim by a third party that the normal use of the Application infringes the Intellectual Property Rights of such third party provided that:
8.4.1 Articheck is given immediate and complete control of such claim if allowed by applicable regulations;
8.4.2 the Client makes no admissions or statements without Articheck’s prior written consent (not to be unreasonably conditioned, withheld or delayed); and
8.4.3 the Client gives Articheck all reasonable assistance at Articheck’s expense defending such claim.
8.5 Save for the indemnities given by Articheck above, Articheck’s liability to Client for damages for any loss or claim under this Contract will under no circumstances exceed the total fees paid to Articheck during the preceding (12) twelve months from the date such liability first arose. In particular, Articheck shall have no liability to the Client for any losses, costs, fees, expenses or fines arising as a result of Client’s usage, publication or distribution of and reliance on Reports, and the Client acknowledges that its use of the Application is based on accepting the data generated by the Application (including Client Data and the Reports) on an “as is” basis.
8.6 During the term of this Contract Articheck shall maintain in force, with a reputable insurance company a professional indemnity insurance of an amount not less than £1,000,000 and shall, on the Client’s request, produce the insurance certificate giving details of cover.
8.7 Notwithstanding any provisions in this Contract, neither Party will under any circumstances be liable under the law of contract, tort or otherwise, for any loss of profits, loss of business, loss of revenue or savings or goodwill or for any consequential or indirect or special loss or damage or anticipated savings, (regardless of whether any of these types of loss or damage are, indirect or consequential), however caused, arising out of or in connection with this Contract. The parties agree that loss of data (to include any corruption and cost of reconstituting data) shall be considered a direct loss for the purposes of this Contract.
8.8 Nothing in this Contract shall operate to limit or exclude any liability for i) death or personal injury caused by negligence, breach of intellectual property rights, breach of Confidentiality, fraud, fraudulent misrepresentation or any other liability which may not be excluded by law; or ii) any claim under the indemnities in Clause 8.4.
9. TERM AND TERMINATION
9.1 This Contract shall be effective from the Commencement Date and shall continue in full force and in effect unless and until terminated in accordance with the provisions of this clause
.
9.2 Either party may immediately terminate this Contract (including the Licence within it) if the other party:
9.2.1 materially breaches this Contract by failure, neglect or refusal to comply with any of the material terms and conditions of this Contract and the defaulting party has failed to remedy that breach (if the breach is capable of remedy) within 30 (thirty) days of the date of notice from the non-defaulting party specifying the breach; or
9.2.2 the other party ceases trading, or becomes apparently insolvent, or has a trustee in sequestration appointed, combines with its creditors, or has a liquidator, receiver or administrator appointed (or an application is made either for the appointment of an administrator or for an administration order, an administrator is appointed, or notice of intention to appoint an administrator is given over all or any of its assets) over all or any of its assets other than for
the purposes of a solvent amalgamation or reconstruction, or undergoes any analogous act or proceeding under foreign law to any of those mentioned in this Clause 9.2.1 or if the Client has reasonable cause to suspect that any of the events in this Clause 9.2.1 is likely to happen.
9.3 Termination will not affect the existing rights and or liabilities of either party.
9.4 Subject always to Client’s right to terminate in clause 9.2, the Client shall not terminate this Contract during the Initial Term. After the Initial Term, this Contract shall renew automatically for succeeding Renewal Terms, and either party may give not less than 30 days’ notice of termination at any time, such notice to expire at the end of the Initial Term or the then current Renewal Term, as appropriate.
9.5 Upon termination, the Licence granted to the Client to use the Application shall be terminated and all access to the Application, Reports and Client Data held within the Application will cease.
9.6 Should there be an increase in the Fees by Articheck, the Client will be entitled to terminate the Contract on giving 30 days’ written notice to Articheck, such notice to expire at the end of the Initial Term or the then current Renewal Term, as appropriate.
9.7 On the termination or expiry of this Contract however caused the Client shall pay to Articheck all sums due to Articheck up to and including the date of expiry or termination. Within 14 days following termination and subject to the payment of applicable Fees in full, the Client may request a single copy of the Reports (excluding video files) as at the date of termination, which shall be sent to the Client by secure means, subject to an administration fee.
10. GENERAL
10.1 A delay or failure by either party to exercise any right shall not be treated as a waiver of any such right or any other rights. Consent by either party to a breach of any express or implied term of this Contract shall not constitute consent to any subsequent breach. If any provision of this Contract is not enforceable, the remainder of this Contract shall remain in full force and effect.
10.2 This Contract constitutes the entire agreement and understanding between the parties with respect to the subject matter of this Contract and supersedes all prior discussions, understandings and agreements between the parties and their agents and all prior representations and expressions of opinion by any party to the other party.
10.3 Nothing in this Contract is intended to, or shall be deemed to, establish any partnership or joint venture between any of the parties, constitute any party the agent of another party, nor authorise any party to make or enter into any commitments for or on behalf of any other party.
10.4 Neither party shall be responsible for any failure or delay in complying with the terms of this Contract (including but not limited to delays in delivery), where the failure or delay result from events beyond that party’s control. Where such events continue for more than 60 days, either party may terminate on giving notice to the other.
10.5 For the purpose of Section 1(2) of the Contracts (Rights of Third Parties) Act 1999 the parties state that they do not intend any term of this Contract to be enforced by any third parties but any third party right which exists or is available independently of the Act is preserved.
10.6 Any legal notices or demands shall be in writing and sent by registered post or delivered by one party to the other at the most recently specified address. Notices delivered by courier shall be deemed to have been received upon the signing by the recipient of the confirmation note of the courier.
10.7 This Contract and any matters relating to it shall be interpreted under the laws of England and the parties agree to the exclusive jurisdiction of the English Courts.
Schedule 1
SERVICE LEVEL OBJECTIVES
Case Priority Levels and Target Response Times
Articheck shall use a web-based support desk system to capture support incidents and keep Authorised Users informed at key moments of the support incident lifecycle. Resolution times are stated from the point that a case is confirmed to be an issue with the Application and not Client error.
Case Priority Level
|
Description
|
Target Acknowledgement Time
|
Target Resolution Time
|
Critical
|
Major application component is down or otherwise unusable via the Application, which impacts ALL Users who are unable to use the Application in the Client’s environment and there is no workaround.
Web services module is down in production and is affecting major functionality within the Application.
|
Articheck personnel aim to respond within one Business Day during Normal Business Hours.
|
2 Business Days
|
High
|
Major application component is down or otherwise unusable via the Application, which impacts an individual User or subset of Users who are unable to use the Articheck Application in Client’s production environment to its fullest extent even if provided a partial workaround.
|
Articheck personnel aim to respond within two Business Days during Normal Business Hours.
|
5 Business Days
|
Medium
|
Major application component is down or otherwise unusable via the Application and there is a workaround.
Minor Application component is down or otherwise unusable, but it is not preventing the User from doing his/her job.
Any issues defined as Critical or High in production are considered Medium in test environments (test, UAT, sandbox, development, etc.).
|
Articheck personnel aim to respond within three Business Days during Normal Business Hours.
|
10 Business Days
|
Low
|
Cosmetic issues related to the Application
General Client questions
|
Articheck personnel will log such issues into a development roadmap.
|
None
|
All cases will be prioritised according to the Case Priority Levels above. However, the Client may indicate the importance of their cases within the case priority levels noted above by providing an urgency rating as follows – Urgent, High, Standard. Once Articheck personnel has reviewed the case, the case may be re-classified with a different Case Priority Level. Feature requests and other initiatives are not assigned a priority but may be assigned an agreed upon due date.
RESOLUTION TIMES
Articheck has a target resolution time by priority levels within Normal Business Hours, although, we aim to resolve issues much earlier. There are certain circumstances in which the monitoring and recording of resolution times might pause until certain criteria have been met, such as:
- The Client has not clearly articulated the problem
- If the diagnostic team cannot replicate the issue and need further information
- Articheck is awaiting a reply from an Authorised User for clarification
Schedule 2
Articheck will carry out processing of Personal Data in accordance with Data Protection Legislation, and the specific processes which shall be followed are set out below.
Definitions
Capitalised terms have the meanings defined in the Contract unless otherwise defined below. The following definitions apply throughout this Schedule 2, unless the context otherwise requires:
“Controller” has the meaning given to this term in the Data Protection Legislation and shall refer to the Client for the purposes of this Contract;
“EEA” means the Member States of the European Union plus Iceland, Liechtenstein and Norway;
“Personal Data Breach” has the meaning given to this term in the Data Protection Legislation;
“Processing” has the meaning given to this term in the Data Protection Legislation and the derived noun and verb shall be construed accordingly; and
“Processor” has the meaning given to this term in the Data Protection Legislation and shall refer to Articheck for the purpose of this Contract.
One – Personal data processing
The provision of services may entail the Processor’s access to confidential information and Personal Data for which the Client is responsible. Consequently, Articheck will be considered Data Processor, and any processing of Personal Data for which the Client is responsible will involve the different processes as agreed in the Contract.
In order to render the services contained in this Contract, the Client will make the Client Data, as applicable, available to Articheck.
Two – Confidentiality and duty of secrecy
Unless the Parties otherwise agree, the Parties and all other companies belonging to its group or related thereto will keep the utmost secrecy of this Contract, their business and any information and documentation related to the other Party, of which they may become aware as a result of performing the Contract. Furthermore, the Processor hereby specifically undertakes to treat as confidential any information for which the Client or third parties may be responsible, which it may access due to providing its services, and undertakes to maintain the secrecy of such data.
For these purposes, the Processor hereby undertakes to take any measures that may be necessary, with respect to its employees or collaborators, in order for the latter to be informed of the need to fulfil its binding obligations as Processor and which, consequently, they must uphold, as well as to guarantee that any Personal Data known by virtue of this Contract remain secret, even after the Contract is terminated for any reason. To do this, the Processor will duly inform its employees or collaborators (through training, awareness campaigns, etc.), in order to ensure that such obligations are fulfilled. The foregoing will be comprehensibly notified of the existence of this Contract, of any security rules affecting the development of their tasks, the consequences that may ensue in the event of breach and the confidential nature of such information and the duty to keep all Personal Data secret; this duty of confidentiality and secrecy will remain even after the relationship with the Processor has ended.
This duty of information and confidentiality on the part of the Processor’s employees and collaborators will be carried out in such a way as to allow the Client to receive documentary evidence that such obligation has been fulfilled.
In addition, such confidential information and documentation may not be used for any purpose other than fulfilment of the object of this Contract, unless such information has become general knowledge and except as regards any information required by law or further to any other applicable and mandatory regulations.
Once this Contract has ended, the confidentiality obligation and duty of secrecy foreseen in this clause will remain valid indefinitely, even after the contractual relationship with the Controller has ended, for any reason.
If any misconduct is detected, by any person rendering professional services for the Processor (access to information not inherent to his tasks, misuse of user names and passwords, if a user is granted more authorisations that are strictly necessary, etc.), the Processor will be responsible and expressly obliged to immediately notify about it the Client, providing a detailed report of the facts.
Three – Controller’s instructions
The Processor undertakes to process any Personal Data it may access exclusively in accordance with any written instructions provided by the Controller for this purpose. This commitment will also cover any international Personal Data transfers to a third country or international organisation.
Consequently, any data that is known or obtained by virtue of this Contract:
- may not be used for any other purpose than performance thereof; they will be confidential and may not be published or made available to third parties without the Controller’s prior written consent. In no case will such data be used privately.
- will not be notified to third parties without the Client’s prior written consent. Consequently, the Processor, in writing and before the Client authorises such communication, will identify the entity(ies) receiving the data, which data or category of Personal Data will be reported and any security measures applicable.
In this regard, the Processor hereby undertakes to immediately inform the Controller if any of the latter’s instructions could potentially infringe applicable provisions in data protection matters, under Community or Member State laws.
In the event that the Processor should use the data for another purpose, or reports or uses them in breach of the stipulations of this Contract, it will also be considered data Controller, and will be personally liable for any infractions it may have incurred, as well as for any loss and damage that the Client may consequently suffer.
Four – Service outsourcing
If the Processor uses a sub-processor for the execution of certain processing activities on behalf of the Controller, the sub-processor will be bound by the same data protection obligations stipulated for the Processor. The Processor will be fully liable vis-à-vis the Controller, and will be liable for effectively complying with data protection obligations on the part of such sub-processor.
Five – Security measures
The Processor will be subject to security measures that are adequate to protect the Personal Data and other information, to be implemented by the Processor in accordance with the outcome of the risk evaluation completed by the Client, based on the state of the art, application costs, the nature of the data stored, the scope and purposes of the processing, and the risks to which they are exposed. Consequently, the Processor will provide the Client with the necessary information in those cases where its risk analysis indicates that the processing is high-risk, or if so is considered by the Processor.
The Processor will at least provide the Client with the following information, in writing (subject to availability):
- Any security measures implemented.
- Any other information that the UK Information Commissioner may request, held by the Processor.
In any case, the Processor will include the following measures as part of its technical and organisational measures.
Six – Notification of security breaches
The Processor will be obliged to guarantee implementation of the security requirements foreseen in this Contract, and to inform the Client without undue delay of any incident affecting any information, documentation and Personal Data for which the Client is directly or indirectly responsible.
If the Processor or any person involved in the services were to detect an incident entailing data theft, loss or damage, if a person has had unauthorised access thereto, or if the information has been misused, the Processor will immediately get in touch with the Client, providing details of the incident and, in any case, within 40 hours of breach detection, by e-mail to the Client, attaching any relevant information to document and notify the incident, to include at least the following:
- Description of the nature of the Personal Data security violation to include, whenever possible, the categories and approximate number of affected parties, and the categories and approximate number of Personal Data files affected.
- The name and contact details of the data protection delegate or other contact point where more information may be obtained.
- Description of any possible consequences.
- Description of the measures adopted or proposed to remedy the Personal Data breach to include, if applicable, any measures to mitigate potential negative effects.
If it is not possible to provide the information simultaneously, and insofar as it is not simultaneous, information will be provided gradually and promptly.
The Processor will be responsible for taking any action that may be necessary to contain and resolve the incident.
The Client will conduct a periodic check on the current state of resolution of the incident; the Processor undertakes to respond and provide any reports that may be requested.
Seven – Record of processing categories
The Processor will keep a written record of all its processing categories, to include:
a. Contact details of both the Client and the Processor to include, as the case may be, of its representatives and data protection delegates.
b. The processing categories completed on behalf of the Client.
c. A general description of any technical and organisational measures applied.
Eight – Data subjects’ rights
The Processor will assist the controller, by applying any appropriate technical and organisational measures and pursuant to the nature of the processed data, in relation to any requests to uphold the rights of interested parties, to particularly include their rights of access, rectification and cancellation (the “right to be forgotten”), and challenge to the processing of their data, a request for Personal Data portability, any processing limitations, as well as the right to not be the object of an automated individual decision, profiling included.
In the event that any data subject were to uphold the aforementioned rights vis-à-vis the Processor, the latter will duly notify the situation by e-mail to the Client. This notification must be made immediately and, in any case, no later than by the next business day following receipt of the request, along with any other information that may be relevant to attend the request.
Nine – Termination
At the end of the contractual service, the Processor undertakes to archive any Personal Data and put it beyond use. The Processor may retain a copy of the Personal Data for as long as it retains any liability for the performance of services, and for as long as it is required to for legal, insurance and audit purposes.
Furthermore, the Processor shall ensure that at the end of the employment or engagement of any of its staff, :
- such person returns and does not withhold, in any way, the Client’s information and resources;
- the foregoing is confirmed in writing
- all access to data, positions of responsibility and all other authorisations arising from their employment or engagement are immediately cancelled.
Ten – Compliance Monitoring
Subject to the requirements of commercial and client confidentiality, the Processor make available to the Controller such information as is reasonably required to demonstrate compliance with this Schedule and, subject to any other conditions set out in this Contract, allow for and contribute to any reasonable monitoring of the Processor’s compliance with this Schedule, as the Controller may reasonably request, but subject to the following requirements: (a) the giving of reasonable notice to the Processor; (b) the scope of any compliance monitoring shall be agreed between the parties acting reasonably; (c) compliance monitoring shall not be performed more than once in each twelve month period unless there is evidence of non-compliance.
Eleven – Duty of care
The Processor undertakes to provide to the Controller any information that may be necessary to evidence compliance with its obligations, and will inform the Processor in relation to its adhesion to an approved code of conduct, or its subscription of any certification system that is able to guarantee compliance with its Personal Data processing obligations.
Any persons carrying out professional tasks for the Processor must be aware of the importance of the Client’s information, will process it safely and will be trained and qualified for each and every one of the data processing stages, for each and every task performed. Such persons will take the necessary care and will adopt adequate measures to protect the data processing, further to their contractually binding duty of good faith.
Twelve – Duty of information
The Personal Data of the Processor’s representatives or contacts will, in turn, be processed by the Client, acting as the Controller, in order to manage the relationship between the parties represented by this Contract. The Controller has a legitimate interest in recording any phone conversations, video calls and online chat sessions maintained between the parties.
Should any affected individual wish to make a data subject access request, they can send an email to
support@articheck.com with “Data Subject Access Request” in the subject line.