Terms
and Conditions of Business
These Terms and Conditions of
Business shall always apply to all provision and use of the Supplier’s Services
and Products however purchased. Additional or alternative provisions may apply
for certain purchases and, if applicable, are set out in the relevant SoW, or
otherwise in writing, and signed by both parties.
1.
DEFINITIONS AND Interpretation
The
following definitions and rules of interpretation apply in these Terms and
Conditions of Business:
Affiliate |
as to a Party, any business
entity that, directly or indirectly, controls, is under common control with,
or is controlled by, this Party. For purposes of this definition, “control”,
“controls”, “controlled by” and “under common control with” means the power
to direct the management and policies of the business entity, whether through
ownership of voting shares or securities, by contract, or otherwise. |
Assessment |
assessment or questionnaire
completed by the Participant via the Services. |
the online assessment tools and
exercises hosted on the Supplier’s or its Affiliates’ online assessment
platform to be provided to the Customer under the Contract. |
|
Contract |
these Terms and Conditions of
Business and, if applicable, the Statement of Work or any other order for
Services or Products. |
(if applicable) means the units
of measure with monetary value, as specified in the SoW, which entitle the
Customer to issue invitations for Participants to complete an Assessment
using the Services and/or to generate a report. |
|
the entity or person purchasing
Services from the Supplier pursuant to the Contract, whether under a
Statement of Work or otherwise. |
|
Customer Materials |
any content, materials and
information provided by the Customer to the Supplier, including but not
limited to Customer’s name, logo any assessment content, training materials or
other information provided by the Customer for use as part of the Services. |
the reports and recommendations produced
by the Supplier specifically for the Customer in connection with the
provision of Services. |
|
Expenses |
if applicable, expenses incurred
by the Supplier in the performance of the Services including travel time,
travel costs, hotel costs, subsistence and any associated expenses, and for
the cost of services provided by third parties and required by the Supplier
for the performance of the Services, and for the cost of any materials
additional to those supplied as part of the Services. |
Fees |
means the fees payable by the
Customer in accordance with the terms of the Contract for the relevant
Products, Assessment Tools and/or Services. |
has the meaning given to it in
clause 12. |
|
Integrator |
means an applicant tracking or
other third party service provider which can provide access to the SaaS by
integration or inter-connectivity with its own platform. |
patents, utility models, rights
to inventions, copyright and neighbouring and related rights, moral rights,
trade marks and service marks, business names and domain names, rights in
get-up and trade dress, goodwill and the right to sue for passing off or
unfair competition, rights in designs, rights in computer software, database
rights, rights to use, and protect the confidentiality of, confidential
information (including know-how and trade secrets), and all other
intellectual property rights, in each case whether registered or unregistered
and including all applications and rights to apply for and be granted,
renewals or extensions of, and rights to claim priority from, such rights and
all similar or equivalent rights or forms of protection which subsist or will
subsist now or in the future in any part of the world. |
|
Participant |
an individual, authorised by Customer,
who seeks to register, registers for, commences, completes or otherwise
participates in any Assessment, test, survey, questionnaire or the Services. |
Products |
means the tangible products ordered
by and to be delivered to the Customer under the Contract. |
Registered User |
means an individual nominated by
the Customer who is registered to purchase, administer and/or use all or some
of the SaaS or Supplier Materials. |
Restricted Tools |
Assessment Tools and/or Services,
specified by the Supplier, that require training before the Customer is
permitted to use them. |
any and all training courses,
training services, individual or leadership development services, SaaS, subscription,
assessment centres, feedback services, consulting services, professional
services and any other services provided under the Contract. |
|
SaaS or Software as a Service |
the Supplier’s Assessment Tools which
are licensed to the Customer. |
Software |
means (if applicable) all
instructions and code used to operate the SaaS or the Integrator service,
whether object or source code. |
Statement of Work or SoW |
the statement of work or
engagement letter or any other document into which these Terms and Conditions
of Business are incorporated, executed by the Supplier and the Customer
setting forth the specific Assessment Tools, Products, Services and Deliverables
to be provided by the Supplier to the Customer pursuant to the terms of the
Contract. |
Supplier |
means the Supplier specified in
the SoW. |
all materials, equipment,
documents of the Supplier and all works created by or on behalf of the
Supplier including but not limited to catalogues, brochures, business
simulation exercises, workshop and training course materials and exercises,
tests, questionnaires, training materials, manuals, procedures, proposals,
presentations and including customised works, surveys, information documents,
text graphics and software, whether written or in the form of a video or
software programme or in any other medium. |
|
Term |
means the period of the Contract
for which it shall remain in force as determined by clause 11.1. |
Territory |
means, subject to clause 5.2
below, the geographical locations in which the Customer and/or it’s Users
will use the Services as may be specified in the SoW. |
Trained User |
an individual nominated by the
Customer who has successfully completed training provided by Supplier in the
use of the Restricted Tools and SaaS. |
Training Course |
The training course to be
provided by the Supplier to the Customer in accordance with the terms of this
Contract as set out in the SoW or otherwise as agreed between the Supplier
and the Customer. |
means Registered Users and/or
Trained Users. |
1.2
A person includes a
natural person, corporate or unincorporated body (whether or not having
separate legal personality).
1.3
A reference to a party includes its personal representatives,
successors and permitted assigns.
1.4
Unless the context otherwise requires, words in the singular
include the plural and in the plural include the singular; and a reference to
one gender shall include a reference to the other genders.
1.5
A reference to a statute or statutory provision is a reference to
it as amended or re-enacted. A reference to a statute or statutory provision
includes all subordinate legislation made under that statute or statutory
provision.
1.6
Any words following the terms including,
include, in particular, for example
or any similar expression shall be construed as illustrative and shall not
limit the sense of the words, description, definition, phrase or term preceding
those terms.
1.7
A reference to writing
or written includes email unless
expressly stated otherwise.
1.8
If there is any conflict between these Terms and Conditions of
Business and the terms of any SoW, the terms in the SoW shall prevail.
2.1
In
consideration for payment of the relevant Fees for the Services and Products by
the Customer to the Supplier, the Supplier shall provide the Services and
Products for use in the Territory, if applicable, in accordance with the
Contract in all material respects and for the duration specified in clause 11.
2.2
Any samples, drawings, descriptive matter or advertising issued by
the Supplier and any illustrations or descriptions of the Services contained on
the Supplier’s website and/or in the Supplier‘s catalogues or brochures are
issued or published for the sole purpose of giving an approximate idea of the
Services described in them. The Supplier will use reasonable care to ensure
that such information is correct however they shall not form part of the
Contract or have any contractual force. The Supplier shall have no liability to
the Customer for any losses (except those which cannot, by law be limited or
excluded) which are caused by the Customer's use of any such information.
2.3
These Terms and Conditions of Business apply to the Contract to
the exclusion of any other terms that the Customer seeks to impose or
incorporate (including but not limited to any terms attached to a purchase
order), or which are implied by trade, custom, practice or course of dealing.
2.4
The Supplier, acting reasonably,
reserves the right to amend or alter the Services in such a way that it does
not adversely impact the Customer’s use of the Services in order to: (i)
maintain or enhance the quality or delivery of the Services to its customers;
(ii) maintain or enhance the cost efficiency or performance of the Services;
and/or (iii) comply with applicable law or other requirements. The Supplier
shall notify the Customer of any changes which will materially affect the
function of the Services as soon as reasonably practicable after it becomes
aware that any such changes are required.
2.5.1
the Supplier receives a judicial or other governmental demand or
order, subpoena or law enforcement request that expressly or by reasonable
implication requires the Supplier to do so; or
2.5.2
the Supplier reasonably believes, in its sole discretion, that:
2.5.2.1 the
Customer or User has failed to comply with, any material term of the Contract,
or accessed or used the Services beyond the scope of the rights granted or for
a purpose not authorized under the Contract or in any manner that does not
comply with any material instruction or requirement of the Contract or the
applicable SoW;
2.5.2.2 the
Customer or User is, has been, or is likely to be involved in any fraudulent,
misleading or unlawful activities relating to or in connection with any of the
Services; or
2.5.3
this Contract expires or is terminated.
2.6 Clause 2.5 does not limit any of Supplier’s
other rights or remedies, whether at law, in equity or under this Contract.
3.1
Training Courses
3.1.1 Where applicable, Supplier will award a qualification for
the relevant completed training course and any associated post-training course
work upon payment of the relevant Fees in full. Customer’s use of Restricted Tools
is conditional upon qualification being awarded to its Trained User(s).
3.2
Software
as a Service (SaaS)
If the Customer
purchases SaaS or online services under the Contract, the following terms shall
apply.
3.2.1. Supplier shall deliver the SaaS, accessible online via secure
login. Supplier will host or procure the hosting of the SaaS platform.
3.2.2 The recommended IT environment for use of the SaaS is set
out at: https://www.cubiksonline.com/CubiksOnline/Standalone/XAccessibility.aspx.
3.2.3. Subject to the Customer paying the Fees for the SaaS licences
in accordance with the Contract the Supplier hereby grants to the Customer a
non-exclusive, non-transferable, periodic right, with the right to grant the
sub-licences specified in clause 3.3.4 below, to permit Users to use the SaaS
solely for the Customer's internal HR related business operations for the
selection and/or assessment and/or development of Participants on the terms set
out in the Contract.
3.2.4. The Customer, solely via a User, may use the SaaS in the
Territory specified in the SoW, if applicable, and may grant temporary use and
a temporary sub-licence of the SaaS on a one-time only basis to Participants whether
located inside or outside the Territory, strictly for the purpose of completing
Assessment by means of the SaaS, after which their access to the SaaS will
cease and the said sub-licence will automatically terminate.
3.2.5. Access to the SaaS is subject to any limitations on the number
and/or identity of Users as set out in the SoW. If the Customer exceeds the applicable limits,
Supplier may reduce the Customer’s usage so that it conforms to the limit or
suspend or terminate the Customer’s access to the SaaS. The Supplier reserves
the right to make a charge for excess usage in accordance with the Fees
applicable to such services from time to time.
3.2.6. A User’s access credentials may not be shared with any other
individual, and access credentials may not be reassigned to a new individual
replacing one who no longer requires access to the SaaS.
3.2.8. The SaaS shall be available 99% of the time each month, with the sole
exception of scheduled maintenance periods.
3.2.9 Supplier will monitor the SaaS to
ensure system stability, resilience and performance.
3.2.10 Updates to generic functionality will be
implemented from time to time at no extra cost on a scheduled basis. Optional
enhancements may be offered from time to time at additional cost.
3.2.11 Supplier shall not be required to (a)
update the SaaS except as specified in this Contract; (b) provide any new
version of any Assessment Tool (c) update any customised or tailored assessment
content or other element of the SaaS even if generic assessment content or
other elements may be updated or (d) remedy any defect or other technical fault
to the Customer’s software or infrastructure or that of any Integrator or
other third party or lack of access to the communications network.
3.2.12 Supplier is not responsible for any
delays, delivery failures, or any other loss or damage resulting from the
transfer of data over communications networks and facilities, including the
internet, beyond the point of connection with Supplier’s own networks and
systems and the Customer acknowledges that the SaaS may be subject to
limitations, delays and other problems inherent in the use of such
communications facilities.
3.2.13 Unless specifically stated otherwise in the SoW or the Data
Agreement, the Supplier has and will retain sole control of the operation,
provision, maintenance and management of the SaaS and the information
technology infrastructure used by or on behalf of the Supplier in performing
the SaaS, including without limitation, all computers, software, hardware,
databases, electronic systems and networks. Such control shall include without
limitation the location where the Services are performed and any upgrades, updates,
corrections to repairs to the SaaS or Services.
3.3
Integration
3.3.1 Subject to prior agreement between
Supplier and Customer which shall include the method of interface and
appropriate set up and other costs, Supplier has the facilities to provide
Customers with integration to the SaaS with the Customer’s platform directly,
or via an Integrator.
3.3.2 Both parties shall co-operate fully
with a view to enabling integration between the Supplier platform and the
Customer’s or Integrator’s interface and will respond promptly to all
reasonable requests for information as to progress against any agreed integration
milestones;
3.3.3 If the Customer is accessing the SaaS
via an Integrator, the Customer acknowledges and agrees that:
(i) Supplier does not control the
operation of the Integrator platform, system or software;
(ii) the terms and conditions relating
to use of the Integrator services are subject to an agreement between the
Customer and the Integrator;
(iii) the Supplier shall co-operate fully
and the Customer shall procure that the Integrator co-operates fully with a
view to enabling integration between the SaaS and the Integrator and responds
promptly to all reasonable requests for information as to progress against any
agreed integration milestones;
(iv) the Customer shall be solely
responsible to the Supplier to procure the Integrator’s agreement, acceptance
and conformance with the relevant obligations in this Agreement, including the
obligations in this clause 3.3. The
Customer shall be liable for any damages or losses to the Supplier resulting
from the Integrator’s actions or omissions.;
(v) it shall not, and shall procure
that the Integrator shall not rent, lease, lend, sell, sub-licence, assign,
distribute, publish, transfer or otherwise make available any part of any
Software of Supplier except as expressly provided in this Contract; and
(vi) the Integrator is not a Processor or
sub Processor of Personal Data on behalf of Supplier or any of its
Affiliates. The terms Personal Data,
Processor and sub Processor shall have the meanings given to them in the Data
Agreement.
3.3.4 Supplier may change or replace the
interface or method of integration once every 12 (twelve) months but undertakes
to maintain the existing method for a period of six (6) months from the change
or substitution.
3.3.5 The Customer agrees that Supplier shall
not be responsible for security beyond the point of integration or
inter-connectivity or for loss or degradation of SaaS caused by any change in
the interface of the Customer or the Integrator;
3.3.6 The Customer shall not, and shall
procure that any Integrator shall not, interfere with or disrupt the Supplier’s
integration API or the servers or networks providing the API or reverse
engineer or attempt to extract the source code from the Supplier’s integration
API or related Software except as permitted by law;
3.3.7 Where appropriate, the Supplier may set
and enforce limits on the Customer’s use of the Supplier API (e.g. limiting the
number of API requests). If the Customer
would like to use any API beyond these limits, the Customer must first obtain
written consent from the Supplier. The Supplier will endeavour to accommodate
such requests but may decline or its acceptance may be conditional upon the
Customer’s agreement to any additional terms and/or charges for that use.
3.3.8 The Supplier and the Customer shall, and
the Customer shall procure that the Integrator shall, use all reasonable
technical, security and organisational endeavours, according to good industry
practice, to ensure that its system is free and clear of any virus, spyware and
other malware and secure from accidental, unauthorised or unlawful access to,
processing, destruction loss, damage or disclosure of confidential information
or personal data.
3.3.9 On termination of the Contract, the
Customer shall cease using the integration to the Supplier API and the Supplier
shall have the right to remove live and test access credentials to prevent any
further access.
3.4 Tailored
Assessment Content
The Supplier
may provide the Customer, by prior agreement, with customised or tailored
assessment content subject to any associated costs as may be agreed between the
parties, or the reasonable costs of Supplier based on its standard applicable
daily rates. Customer shall at its own cost provide such Customer Materials as
it requires to be used as part of the Services and will obtain, maintain and
grant to Supplier all licences to use such Customer Materials to perform the
Services for the Customer. To the extent the Services are modified or adapted
at the request of the Customer and such modification or adaptation request is
agreed by Supplier, such modification or adaptation will be done solely in
reliance on information provided by the Customer and the Customer acknowledges
that it is responsible for ensuring that any such materials correspond with
appropriate job criteria and otherwise meet its requirements and that they have
not been validated by Supplier.
4.1
The Supplier
shall deliver the Products to the location advised by the Customer.
4.2
The risk in the
Products shall pass to the Customer on completion of delivery.
4.3
Title to the
Products shall not pass to the Customer until the Supplier receives payment in
full for the Products.
5.
Customer
obligations
5.1.1
before signing any SoW, ensure that the terms of the SoW are
complete, accurate and adequate for the purposes the Customer intends to use
the Services and Products;
5.1.2
co-operate with the Supplier in a timely manner in all matters
relating to the Services;
5.1.3
provide the Supplier with the Customer Materials and such
information and other materials as the Supplier may reasonably require in order
to provide the Services, and ensure that such information is complete and
accurate in all material respects;
5.1.4
obtain and maintain all necessary licences, permissions and
consents which may be required for the Customer’s use of the Services;
5.1.5
use the Services and Products in accordance with any user manual
or training and instructions provided by the Supplier;
5.1.6
use the Services and Products in accordance with all applicable
employment, data protection, privacy and other laws, and comply with all
applicable laws and regulations. The Customer will not use the Services or
Products as the sole course for any decision relating to any Participant
including with respect to selection, recruitment, assessment or development for
any hiring, termination, employment status or work opportunity;
5.1.7
ensure compliance by its personnel including Users and Participants
of the relevant terms of the Contract; and
5.1.8
not permit any third party to access or use the Services or any
part thereof except as expressly permitted by the Contract.
5.2
The
United States Department of the Treasury Office of Foreign Assets Control
(OFAC) administers and enforces economic sanctions imposed by the United States
against foreign countries. The OFAC may also designate persons and entities
(including persons and entities in the United States) as Specially Designated
Nationals. The OFAC prohibits certain transactions with embargoed countries or
Specially Designated Nationals and Talogy strictly adheres to the OFAC sanction
activities and such other sanctions as mandated by the United States. An
example of such sanctions can be found at https://www.treasury.gov/resource-center/sanctions/Programs/Pages/Programs.aspx. Customer represents and warrants
to Supplier that (i) none of the Participants or Users are on the Specially
Designated National List maintained by the OFAC; and (ii) neither Customer nor
any client, sub-contractor or agent of Customer, shall engage Supplier to
provide any Services to an embargoed country or Specially Designated National
in contravention with United States law.
5.3
Supplier Services and Products may not be branded as Customer’s
own services or products. The Customer shall not resell or distribute the
Supplier Services or Products. Customer may only use the Services and Products
as permitted by the Contract.
5.4
The Customer hereby permits the Supplier and its Affiliates to use
the Customer’s name and logo for inclusion in its internal and external
customer lists which may be published on Supplier or its Affiliates websites,
displayed in Supplier or its Affiliates premises or discussed verbally with
Supplier’s or its Affiliates’ other customers from time to time;
5.5
The Supplier shall not be responsible or liable for any prevention,
hinderance or delay to the Services or delivery of the Products or any costs or
losses sustained or incurred by the Customer that is caused by any act or
omission by the Customer, or failure by the Customer to perform any relevant
obligation (“Customer Default”). The
Supplier shall have the right to suspend provision of the Services or delivery
of the Products until the Customer Remedies the Customer Default.
5.6
For
the purposes of clarity and without limiting the generality of the obligations in
clause 5.1, except as expressly provided in this Contract, the Customer shall
not, and shall not allow any of its employees, Participants, Users, personnel
or contractors or any other third party to:
5.6.1
copy, modify or create derivative works or improvements of the Products,
Services, Deliverables or Supplier Materials;
5.6.2
rent, lease, lend, sell, sublicense, assign, distribute, publish,
transfer or otherwise make available any part of the Products, Services,
Deliverables or Supplier Materials to any person, including on or in connection
with the internet or any time-sharing, service bureau, software as a service,
cloud or other technology or service;
5.6.3
reverse engineer, disassemble, decompile, decode, adapt or
otherwise attempt to derive or gain access to the source code of any software
provided in connection with the Services, in whole or in part;
5.6.4
attempt to bypass or breach any security device or protection used
by the Services;
5.6.5
input, upload, transmit or otherwise provide to or through the Services,
or any software provided pursuant to the Contract any information or materials
that are unlawful or injurious, or contain, transmit or activate any viruses or
other harmful code;
5.6.6
damage, destroy, disrupt, disable, impair, interfere with or
otherwise impede or harm in any manner the Services, Deliverables, or Supplier
Materials or Supplier’s provision of services to any third party, in whole or
in part;
5.6.7
remove, delete, alter or obscure any trademarks, warranties or
disclaimers, or any copyright, trademark, patent or other intellectual property
or proprietary rights notices from the Products, Services, Deliverables, or
Supplier Materials, including any copy thereof;
5.6.8
access or use the Products, Services, Deliverables, or Supplier
Materials in any manner or for any purpose that infringes, misappropriates or
otherwise violates any intellectual property or other right of the Supplier, or
of any third party, or that violates any applicable law; or
5.6.9
access or use the Products, Services, Deliverables, or Supplier
Materials for purposes of competitive analysis of the Services, Deliverables,
or Supplier Materials, the development, provision or use of competing software,
services or products, or any other purpose that is to the Supplier’s detriment
or commercial disadvantage.
5.7
If the Customer becomes aware of any actual or threatened activity
prohibited by clause 5.2 and/or 5.6,
the Customer shall, and shall cause its employees to, as soon as is reasonably possible:
5.7.1
take all reasonable and lawful measures within their respective
control that are necessary to stop the activity or threatened activity and to
mitigate its effects (including, where applicable, by discontinuing and
preventing any unauthorized access to the Services, Deliverables, and/or
Supplier Materials and permanently erasing from their systems and destroying
any data to which any of them have gained unauthorized access); and
5.7.2
notify the Supplier of any such actual or threatened activity.
6.
FEES, EXPENSES, INVOICING AND CANCELLATION
6.1
Unless specified otherwise by the Supplier the Fees for the
Services shall be as set out in the SoW or, if no Fee is quoted, the Supplier‘s
standard list price as at the date of the SoW shall apply.
6.2 Fees shall, where applicable, be
exclusive of all costs and charges of packaging, insurance, and transport,
which shall be invoiced to the Customer.
6.3 Where the
Supplier‘s daily fee rates apply, these are calculated on the basis of a seven
and a half hour (7.5) day from 9.00 am to 5.30 pm (with an hour for lunch) on
working days;
6.4 If the relevant Services are required outside
of working days or for longer than seven and a half (7.5) hours per day (“Out of Hours Services”), the Supplier
will notify the Customer of any additional charges for Out of Hours Services in
writing. If the Customer wishes to accept the additional charges, the parties
will agree the same in writing. Unless and until such agreement has been made
in writing, the Supplier will be under no obligation to provide any Out of
Hours Services.
6.5
The Supplier reserves the right to:
6.5.1
increase the Fees for the Services by giving notice to the
Customer at any time before provision of the same, to reflect any increase in
the cost of the Services that is due to (a) any factor beyond the control of
the Supplier; (b) any request by the Customer to change the delivery date(s),
quantities or types of Services ordered, or any other terms of the Contract; or
(c) any delay caused by any instructions of the Customer in respect of the
Services or failure of the Customer to give the Supplier adequate or accurate information
or instructions in respect of the Services.
6.5.2
in relation to SaaS, increase the Fees annually either (a)
automatically in accordance with the UK Consumer Price Index or (b) upon not
less than ninety (90) days’ notice to the Customer by email or such other
method of notification as the parties may agree. Such variations shall take
effect on the anniversary of the Commencement Date.
6.6
If applicable, the Supplier will invoice the Customer for Fees as set
out in the SoW. .
6.7
The Customer shall pay each invoice within
thirty (30) days of the date of the invoice in full
and in cleared funds to a bank account nominated in writing by the Supplier
without any set-off, counterclaim, deduction or withholding (other than any
deduction or withholding of tax as required by law).
6.8
All amounts payable by the Customer under the Contract are
exclusive of any amounts, where applicable, in respect of value added tax
chargeable from time to time (VAT). The
Customer shall, on receipt of a valid VAT invoice from the Supplier, pay to the
Supplier such additional amounts in respect of VAT as are chargeable on the
supply of the Services at the same time as payment is due for the supply of the
Services.
6.9
If the Customer fails to make a payment due to the Supplier under
the Contract by the due date, then, without limiting the Supplier‘s rights and
remedies, the Customer shall pay interest on the overdue sum from the due date
until payment of the overdue sum, whether before or after judgment. Interest
under this clause 6.10
will accrue each day at 4% a year above the Bank of England‘s base rate from
time to time, but at 4% a year for any period when that base rate is below 0%.
7.
Intellectual property rights
7.1
All Intellectual Property Rights in, or arising out of or in
connection with the Services, Products, Supplier Materials and any Software
(including any customised or tailored version of the foregoing) (other than
Intellectual Property Rights in the Customer Materials) shall be owned by the
Supplier or its licensors or suppliers.
7.2
The Supplier grants to the Customer, or shall procure the direct
grant to the Customer of, a fully paid-up, non-exclusive, royalty-free licence
to use the Deliverables (excluding the Customer Materials) for receiving and
using the Services in relation to its HR related
business purposes. The Customer shall not sub-license, assign or otherwise
transfer the rights granted by clause 7.2
except as permitted by the Contract.
7.3
Customer grants to Supplier
a perpetual, worldwide, non-exclusive, royalty-free license (with the right to
sublicense) to use, copy, reproduce, process, adapt and aggregate anonymized Assessment
data in any and all media for the purposes of monitoring, validation,
statistical, benchmarking, product development, historical and management
purposes.
7.4
Subject to the limits on liability set out in Clause 10.5, the Supplier agrees to indemnify and defend the Customer and
Users (each, an “Indemnified Party“),
from and against any direct loss, damage, and expense, including reasonable
legal fees and expenses, incurred by the Indemnified Party as a result of any
proven third party claim (“Claim“), for
actual infringement of any Intellectual Property Rights arising out of the use
of the Services or Products supplied to the Indemnified Party by the Supplier.
This indemnification obligation is provisional on the Indemnified Party: (i)
providing the Supplier with prompt written notice of any Claim; or upon
reasonable suspicion of a Claim; (ii) cooperating with Supplier’s reasonable
request for information or other assistance; (iii) granting control of the
defence and settlement of the Claim to the Supplier; and (iv) not settling or
making any offer to settle the Claim or make any admission of guilt or fault
without first obtaining Supplier’s prior written approval.
7.5
Clause 7.4 shall
not apply in so far as the infringement arises in whole or in part due to: (i)
Customer’s use of the Services in breach of the Contract; (ii) Customer’s use
of the Services in combination with any products, services, or information not
provided by Supplier or its Affiliates; or (iii) Customer’s utilisation of the
Services in a manner not contemplated by this Contract, in each case, whether
or not with Supplier’s or its Affiliates’ consent.
7.6
In the event that any Services become or are reasonably likely to
become the subject of an infringement claim then the Supplier, at its
discretion will: (i) obtain the right for the Customer to continue using the
affected Services; (ii) replace or modify the relevant Services so it becomes
non-infringing; or (iii) terminate the applicable Contract by written notice to
the Customer and will require the Customer to cease use of relevant Services
and provide a refund of any fees prepaid to the Supplier for the affected
Services.
7.7
Customer shall defend, indemnify, and hold Supplier, and its
subsidiaries, affiliates, employees, officers, directors and contractors
harmless against all liabilities, claims, demands, suits (and any costs,
reasonable attorney fees, expert fees, judgments and settlement amounts
associated therewith) that arise out of or in connection with: (a) any claim by
a third party that the Supplier’s use of any Customer Materials infringes any
Intellectual Property Rights; and (b) any third party claim as a result of the
Customer’s use of the Services or Products in breach of the Contract. In
connection with any such claims, the Supplier agrees to provide the Customer (i)
prompt notice in writing of such claim (but late notice shall not void Customer’s
obligations in this Clause); (ii) sole control over the defence and settlement
thereof; and (iii) reasonable cooperation from the Supplier, as applicable, at
Customer’s expense in response to a Customer request for assistance. However,
Customer may not settle or compromise any claim, make any admission of facts
that expose Supplier to any liability, require Supplier to take or cease to
take any action, or other claims that are not covered by this indemnification
without Supplier’s written approval (not to be unreasonably withheld).
8.
Data
protection
The Processing of any Personal
Data pursuant to the Contract shall be subject to the terms of Schedule A
hereto or such other data agreement as agreed between the parties (the “Data
Agreement”).
9.1
“Confidential Information” means all information, in whatever
form, furnished by one party or its Affiliates (the “Disclosing Party“) to the
other party or its Affiliates or Users (the “Receiving Party“) orally or in
writing and identified as confidential or proprietary at the time of
disclosure, or that by its nature should reasonably be assumed to be
confidential or proprietary, including, but not limited to: Supplier Materials,
Customer Materials, business information, pricing, policies, information
concerning employees, customers, and/or vendors, research, development,
know-how, designs, opportunities, trade secrets, and methods and procedures.
9.2
Each party undertakes that it shall not at any time during the
Contract, and for a period of three years after termination of the Contract,
disclose any Confidential Information of the other party except as permitted by
clause 9.3.
9.3
The Receiving Party may disclose the Disclosing Party‘s Confidential
Information:
9.3.1
to its employees, officers, representatives, subcontractors or
advisers who need to know such information for the purposes of carrying out the
party‘s obligations under the Contract. Each party shall ensure that its
employees, officers, representatives, subcontractors or advisers to whom it
discloses the other party‘s confidential information comply with this clause 9 and
the Receiving Party shall remain responsible for any breach of this clause 9
by anyone with whom it shares the Disclosing Party’s Confidential Information;
and
9.3.2
as may be required by law, a court of competent jurisdiction or
any governmental or regulatory authority provided that, the Receiving Party, so
long as legally permissible, promptly notifies the Disclosing Party of such
order.
9.4
The Receiving Party shall maintain the Confidential Information
using at least the same degree of care as it employs in maintaining in
confidence its own proprietary and confidential information, but in any case no
less than a reasonable degree of care.
9.5
This clause 9 shall
not apply to Confidential Information that:
9.5.1
is publicly known at the time of its disclosure or becomes
publicly known after its disclosure other than by breach hereof by the
Receiving Party;
9.5.2
is lawfully received by the Receiving Party from a third party not
under an obligation of confidentiality to the Disclosing Party;
9.5.3
was already known to the Receiving Party at the time of disclosure
as demonstrated by the reasonable written evidence of the Receiving Party; or
9.5.4
is generated by the Receiving Party independently without use of
or reliance on the Disclosing Party’s Confidential Information.
9.6
Neither party shall use the other party‘s Confidential Information
for any purpose other than to perform its obligations under the Contract.
10.
LIMITED WARRANTY AND Limitation of liability
10.1
The Supplier will provide the Services and Products in a
workmanlike manner using reasonable care and skill and suitably experienced or
qualified personnel.
10.2
The Customer acknowledges that if the results of the Services are
dependent upon the responses of the Participants, the Supplier makes no
representation or warranty as to the accuracy or completeness of the data
collected from Participants or consequently any assessment generated in
connection with the Services or through the use or operation of the Services.
10.3
Subject to clauses 3 and 10.2 above, in the event that the
Customer establishes to the reasonable satisfaction of the Supplier within
ninety (90) days of the performance of the affected Services that the Services
are defective or not delivered with due care and attention, the Supplier shall,
at no additional expense to the Customer and as the exclusive remedy for such
breach, re-perform the affected Services.
10.4
Nothing in the Contract limits or excludes any liability of either
party for:
10.4.1
death or personal injury caused by negligence;
10.4.2
gross negligence or wilful misconduct;
10.4.3
fraud or fraudulent misrepresentation; or,
10.4.4
any other liability which, by law, cannot be excluded or limited.
10.5
Subject
to clause 10.4, the Supplier‘s total aggregate liability to the Customer arising
out of or in connection with the Contract (including, for the avoidance of
doubt, the applicable SoW) whether arising in contract, tort (including
negligence) under indemnity or otherwise, shall not exceed the greater of the
total fees payable by the Customer to Supplier during a twelve month period immediately
prior to the date on which the liability arises or the sum of £25,000 (twenty
five thousand pounds).
10.7
Except as expressly provided in clause 10.1,
the Supplier and its licensors make no warranties, whether express or implied,
regarding or relating to any materials provided to Customer, or Supplier’s
Products, Services, Deliverables or software hereunder. Software, Products and
Services are provided on an "as is" basis. Any condition,
representation, or warranty that might otherwise be implied or incorporated
within these terms by reason of statute or common law or otherwise, including
any express or implied warranties of merchantability, fitness for a particular
purpose or non-infringement, is hereby expressly excluded to the fullest extent
permitted by law. The Supplier does not warrant or represent that the Services
will meet Customer’s or any user’s requirements or needs, that use of the
Services will be uninterrupted or error free or that any defects in the
services will be or can be corrected.
10.9
Without limiting the generality of the foregoing clause 10.8,
the Supplier will have no liability to the Customer for any losses the Customer
suffers resulting directly or indirectly from: (i) failures of performance on
the part of any Integrator or other third party or internet service provider;
(ii) failure of Customer’s equipment or those of Participants, Users or third
parties (excluding any third party engaged by the Supplier); or (iii)
Supplier’s provision of scheduled system upgrades or maintenance specified in clause
3.
10.10
This clause 10
shall survive termination of the Contract.
11.1
Except as otherwise set in the SoW the Contract shall remain in
force until the later of (i) the duration of the Services or delivery of the
Products, or (ii) the period of the Customer’s use of the SaaS, subject to 11.2
below, after which time it shall automatically terminate.
11.2
In relation to SaaS, unless specified otherwise the Contract shall
remain in force for a period of twelve months from the later date of signature
of the SoW and shall renew automatically on the same terms for successive
twelve month periods (each a “Renewal Term”) unless either party gives notice
in writing to the other to terminate, delivered at least 60 days prior to the
end of the Term or Renewal Term.
11.3
Without affecting any other right or remedy available to it,
either party may terminate the Contract with immediate effect by giving written
notice to the other party if:
11.3.1
the other party commits a material breach of its obligations under
the Contract and (if such breach is remediable) fails to remedy that breach
within thirty (30) days after receipt of notice in writing to do so. For the
avoidance of doubt, non-payment of Fees in accordance with the terms of this
Contract shall constitute a material breach;
11.3.2
the other party commits a material breach of its obligations which
cannot be remedied;
11.3.3
the other party takes any step or action in connection with its
entering administration, provisional liquidation or any composition or
arrangement with its creditors (other than in relation to a solvent
restructuring), being wound up (whether voluntarily or by order of the court,
unless for the purpose of a solvent restructuring), having a receiver appointed
to any of its assets or ceasing to carry on business;
11.3.4
the other party suspends, or threatens to suspend, or ceases or
threatens to cease to carry on all or a substantial part of its business; or
11.3.5
the other party‘s financial position deteriorates to such an
extent that in the terminating party‘s opinion the other party‘s capability to
adequately fulfil its obligations under the Contract has been placed in
jeopardy.
11.4
On termination or expiration of the Contract:
11.4.1 the Supplier will invoice the Customer for
Fees and expenses in relation to the Services delivered to the date of
termination or expiration and any applicable cancellation charges and the
Customer shall pay such invoices as set out in clause 6.
11.4.2 the Customer shall immediately cease use
of the Services and Deliverables, as applicable and promptly return all of the
Supplier Materials and any Deliverables which are owned by the Supplier.
11.4.3
the requirements with regard to the processing of personal data
shall be implemented as set out in the Data Agreement.
11.5
Termination or expiry of the Contract shall not affect any rights,
remedies, obligations and liabilities of the parties that have accrued up to
the date of termination or expiry, including the right to claim damages in
respect of any breach of the Contract which existed at or before the date of
termination or expiry.
Except with
respect to payment obligations under the Contract, notwithstanding anything to
the contrary contained in these Terms and Conditions of Business a party shall
not be responsible or liable for any failure or delay in the performance of its
obligations hereunder as a result of any contingency that is beyond the
reasonable control of such party (the “Nonperforming Party”) whether directly
or indirectly, including without limitation, epidemic, pandemic, fire, flood,
action of the elements, governmental order, acts of war or terrorism, acts of
God, riot or civil commotion (each a “Force Majeure Event”) it being understood
and agreed that the Nonperforming Party shall be temporarily excused from its
inability to perform its obligations hereunder but only for the duration of the
Force Majeure Event. The Nonperforming Party shall, as soon as reasonably
practicable, provide written notice of the occurrence of such Force Majeure
Event to the other party.
13.
General
13.1
Notices.
All notices and demands of any kind which either Party may be
required or desire to serve upon the other under the terms of this Agreement
shall be in writing and shall be served by internationally recognized express
mail courier or by email to the respective (email) address of Supplier and
Customer set forth in the SoW or to other addresses as the Parties may specify
in writing. Notices shall be deemed to have been given upon delivery.
13.2
Survival.
It is mutually agreed by the Parties that any and all obligations
arising under clauses 1, 5.1, 5.2, 5.7, 7.1, 7.2, 7.3, 9 and 10 shall survive
any termination or expiration of this Agreement.
13.3
Severance.
If any provision or part-provision of the Contract is or becomes invalid,
illegal or unenforceable, it shall be deemed modified to the minimum extent
necessary to make it valid, legal and enforceable. If such modification is not
possible, the relevant provision or part-provision shall be deemed deleted. Any
modification to or deletion of a provision or part-provision under this clause
shall not affect the validity and enforceability of the rest of the Contract.
13.4
Waiver.
A waiver of any right or remedy under the Contract or by law is only effective
if given in writing and shall not be deemed a waiver of any subsequent right or
remedy. A failure or delay by a party to exercise any right or remedy provided
under the Contract or by law shall not constitute a waiver of that or any other
right or remedy, nor shall it prevent or restrict any further exercise of that
or any other right or remedy. No single or partial exercise of any right or
remedy provided under the Contract or by law shall prevent or restrict the
further exercise of that or any other right or remedy.
13.5
No
partnership or agency. Nothing in the Contract is
intended to, or shall be deemed to, establish any partnership or joint venture
between the parties, constitute either party the agent of the other, or
authorise either party to make or enter into any commitments for or on behalf
of the other party.
13.6.1
The Contract constitutes the entire agreement between the parties
and supersedes and extinguishes all previous agreements, promises, assurances,
warranties, representations and understandings between them, whether written or
oral, relating to its subject matter.
13.6.2
Each party acknowledges that in entering into the Contract it does
not rely on, and shall have no remedies in respect of any statement,
representation, assurance or warranty (whether made innocently or negligently)
that is not set out in the Contract.
13.6.3
Each party agrees that it shall have no claim for innocent or
negligent misrepresentation based on any statement in the Contract.
13.6.4
Nothing in this clause shall limit or exclude any liability for
fraud.
13.7
Third
party rights. The Contract
does not give rise to any rights under the Contracts (Rights of Third Parties)
Act 1999 to enforce any term of the Contract.
13.8
Variation.
Except as set out in these Terms and Conditions of Business, no variation of
the Contract shall be effective unless it is agreed in writing and signed by
the parties (or their authorised representatives).
13.9
Governing
law. The Contract and any dispute or claim (including non-contractual
disputes or claims) arising out of or in connection with it or its subject
matter or formation shall be governed by and construed in accordance with the
law of England and Wales.
13.10
Jurisdiction.
Each party irrevocably agrees that the courts of England and Wales shall have
exclusive jurisdiction to settle any dispute or claim (including
non-contractual disputes or claims) arising out of or in connection with the
Contract or its subject matter or formation.
Schedule A
DATA PROCESSING AGREEMENT
Supplier provides talent
management services, such as online assessments, feedback sessions
and training courses to the
Customer, the details of which are set out in the agreement between the
Supplier and the Customer (the “Agreement”) to which this Data
Processing Agreement (the “DPA”) is attached. Pursuant to the Services and Products
provided under the Agreement, the Parties anticipate that Supplier as processor
will process Personal Data on behalf of Customer, the data controller for such
Personal Data. To the extent
that the provision of such Services involves the processing of Personal Data,
the Parties have agreed to the provisions set out in this DPA for the purposes
of ensuring compliance with the applicable Data Protection Laws (as defined
below).
1.
The Parties have agreed as follows:
1.
DEFINITIONS
1.1
Terms such
as "(sub)process/(sub)processing", "data subject",
"data processor, "data controller", "data protection impact assessment", "appropriate technical and
organisational measures", "recipient" shall have the same
meaning ascribed to them in the Data Protection Laws;
1.2
"Authorized Subprocessors" means
(a) those Subprocessors set out at Annex 3 below(Authorised Subprocessors);
and (b) any additional Subprocessors consented to in writing by Customer in
accordance with section 5.1;
1.3
"Data Protection Laws" means in
relation to any Personal Data which is Processed in the performance of the
Agreement, the General Data Protection Regulation (EU) 2016/679 ("EU GDPR"),
the UK Data Protection Act 2018 (“UK GDPR”), the EU e-Privacy Directive
(Directive 2002/58/EC), the Swiss Federal Act on Data Protection of 19 June
1992 (“Swiss FADP”) and all laws implementing or supplementing the same and any
other applicable data protection or privacy laws as notified by the Customer to
the Supplier;
1.4
“Delete” means to erase, wipe, delete or
anonymise Personal Data so that it is no longer identifiable. “Deleted” and “Deletion”
shall be construed accordingly;
1.5
"EEA" means the European Economic
Area;
1.6
"Parties" means all signatories to
the Agreement;
1.7
"Personal Data" means the data
described in Annex 1 (Details of
Processing of Personal Data) and any other personal data, as that term is
defined in Data Protection Laws, processed by Supplier or any Subprocessor on
behalf of Customer;
1.8
“Personal Data Breach” means any actual
loss, unauthorized or unlawful processing, destruction, damage, alteration, or
unauthorized disclosure of, or access to Personal Data that compromises the
availability, authenticity, integrity and/or confidentiality of Personal Data.
1.9
“Research Purposes” means monitoring,
validation, statistical and benchmarking purposes;
1.10
“Restricted
Transfer” means: (i) where the EU GDPR or Swiss FADP applies, a transfer of
personal data from the European Economic Area or Switzerland (as applicable) to
a country outside of the European Economic Area or Switzerland which is not
subject to an adequacy determination by the European Commission or Swiss
Federal Data Protection and Information Commissioner (as applicable); and (ii)
where the UK GDPR applies, a transfer of personal data from the United Kingdom
to any other country which is not based on adequacy regulations pursuant to
Section 17A of the United Kingdom Data Protection Act 2018. For the avoidance
of doubt, where the EU GDPR, Swiss FADP, or UK GDPR apply, a transfer of
Personal Data to the United States pursuant to the Data Privacy Framework (as
defined in Section 11.1) shall not be a Restricted Transfer as long as each of
the EU-U.S. Data Privacy Framework, the UK-U.S. extension to the EU-U.S. Data
Privacy Framework and the Swiss-U.S. Data Privacy Framework, are recognized as
adequate legal mechanisms for data transfers from the EU, Switzerland, and the
UK to the United States.
1.11
“Services”
means talent management services, such as online assessments, feedback sessions
and training courses supplied to the Customer by Supplier in connection with
the Agreement.
1.12
"Standard Contractual Clauses" or
“SCCs” means (i) where the EU GDPR or
Swiss FADP applies, the contractual clauses annexed to the European Commission’s Implementing Decision 2021/914 of 4 June 2021 on
standard contractual clauses for the transfer of personal data to processors established in third countries pursuant to Regulation (EU)
2016/679 of the European Parliament and the Council (“EU SCCs”); and (ii) where the UK GDPR applies, standard data
protection clauses adopted pursuant to or permitted under Article 46 of the UK GDPR (“UK SCCs”); ; or any set of clauses approved by the European Commission which amends,
replaces or supersedes these;
1.13
"Subprocessor" means any data
processor (including any third party and any affiliated company) appointed by
Supplier to process personal data on behalf of Customer; and
1.14
"Supervisory Authority" means (a)
an independent public authority which is established by a Member State pursuant
to Article 51 GDPR; and (b) any similar regulatory authority responsible for
the enforcement of Data Protection Laws.
2.
PROCESSING OF THE PERSONAL DATA
2.1
For the
purposes of GDPR, the
Customer is the controller and the Supplier is the processor of Personal Data
processed by the Supplier in relation to the Agreement.
2.2
Supplier
shall process the Personal Data relating to the categories of data subjects for
the purposes set forth in this DPA, which are enumerated in Annex 1 (Details of Processing of Personal Data)
to this DPA. Supplier shall not process, transfer, modify, amend or alter the
Personal Data, or disclose or permit the disclosure of the Personal Data to any
third party other than in accordance with Customer’s documented instructions
(whether in the Agreement or otherwise) except as otherwise required by
applicable EU law to which Supplier is subject, in which case Supplier shall,
to the extent permitted by such law, inform Customer of that legal requirement
before processing that Personal Data.
2.3
Supplier
shall maintain a record of the processing activities carried out on behalf of
Customer in accordance with Article 30 of the GDPR.
2.4
For the
purposes set out in section 2.1. above, Customer hereby instructs Supplier to transfer Personal Data to the recipients in the countries
listed at Annex 3 (Authorised Transfers of Personal
Data) provided that Supplier shall comply with section 5 (Subprocessing) and 11 (International
Transfers of Personal Data).
2.5
Unless
instructed otherwise by the Customer, and subject to compliance with Article 89
of GDPR, the Supplier may process and retain de-identified Personal Data for
Research Purposes.
3.
SUPPLIER PERSONNEL
3.1
Supplier
shall ensure that persons authorised by the Supplier to process the Personal
Data have committed themselves to confidentiality obligations or are under an
appropriate statutory obligation of confidentiality.
4.1
Supplier
shall implement appropriate technical and organisational measures designed to
ensure a level of security of the Personal Data
appropriate to the risk and in accordance with Article 32 of the GDPR. Supplier
shall assess and evaluate the effectiveness of such measures, as needed, and
shall update as applicable, in accordance with Article 32 of the GDPR.
5.1
As at the
date of the Agreement, Customer hereby authorises Supplier to engage those Subprocessors set out at Annex 3.
5.2
Supplier
shall update the list of Authorised Subprocessors by providing notice to
Customer at https://www.talogy.com/en/legal/sub-processors/. Customer
shall be deemed to have consented to such additional or changed Subprocessor if
Customer does not object within thirty (30) calendar days of the date of such
notice.
5.3
With
respect to each Subprocessor, Supplier shall (i)
provide Customer with details of the processing to be undertaken by each
Subprocessor; and (ii) include terms in the contract between Supplier and the
Subprocessor that are equivalent to those set out in this DPA.
6.
DATA SUBJECT NOTIFICATION AND RIGHTS
6.1
The
Customer shall be responsible for communicating with and providing any information to the data subject as required by the Data
Protection Laws.
6.2
Supplier
shall notify Customer within ten (10) calendar days if it receives a data
subject access request, including requests by a data subject to exercise rights
in chapter III GDPR, and shall provide full details of that request.
6.3
Supplier
shall fully co‑operate as requested by Customer to enable Customer to comply
with any exercise of rights by a data subject under chapter III GDPR regarding
Personal Data.
7.
INCIDENT MANAGEMENT
7.1
Supplier
shall notify Customer without undue delay, and in any case within forty-eight
(48) hours, upon becoming aware of a Personal Data breach. Such notification shall, to the extent known within the notification
window: (i) describe the nature of the personal data breach, including, where
possible, the categories and approximate number of affected data subjects, and
the categories and approximate number of personal data records concerned; (ii)
the name and contact details of a contact person at Supplier who can provide
additional information; (iii) describe, to the extent known, the likely
consequences of such personal data breach; and (iv) describe proposed
mitigation efforts, as applicable. The Supplier shall
promptly take all necessary and advisable corrective actions and shall
cooperate fully with the Customer in all reasonable and lawful efforts to
prevent, mitigate or rectify such Personal Data breach.
8.
DATA PROTECTION IMPACT ASSESSMENT AND PRIOR
CONSULTATION
8.1
Supplier
shall provide reasonable assistance to Customer with any data protection impact
assessments that are required under Article 35 GDPR and with any prior
consultations to any Supervisory Authority of Customer or any of its affiliates
that are required under Article 36 GDPR, in each case in relation to processing
of Personal Data by Supplier on behalf of Customer and taking into account the
nature of the processing and information available to Supplier.
9.
RETENTION PERIOD AND DELETION OR RETURN OF CUSTOMER
PERSONAL DATA
9.1
Where the
Customer has access to the Supplier’s online assessment tools, the Customer
shall Delete Personal Data when it is no longer required.
9.2
Where the
Customer does not have such access, the Customer will direct the Supplier in
writing to Delete or return the Personal Data to the Customer: (i) either on
termination of the Agreement; or (ii) when the Customer no longer requires the
Supplier to retain the Personal Data. For the avoidance of doubt, the Customer
shall be responsible on instructing the Supplier in writing on the retention
period of the Personal Data.
9.3
On
receiving the notification at clause 9.2, Supplier shall promptly, and in any
event within thirty (30) days of such notification, unless required by
applicable EU law, to Delete all copies of Personal Data processed by Supplier
or any Authorised Subprocessor.
10.
AUDIT RIGHTS
10.1
Supplier
shall make available to Customer on request all information necessary to
demonstrate compliance with Data Protection Laws and this DPA. At the cost and
expense of the Customer and not more than once a year, Customer may carry out
audits or inspections by Customer or another auditor mandated by Customer of
any premises where the processing of Personal Data takes place. Subject to
Supplier’s confidentiality obligations and to the extent it does not include
any commercially sensitive information of Supplier, Supplier shall permit
Customer or another auditor mandated by Customer to inspect, audit and copy any
relevant records, processes and systems in order that Customer may satisfy
itself that Supplier is in compliance with the Data Protection Laws and this
DPA. Customer and Supplier shall agree to the scope and timing of any audit in
advance. Any audit shall not disrupt Supplier’s ability to provide services to
any other customer of Supplier.
10.2
Alternatively,
Supplier may satisfy its
obligations under this Clause 10 (Audit Rights) and any similar obligations
under the Standard Contractual Clauses or other Data Protection Laws by completing privacy or security questionnaire(s) and
providing relevant security and privacy documentation, including presenting a
summary copy of its third-party certified ISO 27001 certification report(s) to
Customer, which reports shall be subject to the confidentiality provisions of
the Agreement.
11.
INTERNATIONAL TRANSFERS OF CUSTOMER PERSONAL DATA
11.1
Supplier
and/or Supplier’s Affiliates (as applicable) are self-certified and publicly
committed to comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”),
the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) and the UK Extension
to the EU-U.S. Data Privacy Framework (“UK-U.S. DPF”) self-certification
programs (as applicable) operated by the U.S. Department of Commerce, as may be
amended, superseded or replaced (collectively, the “Data Privacy Framework(s)”);
which enable Personal Data transfers from those jurisdictions to the United
States and deem such transfers to have adequate protection under Data
Protection Laws. Where Supplier and/or
Supplier’s Affiliates acting as Authorized Subprocessors (as applicable)
process Personal Data in the U.S., the applicable Data Privacy Framework will
apply as an adequate level of protection to lawfully process such Personal Data.
Supplier’s and Supplier’s Affiliates’ (as applicable) certification to the Data
Privacy Framework is available at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TRKIAA4&status=Active
11.2
Unless
authorised in writing by Customer in advance, Supplier shall not process the
Personal Data nor permit any Authorised Subprocessor to process the Personal
Data in a country outside of the EEA without an adequate level of protection as
defined in Data Protection Laws other than in respect of those recipients in
such countries listed at Annex 3 (Authorised Transfers of
Personal Data).
11.3
To the
extent that the Supplier engages any Subprocessor to process Personal Data on
behalf of Customer in a country that has not received a finding of adequacy by
the European Commission, Supplier shall enter into an agreement in accordance
with the Standard Contractual Clauses with such Subprocessor. Supplier’s
Affiliates) have entered into an intra group data transfer agreement committing
to compliance with the GDPR as set out in the Standard Contractual Clauses and
shall process and store Personal Data in third countries, which may include the
United States.
11.4
Where
applicable, the Supplier and Customer agree to follow and abide by the
provisions of the SCCs in addition to the provisions of this DPA, and for the
purposes of the Standard Contractual Clauses, the Customer is the “data
exporter” and the Supplier is the “data importer”. In the event of any conflict or inconsistency
between any of the terms of this DPA and the Standard Contractual Clauses, the
provisions of the Standard Contractual Clauses shall prevail over the
provisions of this DPA.
11.5
Restricted
Transfer. For any
Restricted Transfer between Customer and Supplier, the Restricted Transfer
shall be subject to the appropriate Standard Contractual Clauses as follows:
11.5.1
In relation to Personal
Data protected by the EU GDPR, the EU SCCs at https://op.europa.eu/en/publication-detail/-/publication/55862dbf-c72b-11eb-a925-01aa75ed71a1,
which are incorporated herein by reference, and completed as follows:
i.
Module 2
(Controller to Processor) will apply where Customer is controller of Personal
Data and Supplier is a processor of Personal Data
ii.
in Clause
7, the optional docking clause will apply;
iii.
in Clause
9, Option 2 will apply, and the time period for notice of subprocessor changes
shall be thirty (30) days;
iv.
In Clause
11, the optional language will not apply;
v.
In Clause
17, Option 1 will apply and the EU SCCs will be governed by Irish law;
vi.
In Clause
18(b), disputes shall be resolved before the courts of Ireland;
vii.
Annex I of
the EU SCCs shall be deemed completed with the information set out in Annex 1
to this DPA; and
viii.
Annex II of
the EU SCCs shall be deemed completed with the information set out in Annex 2
to this DPA.
11.5.2 In relation to
Personal Data protected by the UK GDPR, the Parties shall complete the UK Addendum to the SCCs, issued by the Information Commissioner’s Office
under s.119A(1) of the Data Protection Act 2018 (“UK Addendum”) (incorporated
herein by reference), and the EU SCCs as set forth above in subsection 11.5.1
shall apply to transfers of Personal Data. The UK Addendum shall be deemed
executed between the transferring Customer and Supplier, and the EU SCCs shall
be deemed amended as specified by the UK Addendum in respect of the transfer of
Personal Data.
12.
MISCELLANEOUS
12.1
In the
event of conflict between this DPA and the Agreement or any other agreement,
the terms of this DPA will prevail.
ANNEX 1: DETAILS OF PROCESSING OF PERSONAL DATA
A. List
of Parties
Controller(s)
/ Data exporter(s):
1. |
Name: |
The
Customer identified in the Agreement. |
|
Address: |
The address
of the Customer identified in the Agreement. |
Contact person’s name, position and contact
details: |
Customer’s
account owner email address or the email address(es) for which Customer
elects to receive legal communications. |
|
Activities relevant to the data transferred under
this DPA: |
The
provision of the Services as specified in the Agreement. |
|
Role (controller/processor) |
Controller |
1. |
Name: |
Talogy |
|
Address: |
Talogy
address |
Contact person’s name, position and contact
details: |
Raj
Rathour, DPO, dpo@talogy.com |
|
Activities relevant to the data transferred under
this DPA: |
Services
provided to the Customer as specified in the Agreement. |
|
Role (controller/processor) |
Processor |
B. Description
of Transfer
Categories of data subjects whose Personal Data is
transferred may include: |
Participants,
which may include Customer’s employees, prospective employees, and other
individuals at the direction of the Customer. |
Categories of Personal Data transferred may
include: |
The types
of personal data that Talogy may process in order to provide its Services
include, at minimum: ·
name, ·
email
address, ·
scoring,
ranking, and assessment data; and ·
psychometric
test respondent data Additionally,
the following categories of personal data may be processed, if/as configured
by the Customer: ·
address;
·
gender;
·
date
of birth; ·
nationality;
·
education;
·
job
function; ·
management
responsibility; ·
organisation
sector; ·
organisation
industry; ·
telephone
number; ·
payment
card information; ·
Photo
ID; ·
any
other information as requested by the Customer for the purposes of the Data
Importer providing its services; and ·
any
other information generated from such personal information as a result of
Talogy providing its services. |
Sensitive data transferred (if applicable) and
safeguards: |
Not
applicable. |
The frequency of the transfer: |
Continuous
for the duration of the Services. |
Nature of the processing: |
As required
to perform the Services, and may include but is not limited to: organization,
structuring, storage, adaptation or alteration, retrieval, use, disclosure by
transmission, dissemination or otherwise making available, alignment or
combination, restriction, erasure and destruction. |
Purposes of the data transfer and further
processing: |
To provide
the Services as stated in an Agreement and as otherwise to process Personal
Data for the purpose of provide talent management services, such as online
assessments, feedback sessions and training courses at the request of
Customer, as detailed in the Agreement. |
The period for which the Personal Data will be
retained: |
The
Personal Data shall only be held for the length of Services contracted by or
otherwise requested by Customer except as otherwise required by Data
Protection Laws or applicable EU law. |
For transfers to (sub-)processors, also specify
subject matter, nature, and duration of the processing: |
The
subprocessors and subject matter and nature of processing are available at: https://www.talogy.com/en/legal/sub-processors/ The duration of processing for all subprocessors is continuous
for the duration of the Agreement. |
ANNEX 2: Technical and Organizational Measures
Practices |
|
Organization of Information Security |
Security Ownership. Talogy has designated a person
responsible for coordinating and monitoring Cybersecurity. Security Roles and
Responsibilities. Talogy personnel with
access to Customer Personall Data are subject to confidentiality obligations.
Data Protection Office: Talogy has appointed a Data
Protection Officer. |
Asset Management |
Asset Inventory. Talogy maintains an inventory of all
media on which Customer Personal Data is stored. Access to the inventories of
such media is restricted to Talogy personnel authorized in writing to have
such access. |
Human Resources Security |
Security Training. Talogy informs its personnel about
relevant security procedures and their respective roles Data Protection Training: Talogy issues all staff with data
protection training modules on induction and refresher training every year.
Training modules cover data protection principles, data subject access
request, data breach and keeping data secure. |
Physical and Environment Security |
Physical Access to
Facilities. Talogy limits access to
facilities where information systems that process Customer Data are located,
to identified authorized individuals. Protection from Disruptions. Talogy uses a variety of industry
standard systems to protect against loss of data due to power supply failure
or line interference. Component Disposal. Talogy uses industry standard
processes to delete Customer Personal Data when it is no longer needed. |
Communications and Operations Management |
Operational Policy. Talogy maintains security documents
describing its security measures and the relevant procedures and
responsibilities of its personnel who have access to Customer Personal Data. Data Recovery: Talogy ensures off-site backups of
customer data are maintained. Malicious Software. Talogy has anti-malware controls to
help avoid malicious software gaining unauthorized access to Customer
Personal Data, including malicious software originating from public networks.
Data Beyond Boundaries. Talogy encrypts Customer Data that is
transmitted over public networks. Event Logging. Talogy logs access and use of
information systems containing Customer Personal Data, registering the access
ID, time, authorization granted or denied, and relevant activity. |
Access Control |
Access Policy. Talogy maintains a record of security
privileges of individuals having access to Customer Personal Data. Access Authorization Talogy maintains and
updates a record of personnel authorized to access Talogy systems that
contain Customer Personal Data. Least Privilege Technical support personnel
are only permitted to have access to Customer Personal Data when needed.
Talogy restricts access to Customer Data to only those individuals who
require such access to perform their job function. Authentication Talogy uses industry
standard practices to identify and authenticate users who attempt to access
information systems. Where authentication
mechanisms are based on passwords, Talogy requires that the passwords are
renewed regularly. |
Information Security Incident Management |
Incident Response Process Talogy has a management team and process for information
security incidents as set forth in its detailed Information Security Incident
Response Policy. Talogy provides
notification of a security incident in compliance with appropriate laws, or
regulations. |
Data Protection |
Talogy encrypts data during
transmission and at rest. Talogy monitors data
protection compliance and regularly tests the effectiveness of the measures
in place. Talogy tests staff
adherence to data protection and information governance policies and
procedures. |
Business Continuity Management |
Talogy maintains emergency
and contingency plans for the facilities in which Talogy information systems
that process Customer Personal Data are located. Talogy has a disaster
recovery plan in place for the restoration of critical processes and
operations of the Hosted Service at the hosting location from which the
Hosted Service is provided. |
Talogy Supplemental Measures
Area |
Practices |
Technical |
The personal data is
processed using strong encryption during transmission. Talogy has not purposefully
created or changed its business processes in a manner that facilitates access
to personal data or systems by third parties. |
Contractual |
Talogy monitors changes to local law
and will inform the data exporter of any changes that will impact the
maintenance of an ‘essentially equivalent level of data protection’ for the
personal data transferred. Talogy has a process in
place to assess local laws. |
Organizational |
Talogy has a set of internal policies
relating to requests from law enforcement agencies for access to personal
data. Talogy provides a training program for
all staff on procedures and processes for dealing with law enforcement
agencies for requests to access personal data. Talogy has contracted appointed a Data
Protection Officer who is consulted on all high risk transfers. Talogy has implemented data access and
confidentiality policies which include regular review and audits. |
In providing the
Services, Supplier engages those Subprocessors set out at https://www.talogy.com/en/legal/sub-processors/
Note
that not all listed vendors are involved in every Supplier product or service.
Customers must select the applicable product or service from the list to see
relevant Subprocessors.