MyMedia Group WEBSITE PRIVACY NOTICE

 

Introduction

Welcome to our privacy notice.

MyMedia Group (“My Media”, “we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit our website (regardless of where in the world you visit it from) and tells you about your privacy rights and how the law protects you.

1. Important information and who we are

Purpose of this privacy notice

This privacy notice aims to give you information on how MyMedia collects and processes personal data through your use of this website, including any data you may provide through this website when you contact us, contact our sales team, or purchase a product or service.

This website is not intended for children and we do not knowingly collect data relating to children. If we learn that we have inadvertently collected information regarding any child (particularly those under the age of 13), we will ensure that such information is permanently deleted as quickly as possible.

If you become a client and we provide you with goods and services in accordance with our Terms and Conditions [Link], this privacy notice also explains how we process any personal data on your behalf, to fulfil our contract with you. As MyMedia provides goods and services to businesses and communications are B2B, any personal data is likely to be limited to business contact details, which are usually publicly available.

Controller and Processor

MyMedia is a data controller (as defined by European data protection law under the General Data Protection Regulation 2016/679, (“GDPR”)) and is responsible for protecting your personal data when you use this website or contact us.

You are a data controller with respect to personal data of your staff and any third party data subjects (as defined by the GDPR), including individual contacts, whose details are provided as part of our services to you (for example, conference speakers and attendees) “business contacts”.

My Media is a data processor, (as defined by the GDPR) with respect to your staff and any third party data subjects, including business contacts and only processes such personal data on limited grounds, on the basis of our legitimate interests. We do not have any direct contact with these data subjects, unless requested by you, to provide our products and services.

MyMedia

If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details set out below.

Contact details

Full name of legal entity: MyMedia-UK Ltd (part of the MyMedia Group)

Name: John Sreetharan

Email address: john@mymedia-uk.com

Postal addresses:

1. 117 Whitchurch Gardens, Edgware HA8 6PG.

Changes to the privacy notice and your duty to inform us of changes

Any changes to this privacy notice will be notified via our website, so you are encouraged to review the website periodically. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

We use Stripe, as a third party data processor, for our payment systems. Further information on this sub-processor is provided below and we recommend that you refer to their website and Global Privacy Policy, a current copy of which is available here https://stripe.com/gb/privacy, although you should check periodically for updates.

2. The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you (as a client), your staff and business contacts, which we have grouped together follows:

• Identity Data including: first name, last name, username or similar identifier, title.
• Contact Data including: billing address, delivery address, email address and telephone numbers.
• Transaction Data includes details about orders from you and other details of products and services you have purchased from us.
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
• Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
• Usage Data includes information about how you use our website, products and services.
• Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

We do not collect financial data (bank account or payment details). This data is processed by Stripe on our behalf.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

3. How is your personal data collected?

We use different methods to collect data from and about you including through:

• Direct interactions. You may give us your Identity and Contact Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
  • apply for our products or services;
  • subscribe to our service or publications;
  • request marketing to be sent to you;
  • enter a competition, promotion or survey; or
  • give us some feedback.
• Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.
• Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources, based inside and outside the EU, as set out below:
• Technical Data from analytics providers, advertising networks and search information providers, such as Google.
• Contact and Transaction Data from providers of technical, payment and delivery services such as American Express.
• Identity and Contact Data from data brokers or aggregators such as Info USA Inc. and Dun & Bradstreet.
• Identity and Contact Data from publicly availably sources such as Companies House and the Electoral Register.

4. How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where we need to perform the contract we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.

Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

Purposes for which we will use your personal data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity	Type of data	Lawful basis for processing including basis of legitimate interest
To register you as a new customer	(a) Identity (b) Contact	Performance of a contract with you
To process and deliver your order	(a) Identity (b) Contact (c) Transaction (d)Marketing and Communications	(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey	(a) Identity (b) Contact (c) Profile (d) Marketing and Communications	(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To enable you to partake in a prize draw, competition or complete a survey	(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications	(a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	(a) Identity (b) Contact (c) Technical	(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you	(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical	Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences	(a) Technical (b) Usage	Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you	(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile	Necessary for our legitimate interests (to develop our products/services and grow our business)

Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. This includes providing you with ready ability to opt-out of marketing emails, and we respect all Do-Not-Call lists in any telephone or text-marketing campaigns.

Promotional offers from us

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and, in each case, you have not opted out of receiving that marketing.

Third-party marketing

We will get your express opt-in consent before we share your personal data with any company outside the MyMedia group of companies for marketing purposes.

You can ask us or third parties to stop sending you marketing messages at any time by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by contacting us at any time.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase.

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5. Disclosures of your personal data

We may have to share your personal data with internal third parties and external third parties as set out below for the purposes set out in the table in paragraph 4 above:

• External Third Parties such as:
  • Service providers (acting as processors) who provide payment services (Stripe) and IT and system administration services;
  • Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the UK or USA who provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the UK who require reporting of processing activities in certain circumstances.
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

6. International transfers

We share your personal data within the MyMedia Group. This will involve transferring your data outside the European Economic Area (EEA).

Many of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
• Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
• Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

7. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. This includes encryption, network security controls, documentation of risk events and problems including any breaches, and other appropriate safeguards. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Data retention

How long will you use my personal data for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

9. Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data, to:

• Request access to your personal data.
• Request correction of your personal data.
• Request erasure of your personal data.
• Object to processing of your personal data.
• Request restriction of processing your personal data.
• Request transfer of your personal data.
• Right to withdraw consent.

You have the right to make a complaint at any time to the Information Commissioner"s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

If you wish to exercise any of the rights set out above, please contact us.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

MYMEDIA-UK LTD

terms and conditions

These terms and conditions shall apply to any supply of products and/or services by MyMedia-UK Ltd to you.

1. ABOUT US

Company details. MyMedia-UK Ltd (company number 4627647) (we, us, our) is a company registered in England and Wales and our registered office is at 117 Whitchurch Gardens, Edgware, HA8 6PG. Our VAT number is 796 0468 86. We operate the website http://www.mymedia-uk.com.

1.1 Contacting us. You can contact us by e-mail at [info@mymedia-uk.com] or by writing to us at the address set out above. How to give us formal notice of any matter under the Contract is set out in clause 16.3 below.

2. OUR CONTRACT WITH YOU

2.1 Our contract. These terms and conditions apply to the provision of our software products (Products) by us to you, and/or to the order by you and supply of services ( Services) by us to you (the Contract). They apply to the exclusion of any other terms that you seek to impose or incorporate, or which are implied by trade, custom, practice or course of dealing. Details of each of our Products and Services can be found on our website.

2.2 Entire agreement. The Contract is the entire agreement between you and us in relation to its subject matter. You acknowledge that you have not relied on any statement, promise or representation or assurance or warranty that is not set out in the Contract. Any modifications to this Contract must be in writing acknowledged and signed by both Parties to have any effect.

PRODUCTS

3. SUPPLY OF PRODUCTS

3.1 The Products are available to download free of charge via our website. Please follow the onscreen prompts on our website to download the Products.

4. GRANT OF LICENCE

4.1 In consideration of you agreeing to abide by the terms of this clause 4, we hereby grant to you a non-exclusive, non-transferable licence to use the Products on the terms set out in this clause 4.

4.2 You may:

4.2.1 install and use the Products and any documentation (whether printed or online) related to the Products (Documentation) for your business purposes only:

(a) on one central processing unit (CPU) if the Product is intended for single use; or

(b) if the Product is intended for multiple users, for the number of concurrent users agreed between you and us;

4.2.2 receive and use any free supplementary software code or update of the Products incorporating "patches" and corrections of errors as may be provided by us from time to time; and

4.2.3 use any Documentation in support of the use permitted under this clause 4.2.

4.3 We may update or require you to update the Products at any time.

5. RESTRICTIONS

5.1 Except as expressly set out in the Contract or as permitted by any local law, you undertake:

5.1.1 not to copy the Products or Documentation, except where such copying is incidental to normal use of the Products or where it is necessary for the purpose of back-up or operational security;

5.1.2 not to rent, lease, sub-license, loan, translate, merge, adapt, vary, alter or modify, the whole or any part of the Products or Documentation nor permit the Products or any part of the Products to be combined with, or become incorporated in, any other programs;

5.1.3 not to disassemble, de-compile, reverse engineer or create derivative works based on the whole or any part of the Products nor attempt to do any such things, except to the extent that (by virtue of sections 50B and 296A of the Copyright, Designs and Patents Act 1988 or other relevant law) such actions cannot be prohibited because they are necessary to decompile the Products to obtain the information necessary to create an independent program that can be operated with the Software or with another program ( Permitted Objective), and provided that the information obtained by you during such activities:

(a) is used only for the Permitted Objective;

(b) is not disclosed or communicated without our prior written consent to any third party to whom it is not necessary to disclose or communicate it in order to achieve the Permitted Objective; and

(c) is not used to create any software that is substantially similar in its expression to the Products;

5.1.4 to keep all copies of the Products secure and to maintain accurate and up-to-date records of the number and locations of all copies of the Products;

5.1.5 to include our copyright notice on all entire and partial copies of the Products in any form;

5.1.6 not to provide, or otherwise make available, the Products in any form, in whole or in part (including, but not limited to, program listings, object and source program listings, object code and source code) to any person without prior written consent from us;

5.1.7 to comply with all applicable technology control or export laws and regulations.

SERVICES

6. PLACING AN ORDER AND ITS ACCEPTANCE

6.1 Fees. Please follow the onscreen prompts on our website to enquire about the Services and fees. We will respond to all enquiries as soon as reasonably practicable.

6.2 Placing your order. You may submit an order for Services by following the instructions set out in the Shopping Cart. The prices set out in a Shopping Cart shall be valid for the active web session and shall apply to any order placed during that period. Once the active web session has closed, you will need to submit an order again using the details set out in clause 1.2 above. Each order is an offer by you to buy the services specified in the order subject to the terms of the Contract. 

6.3 Acknowledging receipt of your order. After you place your order, you will receive an email from us acknowledging that we have received it, but please note that this does not mean that your order has been accepted. Our acceptance of your order will take place as described in clause 6.4 below.

6.4 Accepting your order. Our acceptance of your order takes place when we send an email to you to accept it (Order Confirmation), at which point and on which date (Commencement Date) the Contract between you and us will come into existence. The Contract will relate only to those Services confirmed in the Order Confirmation.

6.5 If we cannot accept your order. If we are unable to supply you with the Services for any reason, we will inform you of this by email and we will not process your order. If you have already paid for the Services, we will refund you the full amount.

7. CANCELLING YOUR ORDER AND OBTAINING A REFUND 

7.1 You may cancel the Contract and receive a refund, if you notify us as set out in clause 7.2 within 1 day of your receipt of the Order Confirmation. You cannot cancel the Contract once we have completed the Services, even if the 1 day period is still running. We will email you to confirm we have received your cancellation.

 7.2 To notify us that you wish to cancel the Contract, please contact us using the contact details set out in clause 1.2 above. If you are emailing us or writing to us please include details of your order to help us to identify it. If you send us your cancellation notice by email or by post, then your cancellation is effective from the date that it is deemed to be received in accordance with clause 16.3 below. 

7.3 If you cancel the Contract, we will refund you in full for the price you paid for the Services, by the method you used for payment. We may deduct from any refund an amount for the supply of the Services for the period up to the time when you give notice of cancellation in accordance with clause 7.2. The amount we deduct will reflect the Services that have been supplied up to the time when you give notice of cancellation as a proportion of the entirety of the Contract. 

8. YOUR OBLIGATIONS 

8.1 It is your responsibility to ensure that:

8.1.1 the terms of your order are complete and accurate;

8.1.2 you co-operate with us in all matters relating to the Services;

8.1.3 you provide us with such information and materials we may reasonably require in order to supply the Services, and ensure that such information is complete and accurate in all material respects;

8.1.4 you obtain and maintain all necessary licences, permissions and consents which may be required for the Services before the date on which the Services are to start; and

8.1.5 you comply with all applicable laws, including health and safety laws.

8.2 If our ability to perform the Services is prevented or delayed by any failure by you to fulfil any obligation listed in clause 8.1 ( Your Default):

8.2.1 we will be entitled to suspend performance of the Services until you remedy Your Default, and to rely on Your Default to relieve us from the performance of the Services, in each case to the extent Your Default prevents or delays performance of the Services. In certain circumstances Your Default may entitle us to terminate the contract under clause 14 (Termination);

8.2.2 we will not be responsible for any costs or losses you sustain or incur arising directly or indirectly from our failure or delay to perform the Services; and

8.2.3 it will be your responsibility to reimburse us on written demand for any costs or losses we sustain or incur arising directly or indirectly from Your Default.

9. CHARGES

9.1 In consideration of us providing the Services you must pay the charges set out in the Shopping Cart (Charges) in accordance with this clause 9.

9.2 The Charges for the Services shall be exclusive of VAT but inclusive of all other charges.

9.3 If you wish to change the scope of the Services after we accept your order, and we agree to such change, we will modify the Charges accordingly. 

9.4 We reserve the right to increase the Charges on an annual basis with effect from each anniversary of the Commencement Date in line with the percentage increase in the Average Weekly Earnings index in the preceding 12-month period and the first such increase shall take effect on the first anniversary of the Commencement Date. 

 9.5 The Charges are payable by credit card, using our third-party service provider, Stripe and you will be directed to the payment pages of the website to complete your Order. 

 9.6 If you fail to make a payment under the Contract by the due date, or, if your credit card payment is not completed, then, without limiting our remedies under clause 14 (Termination), you will have to pay interest on the overdue sum from the due date until payment of the overdue sum, whether before or after judgment. Interest under this clause 9.6 will accrue each day at 4% a year above the Bank of England’s base rate from time to time, but at 4% a year for any period when that base rate is below 0%.

9.7 If you dispute any invoice or other statement of monies due, you shall promptly notify us in writing and the parties shall negotiate in good faith to attempt to resolve the dispute promptly. Where only part of an invoice is disputed, the undisputed amount shall be paid on the due date, as set out in clause 9.5.

9.8 You must pay all amounts due under the Contract in full without any set-off, counterclaim, deduction or withholding (other than any deduction or withholding of tax as required by law).

10. INTELLECTUAL PROPERTY RIGHTS

Products

10.1 In respect of the Products, you acknowledge that all intellectual property rights in the Products and the Documentation throughout the world belong to us, that rights in the Products are licensed (not sold) to you, and that you have no intellectual property rights in, or to, the Products or the Documentation other than the right to use the Products and the Documentation in accordance with the terms of clause 4 above.

10.2 You acknowledge that you have no right to have access to the Products in source code form other than as expressly provided in this Licence.

Services

 10.3 Each party and/or its third party licensors shall retain ownership of any intellectual property rights owned by it and/or its third party licensors prior to the Commencement Date.

10.4 All intellectual property rights in or arising out of or in connection with the Services (other than intellectual property rights in any materials provided by you) will be owned by us.

 10.5 We agree to grant you a fully paid-up, worldwide, non-exclusive, royalty-free licence during the term of the Contract to copy the deliverables specified in your order (excluding materials provided you) for the purpose of receiving and using the Services and such deliverables in your business. You may not sub-license, assign or otherwise transfer the rights granted in this clause 10.5.

10.6 You agree to grant us a fully paid-up, non-exclusive, royalty-free, non-transferable licence to copy and modify any materials provided by you to us for the term of the Contract for the purpose of providing the Services to you.

11. DATA PROTECTION

 11.1 Both parties will comply with all applicable requirements of the GDPR and any legislation in force from time to time which implements it or the European Community"s Directive 95/46/EC or Directive 2002/58/EC. Both parties will also comply with other similar privacy legislation, rules, or regulations in force, national or otherwise, where either party is located, along with any codes of practice or guidance issued by data protection regulators or other governmental authorities from time to time (the Data Protection Legislation).

11.2 Our obligations under Data Protection Legislation are set out in Schedule 1 of these terms and conditions “Data Processing Agreement”. 

12. LIMITATION OF LIABILITY

 12.1 Nothing in this Contract shall operate so as to exclude or limit the liability of either party to the other:

12.1.1 for death or personal injury caused as a result of its negligence;

12.1.2 arising out of fraudulent misrepresentation or fraudulent concealment;

12.1.3 breach of the terms implied by section 12 of the Sale of Goods Act 1979 or section 2 of the Supply of Goods and Services Act 1982 (title and quiet possession); or

12.1.4 for any other liability which cannot be excluded or limited by law.

12.2 Subject to clause 12.1, we will not be liable to you, whether in contract, tort (including negligence), for breach of statutory duty, or otherwise and even if we or our affiliates have been advised of the possibility of such damages, arising under or in connection with the Contract for:

12.2.1 loss of profits;

12.2.2 loss of sales or business;

12.2.3 loss of agreements or contracts;

12.2.4 loss of anticipated savings;

12.2.5 loss of use or corruption of software, data or information;

12.2.6 loss of or damage to goodwill; and

12.2.7 any indirect, special, incidental, punitive, exemplary, or consequential loss.

12.3 Subject to clause 10.1, our total liability to you arising under or in connection with the Contract, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, will be limited to £2 million.

12.4 You agree to indemnify and hold harmless us, our affiliates, and our and their officers, directors, partners, and employees from and against any loss, liability, claim or demand, including reasonable attorney’s fees, made by any third party due to or arising out of your use of the Site and Services in violation of these Terms, your breach of the representations and warranties you make in this Contract, or your use of the Services. You agree to be solely responsible for defending any claims against or suffered by us, subject to our right to participate with counsel of our own choosing.

  13. CONFIDENTIALITY

13.1 We each undertake that we will not at any time during the Contract, and for a period of five years after termination of the Contract, disclose to any person any confidential information concerning one another’s business, affairs, customers, clients or suppliers, except as permitted by clause 13.2.

 13.2 We each may disclose the other’s confidential information:

13.2.1 to such of our respective employees, officers, representatives, subcontractors or advisers who need to know such information for the purposes of carrying out our respective obligations under the Contract. We will each ensure that such employees, officers, representatives, subcontractors or advisers comply with this clause 13; and

13.2.2 as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority.

13.3 Each of us may only use the other’s confidential information for the purpose of fulfilling our respective obligations under the Contract. 

14. TERMINATION

14.1 In respect of the Services, without limiting any of our other rights, we may suspend the performance of the Services, or terminate the Contract with immediate effect by giving written notice to you if: 

14.1.1 you commit a material breach of any term of the Contract and (if such a breach is remediable) fail to remedy that breach within 14 days of you being notified in writing to do so;

14.1.2 you fail to pay any amount due under the Contract on the due date for payment;

14.1.3 you take any step or action in connection with you entering administration, provisional liquidation or any composition or arrangement with your creditors (other than in relation to a solvent restructuring), being wound up (whether voluntarily or by order of the court, unless for the purpose of a solvent restructuring), having a receiver appointed to any of your assets or ceasing to carry on business or, if the step or action is taken in another jurisdiction, in connection with any analogous procedure in the relevant jurisdiction;

14.1.4 you suspend, threaten to suspend, cease or threaten to cease to carry on all or a substantial part of your business; or

14.1.5 your financial position deteriorates to such an extent that in our opinion your capability to adequately fulfil your obligations under the Contract has been placed in jeopardy.

14.2 On termination of the Contract you must return all of our materials and any deliverables specified in your order which have not been fully paid for. If you fail to do so, then we may enter your premises and take possession of them. Until they have been returned, you will be solely responsible for their safe keeping and must not use them for any purpose unconnected with the Contract.

14.3 Termination of the Contract will not affect your or our rights and remedies that have accrued as at termination.

14.4 Any provision of the Contract that expressly or by implication is intended to come into or continue in force on or after termination will remain in full force and effect.

14.5 In respect of the Products, without limiting any of our other rights, we may terminate the licence granted in clause 4 above with immediate effect by giving written notice to you if you commit a material breach of any term of the Contract and (if such a breach is remediable) fail to remedy that breach within 14 days of you being notified in writing to do so.

14.6 On termination of the licence granted in clause 4 above:

14.6.1 all rights granted to you under the licence granted in clause 4 shall cease;

14.6.2 you must cease all activities authorised by the licence granted in clause 4; and

14.6.3 you must immediately delete or remove the Products from all computer equipment in your possession.

15. FORCE MAJEURE

15.1 We will not be liable or responsible for any failure to perform, or delay in performance of, any of our obligations under the Contract that is caused by any act or event beyond our reasonable control ( Force Majeure Event).

15.2 If a Force Majeure Event takes place that affects the performance of our obligations under the Contract:

15.2.1 we will contact you as soon as reasonably possible to notify you; and

15.2.2 our obligations under the Contract will be suspended and the time for performance of our obligations will be extended for the duration of the Force Majeure Event. We will arrange a new date for performance of the Services with you after the Force Majeure Event is over.

15.3 You may cancel the Contract affected by a Force Majeure Event which has continued for more than 30 days by contacting us using the details set out in clause 1.2 above. If you opt to cancel we will refund the price you have paid, less the charges reasonably and actually incurred us by in performing the Services up to the date of the occurrence of the Force Majeure Event.

16. NOTICES

16.1 When we refer to “in writing” in these terms, this includes email. 

16.2 Any notice or other communication given under or in connection with the Contract must be in writing and be delivered personally, sent by pre-paid first class post or other next working day delivery service, or by email.

 16.3 A notice or other communication is deemed to have been received:

16.3.1 if delivered personally, on signature of a delivery receipt;

16.3.2 if sent by pre-paid first class post or other next working day delivery service, at 9.00am on the working day after posting; or

16.3.3 if sent by email, at the time of transmission.

16.4 In proving the service of any notice, it will be sufficient to prove, in the case of a letter, that such letter was properly addressed, stamped and placed in the post and, in the case of an email, that such email was sent to the specified email address of the addressee.

16.5 The provisions of this clause will not apply to the service of any proceedings or other documents in any legal action.

17. GENERAL

17.1 Descriptions. Any descriptions of the Products and/or Services on our website are published for the sole purpose of giving an approximate idea of the services described in them. They will not form part of the Contract or have any contractual force.

17.2 Reasonable care and skill. We warrant to you that the Services will be provided using reasonable care and skill.

17.3 Time for performance. In providing the Services, we will use all reasonable endeavours to meet any performance dates specified in the Order Confirmation, but any such dates are estimates only and failure to perform the Services by such dates will not give you the right to terminate the Contract.

17.4 No variation of the Contract shall be valid unless it is in writing and signed by or on behalf of both parties.

17.5 No failure or any delay by any party to exercise any right or remedy provided under the Contract or by law shall constitute a waiver of that or any other right or remedy, nor shall it preclude or restrict any further exercise of that or any other right or remedy.

17.6 We may assign or transfer our rights and obligations under the Contract to another entity but will always notify you if this happens. You may only assign or transfer your rights or your obligations under the Contract to another person if we agree in writing.

17.7 A person who is not a party to the Contract has no rights under the Contracts (Rights of Third Parties) Act 1999 to enforce, or to enjoy the benefits of, any term of the Contract.

17.8 Nothing in the Contract is intended to, or shall be deemed to create or imply the existence of a partnership or joint venture between the parties nor any arrangement which would impose liability on you for the acts or omissions of us and vice versa. In particular, each party acknowledges that it does not have the authority to, and agrees that it shall not, at any time without the other party"s prior written consent make or enter into any commitments on behalf of the other party.

17.9 The parties agree that, save as expressly set out herein, neither party has relied on any statement or representation made by the other (whether innocently or negligently) in entering into the Contract. Each party irrevocably and unconditionally waives any right or remedy it may have to claim damages or to rescind the Contract by reason of any misrepresentation (other than a fraudulent misrepresentation) having been made to it by any person (whether party to the Contract or not) other than as expressly set out in the Contract.

17.10 If one or more of the provisions of the Contract shall be held by a court of competent jurisdiction to be illegal or unenforceable, in whole or in part, under any enactment or rule of law, such term or provision or part shall to that extent be deemed not to form part of the Contract but the validity and enforceability of the remainder of the Contract shall not be affected. In such an event, each of the parties shall enter into good faith negotiations to amend such provision in such a way that, as amended, it is valid and legal and, to the maximum extent possible, carries out the original intent of the parties as to the point or points in question.

17.11 The rights and remedies provided under the Contract are in addition to, and not exclusive of, any legal rights or remedies.

17.12 The Contract, and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims), shall be governed by, and construed in accordance with English law.

17.13 The parties irrevocably agree that the courts of England shall have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with the Contract or its subject matter or formation (including non-contractual disputes or claims).

 

SCHEDULE 1 – DATA PROCESSING AGREEMENT

 

DEFINITIONS:

Applicable Law means:

(a) any law, statute, regulation, by-law or sub-ordinate legislation in force from time to time to which a party is subject and/or in any jurisdiction that the Services and/or Products are provided to or in respect of;

(b) the common law and laws of equity as applicable to the parties from time to time;

(c) any binding court order, judgment or decree;

(d) any applicable industry code, policy or standard; or

(e) any applicable direction, policy, rule or order that is binding on a party and that is made or given by any regulatory body having jurisdiction over a party or any of that party’s assets, resources or business;

Complaint means a complaint or request relating to either party’s obligations under Data Protection Legislation relevant to this Contract, including any compensation claim from a Data Subject or any notice, investigation or other action from a Supervisory Authority;

Data Controller has the meaning given to that term (or to the term ‘controller’) in Data Protection Legislation;

Data Processor has the meaning given to that term (or to the term ‘processor’) in Data Protection Legislation;

Data Subject has the meaning given to that term in Data Protection Legislation;

Data Subject Request means a request made by a Data Subject to exercise any rights of Data Subjects under Data Protection Legislation;

Data Protection

Legislation means any Applicable Law relating to the processing, privacy, and the use of Personal Data, as applicable to the Customer, the Supplier and/or the Products and Services, including:

(a) in the UK:

i. the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426, and any laws or regulations implementing Directive 2002/58/EC (ePrivacy Directive);

ii. the General Data Protection Regulation (EU) 2016/679 ( GDPR), the Data Protection Act 2018 and/or any other corresponding or equivalent national laws or regulations ( Revised UK DP Law); and

(b) any judicial or administrative interpretation of any of the above, any guidance, guidelines, codes of practice, approved codes of conduct or approved certification mechanisms issued by any relevant Supervisory Authority;

 

Data Protection

Losses means all liabilities and other amounts, including all:

(a) costs (including legal costs), claims, demands, actions, settlements, interest, charges, procedures, expenses, losses and damages (including relating to material or non-material damage); and

(b) loss or damage to reputation, brand or goodwill;

(c) to the extent permitted by Applicable Law;

iii. administrative fines, penalties, sanctions, liabilities or other remedies imposed by a Supervisory Authority;

iv. compensation paid to a Data Subject (including compensation to protect goodwill and ex gratia payments); and

v. costs of compliance with investigations by a Supervisory Authority.

 

International Recipient has the meaning given to that term in clause 6.1;

Personal Data has the meaning given to that term in Data Protection Legislation;

Personal Data Breach means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Protected Data;

Processing has the meanings given to that term in Data Protection Legislation (and related terms such as process have corresponding meanings);

Processing Instructions has the meaning given to that term in clause 2.1.1;

Protected Data means Personal Data received from or on behalf of the Customer, or otherwise obtained in connection with the performance of Our obligations;

Supervisory Authority means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering Data Protection Legislation.

DATA PROCESSING PROVISIONS

1. Data Processor and Data Controller

1.1 The parties agree that, for the Protected Data, the Customer shall be the Data Controller and We shall be the Data Processor.

1.2 We shall comply with all Data Protection Legislation in connection with the processing of Protected Data, the Products, Services and the exercise and performance of our respective rights and obligations under this Agreement.

1.3 The Customer shall comply with all Data Protection Legislation in respect of the performance of its obligations under this Agreement.

2. Instructions and details of processing

2.1 Insofar as We are processing Personal Data on behalf of the Customer, We shall:

a) unless required to do otherwise by Applicable Law, (and shall ensure each person acting under our authority shall) process the Protected Data only on and in accordance with the Customer’s documented instruction as set out in the terms and conditions and as updated from time to time by the written agreement of the parties (Processing Instructions); and

b) if Applicable Law requires us to process Protected Data other than in accordance with the Processing Instructions, notify the Customer of any such requirement before processing the Protected Data (unless Applicable Law prohibits such information on important grounds of public interest).

2.2 The processing to be carried out by us under this Agreement shall comprise the processing set out in the terms and conditions and such other processing as agreed by the parties in writing from time to time.

3. Technical and organisational measures

3.1 We shall implement and maintain appropriate technical and organisational measures in relation to the processing of Protected Data by us:

a) such that the processing will meet the requirements of Data Protection Legislation and ensure the protection of the rights of Data Subjects;

b) so as to ensure a level of security in respect of Protected Data processed by us is appropriate to the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to Personal Data transmitted, stored or otherwise processed; and

c) without prejudice to clause 5.1, insofar as is possible, to assist the Customer in the fulfilment of the Customer’s obligations to respond to Data Subject Requests relating to Protected Data.

3.2 Without prejudice to clause 3.1.2, we shall, in respect of the Protected Data processed by us under this Agreement, comply with the requirements regarding security of processing set out in Data Protection Legislation (as applicable to Data Processors) and in this Agreement.

4. Using Staff and other processors

4.1 We may engage third party Data Processors in accordance with our Privacy Notice. [Link].

4.2 We shall ensure that all our Personnel processing Protected Data are subject to a binding written contractual obligation to keep the Protected Data confidential (except where disclosure is required in accordance with Applicable Law.

4.3 Without prejudice to any other provision of clauses 1 to 10 (inclusive), we shall ensure that the our Personnel processing Protected Data are reliable and have received adequate training on compliance with clauses 1 to 10 (inclusive) and the Data Protection Legislation applicable to the processing.

5. Assistance with the Customer’s compliance and Data Subject rights

5.1 We shall:

a) Promptly record and then refer all Data Subject Requests we receive to the Customer within 3 days of receipt of such request;

b) provide such information and cooperation and take such action as the Customer reasonably requests in relation to a Data Subject Request, within the timescales reasonably required by the Customer; and

c) not respond to any Data Subject Request or Complaint without the Customer’s prior written approval.

5.2 Without prejudice to clause 2.1, we shall provide such information, co-operation and other assistance as the Customer reasonably requires (taking into account the nature of processing and the information available) to the Customer in ensuring compliance with the Customer’s obligations under Data Protection Laws, including with respect to:

a) security of processing;

b) data protection impact assessments (as such term is defined in Data Protection Legislation);

c) prior consultation with a Supervisory Authority regarding high risk processing; and

d) any remedial action and/or notifications to be taken in response to any Personal Data Breach and/or Complaint, including (subject in each case to the Customer’s prior written authorisation) regarding any notification of the Personal Data Breach to Supervisory Authorities and/or communication to any affected Data Subjects.

6. International Data Transfers

6.1 We may be required to transfer Protected Data outside the European Economic Area or to any international organisation (an International Recipient) in accordance with our Privacy Notice. [Link]

7. Records, Information and Audit

7.1 We shall maintain, complete, accurate and up to date records of all categories of processing activities carried out on behalf of the Customer, containing such information as the Customer may reasonably require, including:

a) the name and contact details of the Data Processor(s) and of each Data Controller on behalf of which the Data Processor is acting, and of our representative and data protection officer (if any);

b) the categories of processing carried out on behalf of each Data Controller;

c) where applicable, details of transfers of Protected Data to an International Recipient; and

d) a general description of the technical and organisational security measures referred to in clause 3.1.

7.2 The Supplier shall made available to the Customer on request in a timely manner (and in any event within 3 business days):

a) copies of the records under clause 7.1; and

b) such other information as the Customer reasonably requires to demonstrate the Supplier’s compliance with its obligations under Data Protection Legislation and this Agreement.

7.3 We shall allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer for the purpose of demonstrating compliance by us with its obligations under Data Protection Legislation and under clauses 1 to 10 (inclusive) provided that the Customer gives the Supplier reasonable prior notice of such audit and/or inspection.

8. Breach notification

8.1 In respect of any Personal Data Breach, We shall:

a) notify the Customer of the Personal Data Breach without undue delay (but in no event later than 24 hours after becoming aware of the Personal Data Breach); and

b) provide the Customer without undue delay (wherever possible, no later than 24 hours after becoming aware of the Personal Data Breach) with such details as the Customer reasonably requires regarding:

i) the nature of the Personal Data Breach, including the categories and approximate numbers of Data Subjects and Protected Data records concerned;

ii) any investigations into such Personal Data Breach;

iii) the likely consequences of the Personal Data Breach; and

iv) any measures taken, or that We recommend, to address the Personal Data Breach, including to mitigate its possible adverse effects,

provided that, (without prejudice to the above obligations) if We cannot provide all these details within such timeframes, We shall (before the end of this timeframe) provide the Customer with reasons for the delay and when it expects to be able to provide the relevant details (which may be phased), and give the Customer regular updates on these matters.

8.2 We shall promptly (and in any event within 2 Business Days) inform the Customer if We receive a Complaint and provide the Customer with full details of such Complaint.

9. Deletion or return of Protected Data and copies

9.1 We shall without delay, at the Customer’s written request, either securely delete or securely return all the Protected Data to the Customer in such form as the Customer reasonably requests after the earlier of:

a) the end of the provision of the relevant Products and Services related to processing; or

b) once processing by us of any Protected Data is no longer required for the purpose of our performance of our relevant obligations under this Agreement,

and securely delete existing copies (unless storage of any data is required by Applicable Law and, if so We shall inform the Customer of any such requirement).

10. Liability and indemnities

10.1 We shall indemnify and keep indemnified the Customer in respect of all Data Protection Losses suffered or incurred by, awarded against or agreed to be paid by, the Customer arising from or in connection with:

a) Any breach by us of any of our obligations under clauses 1 to 9 (inclusive); or

b) Our (or any person acting on our behalf) acting outside or contrary to the lawful Processing Instructions of the Customer in respect of the processing of Protected Data.

10.2 This clause 10 is intended to apply to the allocation of liability for Data Protection Losses as between the parties, including with respect to compensation to Data Subjects, notwithstanding any provisions under Data Protection Legislation to the contrary, except:

c) To the extent not permitted by Applicable Law (including Data Protection Legislation); and

d) That it does not affect the liability of either party to any Data Subject.