Terms and Conditions (T&Cs)
These are our standard terms and conditions; they are intentionally designed to be balanced and fair, and they have been accepted by many of the world’s leading General Counsels. Given this, we do not allow amendments.
We have developed the Services which we make available to subscribers. You wish to use the Services in your business and by executing an Order Form that references this Agreement, you agree to and accept the terms and conditions of this Agreement. We agree to provide you with a subscription to use the Services subject to the terms and conditions of this Agreement.
The parties hereby agree:
1. DEFINITIONS
Account means the account you and the Users use to access Services using your Account Access Details.
Account Access Details means the details you and the Users have provided to enable access to your Account.
Additional Services means additional Services required by you which were not implemented or configured as part of the first Order Form.
Additional Professional Fees means any fees for out of scope or additional Professional Services which were not agreed to in writing or did not form part of the applicable Order Form and/or Technical Specifications, to be charged on a time and materials basis.
Affiliates means any entity that directly or indirectly controls, is controlled by, or is under common control with a party to this Agreement, where control means the ownership of a majority share of the stock, equity or voting interests of such entity.
Agreement means these terms and conditions and executed Order Forms, including any schedules, appendices and exhibits forming part of this agreement.
App Change Requests mean a change You request to an Automation App that is beyond what is specified within the accepted App Specification.
App Defects means a variation from the documented and approved Automation App specification.
App Specification will constitute the full scope of an Automation App, consisting of a definition of the documents, fields, questions, workflow and rule-based notifications, plus any applicable business rules, that make up the entirety of Automation App.
Automation Apps means an application that automates the generation and/or execution of a specific document(s) as specified and commissioned by You.
Bulk Contract Upload Feature means functionality provided by the Service, which allows You to upload existing historical documents in bulk, for storage and access only.
Change of Control means any change in control due to listing on a recognised stock exchange, a change in the legal or beneficial ownership of at least 50% of the assets of a party, a change in the legal or beneficial ownership of more than 50% of the voting share capital of a party or the legal power to direct or cause the direction of the general management of a party.
Conditional Clauses in Output Documents are used in Automation Apps. This functionality allows the Automation App to show or hide different sections of the document based on the answer to questions. For example, only show this confidentiality clause if the NDA is based in Australia.
Conditional Workflow Delegations are used in Automation Apps. This functionality allows a workflow to vary based on the answer to questions or other complicated logic. If the workflow is statically defined or defined by the user then it is likely this functionality is not required.
Customer Data means the data inputted by you, the Users, or by us on your behalf for the purpose of using the Services, including without limitation all documents and all information contained within such documents.
Documentation means any written materials, files or documents made available to you by us or through using the Services (which may include templates, instructions, guidelines and support documents).
Document Uploads/Merges are used in Automation Apps. This functionality allows users to upload sub-documents/attachments or other items to be included with the generated document.
End Date means the end date for the relevant period specified in the Order Form, commencing on the Start Date.
Fees means the fees payable for any Service as set out in the relevant Order Form.
General User means any User of the Services, other than a Professional User.
Integrations are used to integrate Automation Apps with a 3rd party system, typically to allow data to be passed between the systems to populate generated documents or push captured information into a 3rd party system.
Initial Term means period commencing the Start Date and expiring on the End Date.
Licence Fees means the annual licence fees payable for any Services pursuant to this Agreement.
Logic Driven Questions are used in Automation Apps. These are questions that are altered based on the answer given to prior questions. For example; 1. Only ask for the zip code if the answer to the previous question “Which country are you in?” was the “USA”; 2. “If the answer to “Which state are you in?” is “Victoria”, then provide a list of Victorian local government areas to select from.
Order Form means the order form agreed in writing between you and us that is governed by this Agreement, and includes a description of the Services, Fees and any other commercial terms (including the Technical Specifications).
Output Document means a document produced by an Automation App. Output Documents are created using a template that is annotated using tags to allow the Automation App to modify the document based on information captured.
Personal Data has the meaning given in Schedule 4.
Prepaid Bundle has the meaning given in Schedule 3.
Professional User means a User that has the right to perform activities using the Services, beyond that of a General User. The additional activities that a Professional User can perform are:
View all documents of a particular document type/s
Be assigned as the reviewer of a document
Approve or decline the review phase of a document
Manage legal matters (assign, be assigned, change status or priority)
Perform any administrative function on the platform (user, role, organisation management, document list customization, branding, matter management configuration, Approve & eSign settings control).
Professional Services means any Services provided by us to configure and implement the relevant products as set out in an Order Form.
Professional Fees means the estimated range of fees set out the applicable Order Form to provide the Professional Services or as may be agreed in writing from time to time in relation to Additional Professional Services.
Renewal Period has the meaning given in clause 8.1 (Termination).
Services means the products and subscription services ordered by you and provided by us, pursuant to this Agreement and the applicable Order Form.
Start Date means the subscription start date as set out in the applicable Order Form.
Simple Intake Questions are used in Automation Apps. These are simple questions that pre-fill fixed locations without the output document. There can be different types of questions such as text, number, currency, ABN lookups, etc, however the key is they are simple, always shown and fill a section of the output document.
Technical Specifications means the document supporting the relevant Order Form (if any) setting out the technical specifications for the relevant Services.
Term means the Initial Term and any Renewal Terms.
Users means employees, representatives, consultants, contractors and agents who are authorised by you to access and use the Services, including third parties with which the Customer transacts business.
Virus anything or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices.
Workflow means functionality provided by the Service, which allows You to create, store, review and/or execute a document or legal matter. This excludes documents that are uploaded using the Bulk Contract Upload Feature.
We, us, or our means the entity set out in the relevant Order Form and described in clause 12.13 below.
You, or your or Customer means in the case of an individual accepting this Agreement on his or her own behalf, such individual, or in the case of an individual accepting this Agreement on behalf of a company or other legal entity, the company or other legal entity for which such individual is accepting this Agreement, and Affiliates of that company or entity (for so long as they remain Affiliates) which have entered into Order Forms.
2. SERVICES
2.1 We grant you a non-exclusive, non-transferable right to access and use the Services in the countries set out in the applicable Order Form, for the duration of and in accordance with the terms of this Agreement.
2.2 The subscription does not entitle you or your Users to receive or install a copy of the Services or the right to licence sublicense, sell, rent, lease, transfer, assign, distribute or otherwise commercially exploit the Services to any third parties.2.3 You agree that your purchases of the Services are not contingent on the delivery of any future functionality or features, or dependent on any oral or written public comments made by us regarding future functionality or features.
2.4 Account Access
2.1.1 You and your Users must only access the Services using your Account Access Details (which you must, and you will ensure the Users will, at all times keep secure and confidential).
2.4.2 You and your Users may access your Account for the duration of this Agreement, provided you comply with the terms of this Agreement and pay all Fees.
You will not access, store, distribute or transmit any Viruses when using the Services, or any material that:
- is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;
- facilitates illegal activity;
- depicts sexually explicit images;
- promotes unlawful violence;
- is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or
is otherwise illegal or causes damage or injury to any person or property;
and we reserve the right, without liability or prejudice to our other rights to you, to (in our absolute discretion) disable your access to all or part of the Services in those circumstances.
2.4.4 You will use your best endeavours to prevent any unauthorised access to, or use of, the Services and, in the event of any such unauthorised access or use, promptly notify us in writing.
2.4.5 The rights provided under this Agreement are granted to you only and, unless agreed otherwise in writing, shall not be considered as granted to any of your Affiliates.
2.4.6 We may access and process all aggregated anonymous data generated by the platform as a result of the Services for our benchmarking purposes.
2.4.7 We cannot and do not guarantee or warrant to you that files uploaded onto the platform by your Users or available for downloading through the Services or delivered via electronic mail through the Services, or features and products available through the Services, will be free of infection or Viruses or other code that manifest contaminating or destructive properties. You are responsible for implementing sufficient procedures and checkpoints to satisfy your particular requirements for accuracy of data input and output, and for maintaining a means external to the Services for the reconstruction of any lost data.
2.4.8 The Services are subject to usage limits specified in Order Forms. If the Customer exceeds a contractual usage limit, the Customer will execute an Order Form for additional quantities of the applicable Services promptly upon our request, and/or pay any invoice for excess usage in accordance with the invoicing and payment terms set out in this Agreement.
3. FEES
3.1 You will pay us the Fees for the Services specified in the Order Forms pursuant to Schedules 1, 2 and/or 3 (as applicable).
3.2 Your obligation to pay us is not in any way contingent upon your collection of your invoices or payments from any User or third party.
3.3 If you do not pay us any Fees by the due date, which is 14 days from the date of the relevant invoice, we may charge you interest at a rate of 12% per annum and may disable your access to all or part of the Services until the relevant invoice has been settled in full to our reasonable satisfaction. We will be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid.
3.4 All amounts owed and Fees payable pursuant to this Agreement do not include any taxes, levies, duties or similar governmental assessments of any nature, including, for example, goods and services taxes, value-added, sales, use or withholding taxes, assessable by any jurisdiction whatsoever (collectively, “Taxes”). You are responsible for paying all Taxes associated with your purchases hereunder and it is agreed that we may recover from you an additional amount on account of Taxes. Any additional amount on account of Taxes recoverable from you under this clause is payable by you at the same time and in the same manner as the consideration for the taxable supply is paid. If we have the legal obligation to pay or collect Taxes for which you are responsible under this section, we will invoice you and you will pay that amount unless you provide us with a valid tax exemption certificate authorised by the appropriate taxing authority.
4. OBLIGATIONS
4.1 Our obligations:
4.1.1 In providing the Services to you, we will use reasonable care and skill expected of a properly qualified professional services provider.
4.1.2 This Agreement will not prevent us from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under this Agreement.
4.2 Your obligations:
4.2.1 You acknowledge and agree that we can only provide the Services if, and to the extent that, you provide us with clear, accurate, timely and adequate instructions, information and directions in relation to those Services.
4.2.2 You and your Users must not provide false identity information to gain access to or use the Services.
4.2.3 You and your Users must not access the Services in order to build a product or service which in any way competes with the Services.
4.2.4 You are responsible for the Users’ compliance with this Agreement. You will supervise and control the use of the Services in accordance with the terms of this Agreement and ensure that Users are made aware of the terms of this Agreement and are subject to the same obligations of confidentiality. You will be responsible and liable for any User's breach of this Agreement and you must immediately notify us in writing of any unauthorised use or breach.
4.2.5 You will (and will ensure that the Users will) comply with any applicable laws and regulations relating to the Services.
4.2.6 Any use of the Services in breach of the foregoing by Customer or Users that in our judgment threatens the security, integrity or availability of the Services, may result in our immediate suspension of the Services, however we will use commercially reasonable efforts under the circumstances to provide Customer with notice and an opportunity to remedy such violation or threat prior to any such suspension.
5. DATA
5.1 You will own all right, title and interest in and to all the Customer Data and will have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data, the means by which you acquired the Customer Data and your use of the Customer Data within the Services.
5.2 In the event of any loss or damage to Customer Data, your sole and exclusive remedy will be for us to use our reasonable endeavours to restore the lost or damaged Customer Data from the latest back-up of the Customer Data maintained by us. We will not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by us to perform services related to Customer Data maintenance and back-up).
5.3 We will, in providing the Services, comply with our privacy and security policy (as amended from time to time) relating to the privacy and security of the Customer Data available online or such website address as may be notified to you from time to time.
5.4 We will maintain appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Customer Data to prevent unauthorized access to or disclosure of Customer Data (other than by the Customer or Users). The Data Processing Addendum (Schedule 4) will apply and be incorporated into this Agreement if the Customer’s use of the Services involves the processing of Personal Data pursuant to the Data Protection Legislation (as defined in Schedule 4) and/or if Personal Data is transferred outside of the European Economic Area (EEA), the United Kingdom and/or Switzerland to any country not deemed by the European Commission as providing an adequate level of protection for Personal Data.
6. PROPRIETARY RIGHTS
6.1 The parties acknowledge that, in the course of performing their duties under this Agreement, they may obtain information relating to the other party or a third party that is of a confidential and proprietary nature ("Proprietary Information"). The information will not be confidential in nature if it:
6.1.1 is or becomes publicly known other than through any act or omission of the receiving party;
6.1.2 was in the other party’s lawful possession before the disclosure;
6.1.3 is lawfully disclosed to the receiving party by a third party without restriction on disclosure; or
6.1.4 is independently developed by the receiving party, which independent development can be shown by written evidence.
6.2 The parties agree that they shall at all times, both during the term of this Agreement and after its termination, keep in trust and confidence all Proprietary Information of the other party and shall not use such Proprietary Information other than in the course of their duties under this Agreement or disclose any of such Proprietary Information to any third party without the other party's prior written consent. Each party will take all reasonable steps to ensure that the other party’s Proprietary Information disclosed or distributed by its employees or agents will be subject to the same obligations of confidentiality as set out in this Agreement.
6.3 The parties agree that, unless otherwise set out in this Agreement, the terms of this Agreement and any Order Form are and must remain confidential.
6.4 A party may disclose Proprietary Information to the extent such information is required to be disclosed by law, by any governmental or other regulatory authority or by a court or other authority of competent jurisdiction, provided that, to the extent it is legally permitted to do so, it gives the other party as much notice of such disclosure as possible and, where notice of disclosure is not prohibited and is given in accordance with this clause, it takes into account the reasonable requests of the other party in relation to the content of such disclosure.
6.5 You acknowledge that the Services contain Proprietary Information (including, but not limited to, intellectual property rights) that is protected by applicable laws and that we and/or third parties own all rights, title and interest in and to the Services. This Agreement does not grant you any rights to, under or in, any intellectual property rights or any other rights or licences in respect of the Services. We (including our Affiliates and licensors) reserve all of their right, title and interest in and to the Services, including all of their related intellectual property rights and no rights are granted to Customer hereunder other than as expressly set forth herein.
6.6 You agree not to reproduce, reuse, or customize, any Documentation produced or reviewed by us without our consent.
6.7 You give your consent for us to identify you as a customer and user of the Services for promotional, marketing, and publicity purposes (and for us to use your business names and logos for such purposes).
6.8 You agree not to copy, transfer, modify, adapt, translate, vary, prepare derivative works from, disassemble, decompile or reverse engineer any components of the Services (or attempt to do so) or otherwise attempt to discern the source code of the components or use it unlawfully.
6.9 You will only give access to the Services to potential competitors of ours if we agree in advance in writing.
6.10 This clause shall survive termination of this Agreement however arising.
7. LIABILITY
7.1 Our total aggregate liability in contract, tort, misrepresentation, restitution or otherwise, under this Agreement or arising in connection with the performance or contemplated performance of this Agreement is limited to the total Fees paid during the 12 months immediately preceding the date on which the claim arose.
7.2 Subject to clause 7.1, we are not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and you acknowledge that the Services may be subject to limitations, delays and other problems inherent in the use of such communications facilities. You will be solely responsible for procuring and maintaining your network connections and telecommunications links from your systems to our data centres.
7.3 Subject to clause 7.1, neither party is liable to the other whether in tort, contract, misrepresentation, restitution or otherwise for any loss of profits, loss of business, business interruption, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or for any special, indirect or consequential loss, costs, damages, charges or expenses however arising under this Agreement.
7.4 Except as expressly and specifically provided in this Agreement all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this Agreement.
7.5 In no event will we or our employees, agents and sub-contractors be liable to you under this Agreement to the extent that the alleged infringement is based on:
7.5.1 a modification of the Services by anyone other than us; or
7.5.2 your use of the Services in a manner contrary to our written instructions or this Agreement; or
7.5.3 your use of the Services after notice of the alleged or actual infringement from us or any appropriate authority.
8. TERMINATION
8.1 This Agreement commences on the Start Date and will continue for the Initial Term. The Agreement will automatically renew for successive 12-month periods after the Initial Term (each a Renewal Period), unless either party provides written notice of the intent to not renew no later than 30 days before the end of the current term.
8.2 Where an individual Order Form has been terminated in accordance with clause 8.1, only the relevant Order Form will be deemed terminated and any remaining Order Forms and this Agreement will remain in full force and effect.
8.3 All Order Forms automatically terminate on termination of the entire Agreement for whatever reason.
8.4 If this Agreement is terminated in accordance with its terms, you are entitled to a pro rata refund of the Licence Fees pursuant to Schedule 1, Schedule 2, and/or Pre-paid Bundle pursuant to Schedule 3 (as applicable).
8.5 Without affecting any other right or remedy available to it, either party may terminate this Agreement with immediate effect by giving written notice to the other party if:
8.5.1 the other party fails to pay any amount due under this agreement on the due date for payment and remains in default not less than 30 days after being notified in writing to make such payment;
8.5.2 the other party suspends, or threatens to suspend, payment of its debts or is unable to pay its debts as they fall due or admits inability to pay its debts;
8.5.3 the other party enters into any form of insolvency, winding up or bankruptcy or has a receiver or administrator appointed or enters in any scheme of arrangement with its creditors, voluntary or otherwise; or
8.5.4 the other party suspends or ceases, or threatens to suspend or cease, carrying on all or a substantial part of its business.
8.6 On termination of the entire Agreement pursuant to clause 8.3:
8.6.1 all licences granted under this Agreement will immediately terminate and you will immediately cease all use of the Services;
8.6.2 you will return and make no further use of any equipment, property, Documentation and other items (and all copies of them) belonging to us; and
8.6.3 we may destroy or otherwise dispose of any documentation or data in our possession in, unless we receive, no later than 20 days after the effective date of the termination of this Agreement, a written request for the delivery to you of the then most recent back-up of the documentation and data. We will use reasonable commercial endeavours to deliver the back-up to you within 90 days of receipt of such a written request, provided that you have, at that time, paid all Fees and charges outstanding at and resulting from termination (whether or not due at the date of termination). You will pay all reasonable expenses and costs incurred by us in returning or disposing of any documentation or data pursuant to this clause.
9. FORCE MAJEURE
9.1 We have no liability to you under this Agreement if prevented from or delayed in performing our obligations under this Agreement, or from carrying on our business, by acts, events, omissions or accidents beyond our reasonable control, including, without limitation;
9.1.1 strikes, lock-outs or other industrial disputes (whether involving our workforce or any other party);
9.1.2 failure of any utility service or transport/telecommunications network;
9.1.3 act of God, war, riot, civil commotion, malicious damage;
9.1.4 compliance with any law or governmental order, rule, regulation or direction;
9.1.5 accident, breakdown of plant or machinery, fire, flood, storm; or
9.1.6 default of suppliers or sub-contractors, provided that you will be notified of such an event and its expected duration.
10. ANTI-BRIBERY
10.1 Each party must comply with all applicable laws and policies relating to anti-bribery and anti-corruption.
10.2 Each party must report to the other party within 14 days any request or demand for any undue financial or other advantage of any kind received by that party in connection with this agreement.
11. MODERN SLAVERY
11.1 Each party must, and must use its reasonable efforts to ensure that each of its sub-suppliers (if any):
11.2 comply with all applicable laws and policies relating to modern slavery or human trafficking, including but not limited to the Modern Slavery Act 2018 (Cth); and
11.3 take reasonable steps to ensure that there is no modern slavery or human trafficking in its business or (to a reasonable extent) its supply chains.
11.4 Each party represents and warrants that it has not, nor its officers, employees, been convicted or investigated for modern slavery or human trafficking offences.
11.5 Each party must promptly report to the other of any actual or suspected slavery or human trafficking in its business in connection with this agreement.
11.6 Each party must maintain reasonably sufficient records evidencing its compliance with clause 11.
12. GENERAL
12.1 We may, in connection with your use of the Services, collect information through the use of cookies, flash cookies and other analytical tools for the purposes of enhancing your experience and improving the Services. This information may be provided to our third-party service providers from time-to-time to facilitate or achieve these purposes.
12.2 We may access your Account for the purposes of any ongoing support and maintenance of the Services or if required to provide the Services pursuant to this Agreement.
12.3 Neither party can terminate this Agreement as a result of a Change of Control event and this Agreement will remain in full force and effect in such circumstances.
12.4 Both parties may assign or transfer any of our rights or obligations under this Agreement to an Affiliate, provided that party gives the other prior notice in writing.
12.5 Any failure to exercise or enforce any right or provision of this Agreement shall not constitute a waiver of such right or provision.
12.6 If there is any inconsistency between the terms of this Agreement and those of the applicable Order Form, the terms of the Order Form will prevail.
12.7 If any provision of this Agreement is held by a court of competent jurisdiction to be invalid, unenforceable or illegal, the provision shall apply with whatever modification is necessary to give effect to the commercial intention of the parties and all other provisions shall remain in full force and effect.
12.8 This Agreement may be executed in any number of counterparts, each of which when executed will constitute a duplicate original, but all the counterparts shall together constitute the one agreement.
12.9 This Agreement constitutes the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter.
12.10 No variation of this Agreement will be effective unless it is made in writing and signed by the parties.
12.11 No rule of construction will apply to Our disadvantage because we were responsible for the preparation of this Agreement.
12.12 Each party agrees to the applicable governing law below without regard to choice or conflicts of law rules, and to the exclusive jurisdiction of the applicable courts below.
12.13 The entity entering into this Agreement, the address to which you should direct notices under this Agreement, the law that will apply in any dispute, claim or lawsuit arising out of or in connection with this Agreement, and the courts that have jurisdiction over any such dispute, claim or lawsuit, depend on where Customer is domiciled as follows:
If the Customer is domiciled in: | The entity entering into this Agreement is: | Notices should be addressed to: | Governing law is: | Courts with exclusive jurisdiction are: |
Australia, New Zealand, countries in Asia or the Pacific region, including Japan and Singapore | Plexus Services Pty Ltd (ABN 26 151 501 898) | Level 4, 411 Collins Street, Melbourne VIC, 3000 | Victoria, Australia | Victoria, Australia |
Rest of the World | Legal Gateway International Limited (company number 10821301) | 30 St Mary Axe, London, EC3A 8AA | England | England |
12.14 Any notice or communication required or permitted under this Agreement shall be in writing to the parties at the addresses set out above, on the applicable Order Form or at such other address as may be given in writing by either party to the other in accordance with this clause and shall be deemed to have been received by the addressee (i) if given by hand, immediately upon receipt; (ii) if given by overnight courier service, the first business day following dispatch (iii) if given by registered or certified mail, postage prepaid and return receipt requested, the second business day after such notice is deposited in the mail (iv) if given by email, immediately unless the sender receives an automated reply that the email was not delivered by reason of the address being invalid or otherwise.
12.15 Our direct competitors are prohibited from accessing the Services, except with our prior written consent. In addition, the Services may not be accessed for purposes of monitoring their availability, performance or functionality, or for any other benchmarking or competitive purposes.
Schedule 1: Plexus
This Schedule applies in relation to the Gateway Plexus software Services and associated Professional Services.
1. FEES
1.1 Subject to clause 1.2, 1.3 and 1.4, the Licence Fees are fixed.
1.2 The Licence Fees will increase by 7% plus CPI (Australia-All Groups, prior quarter annual rate) on each anniversary of the Start Date.
1.3 You acknowledge that the Licence Fees for the Service set out in the applicable Order Form specifies the number of Professional Users and Workflows. If the number of Professional Users or Workflows consumed during an annual term exceeds the amount specified in the Order Form, we reserve the right to increase the Licence Fee in accordance with the Order Form, pro rata for the remainder of the Term. Any increase in the Licence Fee will be reflected in the next invoice issued as per 1.5 or upon notification having been received from you in accordance with T&Cs clause 8.1 (Termination).
1.4 The Professional Fees are estimated based on the information and documentation provided by you and our understanding of your requirements. The Professional Fees may also vary if there is a change in the scope of the Services to be provided pursuant to the relevant Order Form. We will notify you in writing of any changes to the estimated Professional Fees and keep you updated on Professional Fees incurred.
1.5 Unless otherwise agreed in an Order Form, we will invoice you:
1.5.1 on the Start Date for the Licence Fees payable in advance for the initial year;
1.5.2 on each anniversary of the Start Date for the Licence Fees payable in advance for any Renewal Periods (as applicable);
1.5.3 on the Start Date for the Licence Fees payable in respect of any Additional Services; and
1.5.4 on a weekly basis for any Professional Fees incurred (invoices for Professional Fees will be issued in arrears).
1.6 Any Licence Fees must be paid up-front, prior to commencement of the build and implementation of the relevant Services.
1.7 If you require any Additional Services and there is less than 6 months remaining during the Initial Term or Renewal Period (as applicable), any Fees for the Additional Services will be prorated and co-termed/aligned with the invoicing dates set out in clauses 1.5.1 and 1.5.2. In all other circumstances we will invoice you in respect of the Fees for any Additional Services on the Start Date for the following 12-month period and future invoices will then be prorated and co-termed after the expiry of that initial 12-month period.
2. TERMINATION
2.1 If we terminate this Agreement, you are entitled to a pro rata refund of the unused portion of the Licence Fees as at the date of termination. For example: taking any 12-month period, if we terminate on the expiry of the 6th month, the Licence Fees for the remaining 6 months will be refunded to you. This clause does not apply in circumstances where:
2.1.1 termination is the result of your material breach of this Agreement;
2.1.2 you become insolvent or an application is made in respect of your insolvency:
2.1.3 you suspend, or threaten to suspend, payment of any debts or you become unable to pay your debts as they fall due;
2.1.4 you commence negotiations with any of your creditors in respect of your debts;
2.1.5 a petition is filed, a notice is given, a resolution is passed, or an order is made, for or in connection with your winding up; or
2.1.6 an application is made for the appointment of an administrator or receiver or such a person has been appointed in respect of your assets or debts.
2.2 If you validly terminate this Agreement and have not breached any terms of this Agreement, we will provide you with a pro rata refund (from the effective date of termination) of the unused portion of the Licence Fees.
3. OTHER PLEXUS PROVISIONS
3.1 Except as expressly and specifically provided in this Agreement, in relation to the Plexus platform, you assume sole responsibility and liability for any documents or information generated by the Services, for any results obtained from the use of the Services and for conclusions drawn from such use. We have no liability for any damage or loss caused by the documents or results obtained from the use of the Services or for any errors or omissions of the Users when using the Services, errors or omissions in any information, instructions, scripts or documents provided to us by you in connection with the Services, or any actions taken by us at your direction.
3.2 Except to the extent otherwise specified in this Agreement, you acknowledge that the Services are not intended to constitute, or be a substitute for, legal advice.
Schedule 2: Automation Apps
This Schedule applies in relation to Automation Apps and associated Professional Services.
1. FEES
1.1 For Automation Apps the Fees are set based on size, as defined below:
1.1.1 Small; contains less than or equal to 25 questions and 2 output documents, and contains only Simple Intake Questions or Logic Driven Questions.
1.1.2 Medium; contains more than 25 questions and less than 50 questions, and less than or equal to 3 Output Documents.
1.1.3 Large; contains more than 50 questions and less than 100 questions, and less than or equal to 5 Output Documents.
1.1.4 Custom; Any Automation Apps that required Integration or contains more than 100 questions and/or 5 Output Documents will be quoted based on an hourly Professional Fee. Where access to the Plexus API is required, an API Licence Fee will also be charged.
1.2 Medium, Large and Custom Apps may contain; Conditional Clauses in Output Documents, Conditional Workflow Delegations and/or Document Uploads/Merges.
1.3 You acknowledge the size of each Automation Apps specified in the applicable Order Form is estimated based on the information you have provided prior to execution of this agreement.
1.4 You acknowledge that at any time during the development of an Automation App, if the requirements of the Automation App surpass the size limitations as stated in 1.1 and the related Order Form, the Fees will be varied in accordance. We will notify you in writing of any change in Fees.
1.5 If the fees increase during the development of the Automation App based on changes to the scope of work, you may choose to cease the development of the Automation App. If you do so, we will provide You with a pro rata refund (from the effective date of termination) of the unused portion of the Fees.
1.6 Where the Professional Fee is fixed-price, the pro rata refund will be based on the stage, that is if terminated during
1.6.1 Specification; The refund will be 75% of the directly associated Professional Fee.
1.6.2 Development; The refund will be 25% of the directly associated Professional Fee.
1.6.3 Acceptance; The refund will be 10% of the directly associated Professional Fee.
2. SPECIFICATION
2.1 On execution of this agreement, we will work with you to prepare an App Specification Document for acceptance.
2.2 You must review this App Specification Document in a timely manner, yet no longer than 10 working days, and provide changes or acceptance in writing.
2.3 Only once acceptance is provided by you, we will schedule the development of the Automation App.
3. DEVELOPMENT
3.1 We will make best endeavors to complete Development (including related testing activities) within the defined period. If it becomes evident that development will not be completed within the defined period, we will notify You in writing.
4. ACCEPTANCE
4.1 At the completion of Development, we will deploy the Automation App for testing and notify You to commence Your acceptance testing.
4.2 You are required to test the deliverables against the signed-off App Specification Document, and complete acceptance testing within 10 working days of the date of notification of completion of Development.
4.3 Any App Defects identified during this period must be raised by You within the specified Issue Log. Failure to do so may result in any App Defects not being corrected.
4.4 On your acceptance of the Automation App or 10 working days after the completion of development (whichever is earliest), assuming all identified App Defects have been resolved, the Automation App will be migrated into Your Plexus environment, ready for You to grant access when you see fit.
5. TRAINING
5.1 We will provide remote Automation App training at the start of the User Acceptance Testing phase (one session of no more than 5 people).
5.2 If additional live training (not recorded) is requested by you this will be charged at the Professional Fee hourly rate as defined within the Order Form.
6. WARRANTY
6.1 Any App Defects found within 30 days from the date on which the Automation App was deployed to Your Plexus environment will be fixed free of additional charge. In this instance, a defect is defined as a variation from the documented and approved Specification.
6.2 App Defects identified post-deployment of the Automation App must be raised by You via normal Plexus Support channels.
6.3 Any Automation Apps are outside the scope of Plexus upgrades and Automation App will not automatically be upgraded with new functionality released for Plexus.
7. CHANGES
7.1 We will cater for App Change Requests in relation to the size (refer to 1.1) of the Automation App, as stated in the Order Form.
7.2 For Small, Medium and Large Automation Apps, if an App Change Requests is raised within 30days of deployment, and does not vary the size it will be included free of charge.
7.3 For Custom Automation Apps, App Change Requests will be calculated based on the hourly rate for Professional Fees as stated within You Order Form.
7.4 App Change Requests identified post-deployment of the Automation App must be raised by You via normal Plexus Support channels.
8. OTHER PROVISIONS
8.1 Except as expressly and specifically provided in this Agreement, in relation to the Automation Apps, you assume sole responsibility and liability for any documents or information generated by the Services, for any results obtained from the use of the Services and for conclusions drawn from such use. We have no liability for any damage or loss caused by the documents or results obtained from the use of the Services or for any errors or omissions of the Users when using the Services, errors or omissions in any information, instructions, scripts or documents provided to us by you in connection with the Services, or any actions taken by us at your direction.
8.2 Except to the extent otherwise specified in this Agreement, you acknowledge that the Services are not intended to constitute, or be a substitute for, legal advice.
Schedule 3: Marketing Suite
This Schedule applies in relation to our Marketing Suite software (including but not limited to the Plexus Promotion and Advertising Review apps) and associated services (Services). The Rate Card annexed to the relevant Order Form sets out details of the pricing for the Services and may be changed and updated by us from time to time pursuant to the terms of this Agreement.
Schedule 4: Data Processing Addendum
This Schedule applies to data processing and storage.
1. DATA PROCESSING
1.1 For the purposes of this clause:
“Data Protection Legislation” means, unless and until the General Data Protection Regulation ((EU) 2016/679) (GDPR) is no longer directly applicable in the UK, the GDPR and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK or any successor legislation to the GDPR.
“Personal Data” means any information relating to (i) an identified or identifiable natural person and, (ii) an identified or identifiable legal entity (where such information is protected similarly as personal data or personally identifiable information under applicable Data Protection Legislation), where for each (i) or (ii), such data is Customer Data.
1.2 Pursuant to the Data Protection Legislation, if we process any Personal Data on your behalf when performing our obligations under this Agreement, we agree that you will be the data controller and we will be a data processor and in any such case:
1.2.1 you acknowledge and agree that the Personal Data may be transferred or stored outside the European Economic Area, or the country where you and the Users are located, in order to carry out the Services and our obligations under this Agreement;
1.2.2 you will ensure that you have all necessary/appropriate consents and notices in place to enable lawful transfer of the relevant Personal Data to us for the duration and purposes of this Agreement so that we may lawfully use, process and transfer the Personal Data in accordance with this Agreement on your behalf;
1.2.3 we will process the Personal Data only in accordance with the terms of this agreement, any lawful written instructions reasonably given by you to us from time to time and/or the laws of any member of the European Union or by the laws of the European Union applicable to us to process such Personal Data; and
1.2.4 we will ensure that staff we authorize to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
1.2.5 each party shall take reasonable technical and organisational measures against unauthorised or unlawful processing of the Personal Data or its accidental loss, destruction or damage including taking all measures required by Article 32 of the GDPR;
1.2.6 taking into account the nature of the processing, we will assist you by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of your obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR;
1.2.7 we will assist you in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to us;
1.2.8 we will delete all Personal Data to you on termination or expiry of this Agreement and delete existing copies unless European or UK law requires us to store such Personal Data; and
1.2.9 we will make available to you all information necessary to demonstrate compliance with the obligations set out in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you and, in this regard, we will inform you immediately if, in our opinion, an instruction infringes the GDPR or any other Data Protection Legislation.
1.3 You consent to us appointing a third-party processor of Personal Data under this Agreement. We confirm that such third-party processor has entered or (as the case may be) will enter into a written agreement incorporating terms which are substantially similar to those set out in this clause. We will remain fully liable for all acts or omissions of any third-party processor appointed pursuant to this clause. We will notify you before engaging any new sub-processor to carry out specific processing activities.
1.4 Both parties shall, in relation to any Personal Data processed under this Agreement, notify the other without undue delay on becoming aware of a Personal Data breach.
1.5 This Agreement and T&Cs clause 5 (Data) set out the scope, nature and purpose of processing by us, the duration of the processing and the types of Personal Data and categories of data subject:
1. SCOPE
As set out in the Agreement.
2. NATURE AND PURPOSE OF PROCESSING
As set out in the Agreement.
3. DURATION OF THE PROCESSING
The duration of this Agreement.
4. TYPES OF PERSONAL DATA
You and the relevant Users may submit Personal Data for the purposes of the Services to be provided by us, the extent of which is determined and controlled by you in your sole discretion, and which may include, but is not limited to the following categories of Personal Data: first and last name, title, position, employer, contact information (company, email, phone, physical business address).
5. CATEGORIES OF DATA SUBJECT
You and the relevant Users may submit Personal Data for the purposes of the Services to be provided by us, the extent of which is determined and controlled by you in your sole discretion, and which may include, but is not limited to the following Personal Data relating to the following categories of data subjects:
- prospects, customers, suppliers, business partners, vendors and subcontractors of the Customer (who are natural persons)
- employees or contact persons of your customers, business partners, vendors and subcontractors
- employees, agents, advisors, freelancers of the Client (who are natural persons)
- the Users authorised to use the Services.
1.6 In the event that Personal Data is transferred by or on behalf of us to a country outside the EEA not offering an adequate level of protection for Personal Data, the standard contractual clauses set out in Appendix A for the transfer of Personal Data to data processors established in third countries adopted by the European Commission decision of 4 June 2021, published under document number C(2021) 3972 (the "Standard Contractual Clauses") shall be deemed executed by the parties to the relevant Order Form and form part of this Agreement (unless otherwise agreed in writing).
Appendix A: Standard Contractual Clauses (Controller to Processor)
SECTION I
Clause 1
Purpose and scope
(a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) for the transfer of personal data to a third country.
(b) The Parties:
(i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter “entity/ies”) transferring the personal data, as listed in Annex I.A. (hereinafter each “data exporter”), and
(ii) the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A. (hereinafter each “data importer”)
have agreed to these standard contractual clauses (hereinafter: “Clauses”).
(c) These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.
(d) The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.
Clause 2
Effect and invariability of the Clauses
(a) These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46 (2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.
(b) These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.
Clause 3
Third-party beneficiaries
(a) Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:
(i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;
(ii) Clause 8 - Module One: Clause 8.5 (e) and Clause 8.9(b); Module Two: Clause 8.1(b), 8.9(a), (c), (d) and (e); Module Three: Clause 8.1(a), (c) and (d) and Clause 8.9(a), (c), (d), (e), (f) and (g); Module Four: Clause 8.1 (b) and Clause 8.3(b);
(iii) Clause 9 - Module Two: Clause 9(a), (c), (d) and (e); Module Three: Clause 9(a), (c), (d) and (e);
(iv) Clause 12 - Module One: Clause 12(a) and (d); Modules Two and Three: Clause 12(a), (d) and (f);
(v) Clause 13;
(vi) Clause 15.1(c), (d) and (e);
(vii) Clause 16(e);
(viii) Clause 18 - Modules One, Two and Three: Clause 18(a) and (b); Module Four: Clause 18.
(b) Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.
Clause 4
Interpretation
(a) Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.
(b) These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.
(c) These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.
Clause 5
Hierarchy
In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.
Clause 6
Description of the transfer(s)
The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.
Clause 7 - Optional
Docking clause
(a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A.
(b) Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.
(c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.
SECTION II – OBLIGATIONS OF THE PARTIES
Clause 8
Data protection safeguards
The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.
8.1 Instructions
(a) The data importer shall process the personal data only on documented instructions from the data exporter. The data exporter may give such instructions throughout the duration of the contract.
(b) The data importer shall immediately inform the data exporter if it is unable to follow those instructions.
8.2 Purpose limitation
The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex I.B, unless on further instructions from the data exporter.
8.3 Transparency
On request, the data exporter shall make a copy of these Clauses, including the Appendix as completed by the Parties, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including the measures described in Annex II and personal data, the data exporter may redact part of the text of the Appendix to these Clauses prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand the its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information. This Clause is without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.
8.4 Accuracy
If the data importer becomes aware that the personal data it has received is inaccurate, or has become outdated, it shall inform the data exporter without undue delay. In this case, the data importer shall cooperate with the data exporter to erase or rectify the data.
8.5 Duration of processing and erasure or return of data
Processing by the data importer shall only take place for the duration specified in Annex I.B. After the end of the provision of the processing services, the data importer shall, at the choice of the data exporter, delete all personal data processed on behalf of the data exporter and certify to the data exporter that it has done so, or return to the data exporter all personal data processed on its behalf and delete existing copies. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit return or deletion of the personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process it to the extent and for as long as required under that local law. This is without prejudice to Clause 14, in particular the requirement for the data importer under Clause 14(e) to notify the data exporter throughout the duration of the contract if it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under Clause 14(a).
8.6 Security of processing
(a) The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter “personal data breach”). In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner. In case of pseudonymisation, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organisational measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.
(b) The data importer shall grant access to the personal data to members of its personnel only to the extent strictly necessary for the implementation, management and monitoring of the contract. It shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
(c) In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the breach, including measures to mitigate its adverse effects. The data importer shall also notify the data exporter without undue delay after having become aware of the breach. Such notification shall contain the details of a contact point where more information can be obtained, a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), its likely consequences and the measures taken or proposed to address the breach including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide all information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay.
(d) The data importer shall cooperate with and assist the data exporter to enable the data exporter to comply with its obligations under Regulation (EU) 2016/679, in particular to notify the competent supervisory authority and the affected data subjects, taking into account the nature of processing and the information available to the data importer.
8.7 Sensitive data
Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions and offences (hereinafter “sensitive data”), the data importer shall apply the specific restrictions and/or additional safeguards described in Annex I.B.
8.8 Onward transfers
The data importer shall only disclose the personal data to a third party on documented instructions from the data exporter. In addition, the data may only be disclosed to a third party located outside the European Union (in the same country as the data importer or in another third country, hereinafter “onward transfer”) if the third party is or agrees to be bound by these Clauses, under the appropriate Module, or if:
(i) the onward transfer is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer;
(ii) the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 Regulation of (EU) 2016/679 with respect to the processing in question;
(iii) the onward transfer is necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings; or
(iv) the onward transfer is necessary in order to protect the vital interests of the data subject or of another natural person.
Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation.
8.9 Documentation and compliance
(a) The data importer shall promptly and adequately deal with enquiries from the data exporter that relate to the processing under these Clauses.
(b) The Parties shall be able to demonstrate compliance with these Clauses. In particular, the data importer shall keep appropriate documentation on the processing activities carried out on behalf of the data exporter.
(c) The data importer shall make available to the data exporter all information necessary to demonstrate compliance with the obligations set out in these Clauses and at the data exporter’s request, allow for and contribute to audits of the processing activities covered by these Clauses, at reasonable intervals or if there are indications of non-compliance. In deciding on a review or audit, the data exporter may take into account relevant certifications held by the data importer.
(d) The data exporter may choose to conduct the audit by itself or mandate an independent auditor. Audits may include inspections at the premises or physical facilities of the data importer and shall, where appropriate, be carried out with reasonable notice.
(e) The Parties shall make the information referred to in paragraphs (b) and (c), including the results of any audits, available to the competent supervisory authority on request.
Clause 9
Use of sub-processors
(a) The data importer has the data exporter’s general authorisation for the engagement of sub-processor(s) from an agreed list. The data importer shall specifically inform the data exporter in writing of any intended changes to that list through the addition or replacement of sub-processors at least one (1) month in advance, thereby giving the data exporter sufficient time to be able to object to such changes prior to the engagement of the sub-processor(s). The data importer shall provide the data exporter with the information necessary to enable the data exporter to exercise its right to object.
(b) Where the data importer engages a sub-processor to carry out specific processing activities (on behalf of the data exporter), it shall do so by way of a written contract that provides for, in substance, the same data protection obligations as those binding the data importer under these Clauses, including in terms of third-party beneficiary rights for data subjects. The Parties agree that, by complying with this Clause, the data importer fulfils its obligations under Clause 8.8. The data importer shall ensure that the sub-processor complies with the obligations to which the data importer is subject pursuant to these Clauses.
(c) The data importer shall provide, at the data exporter’s request, a copy of such a sub-processor agreement and any subsequent amendments to the data exporter. To the extent necessary to protect business secrets or other confidential information, including personal data, the data importer may redact the text of the agreement prior to sharing a copy.
(d) The data importer shall remain fully responsible to the data exporter for the performance of the sub-processor’s obligations under its contract with the data importer. The data importer shall notify the data exporter of any failure by the sub-processor to fulfil its obligations under that contract.
(e) The data importer shall agree a third-party beneficiary clause with the sub-processor whereby - in the event the data importer has factually disappeared, ceased to exist in law or has become insolvent - the data exporter shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.
Clause 10
Data subject rights
(a) The data importer shall promptly notify the data exporter of any request it has received from a data subject. It shall not respond to that request itself unless it has been authorised to do so by the data exporter.
(b) The data importer shall assist the data exporter in fulfilling its obligations to respond to data subjects’ requests for the exercise of their rights under Regulation (EU) 2016/679. In this regard, the Parties shall set out in Annex II the appropriate technical and organisational measures, taking into account the nature of the processing, by which the assistance shall be provided, as well as the scope and the extent of the assistance required.
(c) In fulfilling its obligations under paragraphs (a) and (b), the data importer shall comply with the instructions from the data exporter.
Clause 11
Redress
(a) The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.
(b) In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses, that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other informed about such disputes and, where appropriate, cooperate in resolving them.
(c) Where the data subject invokes a third-party beneficiary right pursuant to Clause 3, the data importer shall accept the decision of the data subject to:
(i) lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place of work, or the competent supervisory authority pursuant to Clause 13;
(ii) refer the dispute to the competent courts within the meaning of Clause 18.
(d) The Parties accept that the data subject may be represented by a not-for-profit body, organisation or association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679.
(e) The data importer shall abide by a decision that is binding under the applicable EU or Member State law.
(f) The data importer agrees that the choice made by the data subject will not prejudice his/her substantive and procedural rights to seek remedies in accordance with applicable laws.
Clause 12
Liability
(a) Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.
(b) The data importer shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data importer or its sub-processor causes the data subject by breaching the third-party beneficiary rights under these Clauses.
(c) Notwithstanding paragraph (b), the data exporter shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data exporter or the data importer (or its sub-processor) causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter and, where the data exporter is a processor acting on behalf of a controller, to the liability of the controller under Regulation (EU) 2016/679 or Regulation (EU) 2018/1725, as applicable.
(d) The Parties agree that if the data exporter is held liable under paragraph (c) for damages caused by the data importer (or its sub-processor), it shall be entitled to claim back from the data importer that part of the compensation corresponding to the data importer’s responsibility for the damage.
(e) Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.
(f) The Parties agree that if one Party is held liable under paragraph (e), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its / their responsibility for the damage.
(g) The data importer may not invoke the conduct of a sub-processor to avoid its own liability.
Clause 13
Supervision
(a) The supervisory authority of one of the Member States in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located, as indicated in Annex I.C, shall act as competent supervisory authority.
(b) The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken.
SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES
Clause 14
Local laws and practices affecting compliance with the Clauses
(a) The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.
(b) The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements:
(i) the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred;
(ii) the laws and practices of the third country of destination– including those requiring the disclosure of data to public authorities or authorising access by such authorities – relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards;
(iii) any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination.
(c) The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.
(d) The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request.
(e) The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a).
(f) Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.
Clause 15
Obligations of the data importer in case of access by public authorities
15.1 Notification
(a) The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it:
(i) receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or
(ii) becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer.
(b) If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter.
(c) Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.).
(d) The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request.
(e) Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.
15.2 Review of legality and data minimisation
(a) The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).
(b) The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.
(c) The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.
SECTION IV – FINAL PROVISIONS
Clause 16
Non-compliance with the Clauses and termination
(a) The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.
(b) In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).
(c) The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:
(i) the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;
(ii) the data importer is in substantial or persistent breach of these Clauses; or
(iii) the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.
In these cases, it shall inform the competent supervisory authority of such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.
(d) Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety. The same shall apply to any copies of the data. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.
(e) Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.
Clause 17
Governing law
These Clauses shall be governed by the law of the EU Member State in which the data exporter is established. Where such law does not allow for third-party beneficiary rights, they shall be governed by the law of another EU Member State that does allow for third-party beneficiary rights. The Parties agree that this shall be the law of Ireland.
Clause 18
Choice of forum and jurisdiction
(a) Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State.
(b) The Parties agree that those shall be the courts of Ireland.
(c) A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence.
(d) The Parties agree to submit themselves to the jurisdiction of such courts.
APPENDIX
ANNEX I |
A. LIST OF PARTIES
Data exporter(s): CUSTOMER – [SEE ORDER FORM]
Entity: … - [SEE ORDER FORM]
Address: … - [SEE ORDER FORM]
Signature and date: … - [SEE ORDER FORM]
Role (CONTROLLER)
Data importer(s): PLEXUS
Entity: …- [IN ACCORDANCE WITH CLAUSE 12.13 OF THE T&Cs (ABOVE)]
Address: …- [IN ACCORDANCE WITH CLAUSE 12.13 OF THE T&Cs (ABOVE)]
Signature and date: … [SEE ORDER FORM]
Role (PROCESSOR)
B. DESCRIPTION OF TRANSFER
As set out in the Agreement (above).
C. COMPETENT SUPERVISORY AUTHORITY
Data Protection Commission
(Dublin, Ireland)
ANNEX II - TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA |
As set out in the Agreement (above).
ANNEX III – LIST OF SUB-PROCESSOR |
1. Amazon Web Services
2. Heroku (aka Salesforce)
3. Google Cloud
4. Docusign
5. Auth0
6. Webmerge
7. Cloud Convert
8. OpenAI (aka Chat GPT)
9. Only Office
10. Draftable
11. ABR.gov.au
12. InfoTrack
13. UK Companies House
14. Zoho
15. Sendgrid
16. Gmail
17. Zapier
18. Ably
19. Intercom
Download the ebook
Digital Transformation
A General Counsel's guide to modernising their legal function.
Thanks for reaching out.
One of our consultants will be in touch shortly.