Terms of Use

Software as a service subscription Agreement – Master Terms

BETWEEN

  • ADNAAN QURESHI MEDICAL LTD t/a CONSULTANT QUOTES incorporated and registered in England and Wales with company number 09291985 whose registered office is at 6 Ladywell Way, Ponteland, Newcastle Upon Tyne, England, NE20 9TB (Supplier); and
  • YOU / THE CUSTOMER as set out in the relevant quotation (Customer).

BACKGROUND

  • The Supplier has developed certain web-based software products which it makes available to subscribers via the internet on a pay-per-use basis for the purpose of generating quotations for private medical services and allowing patients to review and sign these quotes as acceptance.
  • The Customer wishes to use the Supplier’s service in its business operations.
  • The Supplier has agreed to provide and the Customer has agreed to take and pay for the Supplier’s service subject to the terms and conditions of this Agreement. By accepting a quotation downloading, accessing and / or using the Services, Software and / or Documentation, Customer agrees to the terms of this Agreement which will bind Customer. If Customer does not agree to these terms, it must immediately stop using the Services, Software and Documentation.

Agreed terms

  1. Interpretation
    • The definitions and rules of interpretation in this clause apply in this Agreement.
  • Authorised Users: those employees, agents and independent contractors of the Customer who are authorised by the Customer to use the Services and the Documentation.
  • Confidential Information: information that is proprietary or confidential and is either clearly labelled as such or identified as Confidential Information in clause 1.
  • Customer Data: the data inputted by the Customer, Authorised Users, or the Supplier on the Customer’s behalf for the purpose of using the Services or facilitating the Customer’s use of the Services.
  • Documentation: the document made available to the Customer by the Supplier online via https://consultantquotes.co.uk/ or such other web address notified by the Supplier to the Customer from time to time which sets out a description of the Services and the user instructions for the Services.
  • Effective Date: the date this Agreement is accepted as per the mechanism set out in section (C) of the ‘Background’ above.
  • Normal Business Hours: 9.00 am to 5.00 pm local UK time, each business day.
  • Services: the subscription services provided by the Supplier to the Customer under this Agreement via https://consultantquotes.co.uk/ or any other website notified to the Customer by the Supplier from time to time, as more particularly described in the Documentation.
  • Software: the online software applications provided by the Supplier as part of the Services.
  • Subscription Fees: the subscription fees payable by the Customer to the Supplier for the User Subscriptions, as set out in the Supplier’s
  • Subscription Term: means the term of the Supplier’s provision of the Services set out in the Supplier’s quotation, as further described at clause 12.
  • Support Services Policy: the Supplier’s policy for providing support in relation to the Services as made available to the Customer from time to time.
  • User Subscriptions: the user subscriptions purchased by the Customer pursuant to clause 7 which entitle Authorised Users to access and use the Services and the Documentation in accordance with this Agreement.
  • Virus: any thing or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices.
  1. User subscriptions
    • Subject to the Customer purchasing the User Subscriptions in accordance with clause 7, the restrictions set out in this clause 2 and the other terms and conditions of this Agreement, the Supplier hereby grants to the Customer a non-exclusive, non-transferable right and licence, without the right to grant sublicences, to permit the Authorised Users to use the Services and the Documentation during the Subscription Term solely for the Customer’s internal business operations.
    • In relation to the Authorised Users, the Customer undertakes that:
      • the maximum number of Authorised Users that it authorises to access and use the Services and the Documentation shall not exceed the number of User Subscriptions it has purchased from time to time; and
      • it will not allow or suffer any User Subscription to be used by more than one individual Authorised User unless it has been reassigned in its entirety to another individual Authorised User, in which case the prior Authorised User shall no longer have any right to access or use the Services and/or Documentation.
    • The Customer shall not access, store, distribute or transmit any Viruses, or any material during the course of its use of the Services (including the provision of any Customer Data) that:
      • is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;
      • facilitates illegal activity;
      • depicts sexually explicit images;
      • is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or
      • is otherwise illegal or causes damage or injury to any person or property;

and the Supplier reserves the right, without liability or prejudice to its other rights to the Customer, to disable the Customer’s access to any material that breaches the provisions of this clause.

  • The Customer shall not:
    • except as may be allowed by any applicable law which is incapable of exclusion by Agreement between the parties and except to the extent expressly permitted under this Agreement:
      • attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Software and/or Documentation (as applicable) in any form or media or by any means; or
      • attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Software; or
    • access all or any part of the Services and Documentation in order to build a product or service which competes with the Services and/or the Documentation; or
    • use the Services and/or Documentation to provide services to third parties; or
    • subject to clause 1, license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services and/or Documentation available to any third party except the Authorised Users, or
    • attempt to obtain, or assist third parties in obtaining, access to the Services and/or Documentation, other than as provided under this clause 2.
  • The Customer shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Services and/or the Documentation and, in the event of any such unauthorised access or use, promptly notify the Supplier.
  • The rights provided under this clause 2 are granted to the Customer only, and shall not be considered granted to any subsidiary or holding company of the Customer.
  1. Services
    • The Supplier shall, during the Subscription Term, provide the Services and make available the Documentation to the Customer on and subject to the terms of this Agreement.
    • The Supplier shall use commercially reasonable endeavours to make the Services available 24 hours a day, seven days a week, except for:
      • planned maintenance carried out during the maintenance window as notified by the Supplier (acting reasonably) from time to time; and
      • unscheduled maintenance performed outside Normal Business Hours, provided that the Supplier has used reasonable endeavours to give the Customer at least 6 Normal Business Hours’ notice in advance.
  1. Data protection
    • In accordance with data protection legislation, we are required to provide you with certain information about who we are, how we process the personal data of those individuals who we collect directly as Data Controller in the course of our provision of the Services, and for what purposes and those individuals’ rights in relation to their personal data and how to exercise them. This information is provided in here and it is important that you read that information.
    • For the avoidance of any doubt, any personal data provided to the Supplier via the Customer’s use of the Services, including but not limited to any upload of personal data by the Customer to the Software, shall be processed by the Supplier acting as Data Processor, in accordance with the data processing terms set out in Schedule 1 to this Agreement, in the absence of any express agreement between the parties to the contrary.
    • The Customer warrants, represents and undertakes that any personal data (including any special categories of personal data – both terms as defined by applicable data protection legislation) shall comply in all respects, including in terms of its collection, storage and processing (which shall include the Customer’s use of the Services and its provision of all the required fair processing information to, and obtaining all necessary consents from, data subjects) with data protection legislation.
  2. Supplier’s obligations
    • The Supplier undertakes that the Services will be performed substantially in accordance with the Documentation and with reasonable skill and care.
    • The undertaking at clause 1 shall not apply to the extent of any non-conformance which is caused by use of the Services contrary to the Supplier’s instructions, or modification or alteration of the Services by any party other than the Supplier or the Supplier’s duly authorised contractors or agents. If the Services do not conform with the foregoing undertaking, Supplier will, at its expense, use all reasonable commercial endeavours to correct any such non-conformance promptly, or provide the Customer with an alternative means of accomplishing the desired performance. Such correction or substitution constitutes the Customer’s sole and exclusive remedy for any breach of the undertaking set out in clause 5.1.
    • The Supplier:
      • does not warrant that:
        • the Customer’s use of the Services will be uninterrupted, Virus-free or error-free; or
        • that the Services, Documentation and/or the information obtained by the Customer through the Services will meet the Customer’s requirements;
      • is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Services and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities.
    • This Agreement shall not prevent the Supplier from entering into similar Agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under this Agreement.
    • The Supplier warrants that it has and will maintain all necessary licences, consents, and permissions necessary for the performance of its obligations under this Agreement.
  3. Customer’s obligations
    • The Customer shall:
      • provide the Supplier with:
        • all necessary co-operation in relation to this Agreement; and
        • all necessary access to such information as may be required by the Supplier;

in order to provide the Services, including but not limited to Customer Data, security access information and configuration services;

  • without affecting its other obligations under this Agreement, comply with all applicable laws and regulations with respect to its activities under this Agreement;
  • carry out all other Customer responsibilities set out in this Agreement in a timely and efficient manner. In the event of any delays in the Customer’s provision of such assistance as agreed by the parties, the Supplier may adjust any agreed timetable or delivery schedule as reasonably necessary;
  • ensure that the Authorised Users use the Services and the Documentation in accordance with the terms and conditions of this Agreement and shall be responsible for any Authorised User’s breach of this Agreement;
  • obtain and shall maintain all necessary licences, consents, and permissions necessary for the Supplier, its contractors and agents to perform their obligations under this Agreement, including without limitation the Services;
  • ensure that its network and systems comply with the relevant specifications provided by the Supplier from time to time; and
  • be, to the extent permitted by law and except as otherwise expressly provided in this Agreement, solely responsible for procuring, maintaining and securing its network connections and telecommunications links from its systems to the Supplier’s data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer’s network connections or telecommunications links or caused by the internet.
  • The Customer shall own all right, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of all such Customer Data.
  1. Charges and payment
    • The Customer shall pay the Subscription Fees to the Supplier for the User Subscriptions in accordance with the payment terms set out in the Customer’s quotation.
    • This Agreement and the obligation to pay arising out of it shall be binding on the Customer and this Agreement shall override any terms printed on any such purchase order or other document. If a purchase order or such other document is a pre-requisite of Supplier generating an invoice, and has not been issued as at the point in time of Supplier’s entitlement to invoice, then Supplier may at its election (i) add a delay surcharge to its Subscription Fees; and/or (ii) suspend its provision of Services pending issuing of the purchase order or other document required.  
    • Unless otherwise set out in the Supplier’s quotation, such Subscription Fees shall be paid on no later than thirty (30) days from the invoice date time being of the essence
    • Unless otherwise set out in the Supplier’s quotation, if the Supplier has not received payment on the terms set out above (and/or in the quotation), and without prejudice to any other rights and remedies of the Supplier: (a) the Supplier may, without liability to the Customer, disable the Customer’s password, account and access to all or part of the Services and the Supplier shall be under no obligation to provide any or all of the Services while the invoice(s) & charges concerned remain unpaid; and (b) interest shall accrue on a daily basis on such due amounts at an annual rate equal to 3% over the then current base lending rate of the Supplier’s bankers in the UK from time to time, commencing on the due date and continuing until fully paid, whether before or after judgment.
    • The Supplier shall be entitled to increase the Subscription fees and / or any fees payable in respect of additional User Subscriptions purchased, upon 90 days’ prior notice to the Customer.
  2. Proprietary rights
    • The Customer acknowledges and agrees that the Supplier and/or its licensors own all intellectual property rights in the Services and the Documentation. Except as expressly stated herein, this Agreement does not grant the Customer any rights to, under or in, any patents, copyright, database right, trade secrets, trade names, trade marks (whether registered or unregistered), or any other rights or licences in respect of the Services or the Documentation.
    • The Supplier confirms that it has all the rights in relation to the Services and the Documentation that are necessary to grant all the rights it purports to grant under, and in accordance with, the terms of this Agreement.
  3. Confidentiality
    • Confidential Information means all confidential information (however recorded or preserved) disclosed by a party or its Representatives (as defined below) to the other party and that party’s Representatives whether before or after the date of this Agreement, including but not limited to:
      • any information that would be regarded as confidential by a reasonable business person relating to:
        • the business, assets, affairs, customers, clients, suppliers, plans, intentions, or market opportunities of the disclosing party; and
        • the operations, processes, product information, know-how, designs, trade secrets or software of the disclosing party;
      • any information developed by the parties in the course of carrying out this Agreement and the parties agree that:
        • details of the Services, and the results of any performance tests of the Services, shall constitute Supplier Confidential Information; and
        • Customer Data shall constitute Customer Confidential Information;

Representatives means, in relation to a party, its employees, officers, contractors, subcontractors, representatives and advisers.

  • The provisions of this clause shall not apply to any Confidential Information that:
    • is or becomes generally available to the public (other than as a result of its disclosure by the receiving party or its Representatives in breach of this clause);
    • was available to the receiving party on a non-confidential basis before disclosure by the disclosing party;
    • was, is or becomes available to the receiving party on a non-confidential basis from a person who, to the receiving party’s knowledge, is not bound by a confidentiality Agreement with the disclosing party or otherwise prohibited from disclosing the information to the receiving party; or
    • the parties agree in writing is not confidential or may be disclosed.
  • Each party shall keep the other party’s Confidential Information secret and confidential and shall not:
    • use such Confidential Information except for the purpose of exercising or performing its rights and obligations under or in connection with this Agreement (Permitted Purpose); or
    • disclose such Confidential Information in whole or in part to any third party, except as expressly permitted by this clause 9.
  • A party may disclose the other party’s Confidential Information to those of its Representatives who need to know such Confidential Information for the Permitted Purpose, provided that:
    • it informs such Representatives of the confidential nature of the Confidential Information before disclosure; and
    • at all times, it is responsible for such Representatives’ compliance with the confidentiality obligations set out in this clause.
  • A party may disclose Confidential Information to the extent such Confidential Information is required to be disclosed by law, by any governmental or other regulatory authority or by a court or other authority of competent jurisdiction provided that, to the extent it is legally permitted to do so, it gives the other party as much notice of such disclosure as possible].
  • On termination or expiry of this Agreement, each party shall use reasonable endeavours to:
    • destroy or return to the other party all documents and materials (and any copies) containing, reflecting, incorporating or based on the other party’s Confidential Information; and
    • erase all the other party’s Confidential Information from computer and communications systems and devices used by it, including such systems and data storage services provided by third parties (to the extent technically and legally practicable).
  • The above provisions of this clause 9 shall survive for a period of two years from termination or expiry of this Agreement.
  1. Indemnity
    • The Customer shall defend, indemnify and hold harmless the Supplier against claims, actions, proceedings, losses, damages, expenses and costs (including without limitation court costs and reasonable legal fees) arising out of or in connection with the Customer’s use of the Services and/or Documentation, as well as its breach of any obligation under this Agreement, provided that:
      • the Customer is given prompt notice of any such claim;
      • the Supplier provides reasonable co-operation to the Customer in the defence and settlement of such claim, at the Customer’s expense; and
      • the Customer is given sole authority to defend or settle the claim.
    • The Supplier shall defend the Customer, its officers, directors and employees against any third party claim that the Customer’s use of the Services or Documentation in accordance with this Agreement infringes any patent effective as of the Effective Date, copyright, trade mark, database right or right of confidentiality, and shall indemnify the Customer for any amounts awarded against the Customer in judgment or settlement of such claims, provided that:
      • the Supplier is given prompt notice of any such claim;
      • the Customer does not make any admission, or otherwise attempt to compromise or settle the claim and provides reasonable co-operation to the Supplier in the defence and settlement of such claim, at the Supplier’s expense; and
      • the Supplier is given sole authority to defend or settle the claim.
    • In the defence or settlement of any claim, the Supplier may procure the right for the Customer to continue using the Services, replace or modify the Services so that they become non-infringing or, if such remedies are not reasonably available, terminate this Agreement on 2 business days’ notice to the Customer without any additional liability or obligation to pay liquidated damages or other additional costs to the Customer.
    • In no event shall the Supplier, its employees, agents and sub-contractors be liable to the Customer to the extent that the alleged infringement is based on:
      • a modification of the Services or Documentation by anyone other than the Supplier; or
      • the Customer’s use of the Services or Documentation in a manner contrary to the instructions given to the Customer by the Supplier; or
      • the Customer’s use of the Services or Documentation after notice of the alleged or actual infringement from the Supplier or any appropriate authority.
  1. Limitation of liability
    • Except as expressly and specifically provided in this Agreement:
      • the Customer assumes sole responsibility for results obtained from the use of the Services and the Documentation by the Customer, and for conclusions drawn from such use. The Supplier shall have no liability for any damage caused by errors or omissions in any information, instructions or scripts provided to the Supplier by the Customer in connection with the Services, or any actions taken by the Supplier at the Customer’s direction;
      • all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this Agreement; and
      • the Services and the Documentation are provided to the Customer on an “as is” basis.
    • Nothing in this Agreement excludes the liability of the Supplier:
      • for death or personal injury caused by the Supplier’s negligence; or
      • for fraud or fraudulent misrepresentation.
    • Subject to clause 1 and clause 11.2:
      • the Supplier shall not be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or for any special, indirect or consequential loss, costs, damages, charges or expenses however arising under this Agreement; and
      • the Supplier’s total aggregate liability in contract (including in respect of the indemnity at clause 2), tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of this Agreement shall be limited the total Subscription Fees paid for the User Subscriptions during the 12 months immediately preceding the date on which the claim arose.
    • Nothing in this Agreement excludes the liability of the Customer for any breach, infringement or misappropriation of the Supplier’s Intellectual Property Rights”.
  2. Term and termination
    • This Agreement shall, unless otherwise terminated as provided in this clause 12 or as otherwise agreed between the parties in the Supplier’s quotation, commence on the Effective Date and shall continue for the Subscription Term and, thereafter, this Agreement shall be automatically renewed for successive periods of 1 month (each a Renewal Period), unless:
      • either party notifies the other party of termination in writing no later than 30 days before the end of the Subscription Term or any Renewal Period, in which case this Agreement shall terminate upon the expiry of the applicable Initial Subscription Term or Renewal Period; or
      • otherwise terminated in accordance with the provisions of this Agreement.
    • Without affecting any other right or remedy available to it, either party may terminate this Agreement with immediate effect by giving written notice to the other party if:
      • the other party fails to pay any amount due under this Agreement on the due date for payment and remains in default not less than thirty days after being notified in writing to make such payment;
      • the other party commits a material breach of any other term of this Agreement and (if such breach is remediable) fails to remedy that breach within a period of 10 days after being notified to do so;
      • the other party commences negotiations with all or any class of its creditors with a view to rescheduling any of its debts, or makes a proposal for or enters into any compromise or arrangement with its creditors other than for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party;
      • a petition is filed, a notice is given, a resolution is passed, or an order is made, for or in connection with the winding up of that other party other than for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party;
      • the other party suspends or ceases, or threatens to suspend or cease, carrying on all or a substantial part of its business;
      • the other party’s financial position deteriorates so far as to reasonably justify the opinion that its ability to give effect to the terms of this Agreement is in jeopardy;
    • On termination of this Agreement for any reason:
      • all licences granted under this Agreement shall immediately terminate and the Customer shall immediately cease all use of the Services and/or the Documentation;
      • each party shall return and make no further use of any equipment, property, Documentation and other items (and all copies of them) belonging to the other party;
      • the Supplier may destroy or otherwise dispose of any of the Customer Data in its possession unless the Supplier receives, no later than ten days after the effective date of the termination of this Agreement, a written request for the delivery to the Customer of the then most recent back-up of the Customer Data. The Supplier shall use reasonable commercial endeavours to deliver the back-up to the Customer within 30 days of its receipt of such a written request, provided that the Customer has, at that time, paid all fees and charges outstanding at and resulting from termination (whether or not due at the date of termination). The Customer shall pay all reasonable expenses incurred by the Supplier in returning or disposing of Customer Data; and
      • any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the Agreement which existed at or before the date of termination shall not be affected or prejudiced.
  3. Force majeure

Neither party shall be in breach of this Agreement nor liable for delay in performing, or failure to perform, any of its obligations under this Agreement if such delay or failure result from events, circumstances or causes beyond its reasonable control. The time for performance of such obligations shall be extended accordingly. If the period of delay or non-performance continues for three months, the party not affected may terminate this Agreement by giving fourteen days written notice to the affected party.

  1. Variation

The Supplier reserves the right to vary, amend or otherwise modify these terms & conditions from time to time and Supplier shall notify Customer of any such change. Customer’s continued use of the Services shall constitute acceptance of such new/amended terms. Supplier also reserves the right to update, change, suspend or close the Services.

  1. Severance
    • If any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of this Agreement.
  2. Entire Agreement
    • This Agreement constitutes the entire agreement between the parties and supersedes and extinguishes all previous and contemporaneous agreements, promises, assurances and understandings between them, whether written or oral, relating to its subject matter.
  3. Assignment
    • The Customer shall not, without the prior written consent of the Supplier, assign, novate, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement.
    • The Supplier may at any time assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement.
  4. Third party rights

This Agreement does not confer any rights on any person or party (other than the parties to this Agreement and, where applicable, their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.

  1. Governing law

This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and interpreted in accordance with the law of England and Wales.

  1. Jurisdiction

Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims).

Schedule 1 – Data Processing Terms

These Data Processing Terms forms part of the Software as a Service Subscription Agreement – Master Terms (“Principal Agreement“) between the Supplier (the “Processor”) and the Customer (“Controller”):

DEFINITIONS

Controller, Processor, Data Subject, Personal Data, Personal Data Breach, processing and appropriate technical and organisational measures: as defined in the Data Protection Legislation.

Data Protection Legislation: all applicable data protection and privacy legislation in force from time to time in the UK including the UK GDPR; the Data Protection Act 2018 (DPA 2018) (and regulations made thereunder)  and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended [and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of Personal Data (including, without limitation, the privacy of electronic communications); and the guidance and codes of practice issued by the Information Commissioner or other relevant regulatory authority and applicable to a party.

Domestic Law: the law of the United Kingdom or a part of the United Kingdom.

EU GDPR: the General Data Protection Regulation ((EU) 2016/679).

EU Law: the law of the European Union or any member state of the European Union.

UK GDPR: has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018.

  1. DATA PROTECTION
    • Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 1 is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under the Data Protection Legislation.
    • The parties acknowledge that for the purposes of the Data Protection Legislation, the Customer is the Controller and the Provider is the Processor. The Annex below or the Supplier’s quotation (as the case may be) sets out the scope, nature and purpose of processing by the Provider, the duration of the processing and the types of Personal Data and categories of Data Subject.
    • Without prejudice to the generality of clause 1, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Provider for the duration and purposes of this agreement.
    • Without prejudice to the generality of clause 1, the Provider shall, in relation to any Personal Data processed in connection with the performance by the Provider of its obligations under this agreement:
      • process that Personal Data only on the documented written instructions of the Customer unless the Provider is required by Domestic Law to otherwise process that Personal Data. Where the Provider is relying on Domestic Law as the basis for processing Personal Data, the Provider shall promptly notify the Customer of this before performing the processing required by the Domestic Law unless the Domestic Law prohibits the Provider from so notifying the Customer;
      • ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the Customer, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
      • ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and
      • not transfer any Personal Data outside of the UK or EEA unless the prior written consent of the Customer has been obtained and the following conditions are fulfilled:
        • the Customer or the Provider has provided appropriate safeguards in relation to the transfer;
        • the data subject has enforceable rights and effective legal remedies;
        • the Provider complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and
        • the Provider complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data;
      • assist the Customer, at the Customer’s cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
      • notify the Customer without undue delay on becoming aware of a Personal Data Breach;
      • at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer within a reasonable period of termination of the Agreement unless required by Domestic Law to store the Personal Data; and
      • maintain complete and accurate records and information to demonstrate its compliance with this clause 1 and allow for audits by the Customer or the Customer’s designated auditor.
    • Where the Customer consents to the Provider appointing any third-party processor of Personal Data in the course of its provision of the Services, the Provider confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement incorporating terms which are substantially similar to those set out in this clause 1 and in either case which the Provider confirms reflect and will continue to reflect the requirements of the Data Protection Legislation. As between the Customer and the Provider, the Provider shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this clause 1.