Terms and Conditions

Background

(A) Informer is a specialist provider of technology security services including security and penetration testing and reviews, intelligence services and consulting which it provides to clients through various means including hosting and through its Informer software as a service offering.

(B) The Client has identified a need for the services in its commercial operations and Informer, in consideration of the Fees, has agreed to provide the Services (as defined) to the client in accordance with the Terms and Conditions of this agreement (Agreement).

(C) The parties agree that the services to be provided by Informer to the Client, including the production of any deliverables (as defined), shall be set out in one or more agreed Statement(s) of Work signed by the parties and each governed by this Agreement.

FURTHER THE PARTIES AGREE THAT:

1. Definitions

1.1. In this Agreement the following words will have the following meanings:

Account Administrator the nominated representatives of the Client (being employees, third parties, agents or independent contractors) as set out in the Services Order or as agreed in writing by the parties from time to time, entitled to manage the Authorised User accounts and escalate queries in relation to the Services to Informer under any agreed Support Services Agreement.

Asset Library means the secure file storage provided to the Client as part of the Services where it may keep Input Material, Output Material or other materials for use with the Services;

Authorised Persons means the Client Representative and Informer Representative;

Authorised Users means employees of Client. Third parties, agents or independent contractors of the Client who are authorised by the Client to access or use the Services and the Documentation that are authorised by Informer representatives;

Background IPR means all Intellectual Property Rights in pre-existing images, video, code or software or other forms of IPR owned and developed by Informer together with any additional code or software or other IPR created by Informer including that created in connection with the Services or Deliverables which further develops, enhances or refines the Background IPR except for the Foreground IPR;

Business Day means Monday to Friday excluding bank holidays or any other day on which the banks in London are closed and UK public holidays, and Business Hours means 9am-5pm each Business Day local to the country of Informer delivery.

Change Order means the change to the Statement of Work agreed between the parties in accordance with clause 64;

Client Representative means the designated contact of the Client appointed to manage the Project and who has the authority to Sign-Off the Services and as named in the Service Order or as otherwise notified to Informer in writing;

Commencement Date means the date of the Service Order;

Completion means delivery of the Services or Deliverables to the Client or achievement of any Milestones comprising the Services in accordance with the Statement of Work;

Confidential Information means information disclosed by or on behalf of Informer to the Client and vice versa under or in connection with this Agreement which is marked as confidential, or which either party has indicated to the other is confidential, or which would be regarded as confidential by a reasonable business person, including all know-how, trade secrets, proprietary software, financial, commercial, technical, tactical or strategic information of any kind relating to the disclosing party or its business affairs;

Data Protection Legislation means the UK Data Protection Legislation and any other European Union legislation as applicable relating to personal data and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including, without limitation, the privacy of electronic communications);

Deliverables means the agreed product or service to be provided or developed by Informer in accordance with the Statement of Work, including any bespoke reports or outputs produced as a result of its performance of the Services;

Dependencies means third party or other services on which Informer’s performance or supply of the Services or the Deliverables is reliant.

Documentation means the Project Statement of Work, function and Technical Specification and all relevant design and development information, and all such other documentation covering use and key functionality of the Services or Deliverables;

Due Date means the date for payment of any of the Fees as set out in the Project Statement of Work;

Fees means the licence and other fees payable to Informer by the Client for the provision of the Services and Deliverables and as set out as any Payment Milestones or in the Statement of Work, including any Informer Fees, or as otherwise agreed in writing;

Foreground IPR means all Intellectual Property Rights in the bespoke elements of the Services or Deliverables created by Informer exclusively for the Client but excluding any rights in Background IPR, Third Party IPR and Open Source Components;

Good Industry Practice means in relation to any undertaking and any circumstances, the exercise of that degree of professionalism, skill, diligence, prudence and foresight which would reasonably and ordinarily be expected from a skilled and experienced person or an internationally recognised company engaged in the same type of activity under the same or similar circumstances;

Informer Platform means the Informer’s proprietary managed software as a service offer which it makes available to the Client and its Authorised Users and Account Administrators under a Subscription Plan and on payment of the Informer Fees or other Fees as agreed;

Informer Fees means the fees payable to Informer for access to and use of Informer by the Client and its Authorised Users and Account Administrators under a Subscription Plan and as more particularly set out in a Statement of Work(s) (as may be set out at Schedule 1 to this Agreement);

Initial Term means the initial term of the supply by Informer to the Client under a Subscription Plan of Informer Platform or the Services as set out in the Service Order and in consideration for which the Client shall pay the Informer Platform Fees, or Fees as otherwise agreed in writing by the parties.

Input Material means materials to be provided by the Client or its Authorised Users or Account Administrators or required by Informer for supply or Completion of the Deliverables or Services.

Insolvency Event means, in relation to a party, that party suffering or being subject to any of the following events:

(a) the party, being a company, is deemed unable to pay its debts or any steps are taken for the purposes of making an administration order against it, or for the appointment of an administrator over it or for the winding-up or dissolution of it (otherwise than in the course of a solvent reorganisation or restructuring);

(b) the party has a receiver, manager or trustee appointed over, or any encumbrancer takes possession of, the whole or any part of its business or assets;

(c) the party has taken any steps with a view to proposing or entering into any composition, compromise, voluntary arrangement, scheme of arrangement or any analogous procedure involving the party and its creditors or any class of them;

(d) the party suspends or ceases to carry on business or any material part of its business or materially alters the nature of its business as conducted at the date of this Agreement; or

(e) an event occurs which is analogous to any of the foregoing events anywhere in the world;

Intellectual Property Rights or IPR means patents, rights to inventions, copyright and related rights, moral rights, trade-marks and service marks, trade names, business names and domain names, rights in get-up, rights to goodwill or to sue for passing off, rights in designs, rights in computer software, database rights, rights in confidential information (including know-how and trade secrets) and any other intellectual property rights, in each case whether registered or unregistered and including all applications (or rights to apply) for, and renewals or extensions of, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world;

IPR Claim means a claim made against the Client for actual or alleged infringement of a third party’s Intellectual Property Rights arising out of, or in connection with, the supply of the Services or the use of the Deliverables;

Milestones means the agreed Project milestone phases as set out in the Statement of Work and which, among other things, determine the order, timing and delivery of the Services, including any Deliverables through to Completion and Sign-Off;

Open Source Component means any IPR comprised in the Deliverables or Services which are not owned or controlled by Informer or the Client but which are freely available for redistribution;

Output Material means the materials created by the Client or its Authorised Users as a result of using the Services, which may comprise Input Material, Background IPR, Foreground IPR, Third Party IP and Open Source Software;

Payment Milestones means the agreed timeline which Informer will invoice for the Services as set out in the Statement of Work;

Personnel means all directors, officers, employees, agents, consultants and subcontractors of a party;

Privacy Policy means Informer’s privacy policy in force from time to time and made known to the Client and all Authorised Users via https://informer.io/privacy or such other web address made know to it from time to time;

Project means the Client’s project for the development of the Deliverables or provision of Services as set out in a Statement of Work;

Project Exclusions and Assumptions means the Project exclusions and assumptions set out in the Project Statement of Work;

Renewal Period means the period described in Clause 14.21;

Informer Data Processing Agreement means the Informer data processing agreement as amended from time to time and available via https://informer.io/dpa or such other web address made know to the Client it from time to time and as may be set out as a copy of which is set out at Schedule 3 to this Agreement);

Informer Representative means the designated contact of Informer appointed to manage the Project as named in the Service Order or as otherwise notified to the Client in writing;

Service Order means the agreed service order that relates to the Client’s use of and access to the Services under this Agreement;

Services means the services to be performed by Informer including for the development and delivery of the Deliverables as described in the Statement of Work, or any other services including any Support Services and access to Informer Platform under a relevant Subscription Plan or as otherwise agreed in writing;

Sign-Off means acknowledgement by the Client (including deemed acknowledgement) of performance of the Services, or Completion, including achievement of any Milestones or acceptance of Deliverables, as set out in the Statement of Work;

Site means the specific Client location or locations at which the Client may use or access the Services and Documentation as set out in the Service Order or otherwise agreed with Informer in writing;

Software means computer programs whether in source code or object code form incorporated into or comprising the Services or Informer Platform;

Statement of Work means Informer’s agreed proposal for delivery of the Services, including any Deliverables, Milestones and Payment Milestones, comprising the Project and incorporating these terms and conditions and together forming the Agreement (an example of which may be set out at Schedule 1 to this Agreement);

User Subscriptions mean the user subscriptions purchased by the Client pursuant to Clause 3 and relevant Subscription Plan which entitle Client and its Authorised Users and Account Administrators to access and use Informer and the Documentation in accordance with this Agreement;

Subscription Plan means the Informer subscription and user plan set out at Schedule 1 including the permitted number of Authorised Users and Account Administrators or as agreed between Informer and the Client in writing from time to time (or as may be set out at Schedule 1 to this Agreement);

Subscription Term has the meaning given to it in clause 14.2 of this Agreement.

Support Fees means the fees payable by the Client to Informer for the Support Services as set out in the Support Services Agreement or as otherwise agreed in writing by the parties;

Support Services means the support services which are to be provided by Informer or its sub-contractors or agents and as further set out in a Support Services Agreement (which may form part of a Statement of Work) as amended from time to time and agreed in writing by the parties;

Support Services Agreement means the agreement entered into by the parties in relation to support services to be provided to the Client in relation to the Services and/or Deliverables by Informer as amended from time and agreed in writing by the parties;

Technical Architecture means the technical architecture described in the Technical Specification in the Project Statement of Work;

Technical Specification means the technical specification provided by Informer detailing the operation of the Deliverables utilising the Technical Architecture;

Term has the meaning given to it in clause 14.1 of this Agreement.

Third Party IP means any third-party Intellectual Property Rights in any Third-Party Deliverables or Dependencies specified in the Statement of Work;

UK Data Protection Legislation means all applicable data protection and privacy legislation in force from time to time in the UK including the General Data Protection Regulation ((EU) 2016/679); the Data Protection Act 2018; the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended;

User Subscriptions the user subscriptions purchased by the Client pursuant to Clause 14.1 and relevant Subscription Plan which entitle Authorised Users and Account Administrators to access and use Informer or the Services and the Documentation in accordance with this Agreement.

VAT means United Kingdom value added tax and any equivalent or similar tax imposed outside the United Kingdom.

If there is a conflict between the terms contained in the main body of this Agreement and the terms of the Project Statement of Work, the terms of the Project Statement of Work shall prevail.

2. Statement of Work, Services and Completion

2.1.   The parties acknowledge and agree that:

2.1.1.   Informer will provide the Services and develop the Deliverables in close collaboration with the Client in accordance with the Statement of Work and on the terms and conditions of this Agreement; and

2.1.2.   Informer will use reasonable efforts to perform the Services and deliver the Deliverables according to any Milestones set out in the Statement of Work and as may evolve during the Project provided that the parties agree a Change Order. To the extent that a party is not able to meet any agreed timeframe or Milestones, the other party shall be notified and an updated timeframe and Milestones agreed between the parties.

2.2.   Informer shall:

2.2.1.   deliver the Services using appropriately skilled or qualified Personnel;

2.2.2.   perform its obligations under this Agreement in accordance with Good Industry Practice; and perform Services and produce the Deliverables as set out in the Statement of Work;

2.3.   The Client shall:

2.3.1.   cooperate and collaborate with Informer and provide any Input Material, security access information and configuration services promptly and efficiently and in order to meet any Milestones;

2.3.2.   obtain and shall maintain all necessary licences, consents, and permissions necessary for Informer and Informer Personnel to perform their respective obligations under this Agreement, including without limitation the Services;

2.3.3.   at the end of a Milestone, examine the work results and, where required or considered necessary by the Client, provide feedback as a basis for the next Milestone;

2.3.4.   on the date of the handover of the Deliverables, Sign-Off without undue delay, including to enable Informer to move on to the next Milestone, where applicable (and Sign-Off or Completion as applicable shall be deemed to have occurred if written feedback is not provided to Informer of handover of the Deliverable);

2.3.5.   from Sign-Off or unless otherwise expressly agreed with Informer, assume all responsibility and liability for the use, distribution, hosting, security and support of the relevant Services or Deliverables, and

2.3.6.   comply with all applicable laws and regulations with respect to its activities under this Agreement;

2.3.7.   pay the Fees by the relevant Due Date; and

2.3.8.   warrant that all Input Material, Third Party IP or other materials it supplies to Informer to perform the Services and/or Deliverables shall be true, accurate and not infringe the rights (including IPR) of any third party or breach any applicable laws and regulations and the Client shall fully indemnify Informer against a breach of this clause.

2.4.   All dates or Milestones agreed or supplied by Informer for delivery of the Services under any Statement of Work, including any Project Specification, shall be treated as approximate only. Time shall not be of the essence and Informer shall not in any circumstances be liable for any loss or damage arising from any delay in delivery beyond such approximate dates or delay as a result of action or inaction by the Client, its sub-contractors or agents.

3.   User Subscriptions & Client Obligations

3.1.   Subject to the Client purchasing a Subscription Plan in accordance with Clause 4.3 and Clause 7.1, the restrictions set out in this Clause 3 and the other terms and conditions of this Agreement, Informer hereby grants to the Client:

3.1.1.   a non-exclusive licence to use Informer Platform and the Documentation; and

3.1.2.   a non-exclusive, non-transferable right, to sub-licence Informer Platform and the Documentation solely to the Authorised Users and Account Administrators to use and access Informer Platform and the Documentation for the Permitted Purpose during the Subscription Term solely for the purposes of the Client’s own business operations.

3.2.   In relation to the Authorised Users and Account Administrators the Client undertakes that:

3.2.1.   the Authorised Users and Account Administrators that it authorises to access and use Informer Platform and the Documentation shall not exceed the numbers permitted under a Subscription Plan as set out in the Service Order or as expressly agreed in writing with Informer;

3.2.2.   it will not allow or suffer any User Subscription to be used by more than one individual Authorised User;

3.2.3.   each Authorised User and Account Administrator shall keep secure and confidential any Client access code or password (Client Code) for his use of Informer Platform or the Services and Documentation (and the Client shall restrict access to its Client Code to its Authorised Users and Account Administrators);

3.2.4.   it shall ensure that any Authorised Users and Account Administrators use Informer Platform and the Documentation in accordance with the terms and conditions of this Agreement and any End User Licence Agreement (EULA) regulating individuals’ access to and use of the same as amended from time to time;

3.2.5.   it shall, on receipt of 10 Business Days’ written notice, permit Informer to audit the Client’s use of Informer Platform in order to confirm adherence with a Subscription Plan. Such audits shall, where possible, be conducted remotely by reviewing the number of users or administrators listed within the application.

3.2.6.   if any audit referred to in Clause 3.2.5 reveals that the Client has underpaid Informer Platform Fees to Informer, then without prejudice to Informer’s other rights, the Client shall pay an amount equal to such underpayment as calculated in accordance with the applicable Subscription Plan and Informer Platform Fees within 10 Business Days of the date of the relevant audit.

3.3.   The Client shall not allow any Authorised Users and Account Administrators to, access, store, distribute or transmit any Viruses, or any material including via the Asset Library during the course of its use of Informer Platform or the Services that, in Informer’s reasonable opinion:

3.3.1.   is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;

3.3.2.   facilitates illegal activity;

3.3.3.   depicts sexually explicit images;

3.3.4.   promotes unlawful violence;

3.3.5.   is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability;

3.3.6.   is otherwise illegal or causes damage or injury to any person or property; or

3.3.7.   constitutes or may be perceived to constitute a data protection breach; or

3.3.8.   otherwise is deemed by Informer, at its sole discretion, to be inappropriate.

and Informer reserves the right, without liability or prejudice to its other rights to the Client, to disable the Client’s or any Authorised User’s or Account Administrator’s access to any material that breaches the provisions of this clause.

3.4.   The Client shall not:

3.4.1.   except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties and except to the extent expressly permitted under this Agreement:

(a)   attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Software or Documentation (as applicable) in any form or media or by any means; or

(b)   attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Software; or

(c)   access all or any part of Informer, the Services and Documentation in order to build a product or service which competes with the Services, Software and/or the Documentation; or

(d)   use the Services and/or Documentation to provide services to unauthorised third parties;

or

(e)   license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Software, Informer Platform, the Services or Documentation available to any third party except the Authorised Users;

(f)   attempt to obtain, or assist third parties in obtaining, access to the Software, Informer Platform, the Services or Documentation, other than as provided under this Clause 3, and

(g)   not use any information provided by Informer or obtained by the Client through its use of the Services or Informer Platform or Documentation to create any offer or service whose expression is substantially similar to that of the same nor use such information in any manner which would be restricted by any Intellectual Property Rights subsisting in it.

3.5.   The Client shall:

3.5.1.   ensure that its network and systems comply with the relevant specifications to provide the Services from time to time;

3.5.2.   be solely responsible for procuring and maintaining its network connections and telecommunications links from its systems to relevant data centres;

3.5.3.   ensure that sufficient measures, processes and protections are in place to ensure the necessary back up of Input Material and Output Material and any Third Party IP used by the Client, and

3.5.4.   adhere to reasonable data usage, or other data use limits as made known to the Client under a Subscription Plan, as regards the Client’s Authorised Users’ and Account Administrators’ use of Informer, the Services and Asset Library and the uploading or downloading of any files or materials to or from the Service including Informer;

3.5.5. carry out all its responsibilities set out in this Agreement in a timely and efficient manner and in the event of any delays in the Client’s provision of such assistance as agreed by the parties, Informer may adjust any agreed timetable or delivery schedule as reasonably necessary; and

For the purposes of s.50A of the Copyright, Designs and Patents Act 1988 it is not necessary for the Client to make backup copies of the Software and accordingly the Client may not make backup copies of the same without Informer’s express prior written consent, such consent not to be unreasonably withheld or delayed.

4.   Additional User Subscription

4.1.   Subject to Clause 4.2 and Clause 4.3, the Client may, from time to time during any Subscription Term, purchase alternative User Subscriptions under a Subscription Plan, including for use at new or alternative Sites, and Informer shall grant access to Informer Platform, the Services and the Documentation to such additional Authorised Users and Account Administrators in accordance with the provisions of this Agreement.

4.2.   If the Client wishes to purchase additional data usage, User Subscriptions or elevate its Subscription Plan, the Client shall notify Informer in writing. Informer shall evaluate such request and respond to the Client with approval or rejection of the request. Where Informer approves the request, Informer shall activate the additional User Subscriptions within 7 days of its approval of the Client’s request.

4.3.   If Informer approves the Client’s request to purchase additional data usage, User Subscriptions or elevate its Subscription Plan, the Client shall, within 30 days of the date of Informer’s invoice, pay to Informer the relevant Fees and, if such additional data usage, User Subscriptions or elevation occurs part way through the Initial Term or any Renewal Period (as applicable), such fees shall be pro-rated from the date of activation by Informer for the remainder of the Initial Term or then current Renewal Period (as applicable).

5.   Approvals and Authority

5.1.   The Client is authorised to approve Informer’s work and/or expenditure and performance of the Services and the Authorised Persons shall be deemed to have the requisite authority to bind the Client.

5.2.   Approval shall mean approval signified by:

5.2.1.   any written communication bearing the signature or Sign-Off of an Authorised Person;

5.2.2.   oral approval given by an Authorised Person provided this is in circumstances where time does not permit written approval and the said oral approval is confirmed within one working day by way either of a contact report from Informer to the Client or a letter or purchase order in accordance with the preceding sub-clause;

5.2.3.   e-mail emanating from the business e-mail address of an Authorised Person, or deemed approval in accordance with clause 2.3.4

5.3.   Informer shall use commercially reasonable endeavours to make the Informer Platform, where delivered digitally or online, available 24 hours a day, seven days a week, except for:

5.3.1.   planned maintenance, provided that Informer has provided the Client with 24 hours’ notice; and the maintenance time does not exceed 2 hours in any 24 hour period; or

5.3.2.   unscheduled maintenance performed outside normal Business Hours, provided that Informer has used reasonable endeavours to give the Client reasonable notice in advance, unless the issue requires immediate response when it will be performed as needed.

5.4.   The Client acknowledges and accepts that it has chosen Informer as a supplier as a result of its own due diligence and that neither Informer Platform, the Services or Documentation have been developed by Informer specifically for the Client or its business sector and that Informer Platform, the Services and Documentation are provided to the Client “as is” (notwithstanding any Deliverables delivered as part of the Services).

5.5.   Informer will, in support of the Services, provide the Client with its standard Support Services during Business Hours. Any additional or higher levels of support required above and beyond the Client’s Subscription Plan by the Client may be provided through a separate Support Services Agreement.

5.6.   Where the Client does require additional or higher levels of support then Informer shall in consideration of the Support Services Fee supply Support Services to the Client on the terms of a Support Services Agreement or as otherwise agreed in writing by the parties from time to time.

6.   Change Management

6.1.   Minor changes to the scope or methodology for the execution of the Services may be agreed between the parties by exchange of email. Where more significant changes are likely to be involved, comprising:

6.1.1.   additional work requested of Informer by the Client, beyond the scope of the Statement of Work.

6.1.2.   additional work requested of Informer by any other Project partner and approved by the Client, beyond the scope of the Statement of Work.

6.1.3.   additional work requested of Informer to extend or amend any Services or Deliverables that have previously been reviewed and approved by the Client; or

6.1.4.   an amendment to the Milestones requested by the Client, without advance warning, resulting in a change of Informer resource requirements, the following provisions of this clause 6 shall apply.

6.2.   A party may propose more significant changes to the scope or execution of the Services but no proposed changes shall come into effect until a Change Order has been signed by both parties, including the Client’s Authorised Person. A Change Order shall be a document setting out the proposed changes and the effect that those changes will have on:

6.2.1.   the Services;

6.2.2.   the Fees payable;

6.2.3.   the timetable of the Services, and

6.2.4.   any of the terms of this Agreement.

6.3.   If Informer wishes to make a change to the Services it shall provide a draft Change Order to the Client.

6.4. If the Client wishes to make a change to the Services:

6.4.1.   it shall notify Informer and provide as much detail as Informer reasonably requires of the proposed changes, including the timing of the proposed changes, and

6.4.2.   Informer shall, as soon as reasonably practicable after receiving the information at clause 6.4.1, provide a draft Change Order to the Client.

6.5.   If the parties:

6.5.1.   agree to a Change Order (as set out in clause 6.2), they shall sign it and that Change Order shall amend this Agreement, or

6.5.2.   are unable to agree a Change Order, the matter shall be referred to senior representatives of each party who shall use their reasonable endeavours to resolve it.

7.   Payment and Default Interest

7.1.   The Client shall pay the Fees to Informer, including:

7.1.1.   any applicable Informer Platform Fees and Support Services Fees, in accordance with this Clause 7 (and as may be set out as Schedule 1 to this Agreement) in respect of a Subscription Term; and

7.1.2.   Informer shall submit invoices for the Services in accordance with any Payment Milestones and Statement of Work; and

7.1.3.   the Client shall pay all invoices within thirty (30) days of the date of invoice (Invoice Date) or any such earlier or later date specified in the Statement of Work or invoice.

7.2.   If the Client fails to pay any undisputed amount payable by it under this Agreement by the Due Date, Informer may, without prejudice to any other rights and remedies, at its discretion:

7.2.1.   without liability to the Client, disable the Client’s (and any Authorised User’s or Account Administrator’s) password, account and suspend access to all or part of the Services and shall be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid and ss soon as such amount has been paid, Informer shall immediately restore such access and provide the Services.;

7.2.2.   terminate this Agreement on seven (7) days’ notice unless the Client remedies that breach within the notice period; or

7.2.3.   charge the Client interest on the overdue undisputed amount in accordance with the Late Payment of Commercial Debts (Interest) Act 1998.

7.3.   All amounts and Fees stated or referred to in this Agreement and due to be paid by the Client:

7.3.1.   are exclusive of VAT, which shall be added to Informer’s invoice(s) at the appropriate rate, and

7.3.2.   shall be paid in full without deduction set off counterclaim or other withholding, and If any deduction or withholding is required by law from the payment of Fees or any other amounts, the Client shall pay to Informer such sum as will, after the deduction or withholding has been made, leave Informer with the same amount as it would have been entitled to receive in the absence of any such requirement to make a deduction or withholding.

7.4.   If, at any time whilst using the Services under a Subscription Plan, the Client exceeds the reasonable data usage limits, or limits otherwise set out in the Service Order, Informer may require the Client to elevate to the next higher Subscription Plan, and may increase Fees at the start of each Renewal Period upon thirty (30) days’ prior notice to the Client.

8.   Confidentiality

8.1.   Each party agrees that it may use the other party’s Confidential Information only in the performance of its rights and obligations under this Agreement and it shall not disclose the other party’s Confidential Information except in accordance with this clause 8 during the Project or for a period of three years after completion of the Project.

8.2.   Each party may disclose the other party’s Confidential Information to those Personnel, advisers, agents or representatives who need to know the other party’s Confidential Information in order to perform the disclosing party’s rights and obligations under this Agreement provided that the disclosing party shall ensure that each of its Personnel, advisers, agents or representatives to whom confidential information is disclosed is aware of its confidential nature and complies with this clause 8 as if it were a party.

8.3.   Each party may disclose any Confidential Information required by law, any court, any governmental, regulatory or supervisory authority (including any regulated investment exchange) or any other authority of competent jurisdiction.

9.   Data Protection and Anti-Bribery

9.1.   The Parties agree that in supplying the Services to the Client Informer is a data processor and the Client is the data controller and that they shall comply with all applicable requirements of the Data Protection Legislation and as set out in the Informer Data Processing Agreement which shall be incorporated in full into this Agreement.

9.2.   Informer shall comply with all applicable UK anti-bribery and anti-corruption legislation (Anti-Bribery Laws) including the Bribery Act 2010 (the Bribery Act), as may be amended from time to time.

9.3.   Throughout the Subscription Term Informer shall maintain and enforce its own policies and procedures relating to anti-bribery and anti-corruption (including adequate procedures for the purposes of the Bribery Act) to ensure compliance with Anti-Bribery Laws. Informer makes such policies and procedures available on request of the Client. Whether Informer has ‘adequate procedures’ shall be determined by reference to section 7(2) of the Bribery Act and any guidance issued under section 9 of the Bribery Act.

9.4.   Informer shall procure that all persons associated with Informer (as defined by section 8 of the Bribery Act) including any subcontractors and suppliers comply with the provisions of this clause 6.

9.5.   Informer warrants that it shall during the supply of the Services use reasonable endeavours to procure that no slavery or human trafficking takes place or has taken place within any parts of its own business or in any of its supply chains. Informer complies with the relevant requirements of the Modern Slavery Act 2015 and provides access for the Client to its policies, procedures and adopted approaches to ensure that slavery and human trafficking is prevented within its own business and in any of its supply chains. For the purposes of this clause, “slavery” and, “human trafficking” shall have the meanings ascribed in section 54 of the Modern Slavery Act 2015.this Agreement, ‘personal data’, ‘data’, ‘data subject’ and ‘processing’ have the meanings given to them in the Data Protection Act 2018 (which incorporates the General Data Protection Regulation (EU) 2016/679) unless otherwise stated.

10. Warranties

10.1.   Informer warrants that for the duration of this Agreement:

10.1.1.   it has and will continue to have all necessary rights in and to the Intellectual Property Rights necessary to perform its obligations under this Agreement;

10.1.2.   it shall provide the Services with all reasonable care and skill, which shall include, without limitation, a duty to act with utmost good faith and diligence with respect to its obligations under this Agreement and in accordance with Good Industry Practice and standards generally applicable to the Services;

10.1.3.   it shall, and shall procure that the Informer Personnel, discharge the obligations under this Agreement with all due skill, care and diligence.

10.2.   Except as expressly stated in this Agreement, all other warranties and conditions whether express or implied by statute, common law or otherwise are hereby excluded to the fullest extent permitted by law.

10.3.   The Client acknowledges that the Services and Deliverables are provided on an “as is” basis to conform to the Statement of Work in accordance with the Technical Specification with no warranties of its functional state or fitness for the Client’s specific purpose.

10.4.   The Client warrants that all information and contributing content and other Input Material supplied to Informer before and during the Project for the development of the Solution will be accurate, relevant and shall not infringe the rights, including Intellectual Property Rights, of any third party or breach any applicable law.

10.5.   Informer warrants that its Personnel providing the Services are and shall be competent and suitable in every reasonable respect, whether as to qualifications, experience, skill or otherwise, to perform the Project requirements.

11. Intellectual Property Rights

11.1.   Informer hereby assigns to the Client all Foreground IPR in the Deliverables subject to the following provisions of this clause 11.

11.2.   Informer retains all rights to the Background IPR and, subject to payment of all applicable Fees, grants (and shall procure the grant of) a royalty-free, irrevocable, non-transferable, non-exclusive licence to use Informer’s Background IPR solely for the purpose of and to the extent necessary for the receipt and use of the Services and the Deliverables by the Client.

11.3.   Wherever the Deliverables provided by Informer includes Input Material or Third Party IPR, the Client shall be responsible for procuring any and all necessary licences and permissions at its own cost for the use of said Input Material and Third Party IPR compromised in the Deliverables and in accordance with any Input Materials, Third Party Deliverables and Third Party Dependencies set out in the Statement of Work.

11.4.   The Client agrees and acknowledges that the Deliverables may include Open Source Components which Informer is only entitled to redistribute to the Client in accordance with applicable terms of use (which the Client agrees to comply with wherever relevant).

11.5.   Informer shall not, without the Client’s prior written consent, use the Client’s Intellectual Property Rights for any other purpose or for the benefit of any person other than the Client.

11.6.   Save in accordance with clause 17, neither party shall have any right to use any of the other party’s names, logos or trade marks on any of its products or services without the other party’s prior written consent.

12. IPR indemnity

12.1. Informer shall at all times, during and after the Term, on written demand indemnify the Client, and keep the Client indemnified, against losses, damages, costs or expenses and other liabilities (including legal fees) incurred by, awarded against or arising from an IPR Claim.

12.2.   If an IPR Claim is made, or Informer anticipates that an IPR Claim might be made, Informer may, at its own expense and sole option, either:

12.2.1.   procure for the Client the right to continue using the relevant item which is subject to the IPR Claim; or

12.2.2.   replace or modify the relevant item with non-infringing substitutes provided that:

(a)   the performance and functionality of the replaced or modified item is at least equivalent to the performance and functionality of the original item;

(b)   there is no additional cost to the Client; and

(c)   the terms and conditions of this Agreement shall apply to the replaced or modified item.

12.3.   The provisions of above clauses 12.1 and 12.2 (inclusive) shall not apply in respect of any IPR Claim caused by:

12.3.1.   any use by or on behalf of the Client of the relevant item in combination with any item not supplied pursuant to this Agreement; or

12.3.2.   the use by the Client, or any Authorised User or Account Administrator of the relevant item in a manner not reasonably anticipated by this Agreement (including any modifications, additions, decompiling, reverse engineering or creation of a derivative, or reselling of the relevant item).

13. Limitation of liability

13.1. The extent of the parties’ liability under or in connection with this Agreement (regardless of whether such liability arises in tort, contract or in any other way and whether or not caused by negligence or misrepresentation) shall be as set out in this clause 13.

13.2.   Subject to clauses 13.4 and 13.5, each party’s total liability shall not exceed a sum greater than an amount equivalent to the total Fees payable or paid to Informer by the Client in the preceding 12 months under or in connection with this Agreement.

13.3.   Subject to clause 13.5, neither party shall be liable for any actual or anticipated loss of profit; loss of business or business interruption; loss of reputation or goodwill; loss, breach or corruption of data; loss of anticipated savings or loss of business opportunity; or any special, indirect or consequential loss or damage of any kind howsoever arising and whether caused by tort (including negligence), breach of contract or otherwise, whether or not such loss or damage is foreseeable, foreseen or known.

13.4.   Except as expressly stated in this Agreement, and subject to clause 13.5, all warranties and conditions whether express or implied by statute, common law or otherwise are excluded to the extent permitted by law.

13.5.   Notwithstanding any other provision of this Agreement, the liability of the parties shall not be limited in any way in respect of the following:

13.5.1.   death or personal injury caused by negligence;

13.5.2.   fraud or fraudulent misrepresentation; and

13.5.3.   any other losses which cannot be excluded or limited by applicable law.

14. Term and termination

14.1.   This Agreement shall start on the Commencement Date and shall continue until it is either terminated in accordance with its provisions or the Services are completed on the date of Sign-off or Completion or as specified in the Statement of Work (Term).

14.2.   Any Services made available under a Subscription Plan shall commence on the Commencement Date or other date as agreed in writing by Informer, and shall continue for the Initial Term (which shall be a fixed period) and, thereafter, this Agreement shall be automatically renewed for successive periods (each a Renewal Period), unless:

14.2.1.   either party notifies the other party of termination, in writing, at least 90 days before the end of the Initial Term or Renewal Period, in which case this Agreement shall terminate upon the expiry of the applicable Initial Term or Renewal Period; or

14.2.2.   otherwise terminated in accordance with the provisions of this Agreement;

and the Initial Term together with any subsequent Renewal Periods shall constitute the Subscription Term.

14.3.   If Informer’s performance of any of its obligations in respect of the Services is prevented or delayed by any act or omission by the Client or failure by the Client to perform any relevant obligation (Client Default):

14.3.1.   Informer shall be entitled to suspend performance of the Services until such time as the Client Default has been remedied and to be relieved from performing its obligations to the extent that it has been delayed or prevented from carrying them out; and

14.3.2.   Informer shall not be liable for any costs or losses sustained or incurred by the Client arising directly or indirectly from Informer’s failure or delay to perform any of its obligations as set out in this clause 14.3.

14.4.   Termination for Cause

Either party may terminate the Agreement (without prejudice to its other rights and remedies) by giving written notice to the other party (Defaulting Party) if:

14.4.1.   the Defaulting Party fails to pay any amount due by the Due Date and remains in default for 7 days after being notified in writing to make such payment in accordance with clause 7.4;

14.4.2.   the Defaulting Party commits a material breach of any other term of this Agreement which, if not irremediable, is not remedied to the reasonable satisfaction of the injured party within 14 business days of notice to remedy the breach; or

14.4.3.   the Defaulting Party is subject to an Insolvency Event.

14.5.   Termination by Either Party by giving 90 days’ written notice

Either party may provide notice to terminate this Agreement by providing 90 days’ advance written notice.

14.6.   Consequences of Termination

14.6.1.   Termination of this Agreement for any reason shall not affect the accrued rights, remedies, obligations or liabilities of the parties, and as set out in clause 14.1 termination shall not affect any Projects or Statements of Work in mid-performance unless expressly agreed by the parties.

14.6.2.   Following termination, each party shall destroy or, at the request of the other party, return all information and materials belonging to the other party then in its custody or control, including all Confidential Information of the other party.

14.6.3.   The provisions of any clauses whose survival is necessary for the interpretation or enforcement of this Agreement, shall survive the termination or expiry of this Agreement.

15. Entire agreement

15.1.   Each party acknowledges that it has not entered into this Agreement or any documents entered into pursuant to it in reliance on, and shall have no remedies in respect of, any representation or warranty that is not expressly set out in this Agreement, except in the case of fraudulent or negligent misrepresentation. No party shall have any claim for innocent misrepresentation on the basis of any statement in this Agreement.

16. Notices

16.1.   Notices under this Agreement shall be in writing and sent to a party’s Authorised Persons. Notices may be given, and shall be deemed received:

16.1.1.   by first-class post: two business days after posting;

16.1.2.   by hand: on delivery;

16.1.3.   by email: on proof of sending.

16.2.   This clause does not apply to notices given in legal proceedings.

17. Publicity and Reservation of Rights

For all reasonable purposes related to the promotion of its own business (including for the entry or participation in any industry awards schemes), and provided always that Informer does not disclose any of the Client’s Confidential Information, Informer shall be entitled to refer to and publicise its work undertaken on behalf of the Client. Further, the Client agrees that Informer shall retain the copyright in any material contained in any presentation made in relation to the Project in competition with any other agency in the event that Informer’s presentation being unsuccessful.

18. Force majeure

Neither party shall have any liability under or be deemed to be in breach of this Agreement for any delays or failures in performance of this Agreement which result from any event beyond the reasonable control of that party. The party affected by such an event shall promptly notify the other party in writing when such an event causes a delay or failure in performance and when it ceases to do so. If such an event continues for a continuous period of more than one month, the party not affected may give 14 days’ written notice to terminate this Agreement.

19. Further assurance

Each party shall at the request of the other, and at the cost of the requesting party, do all acts and execute all documents which are necessary to give full effect to this Agreement.

20. Variation

No variation of this Agreement shall be valid or effective unless it is in writing, refers to this Agreement and is duly signed or executed by, or on behalf of, each party.

21. No partnership or agency

Nothing in this Agreement constitutes, or shall be deemed to constitute, a partnership between the parties nor make any party the agent of another party.

22. Counterparts

This Agreement may be entered into in any number of counterparts, all of which taken together shall constitute one and the same letter. Either party may enter into this Agreement by signing any such counterpart.

23. Severance

If any provision of this Agreement (or part of any provision) (including for the avoidance of doubt the individual heads of damage set out in clause 13) is or becomes illegal, invalid or unenforceable, the legality, validity and enforceability of any other provision of this Agreement shall not be affected. Further, wherever possible, the offending provision or part provision shall be replaced by such similar provision with similar effect that would be considered as legal, valid and enforceable and shall be reinstated in such form.

24. Waiver

No failure, delay or omission by either party in exercising any right, power or remedy provided by law or under this Agreement shall operate as a waiver of that right, power or remedy, nor shall it preclude or restrict any future exercise of that or any other right or remedy. No single or partial exercise of any right, power or remedy provided by law or under this Agreement shall prevent any future exercise of it or the exercise of any other right, power or remedy.

25. Third party rights

Except as expressly provided for in this Agreement, a person who is not a party to this Agreement shall not have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any of the provisions of this Agreement.

26. Governing law

This Agreement and any dispute or claim arising out of, or in connection with, it, its subject matter or formation (including non-contractual disputes or claims) shall be governed by, and construed in accordance with, the laws of England and Wales.

27. Jurisdiction

The parties irrevocably agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of, or in connection with, this Agreement, its subject matter or formation (including non-contractual disputes or claims), and the parties submit to the exclusive jurisdiction of the courts of England and Wales.

THIS AGREEMENT IS ENTERED INTO BY THE PARTIES ON THE DATE OF THE SERVICE ORDER

Support Services Agreement


1. Overview and Purpose
2. Support Terms
3. Service Level Agreement
4. Releases and changes to the Services

1.   Overview and Purpose

The purpose of this Support Services Agreement (SSA) is to provide Informer and the Client with a clear definition of the Support Services to be provided.

The purpose of this SSA is to clarify the following:

• Service Support Term

• Service Level Agreement

• Updates to the Services/ Deliverables.

2.   Support Services Term

For a period of the contract length commencing on [DATE] Informer will provide Authorised User and Account Administrator support in accordance with Informer’s Support Policy (Support Term), this section.

This Support Term supplements the Informer Terms and Conditions of Supply (Agreement) entered into between you (Client) and Informer and in accordance with which Informer shall supply the Services and Deliverables (as set out in the Statement of Work).

Informer offers support services for the (Support Services) in accordance with the following terms:

A.   Support Hours

Support Services are provided from Monday to Friday 9 a.m. to 5 p.m. (GMT) excluding Bank Holidays and UK Public Holidays (Business Hours).

B.   Incident Submission and Client Cooperation

Client may report errors or abnormal behaviour of the Service (Incidents) by contacting Informer via email at: support@informer.io. An online system will be introduced during the contract period.

Client will provide information and cooperation to Informer as reasonably required for Informer to provide Support Services. This includes, without limitation, providing the following information to Informer regarding the Incident:

• Aspects of the Service or Deliverables that are unavailable or not functioning correctly

• Incident’s impact on Client use

• Start time of Incident

• List of steps to reproduce Incident

• Relevant log files or data

• Wording of any error message

C.   Incident Response

Informer’s Support Services team will assign a priority level (Priority Level) to each Incident and seek to provide responses in accordance with the table below.

Priority Level 1
Operation of the Service/Deliverable is critically affected (not responding to requests or serving content) for many users; no workaround available.

Target Response Time
2 Hours

Priority Level 2
Service/Deliverable is responding and functional, but performance is degraded, and/or Incident has potentially severe impact on operation of the Service/Deliverable for multiple users.

Target Response Time
1 Day

Priority Level 3

Non-critical issue; no significant impact on performance of the Service/Deliverable but user experience may be affected.

Target Response Time
3 Days

D.   Exclusions

Informer will have no obligation to provide Support Services to the extent an Incident arises from:

(a) use of the Service/Deliverable by Client in a manner not authorised in this Agreement or the Statement of Work (including in relation to any Project Exclusions or Assumptions);

(b) general internet problems, force majeure events or other factors outside of Informer’s reasonable control;

(c) Client’s equipment, software, network connections or other infrastructure;

(d) third party systems, acts or omissions; or

(e) Scheduled Maintenance or reasonable emergency maintenance.

3. Service Level Agreement

A.   Target Availability

Informer will use commercially reasonable efforts to make the Service/Deliverable available with an uptime of 99.0% of each calendar month (Target Availability).

B.   Exclusions

The calculation of uptime will not include unavailability to the extent due to:

(a)   use of the Service/Deliverable by Client in a manner not authorised in this Agreement or the Statement of Work (including in relation to any Project Exclusions or Assumptions);

(b)   general internet problems, force majeure events or other factors outside of Informer’s reasonable control;

(c)   Client’s equipment, software, network connections or other infrastructure;

(d)   third party systems, acts or omissions; or

(e)   Scheduled Maintenance or reasonable emergency maintenance.

C.   Scheduled Maintenance

Scheduled Maintenance means Informer’s scheduled routine maintenance of the Service/Deliverable for which Informer notifies Clients at least twenty-four (24) hours in advance.

Scheduled Maintenance will not exceed eight (8) hours per month. Informer typically performs Scheduled Maintenance once per month.  Such scheduled maintenance may be undertaken in core business hours.

4. Releases and changes to the Service

Where the Services/Deliverables are delivered as software as a service no installation will be required in the traditional sense. The Service/Deliverable will be maintained and upgraded to, for example, enhance functionality, improve performance or address security issues.

Informer will update any software automatically as part of our continuous release process during the Support Term ensuring the Client is always on the latest version.

Informer will endeavour to update the Client with upcoming product feature changes via email to the designated Client Representative for onward distribution.

Data Processing Agreement

5. Data Protection

5.1.   Informer has agreed to provide Services to the Client. In the performance of such Services, Informer will process Protected Data (defined below) on behalf of the Client.

5.2.   In consideration for the Client engaging the services of Informer, Informer shall comply with the data security, confidentiality and other obligations imposed on it under this Data Processing Agreement.

5.3.   For the purposes of this Data Processing Agreement:

Business Purposes

means the Services described in this Data Processing Agreement or relevant Main Agreement or any other purpose specifically identified in Appendix A;

Data Controller, Data Processor, Data Protection Officer, Data Subject, Personal Data, Personal Data Breach, Process, Processed and Processing

shall bear their respective meanings given in the Data Protection Legislation;

Data Protection Legislation

means the UK Data Protection Legislation and any other European Union legislation relating to personal data and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including, without limitation, the privacy of electronic communications);

Data Subject Requests

means a request made by a Data Subject to exercise any rights of Data Subjects under Data Protection Legislation relating to the Protected Data;

Main Agreement

means a commercial agreement entered into by the parties to which this Data Processing Agreement attaches;

Protected Data

means any personal data received from or on behalf of the Client or otherwise obtained, created, generated, transmitted, stored or processed in connection with the performance of the Informer’s obligations under this Data Processing Agreement or the Main Agreement and which is not Anonymised Data (as defined below);

Informer Personnel

means all employees, staff, other workers, agents and consultants of Informer and of any sub-contractors who are engaged in the provision of the Services under this Data Processing Agreement from time to time;

Informer Proposal

means the proposal agreed with the Client setting out the Services to be provided by Informer and which is subject to a Main Agreement;

UK Data Protection Legislation

means all applicable data protection and privacy legislation in force from time to time in the UK including the General Data Protection Regulation ((EU) 2016/679); the Data Protection Act 2018; the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended.

5.4.   Informer and the Client acknowledge that for the purposes of the Data Protection Legislation, the Client is the Data Controller and the Informer is the Data Processor of any Protected Data in relation to which Informer is providing the Services.

5.5.   Appendix 1 sets out the details of the processing of personal data as required by Article 28(3) of the GDPR. The Client may make reasonable amendments to Appendix 1 by written notice to Informer from time to time as the Client reasonably considers necessary to meet those requirements.

5.6.   In the event of any conflict between the terms of this Data Processing Agreement and the Main Agreement, this Data Processing Agreement shall prevail.

6.   Personal Data Types and Processing Purposes

6.1.   The Client and Informer acknowledge that for the purpose of the Data Protection Legislation, the Client is the controller and Informer is the processor.

6.2.   The Client retains control of the Protected Data and remains responsible for its compliance obligations under the applicable Data Protection Legislation, including providing any required notices, and the Client further warrants to Informer that:

6.2.1.   it has obtained and will obtain and maintain any necessary consents and has a lawful basis for any processing instructions it gives to Informer; and

6.2.2.   it has in place and will maintain in place appropriate technical and organisational measures against:

(a)   unauthorised or unlawful processing, access, disclosure, copying, modification, storage, reproduction, display or distribution of Protected Data;

(b)   accidental or unlawful loss, destruction, alteration, disclosure or damage of Protected Data;

(c)   hacking, or unauthorised access or technical or physical disruption to its hosting, systems or services (including ensuring security, confidentiality, integrity, availability and resilience of its hosting, systems and services);

and shall ensure that availability of and access to Protected Data can be restored in a timely manner after an incident, and shall regularly, test, assess and evaluate the effectiveness of its systems and the technical and organisational measures adopted by it, including as set out in this clause 2.2.2.

6.3.   Informer may during and after the termination of this Data Processing Agreement use and disclose anonymised analytical data derived from the Protected Data (Anonymised Data) to third parties without the consent of the Client.

7.   Obligations of Informer

7.1.   Informer will only process the Protected Data to the extent, and in such a manner, as is necessary for the Business Purposes in accordance with the Client’s written instructions. Informer will not process the Protected Data in a way that does not comply with this Data Processing Agreement or Main Agreement or the Data Protection Legislation. Informer must promptly notify the Client if, in its opinion, the Client’s instruction would not comply with the Data Protection Legislation.

7.2.   Informer must comply with any Client instruction requiring Informer to amend, transfer, delete or otherwise process the Protected Data, or to stop, mitigate or remedy any unauthorised processing.

7.3.   Informer will maintain the confidentiality of all Protected Data and will not disclose Protected Data to third parties unless the Client or this Data Processing Agreement, or relevant Main Agreement, specifically authorises the disclosure, or if the Protected Data is anonymised by Informer, or as required by law. If a law, court, regulator or supervisory authority requires Informer to process or disclose Protected Data, Informer will use reasonable endeavours to first inform the Client of the legal or regulatory requirement and give the Client an opportunity to object or challenge the requirement, unless the law prohibits such notice.

7.4.   Informer will reasonably assist the Client with meeting the Client’s compliance obligations under the Data Protection Legislation, taking into account the nature of Informer’s processing and the information available to Informer, including in relation to Data Subject rights, data protection impact assessments and reporting to and consulting with supervisory authorities under the Data Protection Legislation.

7.5.   The Client must promptly notify Informer of any changes to Data Protection Legislation that may adversely affect Informer’s performance of this Data Processing Agreement, or relevant Main Agreement.

7.6.   Informer must only engage a subcontractor (‘sub-processor’) to process Personal Data with the Client’s prior authorisation and must do so under the basis of a written contract featuring substantially the same data processing obligations as Informer has under the terms of this Data Processing Agreement.

7.7.   Informer will only collect Protected Data for the Client using a notice or method that the Client specifically pre-approves, the purpose or purposes for which their Protected Data will be processed, and any other information that, having regard to the specific circumstances of the collection and expected processing, is required to enable fair processing.

8. Security

8.1.   Informer will implement and maintain in place appropriate technical and organisational measures against unauthorised or unlawful processing, access, disclosure, copying, modification, storage, reproduction, display or distribution of Protected Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage of Protected Data.

8.2.   Informer will implement such measures to ensure a level of security appropriate to the risk involved, including as appropriate:

8.2.1.   the encryption of Protected Data;

8.2.2.   the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

8.2.3.   the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;

8.2.4.   a process for regularly testing, assessing and evaluating the effectiveness of security measures; and

8.2.5.   the anonymisation of any Protected Data required for analytical data purposes.

9.   Breach Notification

9.1.   Informer shall:

9.1.1.   notify the Client if it becomes aware of any unauthorised or unlawful processing of, loss of, damage to or destruction or corruption of, the Protected Data, or any attempts to gain unauthorised access to Protected Data and any notification must, at the very least, contain the information required by Data Protection Legislation;

9.1.2.   within forty-eight (48) hours, provide the Client with sufficient information to allow the Client to meet any notification obligations to report or inform Data Subjects and/or the ICO or any other supervisory or regulatory body of any such breach under Data Protection Legislation;

9.1.3.   except where required to do so by law, not notify a Data Subject, the ICO or any other supervisory or regulatory body or any other third party of an actual or suspected breach (and shall treat the existence and circumstances of such actual or suspected breach as confidential information) unless such notice by the Client is required by applicable laws or is authorised in writing by the Client;

9.1.4.   following such breach or attempted breach of security, investigate and report on the cause of the breach, including proposed corrective action;

9.1.5.   provide full co-operation to the Client to assist the Client with any investigation relating to security, mitigation, remediation or any other action which is carried out by or on behalf of the Client in respect of such breach; and

9.1.6.   where possible, restore, re-constitute and/or reconstruct such Protected Data unless the matter arose from the Client’s specific instructions, negligence, wilful default or breach of this agreement or the Agreement, in which case the Client shall cover all reconstitution or reconstruction expenses.

10. Informer Personnel

10.1.   Informer shall ensure that access to the Protected Data is strictly limited to:

10.1.1.   such Informer Personnel who need access to the Protected Data to assist the Client in meeting the Client’s obligations under this Data Processing Agreement or relevant Main Agreement; and

10.1.2.   in the case of any access by Informer Personnel, such part or parts of the Protected Data as is strictly necessary for performance of such person’s duties in delivering the Services.

10.2.   Informer shall ensure that all Informer Personnel who have access to and/or process Protected Data:

10.2.1.   are informed of the confidential nature of the Protected Data and have signed written confidentiality undertakings in respect of the Protected Data;

10.2.2.   have undertaken adequate training on compliance with Data Protection Legislation;

and

10.2.3.   are aware both of Informer’s duties and their personal duties and obligations under such laws and this Data Processing Agreement.

11.   Rights of the Data Subject

11.1.   At all times whilst it is engaged to provide the Services, Informer shall implement and maintain in place appropriate technical and organisational measures to assist the Client in the fulfilment of the Client’s obligation to respond to Data Subject Requests under Data Protection Legislation. Informer shall notify the Client promptly (and in any event within twenty-four (48) hours) if it receives a Data Subject Request.

11.2.   Informer shall provide the Client with full co-operation, information and assistance in relation to any Data Subject Request.

11.3.   Except where required to do so by law, Informer shall not disclose any Protected Data to any Data Subject or to a third party other than at the request of, with the prior written consent of, and on the documented instructions of the Client or as provided for in this Data Processing Agreement.

12.   Rights of the Client

12.1.   Informer shall promptly make available to the Client on request all information necessary to demonstrate compliance with this Data Processing Agreement and with Data Protection Legislation. The Client is entitled, on giving at least ten (10) working days’ notice to Informer, to inspect or appoint representatives to inspect all facilities, equipment, documents and electronic data relating to the processing of Protected Data by Informer.

13.   Sub-processing

13.1.   The Client grants Informer specific authorisation to subcontract its processing of Protected Data to those third-parties (‘Sub-processors’) identified in its privacy policy (https://informer.io) and named in this clause 9.1. Use of any Sub-processor not mentioned in this clause 9.1 will require subsequent specific authorisation, to be manifest as a variation to this Data Processing Agreement.

Sub Processor
Google

Location
UK, US

Controls in Place
More information available here https://cloud.google.com/security/compliance

13.2.   Informer undertakes not engage any Sub-processor without procuring that there are adequate measures in place to establish the legality of data transfers in compliance with the Data Protection Legislation and Informer shall make known those measures to the Client in the table above, as may be amended from time to time.

14. Liability

14.1.   Informer will indemnify the Client against loss or damage suffered or incurred by the Client as a result of or arising out of a breach of Informer’s obligations under this Data Processing Agreement. Informer’s liability under this Data Processing Agreement, howsoever arising, shall however not exceed the limitation of liability as set out in the Main Agreement.

14.2.   Neither party shall be liable to the other for loss of profits, sales or business, agreements or contracts; anticipated savings; loss of or damage to goodwill; loss of use or corruption of software, data or information; loss or damage to premises, installation or reinstallation costs, or any indirect or consequential loss.

15. General

15.1.   Nothing in this Data Processing Agreement shall be construed as preventing a party from taking such steps as are necessary to comply with its own obligations under any Data Protection Legislation or any other applicable law.

15.2.   Nothing in this Data Processing Agreement is intended to, or shall be deemed to, establish any partnership or joint venture between any of the parties, constitute any party the agent of another party, nor authorise any party to make or enter into any commitments for or on behalf of any other party.

15.3.   This Data Processing Agreement shall continue in full force and effect for so long as Informer is processing Protected Data on behalf of Client (including without limitation during the time Informer is providing the Services).

15.4.   A person who is not a party to this Data Processing Agreement shall not have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this Data Processing Agreement, but this does not affect any right or remedy of a third party which exists, or is available, other than in that Act.

15.5.   A reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time.

15.6.   In the event of any inconsistency between the terms of the Main Agreement and the terms of this Data Processing Agreement, the terms of this Data Processing Agreement shall prevail.

15.7.   This Data Processing Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales and the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this Data Processing Agreement.

15.8.   The parties agree to the enactment of the adoption of standard contractual clauses (SCCs) if required as a result of the UK’s exit from the EU or other circumstances in which the parties agree they are required to ensure the continued flow, safeguarding and processing of the Protected Data outside the UK or EU under the Main Agreement by Informer. The terms of the SCCs shall prevail only so far as the applicable law demands that they do so and cannot otherwise be superseded by the terms of this Data Processing Agreement.

 

THIS DATA PROCESSING AGREEMENT IS AGREED AND ENTERED INTO BY INFORMER AND THE CLIENT ON THE DATE OF THE MAIN AGREEMENT.

APPENDIX 1: INFORMER DETAILS OF PROCESSING

This Appendix includes certain details of the processing of the Protected Data as required by Article 28(3) of the GDPR.

Data Controller
The Client

Data Processor
Informer

The obligations and rights of Data Controller
The obligations and rights of the Client are set out in this Data Processing Agreement or relevant Main Agreement.

Subject matter of the processing
The subject matter of the processing is the performance of the Services for the benefit of the Client by Informer.

Duration of the processing
The duration of the processing shall be for the term of the Main Agreement

Nature and purposes of the processing
The nature and purpose of the processing is in the Protected Data’s retention on Informer’s information-technology platforms for the term of the provision of the Services under the Main Agreement.

Type of Protected Data

• Technical data related to the Client prospect internet facing systems
• Potential of personal email addresses

Categories of Data Subject

• Email addresses

Plan for return and destruction of the Protected Data once the processing is complete
Protected Data will be processed for the duration of the Data Processing Agreement or relevant Main Agreement and then returned to the Client as set out in this Agreement or as made known to Informer, or destroyed.