The terms and conditions available on this page cover all product sales and vSOC Services. If you would like to download the Terms & Conditions as a PDF, please click here.

PARTIES

DATA CONNECT GROUP LIMITED incorporated and registered in England and Wales with company number 11058840 registered office is at 4 Wharfe Mews, Cliffe Terrace, Wetherby, West Yorkshire, United Kingdom, LS22 6LX (Data Connect); and the legal entity set out in the Statement of Works or Purchase Order who purchases the goods, services and/or Managed Services, from Data Connect (the Customer).

BACKGROUND

(A) Data Connect has developed and makes available the Available Services to certain customers.

(B) The Customer wishes to be able to engage Data Connect to provide the Available Services in its business operations and acknowledges that by ordering certain Available Services that the specific terms set out in this agreement which relate to those particular Available Services shall then apply, subject to the terms of an agreed and executed Statement of Work relating to the relevant Services.

(C) Data Connect has agreed to provide, and the Customer has agreed to take and pay for, the Services, subject to the terms and conditions of this agreement (that apply to those Services) and execution of an appropriate Statement of Work by the parties.

(D) The parties acknowledge and agree that, as at the date of this Agreement, certain services are being provided by Data Connect to the Customer pursuant to an existing contract. Those services shall continue to be provided pursuant to the terms of the existing contract unless and until a valid Statement of Work is agreed between the parties, relating to the relevant services, which expressly refers to this Agreement.

AGREED TERMS

1. INTERPRETATION

1.1 The definitions and rules of interpretation in this clause 1 apply in this agreement.

Acceptance Date: has the meaning given in clause 5.5.

Assets: any Customer-site Equipment, Software or Intellectual Property Rights used by Data Connect exclusively for the delivery of the Services to the Customer.

Available Services: the list of service types set out in Schedule 2.

Business Day: a day, other than a Saturday, Sunday or public holiday in England, when banks in London are open for business.

Change Control Procedure: the procedures set out in clause 17.

Charges: the sums payable for the Works as set out in a Statement of Work.

Confidential Information: all confidential information (however recorded or preserved) disclosed by a party or its employees, consultants, officers, representatives, advisers, agents or sub-contractors involved in the provision or receipt of the Services (together, its Representatives) to the other party or that party’s Representatives in connection with this agreement which information is either labelled as such or should reasonably be considered as confidential because of its nature and the manner of its disclosure.

CSRs: means the customer service representatives who are from time to time authorised by the Customer to liaise with Data Connect for the purposes as may be set out in Schedule 3 or the persons set out in the relevant Statement of Work.

Customer Account Team: the individuals appointed by the Customer from time to time who shall serve as Data Connect’s primary contacts for Data Connect’s activities under this agreement. The initial members of the Customer Account Team, where applicable, are listed in the SoW.

Customer Data: any information that is provided by or on behalf of the Customer to Data Connect as part of the Customer’s use of the Services, including any information derived from such information.

Customer Personal Data: any personal data comprised in the Customer Data.

Customer Site: any premises occupied by the Customer at which it receives the Services.

Customer-site Equipment: any equipment, including Hardware, located or to be located on a Customer Site owned and/or managed by the Customer including to the extent any Hardware operates or functions as a Device. Customer’s Operating Environment: the Customer’s computing environment (consisting of hardware, software and telecommunications networks) that is to be used by the Customer in connection with its use of the Services and which interfaces with Data Connect’s System in order for the Customer to receive the Services, but excluding the Customer-site Equipment.

Customer’s Project Manager: The Customer’s Project Manager at the Effective Date as named in the Statement of Work.

Customer Software: has the meaning given to that term in the definition of Software.

Cybersecurity Requirements: all applicable laws, regulations, codes, guidance (from regulatory and advisory bodies, whether mandatory or not), international and national standards, industry schemes and sanctions relating to security of network and information systems and security breach and incident reporting requirements, including the Data Protection Legislation, the Cybersecurity Directive (EU) 2016/1148), Commission Implementing Regulation (EU) 2018/151), the Network and Information Systems Regulations 2018 (SI 506/2018), all as amended or updated from time to time.

Data Connect Hardware: all physical telecommunications, networking and computer equipment (including switches, routers, cables, servers, racks, cabinets and peripheral accessories) provided and used by Data Connect to deliver the Services to the Customer as set out in the Specification or as agreed to be provided under the relevant Statement of Work.

Data Connect’s Project Manager: the member of Data Connect’s Account Team appointed in accordance with clause 5.1.

Data Connect Software: has the meaning given to that term in the definition of Software.

Data Connect’s System: the information and communications technology system to be used by Data Connect (or any of its sub-contractors) in performing the Services, including the Hardware, the Software, and communications links between the same and the Hardware, Customer-site Equipment and the Customer’s Operating Environment.

Data Controller: has the meaning given to that term in the Data Protection Legislation.

Data Processor: has the meaning given to that term in the Data Protection Legislation.

Data Protection Legislation: means (i) the Data Protection Act 2018, (ii), the General Data Protection Regulation ((EU) 2016/679) (the GDPR) (unless and until the GDPR is no longer directly applicable in the UK), (iii) any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK; and (iv) any successor legislation to the GDPR or the Data Protection Act 2018.

Data Subject: has the meaning given to that term in the Data Protection Legislation.

Designated Representative: has the meaning given in clause 36.2.

Device: means a distinct physical hardware unit or virtual machine/environment, in either case as provided or prescribed by Data Connect, in writing from time to time.

Disaster Recovery Plan: the plans maintained by Data Connect containing the actions to be taken, the resources to be used and the procedures to be followed to support recovery in the event of a disaster affecting the Services.

Device: means a distinct physical hardware unit or virtual machine/environment, in either case as provided or prescribed by Data Connect, in writing from time to time. Dispute: has the meaning given in clause 35.1.

Dispute Notice: has the meaning given in clause 36.1.

Dispute Resolution Procedure: the procedure described in clause 36.

Effective Date: the date of this agreement.

Employment Regulations: the Transfer of Undertakings (Protection of Employment) Regulations 2006 (SI 2006/246) as amended or replaced or any other Regulations implementing the Acquired Rights Directive;

Error: has the meaning given in clause 5.3.

Event: means a report or burst of information or other electronic communication sent from a Device to Data Connect’s systems containing log data.

Events Per Second (EPS): means the number of Events per second (in time) that a Device produces and sends (or attempts to send) to Data Connect System. The agreed EPS limit shall be set out in the Statement of Work in relation to the relevant Subscription and where applicable shall be set out for each type of Device.

Exit Plan: has the meaning given in clause 23.1, as such exit plan is updated and amended by the parties from time to time in writing.

Extended Term: has the meaning given in clause 22.1.

Force Majeure Event: has the meaning given in clause 24.1.

Generally Accepted Accounting Principles: all generally accepted accounting principles including generally accepted UK accounting principles comprising the Financial Reporting Standards issued by the UK Financial Reporting Council (and to the extent applicable, Statements of Standard Accounting Practice (SSAPs) issued by predecessors to the UK Financial Reporting Council).

Good Industry Practice: the standards that fall within the upper quartile for the provision of business-critical services substantially similar or identical to the Services, having regard to factors such as the nature and size of the parties, the Service Level Arrangements, the term, the pricing structure and any other relevant factors.

Initial Term: the period from the Effective Date until the first anniversary of the Effective Date unless otherwise expressly set out in the relevant SoW.

Invention: any invention, idea, discovery, development, improvement or innovation, whether or not patentable or capable of registration, and whether or not recorded in any medium.

Intellectual Property Rights: patents, rights to inventions, copyright and related rights, trade marks, trade names, domain names, rights in get-up, rights in goodwill or to sue for passing off, unfair competition rights, rights in designs, rights in computer software, database right, topography rights, moral rights, rights in confidential information (including know-how and trade secrets) and any other intellectual property rights, in each case whether registered or unregistered and including all existing and future rights capable of present assignment, applications for and renewals or extensions of and rights to claim priority from such rights, and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.

Log Information: means the data or information sent by a Device to Data Connect’s System according to any particular calibration or format set out in the Services Specification.

Maintenance: any error corrections, Updates and upgrades that Data Connect may provide or perform with respect to the Services, as well as any other support or training services to be provided to the Customer under this agreement, all as described in Schedule 3.

Maintenance Action: has the meaning given in Schedule 3.

Normal Business Hours: 09.00 am to 05.30pm local UK time on Business Days.

Permitted Purpose: has the meaning given in clause 20.2.1.

Personal Data: has the meaning given to that term in the Data Protection Legislation

Priority 1, 2, 3 and (where applicable) 4 Incidents: have the meanings given to them in each of the tables, as applicable, as expressly set out in Schedule 3. For the avoidance of doubt, any such SLAs set out in an SoW shall take precedence over Schedule 3.

Processing: has the meaning given to that term in the Data Protection Legislation (and Process and Processes shall be construed accordingly).

Project Plan: the implementation plan for a Service as set out in the relevant Statement of Work.

Purchase Order: a documented written request to purchase goods or services from Data Connect.

Regulatory Requirement: has the meaning given in clause 22.11.

Relevant Transfer: a transfer of employment to which the Employment Regulations applies;

Replacement Supplier: any entity with which the Customer contracts (or proposes to contract) to provide services similar to all or any of the Services and Maintenance upon the expiry or termination of all or any part of this agreement for any reason.

Representatives: has the meaning given to that term in the definition of Confidential Information.

Review Meeting: has the meaning given in clause 18.3.

Service Credit: any credits payable to the Customer in accordance with the Service Level Arrangements.

Service Delivery Failure: has the meaning given in the relevant Statement of Work.

Service Level Arrangements: the service level arrangements set out in the relevant Statement of Work or, if not set out therein, then according to Schedule 3. For the avoidance of doubt, any SLAs set out in an SoW shall take precedence over those in Schedule 3.

Services: the services selected from the Available Services and as described in the Services Specification to be performed by Data Connect in accordance with this agreement and the applicable Statement of Work including where applicable the Setup Services, the Maintenance and the Transition Services.

Services Specification: the specification for the Services as set out in the relevant Statement of Work.

Set-up Services: the due diligence, configuration and related work referred to in clause 5 and the relevant Statement of Work, to be performed by Data Connect to set up the Services.

Software: any software used by Data Connect (or any of its sub-contractors) to provide the Services to the Customer whether owned by a third party and licensed by Data Connect (Third Party Software) to the Customer or provided by the Customer (Customer Software).

Statement of Work (“SoW”): a detailed plan, agreed in accordance with this Agreement, describing the relevant Available Services to be provided by Data Connect, the timetable for their performance and the related matters listed in, and in a substantially similar format to the pro-forma statement of work set out in Schedule 1.

Third Party Software: has the meaning given to that term in the definition of Software.

Transferring Contracts: the third-party contracts (including licences to Third-Party Software) that Data Connect reasonably considers necessary to enable the transition of the Services to the Customer or any Replacement Supplier on expiry or termination of all or any part of this agreement for any reason.

Transition Services: the services to be provided by Data Connect to implement the Exit Plan.

Update: means any minor point release that Data Connect provides as a matter of course as a general update for all of its Customers on the same package as specified in the Services Specification. Uptime Service Level: has the meaning given in the relevant Statement of Work in relation to the relevant SLA.

Version: means a major point release or other new version of the Software or any Firmware which introduces new functionality or other improvements to which the Customer is not usually entitled under standard maintenance and support made available or offered by Data Connect as part of the Services where expressly ordered under an SoW.

Virtual Security Operations Centre: means facility provided by Data Connect to provide cyber security resource, expertise, systems and services.

Virus: any thing or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by rearranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices.

Work Product: all deliverables and all other reports, documents, materials, techniques, ideas, concepts, trade-marks, know-how, algorithms, software, computer code, routines or sub-routines, specifications, plans, notes, drawings, designs, pictures, images, text, audiovisual works, inventions, data, information and other items, expressions, works of authorship or work product of any kind that are authored, produced, created, conceived, collected, developed, discovered or made by Data Connect (or any of its sub-contractors) in connection with the Services or which relate in any manner to the Services or which result from any work performed by Data Connect (or any of its sub-contractors) for the Customer, including any and all Intellectual Property Rights therein.

Works: the Available Services which are provided by Data Connect under a Statement of Work, including services which are incidental or ancillary to the Services.

1.2. Clause, Schedule and paragraph headings shall not affect the interpretation of this agreement.

1.3. A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.

1.4. Unless the context otherwise requires, words in the singular shall include the plural and words in the plural shall include the singular.

1.5. A reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time.

1.6. A reference to a statute or statutory provision shall include all subordinate legislation made from time to time under that statute or statutory provision.

1.7. A reference to writing or written includes email but not faxes.

1.8. Any phrase introduced by the words including, includes, in particular or for example, or any similar phrase, shall be construed as illustrative and shall not limit the generality of the related general words.

1.9. References to clauses and Schedules are to the clauses and schedules of this agreement. References to paragraphs are to paragraphs of the relevant Schedule.

1.10. A person includes a natural person, corporate or unincorporated body (whether or not having separate legal personality) and that person’s personal representatives, successors or permitted assignees.

1.11. A reference to this agreement includes the Schedules and the recitals. If there is an inconsistency between any of the provisions in the main body of this agreement and the schedules, the provisions in the main body of this agreement shall prevail.

1.12. In the event of any conflict between the terms of any document incorporated into this Agreement, the following order of precedence shall apply:

1.12.1. the Standard Terms and Conditions (unless expressly stated herein that a Statement of Work shall take precedence on any particular matter); and

1.12.2. the Statement of Work applying to the relevant Service.

2. COMMENCEMENT AND DURATION

2.1. A Contract shall be formed either:

2.1.1. upon the date of last signature of a written agreement between the parties; or

2.1.2. when Data Connect issues a written acceptance, or otherwise completes processing of a Purchase Order.

2.2. For the avoidance of doubt any quotation given by Data Connect shall not constitute an offer and may be withdrawn at any time by Data Connect and any Purchase Order issued by the Customer shall constitute an offer to purchase goods and/or services in accordance with the quotation (if any) provided by Data Connect, and these Standard Terms and Conditions.

2.3. In the event and to the extent only of any conflict or inconsistency between the provisions of:

2.3.1. the clauses of these Standard Terms and Conditions;

2.3.2. the body of the Statement of Works; or

2.3.3. any other document specifically referred to in the Statement of Works; then the order of precedence shall be as set out in this clause 2.3 with 2.3.1 having the highest priority provided that where any clause in the Statement of Works is expressly stated to have priority over another specifically referenced provision then that clause in the Statement of Works shall take precedence.

2.4. Subject to an earlier termination in accordance with clause 22, the agreement shall commence on the Effective Date for the Initial Term and shall automatically extend for successive twelve (12) month periods (Extended Term) at the end of the Initial Term and at the end of each Extended Term. A party may give written notice to the other party, not later than ninety (90) days before the end of the Initial Term or the relevant Extended Term, to terminate this agreement at the end of the Initial Term or the relevant Extended Term, as the case may be.

2.5. The existence of this Agreement and/or the fact that it is in force does not by itself require any Services to be provided or purchased by either party unless and until a Statement of Work has been duly executed by the Parties.

2.6. For the avoidance of doubt any termination of this agreement shall not automatically terminate an existing Statement of Work unless expressly set out in the termination. Existing Statements of Work shall continue until their natural expiry or termination in accordance with their own terms as expressly stated in that Statement of Work.

2.7. If there are no uncompleted Statements of Work as at the date notice to terminate is served under clause 2, such notice shall terminate this agreement with immediate effect.

2.8. The parties shall not enter into any further Statements of Work after the date on which notice to terminate this agreement is served under clause 2.

2.9. The Customer may procure any of the Available Services by agreeing a Statement of Work with Data Connect pursuant to clause 3 (Statements of Work).

2.10. Data Connect shall provide the Works from the date specified in the relevant Statement of Work.

3. STATEMENTS OF WORK

3.1. Each Statement of Work shall be agreed in the following manner:

3.1.1. the Customer shall ask Data Connect to provide any or all of the Available Services and provide Data Connect with as much information as Data Connect reasonably requests in order to prepare a draft Statement of Work for the Available Services requested;

3.1.2. following receipt of the information requested from the Customer Data Connect shall, as soon as reasonably practicable either:

3.1.2.1. inform the Customer that it declines to provide the requested Available Services; or

3.1.2.2. provide the Customer with a draft Statement of Work.

3.1.3. if Data Connect provides the Customer with a draft Statement of Work pursuant to clause 3.1.2.2, Data Connect and the Customer shall discuss and agree that draft Statement of Work; and

3.1.4. both parties shall sign the draft Statement of Work when it is agreed.

3.2. Unless otherwise agreed in writing between the parties, the Charges payable by the Customer to Data Connect in relation to the provision of any Service shall be calculated in accordance with the relevant SoW.

3.3. Data Connect may charge for the preparation of Statements of Work on a time and materials basis in accordance with Data Connect’s standard daily fee rates where agreed in writing in advance by the Customer.

3.4. Once a Statement of Work has been agreed and signed in accordance with clause 3.1.4, no amendment shall be made to it except in accordance with the provisions of this agreement relating to Change control pursuant to clause 17 or a Variation pursuant to clause 30.3.

3.5. Each Statement of Work shall read alongside and in conjunction with this agreement and shall not form a separate contract to it. Each executed Statement of Work shall form a separate contract when read alongside these terms.

4. DATA CONNECT’S RESPONSIBILITIES

4.1. Data Connect shall use reasonable endeavours to provide the Works, and deliver the Deliverables to the Customer, in accordance with the relevant Statement of Work.

4.2. Data Connect shall provide the Works with reasonable care and skill.

4.3. Data Connect shall use reasonable endeavours to meet the Project Plan specified in the relevant Statement of Work but any such dates shall be estimates only and time for performance by Data Connect shall not be of the essence of this agreement.

4.4. Data Connect shall appoint a manager in respect of the Works to be performed under each Statement of Work, such person as identified in the Statement of Work. That person shall have authority to contractually bind Data Connect on all matters relating to the relevant Works (including by signing Change Orders). Data Connect shall use all reasonable endeavours to ensure that the same person acts as Data Connect’s manager throughout the term of the relevant Statement of Work, but may replace that person from time to time where reasonably necessary in the interests of Data Connect’s business and following prior written notice to the Customer.

4.5. Data Connect shall use reasonable endeavours to observe all health and safety and security requirements that apply at the Customer’s premises and that have been communicated to it, provided that it shall not be liable under this agreement if, as a result of such observation, it is in breach of any of its obligations under this agreement.

5. SET-UP SERVICES

5.1. This clause applies where Set Up Services are included in any Statement of Work. Data Connect shall appoint Data Connect’s Project Manager, who shall have the authority to contractually bind Data Connect on all matters relating to this agreement. Data Connect shall use reasonable endeavours to ensure continuity of Data Connect’s Project Manager, but has the right to replace him from time to time where reasonably necessary in the interests of Data Connect’s business and following prior written notice to the Customer.

5.2. Data Connect shall perform the Set-up Services in accordance with the timetable set out in the relevant Statement of Work. Data Connect shall use reasonable endeavours to meet the performance dates set out in the Statement of Work, but any such dates shall be estimates only, and time shall not be of the essence in this agreement.

5.3. When Data Connect considers that the Services are ready for activation it shall so notify the Customer. Within five Business Days of such notification the Customer shall review the operation of the Services to confirm that they function in material conformance with the Services Specification. If the Services fail in any material respect to conform with the Services Specification, the Customer shall give Data Connect a detailed description of any such non-conformance (Error) in writing, within the five Business Day review period.

5.4. Data Connect shall use reasonable endeavours to correct any Error as soon as reasonably practicable and, on completion, re-submit the Services to the Customer. The provisions of clause 5.3 and this clause 5.4 shall then apply again, up to three additional times. If Data Connect is unable to correct the Error after three attempts, subject to Data Connect offering to have a face-to-face discussion first, then either party may terminate this agreement in respect only of the part of the Services that are affected by the Error, with immediate effect by giving written notice to the other party, without further liability to the other in respect of the Error or failure to provide that part of the Services in accordance with this agreement.

5.5. If the Services are found to conform with the Services Specification or if the Customer does not provide any written comments within the five Business Day review period described in clause 5.3, the Services shall be deemed accepted as from the date of the notification or expiry of the five Business Day review period (in each case the Acceptance Date).

6. SERVICE PROVISION

6.1. Data Connect shall provide the Services from the Acceptance Date until expiry or termination of the relevant Statement of Work.

6.2. The Service Level Arrangements shall apply with effect from the start of the first complete month commencing occurring at least thirty (30) days after the Acceptance Date.

6.3. The Customer shall not store, distribute or transmit to Data Connect in connection with the Services any material that:

6.3.1. is unlawful, harmful, threatening, defamatory, obscene, harassing or racially or ethnically offensive;

6.3.2. facilitates illegal activity;

6.3.3. depicts sexually explicit images; and/or

6.3.4. promotes unlawful violence, discrimination based on race, gender, age, disability, sexual orientation, religion, belief or gender reassignment, or any other illegal activity.

6.4. The Customer shall remain responsible for it’s own use of the Services where not in accordance with the license granted to it under this Agreement and is also responsible for the Customer-site Equipment and the Customer Operating Environment, including any use by third parties (whether fraudulent or invited by the Customer).

6.5. The Customer must take reasonable measures to ensure it does not jeopardise services supplied to third parties on the same shared access infrastructure as notified to the Customer by Data Connect in writing. This includes informing Data Connect promptly in the case of the Customer becoming aware that the EPS limit is or may be exceeded or in the event of the Customer becoming aware of a denial-of-service attack or distributed denial-of-service attack. In the event of any such incident, Data Connect shall work with the Customer to alleviate the situation as quickly as possible. The parties shall discuss and agree appropriate action.

6.6. The Customer shall not provide the Services directly or indirectly to third parties, including acting as a service bureau or equivalent, where such use is not expressly set out under a Statement of Work. For the avoidance of doubt the Customer may take benefit from the Services for its own internal business purposes in order to provide its normal day to day services to clients of the Customer.

6.7. Data Connect reserves the right, following reasonable prior written notice to the Customer (or as soon as possible following any changes made pursuant to an emergency) to:

6.7.1. modify Data Connect’s System, its network, system configurations or routing configuration; or

6.7.2. modify or replace any Hardware, Data Connect Hardware or Software in its network or in equipment used to deliver any Service over its network, provided that this has no materially adverse effect on Data Connect’s obligations under this agreement, Data Connect’s provision of the Services and/or the Service Level Arrangements. If such changes will have an adverse effect, Data Connect shall notify the Customer and the parties shall follow the Change Control Procedure.

6.8. The parties acknowledge and agree that no Transfer is intended to take place within the meaning of the Employment Regulations and each Party agrees to indemnify the other Party for any loss due to any deemed Transfer taking place in relation to the provision of the Services by Data Connect under this agreement or upon any termination of this agreement.

7. PROFESSIONAL SERVICES AND CONSULTANCY

7.1. If a Statement of Work sets out any consultancy or other professional Services to be provided by Data Connect then the terms of this clause 7 (and all sub-clauses under it) shall apply to that part of the Works.

7.2. Data Connect shall ensure that it uses personnel who are suitably trained, experienced and qualified.

7.3. Data Connect shall be responsible for the performance of its personnel through which Data Connect provides the consultancy services.

7.4. Data Connect may substitute any of its personnel who provide consultancy services under this agreement or in relation to any Statement of Work with a contractor or other appropriate substitute and Data Connect shall be liable for those third parties as though they were its own personnel. Such third parties shall be subject to duties of confidentiality equivalent to those set out in this agreement and Data Connect shall ensure that they observe the requirements set out in clause 11 (Customer Data).

8. DELIVERY, INSTALLATION AND DELAYS

8.1. This Clause 8 and each sub-clause under it shall only apply where Data Connect (and not any other Third Party) is providing and installing Hardware. If no Hardware is being provided and installed directly by Data Connect, the remainder of this Clause 8 shall not apply and the Customer shall be solely responsible for the operation of applicable Devices in accordance with the Services Specification. If Hardware is being provided by Data Connect but installed by the Customer then the remainder of this clause 8 shall not apply except for sub-clauses 8.2 and 8.6 relating to Delivery. Data Connect is not responsible for the supply, Delivery or installation of Third Party Hardware. If Data Connect is contracted for Services only, to install Third Party Hardware or Customer owned Hardware, then the rest of this Clause 8 shall not apply.

8.2. Data Connect shall deliver each item of Data Connect Hardware and the relevant Software to the Site(s) on or before the applicable Delivery Date for that item.

8.3. Data Connect shall supply to the Customer, within a reasonable time before any relevant Delivery Date, such information and assistance as may be necessary to enable the Customer to prepare the Site(s) for the installation.

8.4. The Customer shall, at its own expense, prepare the Site(s) in accordance with the information provided by Data Connect in advance of each relevant Delivery Date. Upon request from the Customer, Data Connect will provide reasonable assistance to carry out such preparation subject to prior agreement on the Charges applicable to such assistance.

8.5. Data Connect shall complete installation of each item of Data Connect Hardware and any relevant Software at the Site(s) by the Installation Date for that item of Data Connect Hardware or Software Module.

8.6. If any delivery is delayed at the request of, or because of the acts or omissions of, the Customer, if applicable, the Project Plan shall be amended to take account of such delay.

8.7. Data Connect shall provide the System on or before the Completion Date specified in the Order Form or the Project Plan.

9. TITLE AND RISK

9.1. This Clause shall only apply where Hardware or other goods are provided by Data Connect under any Statement of Work.

9.2. Property in Data Connect Hardware shall only pass to the Customer on receipt by Data Connect in cash or cleared funds payment in full of the total cost of the Hardware provided by Data Connect to the Customer where such cost is expressly set out as a Hardware Purchase Price in a Statement of Work.

9.3. Property shall otherwise at all times remain vested in Data Connect or its licensor, and Data Connect’s rights shall be governed by the terms of any license relating to such Hardware, including its firmware.

9.4. Risk in Data Connect Hardware shall pass to the Customer:

9.4.1. If delivered by Data Connect to a place nominated by the Customer, when tendered for delivery at that place; or

9.4.2. If collected by the Customer then, when loaded onto the Customer’s (or its agent’s) vehicle, or at such time as they are available for so loading and would have been loaded but for the Buyer’s failure to collect them.

9.4.3. If withheld by Data Connect for any valid reason, at such time as Data Connect would have been able to collect them had Customer not been so withholding them,

9.4.4. And the Customer is responsible for insuring the hardware and software from any such time.

9.5. Until such time as property in Data Connect Hardware passes to the Customer:

9.5.1. The Customer shall hold the Hardware as Data Connect’s fiduciary agent and bailee and shall keep all such items separate and distinct from those of the Customer and Third Parties, and separately stored, protected and adequately insured, and identified as Data Connect’s property. Until such time, the Customer shall be entitled to resell or use such items in the ordinary course of its business, but shall account to Data Connect for the proceeds of sale or otherwise of such items, whether tangible or intangible, including insurance proceed, and shall keep all such proceeds separate and distinct from any moneys or property of the Customer and third parties and, in the case of tangible proceeds, properly stored, protected and adequately insured; and

9.5.2. Provided that the hardware is still in existence and has not been resold then Data Connect shall be entitled at any time to require the Customer to deliver up the Hardware to Data Connect and, if the Customer fails to do so forthwith, to enter on any premises of the Buyer or any third party where such items are stored and repossesses them. The Customer will indemnify Data Connect for and loss of degradation of or damage to any Hardware caused whilst such Hardware is in the possession or under the control of the Customer.

9.6. Any Hardware and/or Software supplied to the Customer which is subject to any restrictions or provisions imposed by the manufacturers and/or licensor’s standard terms and conditions (including but not limited to click-through end-user-license agreements, copyright notices and acceptable use policies) are supplied to the Customer by Data Connect subject to any such conditions and on the terms of any applicable license agreement.

9.7. The Customer is not entitled to pledge or in any way charge by way of security for any indebtedness any Data Connect Hardware and/or Software which remain the property of Data Connect (or its licensor) but, if the Customer does so, then all moneys owing by the Customer to Data Connect shall (without prejudice to Data Connects other rights and remedies) become immediately due and payable, including the reasonable cost of any affected Data Connect Hardware.

10. DATA CONNECT PERSONNEL: SYSTEM AND SUPPORT SERVICES

10.1. This clause and each sub-clause under it shall only apply where:

10.1.1. Connect is providing and installing Hardware requiring the attendance of Data Connect Personnel; or

10.1.2. Data Connect is providing Consulting Services; or

10.1.3. Data Connect is providing Support Services; or

10.1.4. Data Connect is providing Maintenance Services.

10.2. Data Connect undertakes that its employees and contractors, while on the Site(s) or any other premises of the Customer, will comply with all relevant rules and regulations laid down by the Customer from time to time for the behaviour of its own employees and contractors, as notified to Data Connect in writing to it from to time. Data Connect shall remove any employee or contractor whom the Customer can demonstrate has failed to comply with such rules, regulations and requirements.

10.3. Data Connect alone shall be responsible for the supervision, direction, control, wages, taxes, national insurance and benefits of its own employees. Data Connect assumes full responsibility for their acts and omissions and acknowledges that they are not employees or agents of the Customer.

10.4. During the term of this agreement and for a period of six months after its termination neither party shall, without the prior written consent of the other, solicit, or permit any affiliate or associate to solicit, the employment of any person who is employed by the other party in the course of developing, supplying, maintaining or supporting the Services or any part of them. Nothing in this clause 10.4 shall prevent either party from recruiting any person, via a third party recruitment agency or as a result of a public advertisement. Each party further agrees that it shall not provide any lists or names of specific individuals to such agencies of persons employed by the other party as described in this clause 10.4.

10.5. Any advice or other statement given as part of the Works but where not expressly required and set out in a Statement of Work shall not be relied upon by the Customer and is given as guidance only. Where Data Connect provides advice as part of the Services then the Customer may not hold out that advice to any third party as being reliable and that advice is intended for the specific and limited benefit of the Customer directly.

11. CUSTOMER DATA

11.1. Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 11 is in addition to, and does not relieve, remove or replace, a party’s obligations under the Data Protection Legislation.

11.2. The parties acknowledge that:

11.2.1. if Data Connect Processes any Personal Data on the Customer’s behalf when performing its obligations under this agreement, the Customer is the data controller and Data Connect is the Data Processor for the purposes of the Data Protection Legislation.

11.2.2. Schedule 4 sets out the scope, nature and purpose of Processing by Data Connect, the duration of the Processing and the types of Personal Data and categories of Data Subject.

11.2.3. the Personal Data will not be transferred or stored outside the EEA or the country where the Customer is located in order to carry out the Services and Data Connect’s other obligations under this agreement, unless such transfer is required by any applicable laws or Data Connect has obtained the prior written consent of the Customer (such consent to be subject to Data Connect meeting the conditions set out in clause 11.4.3).

11.3. Without prejudice to the generality of clause 11.1, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to Data Connect for the duration and purposes of this agreement so that Data Connect may lawfully use, Process and transfer the Personal Data in accordance with this agreement on the Customer’s behalf.

11.4. Without prejudice to the generality of clause 11.1, Data Connect shall, in relation to any Personal Data Processed in connection with the performance by Data Connect of its obligations under this agreement:

11.4.1. Process that Personal Data only on the written instructions of the Customer unless Data Connect is required by the laws of any member of the European Union or by the laws of the European Union applicable to Data Connect to Process Personal Data (Applicable Laws). Where Data Connect is relying on laws of a member of the European Union or European Union law as the basis for Processing Personal Data, Data Connect shall promptly notify the Customer of this before performing the Processing required by the Applicable Laws unless those Applicable Laws prohibit Data Connect from so notifying the Customer;

11.4.2. ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the other party, to protect against unauthorised or unlawful Processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful Processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it).

11.4.3. not transfer any Personal Data outside of the EEA unless the following conditions are fulfilled:

11.4.3.1. the Customer or Data Connect has provided appropriate safeguards in relation to the transfer;

11.4.3.2. the data subject has enforceable rights and effective legal remedies;

11.4.3.3. Data Connect complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and

11.4.3.4. Data Connect complies with reasonable instructions notified to it in advance by the Customer with respect to the Processing of the Personal Data;

11.4.4. assist the Customer, at the Customer’s cost (any such costs to be agreed in writing between the parties), in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;

11.4.5. notify the Customer without undue delay on becoming aware of a Personal Data breach;

11.4.6. ensure that persons authorised to Process the Personal Data have committed themselves to a duty of confidentiality or are under an appropriate statutory obligation of confidentiality;

11.4.7. at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the agreement unless required by Applicable Law to store the Personal Data; and

11.4.8. maintain complete and accurate records and information to demonstrate its compliance with this clause 11.

11.5. The Customer consents to Data Connect appointing IT Security Consultants or Hosting Service Providers as third-party processors of Personal Data under this agreement. Data Connect confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement incorporating terms which are substantially similar to those set out in this clause 11. As between the Customer and Data Connect, Data Connect shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this clause 11.

11.6. Data Connect shall follow its archiving and security procedures for Customer Data, including those set out in clause 13 (Security).

11.7. Data Connect shall without undue delay notify the Customer in writing of any actual or suspected loss or damage to the Customer Data.Without prejudice to any remedy for breach of confidentiality or Personal Data available to the Customer under this Agreement or otherwise, in the event of any loss or damage to Customer Data where the Customer has expressly ordered back-up products under a Statement of Work, the Customer’s sole and exclusive remedy shall be for Data Connect to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest backup (where applicable) of such Customer Data to be maintained by Data Connect in accordance with its archiving procedure. Data Connect shall not be responsible for any loss, destruction, alteration or unauthorised access to or disclosure of Customer Data caused by any third party (except those third parties sub-contracted directly by Data Connect to perform services related to Customer Data maintenance and back-up where the Customer does not have a direct relationship with that third party). This clause 11.7 is without prejudice to the generality of clause 11.1..

12. DATA CONNECT’S OBLIGATIONS

12.1. Data Connect undertakes that the Services will be performed with reasonable skill and care and in accordance with Good Industry Practice and the provisions of this agreement that the Services will be provided in accordance with the Services Specification.

12.2. The undertaking in clause 12.1 shall not apply to the extent of any non-conformance that is caused by use of the Services contrary to Data Connect’s instructions.

12.3. If the Services do not conform with the undertaking in clause 12.1, Data Connect shall, at its expense, use all reasonable commercial endeavours to correct any such nonconformance promptly, or provide the Customer with an alternative means of accomplishing the desired performance. Such correction or substitution constitutes the Customer’s sole and exclusive remedy for any breach of the undertaking in clause 12.1. This clause 12.3 is without prejudice to the Customer’s rights to claim applicable Service Credits and/or any right of the Customer to terminate the agreement pursuant to material breach (excluding minor persistent breaches) in relation to the availability of the Services pursuant to clause 22.

12.4. Notwithstanding the foregoing, Data Connect does not warrant that the Customer’s use of the Services shall be uninterrupted or error-free.

12.5. This agreement shall not prevent Data Connect from entering into similar agreements with third parties, or from independently developing, using, selling or licensing materials, products or services that are similar to those provided under this agreement.

13. SECURITY

13.1. Data Connect shall ensure that appropriate safety and security systems and procedures are maintained and enforced to prevent unauthorised access or damage to any and all Services, Data Connect’s System and related networks or resources and the Customer Data, in accordance with Good Industry Practice. Such technical and organisational measures shall include (without limitation) those measures set out in Schedule 5.

13.2. Data Connect shall ensure that Data Connect’s System is designed, maintained and upgraded at all times so as to minimise the risk of attack by Viruses. The parties agree that if Viruses are found, each of them shall co-operate with the other to reduce the effect of the Viruses and, particularly if Virus causes loss of operational efficiency or loss or corruption of Customer Data, assist each other to mitigate any losses and restore the Services to their original operating efficiency. The costs of complying with this clause 13.2 shall be apportioned between the parties on a pro rata basis according to fault.

13.3. Data Connect shall promptly inform the Customer if it suspects or uncovers any breach of security and shall use all commercially reasonable endeavours to promptly remedy such breach.

13.4. The Customer shall have the right, in its absolute discretion, to require Data Connect not to use specified individuals employed or engaged by Data Connect, or by a subcontractor, in the performance of specified elements of the Services. The Customer shall not exercise this right in breach of any law. In the event that the Customer exercises this right, then Data Connect shall inform the Customer of any impact on the Services and shall not be liable for any loss or delay caused by the exercise of this right.

14. CUSTOMER’S OBLIGATIONS

14.1. The Customer shall (unless expressly agreed otherwise in a Statement of Work):

14.1.1. provide Data Connect with:

14.1.1.1. where required, an outbound internet connection and/or assistance in setting up a Virtual Private Network connection to Data Connect’s systems;

14.1.1.2. all necessary co-operation in relation to this agreement; and

14.1.1.3. all necessary access to such information as may be reasonably required by Data Connect, in order to provide the Services, including Customer Data, security access information, and (subject to providing any confidentiality undertakings reasonably required by the Customer) software interfaces to the Customer’s other business applications;

14.1.2. provide such personnel assistance, including the Customer Account Team and other Customer personnel, as may be reasonably requested by Data Connect from time to time. The Customer shall notify Data Connect of any changes to such personnel from time to time;

14.1.3. appoint the Customer’s Project Manager, who shall have the authority to contractually bind the Customer on all matters relating to this agreement. The Customer shall use reasonable endeavours to ensure continuity of the Customer’s Project Manager, but has the right to replace him from time to time where reasonably necessary in the interests of the Customer’s business;

14.1.4. comply with all applicable laws and regulations with respect to its activities under this agreement, including those set out in clause 26; and

14.1.5. carry out all other Customer responsibilities set out in this agreement or in any of the Schedules in a timely and efficient manner. In the event of any delays in the Customer’s provision of such assistance as agreed by the parties, Data Connect may adjust any timetable or delivery schedule set out in this agreement as reasonably necessary.

14.1.6. not knowingly or recklessly allow any third party (unless an authorised representative of Data Connect) to access, modify, maintain or repair any part of the Software or the Hardware or any Work Product provided as part of the Works.

14.1.7. obtain and shall maintain all necessary licences, consents, and permissions necessary for Data Connect, its contractors and agents to perform their obligations under this agreement, including without limitation the Services.

14.1.8. ensure that its network and systems comply with the relevant specifications provided by Data Connect from time to time; and

14.1.9. be solely responsible for procuring and maintaining its network connections and telecommunications links from its systems to Data Connect’s data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer’s network connections or telecommunications links or caused by the internet.

14.1.10. Maintain and keep in good workable condition Data Connect Hardware or other machinery provided by Data Connect and report promptly any fault or suspected issue to Data Connect.

14.1.11. Return as directed, or permit to be replaced, any Hardware or other machinery provided by Data Connect under this Agreement.

14.1.12. Monitor it’s usage of Devices, as may be notified to it by Data Connect from time to time, and any applicable EPS limit to the extent required to ensure that the Customer’s use of EPS does not exceed the EPS limit and the Customer shall ensure that it considers the need to upgrade any EPS limit to prevent anticipated excessive use over and above the EPS limit.

15. WARRANTIES

15.1. The Customer warrants, represents and undertakes that:

15.1.1. it has the full capacity and authority to enter into and perform this agreement and that this agreement is executed by a duly authorised representative of the Customer;

15.1.2. it has the authority to grant any rights to be granted to Data Connect under this agreement, including the right to provide the Customer Software and Hardware to Data Connect as indicated in this agreement and for the same to be used in the provision of the Services and otherwise in connection with this agreement;

15.1.3. it shall comply with and use the Services in accordance with the terms of this agreement and all applicable laws, and shall not use the services in a way that shall infringe the rights of any third party including the publishing or transmission of any materials contrary to relevant laws (including but not limited to the transmission or creation of illegal materials and the like) unless such breach or infringement is a direct result of any act or omission of Data Connect;

15.1.4. it owns or has obtained valid licences, consents, permissions and rights to use, and where necessary to license to Data Connect, any materials reasonably necessary for the fulfilment of all its obligations under this agreement, including any third-party licences and consents in respect of any Customer Software; and

15.1.5. Data Connect’s possession and use in accordance with this agreement of any materials (including third-party materials supplied by the Customer to Data Connect) shall not cause Data Connect to infringe the rights, including any Intellectual Property Rights, of any third party.

15.1.6. Where the Customer uses its own Hardware to host or manage a virtualised Device then it shall ensure such Hardware and the Device and any applicable configuration or settings shall comply with any applicable specification or requirements communicated to it by Data Connect as may be amended from time to time.

15.2. Data Connect warrants, represents and undertakes that:

15.2.1. it has the full capacity and authority to enter into and perform this agreement and that this agreement is executed by a duly authorised representative of Data Connect;

15.2.2. it owns, or has obtained valid licences, consents, permissions and rights to enable Data Connect to comply with this agreement and to use any of the Intellectual Property Rights necessary for the fulfilment of all its obligations under this agreement including for the Customer’s use and receipt of the Services, and Data Connect shall not breach the provisions of any such necessary licences, consents, permissions and rights or cause the same to be breached;

15.2.3. it shall comply with all applicable laws and regulations in performing its obligations under this agreement;

15.2.4. the Customer’s possession and use in accordance with this agreement of any materials (including third-party materials) supplied by Data Connect to the Customer shall not cause the Customer to infringe the rights, including any Intellectual Property Rights, of any third party;

15.2.5. any software, system or telecommunications provided by or on behalf of Data Connect shall be tested for Viruses and any identified Viruses deleted in accordance with Good Industry Practice before the date of delivery or use of such software, systems or telecommunications by Data Connect; and

15.2.6. all personnel and sub-contractors used by Data Connect in the performance of this agreement are adequately skilled and experienced for the activities they are required to perform.

16. CHARGES AND PAYMENT

16.1. The Customer shall pay Set-Up Services Charges set out in the relevant Statement of Work for the Set-up Services and the Subscription Charges set out in the relevant Statement of Work for the Services.

16.2. Only when agreed in writing by the parties in advance, the Customer shall reimburse Data Connect for all actual, reasonable travel costs and expenses including airfares, hotels and meals incurred by Data Connect in performance of the Services including any other non-refundable charges incurred by Data Connect on behalf of the Customer.

16.3. All amounts and Charges stated or referred to in this agreement are exclusive of value added tax, which shall be added to Data Connect’s invoice(s) at the appropriate rate.

16.4. Unless otherwise agreed in writing as part of an applicable SoW, for Charges relating to Professional Services, Data Connect shall invoice the Customer annually in advance. If any Service Credits are due then they shall be shown as a deduction from the invoice.

16.5. The Customer shall pay undisputed amounts under applicable invoices with thirty (30) days of the Customer’s receipt of the invoice issued by Data Connect. If the Customer fails to make any payment due to Data Connect under this agreement by the due date for payment, then, without limiting Data Connect’s remedies under clause 22, the Customer shall pay interest on the overdue amount at the rate of 4% per annum above either 0% or Barclays Bank Plc’s base rate from time to time (whichever is higher). Such interest shall accrue on a daily basis from the due date until actual payment of the overdue amount, whether before or after judgment. The Customer shall pay the interest together with the overdue amount.

16.6. On expiry or termination of this agreement for any reason, any unpaid Service Credits represent a debt due from Data Connect to the Customer.

17. CHANGE CONTROL

17.1. If either party wishes to change the scope of the Services (including Customer requests for additional services), it shall submit details of the requested change to the other in writing.

17.2. If either party requests a change to the scope or execution of the Services Data Connect shall, on request and within a reasonable time, provide a written estimate to the Customer of:

17.2.1. the likely time required to implement the change;

17.2.2. any variations to the Charges arising from the change;

17.2.3. the likely effect of the change on the Project Plan; and

17.2.4. any other impact of the change on the terms of this agreement.

17.3. If Data Connect requests a change to the scope of the Services, the Customer shall not unreasonably withhold or delay consent to it (and for the avoidance of doubt, any change which will, in the reasonable opinion of the Customer, have an adverse effect on the provision or scope of the Services shall not be deemed to be an unreasonable ground for withholding such consent).

17.4. If either party wishes the other party to proceed with the relevant change referred to in clause 17.3, Data Connect has no obligation to do so unless and until the parties have agreed in writing the necessary variations to its Charges, the Project Plan and any other relevant terms of this agreement to take account of the change.

18. SERVICE REVIEW AND GOVERNANCE

18.1. The Customer’s Project Manager and Data Connect’s Project Manager shall have regular annual meetings (Annual Meetings) to monitor and review the performance of this agreement, to discuss any changes proposed in accordance with clause 17 and to discuss the Service Level Arrangements. These meetings shall be minuted by Data Connect’s Project Manager and copies of those minutes shall be circulated to, and approved by, both parties.

18.2. Before each Annual Meeting, the Customer’s Project Manager shall notify Data Connect’s Project Manager, and vice versa, of any problems relating to the provision of the Services for discussion at the Annual Meeting. At each such meeting, the parties shall agree a plan to address such problems. In the event of any problem being unresolved or a failure to agree on the plan, the matter shall be resolved in accordance with the Dispute Resolution Procedure. Progress in implementing the plan shall be included in the agenda for the next Annual Meeting.

18.3. A review meeting to assess the performance of Data Connect in the delivery of the Services shall be held at six-monthly intervals (Review Meeting). Each meeting shall be attended by senior representatives of the Customer and of Data Connect, together with the Customer’s Project Manager and Data Connect’s Project Manager.

18.4. The Customer and Data Connect shall review the Service Level Arrangement at each Review Meeting and shall, in accordance with clause 17, agree modifications to reflect changes in the Customer’s requirements for the Services.

18.5. In addition to the meetings set out above (Annual Meeting and Review Meeting) the Customer may request such reasonable high level meetings (an Informal Meeting) with Data Connect as are reasonably necessary to discuss matters relating to this Agreement (including but not limited to ongoing issues and planned future requirements). Data Connect shall not unreasonably refuse such meeting requests and the parties shall agree to meet (or may arrange a telephone discussion) within a reasonable amount of time following such request. Data Connect may reasonably refuse such meeting requests where they are requested to occur within 21 days of the last such Informal Meeting. For the avoidance of doubt, Informal Meetings may be either face to face or by telephone as may be reasonable required in the circumstances.

19. PROPRIETARY RIGHTS

19.1. The Customer acknowledges and agrees that, as between the parties, Data Connect and/or its licensors own all Intellectual Property Rights in the Work Product and in all other materials connected with the Services and/or developed or produced in connection with this agreement by Data Connect, its officers, employees, subcontractors or agents. Except as expressly stated in this agreement, this agreement does not grant the Customer any rights to such Intellectual Property Rights.

19.2. Data Connect acknowledges and agrees that the Customer owns and retains all rights, title and interest in and to the Customer Data. Data Connect shall have no rights to access, use or modify the Customer Data unless it has the prior written consent of the Customer. Notwithstanding the foregoing the Customer grants to Data Connect a limited license to make use of the Customer Data that is required in order to provide the Services to the Customer.

19.3. Data Connect shall own and retain all rights, title and interest in and to the Work Product. Data Connect shall be deemed to be the author of all Work Product.

19.4. Data Connect grants to the Customer a limited (for the term of this agreement), a revocable, personal, non-transferable, non-exclusive, royalty-free, worldwide limited licence to use all of Data Connect’s Intellectual Property Rights as incorporated by Data Connect into the Work Product and provided as part of the Services solely in connection with the Customer’s (and its permitted sub-licensees’) use of the Work Product and the Services in accordance with this agreement.

19.5. The Customer grants to Data Connect a limited (for the term of this agreement), revocable, personal, sub-licensable, non-transferable, non-exclusive, royalty-free, worldwide limited licence to use, exploit, copy, reproduce, manufacture, sub-license, modify, improve, enhance and make derivative works of the Customer’s Intellectual Property Rights solely to the extent necessary to enable Data Connect to comply with its obligations under this agreement. For the avoidance of doubt, any sub-license granted pursuant to this clause shall expire upon expiry or termination of this agreement.

19.6. Data Connect shall not disclose to the Customer or use in its work any trade secrets or confidential information of a third party which Data Connect is not lawfully entitled to disclose or use in such manner. Data Connect shall not use any equipment, supplies, facilities, computer code, work product, inventions or materials of any other third party (Third-Party Materials) in any Work Product or in Data Connect’s performance under this agreement unless:

19.6.1. Data Connect has the full right and authority to do so without violating any rights of any third party;

19.6.2. Data Connect has obtained all necessary rights to enable it to perform its obligations under this agreement and grant the rights granted pursuant to this agreement, and to permit the Customer to utilise the Third-Party Materials as contemplated under this agreement, in each case at no additional cost or expense to the Customer;

19.6.3. the Customer’s use of such Third-Party Materials will not restrict or impair in any manner its use of the Work Product or subject the Customer to any obligation or liability; and

19.6.4. such Third-Party Materials are specifically identified to the Customer in writing in advance of any use and the Customer has agreed in writing to such use.

19.7. Data Connect grants to the Customer a license for the Term of this Agreement which shall be irrevocable, non-transferrable, non-exclusive, royalty-free, worldwide licence to use such Third-Party Materials as are incorporated in the Work Product solely in connection with the Customer’s (and its permitted sub-licensees’) use of the Work Product in accordance with this agreement.

19.8. Each party reserves all rights not expressly granted or transferred pursuant to this agreement.

19.9. Data Connect shall indemnify the Customer against all reasonable liabilities, costs, expenses, damages and losses and all other reasonable professional costs and expenses suffered or incurred by the Customer arising out of or in connection with any claim brought against the Customer for actual or alleged infringement of a third party’s rights (including Intellectual Property Rights) arising out of or in connection the Customer receiving Services in accordance with the terms of this agreement.

20. CONFIDENTIALITY

20.1. The provisions of this clause 20 shall not apply to any Confidential Information that:

20.1.1. is or becomes generally freely available to the public (other than as a result of its disclosure by the receiving party or its Representatives in breach of this clause 20);

20.1.2. was available to the receiving party on a non-confidential basis before disclosure by the disclosing party;

20.1.3. was, is or becomes available to the receiving party on a non-confidential basis from a person who, to the receiving party’s knowledge, is not bound by a confidentiality agreement with the disclosing party or otherwise prohibited from disclosing the information to the receiving party;

20.1.4. was known to the receiving party before the information was disclosed to it by the disclosing party;

20.1.5. the parties agree in writing is not confidential or may be disclosed; or

20.1.6. the receiving party proves to the reasonable satisfaction of the disclosing party was developed by or for the receiving party independently of the information disclosed by the disclosing party.

20.2. Each party shall keep the other party’s Confidential Information confidential and shall not:

20.2.1. use such Confidential Information except for the purpose of exercising or performing its rights and obligations under this agreement (Permitted Purpose); or

20.2.2. disclose such Confidential Information in whole or in part to any third party, except as expressly permitted by this clause 20.

20.3. Each party shall take all reasonable steps to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by its Representatives in violation of the terms of this agreement.

20.4. The Customer:

20.4.1. acknowledges and agrees that Data Connect’s Confidential Information includes any designs, plans, software or other materials created by Data Connect in connection with the Services; and

20.4.2. agrees not to make use of any such designs, plans, software or other materials for any purpose other than receipt of the Services.

20.5. Data Connect acknowledges and agrees that the Customer Data is the Confidential Information of the Customer.

20.6. A party may disclose the other party’s Confidential Information to those of its Representatives who need to know such Confidential Information for the Permitted Purpose, provided that:

20.6.1. it informs such Representatives of the confidential nature of the Confidential Information before disclosure; and

20.6.2. at all times, it is responsible for such Representatives’ compliance with the confidentiality obligations set out in this clause 20.

20.7. A party may disclose Confidential Information to the extent such Confidential Information is required to be disclosed by law, by any governmental or other regulatory authority (including any relevant securities exchange) or by a court or other authority of competent jurisdiction provided that, to the extent it is legally permitted to do so, it gives the other party as much notice of such disclosure as possible and, where notice of disclosure is not prohibited and is given in accordance with this clause 20.7, it takes into account the reasonable requests of the other party in relation to the content of such disclosure.

20.8. A party may, provided that it has reasonable grounds to believe that the other party is involved in activity that may constitute a criminal offence under the Bribery Act 2010, disclose Confidential Information to the Serious Fraud Office without first informing the other party of such disclosure.

20.9. Each party reserves all rights in its Confidential Information. No rights or obligations in respect of a party’s Confidential Information other than those expressly stated in this agreement are granted to the other party or to be implied from this agreement.

20.10. The provisions of this clause 20 shall continue to apply after expiry or termination of this agreement for any reason.

20.11. No party shall make, or permit any person to make, any public announcement concerning this agreement without the prior written consent of the other party (such consent not to be unreasonably withheld or delayed), except as required by law, any governmental or regulatory authority (including any relevant securities exchange), any court or other authority of competent jurisdiction.

21. LIMITATION OF LIABILITY

21.1. This clause 21 sets out the entire financial liability of the parties (including any liability for the acts or omissions of its employees, agents and sub-contractors) in respect of:

21.1.1. any breach of this agreement; and

21.1.2. any representation, misrepresentation (whether innocent or negligent), statement or tortious act or omission (including negligence) arising under or in connection with this agreement.

21.2. Except as expressly provided in this agreement:

21.2.1. Data Connect is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Services and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities including but not limited to Devices sending Log Information in excess of any agreed EPS limit.

21.2.2. the Customer assumes sole responsibility for results obtained from the use of the Services, or other information and Documentation provided by the Customer, and for the quality of the Log Information unless the Device is managed fully by Data Connect, and for conclusions drawn from such use. Data Connect shall have no liability for any damage caused by errors or omissions in any information, instructions or scripts provided to Data Connect by the Customer in connection with the Services, or any actions taken by Data Connect at the Customer’s direction; and

21.2.3. all warranties, conditions and other terms implied by statute, common law or otherwise are, to the fullest extent permitted by law, excluded from this agreement.

21.3. Nothing in this agreement excludes or limits the liability of either party for:

21.3.1. death or personal injury caused by the other party’s negligence;

21.3.2. fraud or fraudulent misrepresentation; or

21.3.3. any other liability which cannot lawfully be excluded or limited.

21.4. Without prejudice to any rights of termination arising under clause 22, the Service Level Arrangements state the Customer’s full and exclusive right and remedy, and Data Connect’s sole obligation and liability, in respect of the performance and availability of the Services, or their non-performance and non-availability.

21.5. Subject to clause 21.3, neither party shall be liable whether in contract, tort (including for negligence or breach of statutory duty), misrepresentation (whether innocent or negligent), restitution or otherwise for any loss of profits, loss of business, depletion of goodwill or similar losses, or for any indirect or consequential loss, costs, damages, charges or expenses however arising.

21.6. Subject to clauses 21.3, 21.4 and clause 21.5, Data Connect’s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation (whether innocent or negligent), restitution or otherwise, arising in connection with the performance or contemplated performance of this agreement shall be limited to the price paid for the affected Services during the twelve (12) months preceding the date on which the claim arose.

21.7. Subject to clauses 21.3 and 21.5, the Customer’s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation (whether innocent or negligent), restitution or otherwise, arising under or in connection with this agreement shall be limited to 100% of the total Charges paid by the Customer to Data Connect in the preceding 12 month period.

22. TERM AND TERMINATION

22.1. This agreement shall commence on the Effective Date. This agreement shall continue for a period to be determined by clause 2.1 unless terminated earlier in accordance with this clause 22..

22.2. Without prejudice to any rights that have accrued under this agreement or any of its rights or remedies and subject to clause 23, the Customer may terminate this agreement as it relates to any pre-agreed Professional Services by written notice to Data Connect, provided that on any such termination it shall, without prejudice to any accrued rights or obligations as at that time, be obliged to pay termination compensation to Data Connect calculated as follows:

22.2.1. Cancellation of work within 3 to 5 days Working Days (written notice required) will result in 50% fee being invoiced.

22.2.2. Cancellation of work within 0 to 2 Working Days (written notice required) will result in 100% fee being invoiced.

22.3. Without prejudice to any other right or remedy available to it, and subject to clause 23, either party may terminate this agreement with immediate effect by giving written notice to the other party if:

22.3.1. the other party fails to pay any amount due under this agreement on the due date for payment and remains in default not less than fourteen (14) days after being notified in writing to make such payment;

22.3.2. the other party commits a material breach of any term of this agreement and (if such breach is remediable) fails to remedy that breach within a period of 30 days after being notified in writing to do so;

22.3.3. the other party breaches any of the terms of clause 20;

22.3.4. the other party suspends, or threatens to suspend, payment of its debts, or is unable to pay its debts as they fall due or admits inability to pay its debts, or is deemed unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986;

22.3.5. the other party commences negotiations with all or any class of its creditors with a view to rescheduling any of its debts, or makes a proposal for or enters into any compromise or arrangement with its creditors other than for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party;

22.3.6. a petition is filed, a notice is given, a resolution is passed, or an order is made for or in connection with the winding up of that other party other than for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party;

22.3.7. an application is made to court, or an order is made, for the appointment of an administrator, or a notice of intention to appoint an administrator is given, or an administrator is appointed, over the other party;

22.3.8. the holder of a qualifying floating charge over any of the assets of that other party has become entitled to appoint or has appointed an administrative receiver;

22.3.9. a person becomes entitled to appoint a receiver over any of the assets of the other party or a receiver is appointed over any of the assets of the other party;

22.3.10. a creditor or encumbrancer of the other party attaches or takes possession of, or a distress, execution, sequestration or other such process is levied or enforced on or sued against, the whole or any part of the other party’s assets and such attachment or process is not discharged within 14 days;

22.3.11. any event occurs, or proceeding is taken, with respect to the other party in any jurisdiction to which it is subject that has an effect equivalent or similar to any of the events mentioned in clause 22.3.4 to clause 22.3.9 (inclusive);

22.3.12. the other party suspends or ceases, or threatens to suspend or cease, carrying on all or a substantial part of its business; or

22.3.13. there is a change of control of the other party (within the meaning of section 1124 of the Corporation Tax Act 2010).

22.4. Without prejudice to any other right or remedy available to it, and subject to clause 23:

22.4.1. the Customer may terminate this agreement with immediate effect by giving written notice to Data Connect if:

22.4.2. Data Connect commits a series of breaches of this agreement which are each individually not material but which occur sufficiently often within a sufficiently short period to have, in aggregate, the effect of being a material breach; or

22.4.3. Data Connect breaches any of the terms of clause 11 or clause 13; or

22.5. The party not affected by a continuing Force Majeure Event may terminate this agreement in accordance with clause 24.1.

22.6. Either party may terminate this agreement in accordance with clause 5.4.

22.7. Any provision of this agreement which expressly or by implication is intended to come into or continue in force on or after expiry or termination of this agreement shall remain in full force and effect.

22.8. Expiry or termination of this agreement for any reason shall not affect the accrued rights, remedies, obligations or liabilities of the parties existing at expiry or termination.

22.9. On expiry or termination of this agreement for any reason:

22.9.1. Data Connect shall immediately cease provision of the Set-Up Services, Services and Maintenance Services but may provide Transition Services for a further period in accordance with clause 23.2;

22.9.2. (subject to clause 22.11) each party shall return and make no further use of any equipment, property, materials and other items (and all copies of them) belonging to the other party and the Customer shall cease to use any IP address that may have been assigned to the Customer by Data Connect; and

22.9.3. if Data Connect receives, no later than sixty (60) days before the effective date of the expiry or termination of this agreement for any reason, a written request for the delivery to the Customer of the most recent backup of the Customer Data or is required to deliver such Customer Data to the Customer pursuant to an Exit Plan, Data Connect shall use reasonable commercial endeavours to deliver the backup to the Customer within 30 days, or such longer time period as may be reasonable in the circumstances, of its receipt of such a written request or within 30 days of the relevant Exit Plan commencing (as applicable) in the format stored (which, as at the commencement date, is CSV format), or in such other format as reasonably requested by the Customer at the cost of the Customer (such costs as set out in the relevant SoW), provided that the Customer has at that time paid all Charges outstanding at (and including any resulting from) expiry or termination (whether or not due at the date of expiry or termination). Once the agreement has expired or Data Connect has, at the Customer’s request, delivered to the Customer the most recent backup of the Customer Data (as applicable), Data Connect shall (subject to clause 22.11) promptly expunge from Data Connect’s System and otherwise destroy or dispose of all of the Customer Data in its possession or control. The Customer shall pay all reasonable costs and expenses incurred by Data Connect in returning and disposing of Customer Data and expunging it from Data Connect’s System. For the avoidance of doubt, nothing in this clause shall affect or reduce Data Connect’s obligations under clause 11.4.7. Any reference to Customer Data in this clause shall be deemed to refer to the last 3 months of backup Customer Data (unless, at the relevant time, the Agreement has been in force for less than 3 months, when the reference shall be deemed to refer to a backup of all Customer Data up to a maximum of 3 months).

22.10. Without prejudice to any of its other rights, Data Connect shall, following written notice to the Customer, be entitled to suspend the supply of the Services or any service under this agreement where Data Connect has a right to terminate the agreement under clause 22. Such suspension shall be without waiver of any rights, nor shall Data Connect be liable for any losses suffered by the Customer in relation to such suspension so long as that suspension is in accordance with any other right of Data Connect to terminate the agreement or any part thereof. Any such suspension shall continue for a maximum of 30 days, following which, the agreement shall be deemed to be terminated.

22.11. If a party is required by any law, regulation, or government or regulatory body (Regulatory Requirement) to retain any documents or materials which it would otherwise be obliged to return or destroy under clause 22.9.3, it shall notify the other party in writing of such retention, giving details of the documents or materials that it must retain. Clause 20 shall continue to apply to any such retained documents and materials for as long as any such requirement continues in force, subject to any disclosure mandated by any Regulatory Requirement.

23. EXIT ASSISTANCE AND TRANSFER OF ASSETS

23.1. Data Connect shall, on request from the Customer at any time after the expiry of six months from the Acceptance Date, prepare or update a detailed plan for the orderly transition of the Services from Data Connect to the Customer or its nominated Replacement Supplier (Exit Plan). Any such Exit Plan shall, without limitation, provision for the return of Customer Data pursuant to clause 22.9.3.

23.2. The Customer may, at any time before expiry or termination of all or any part of this agreement for any reason request Data Connect to provide the Transition Services or otherwise to offer reasonable assistance in transitioning the Services to the Customer or a Replacement Supplier (by providing the Transition Services). Data Connect shall, in consideration of a reasonable fee (to be agreed in advance), provide such Transition Services for a maximum period of three months, or until expiry or termination of all or any part of this agreement for any reason in accordance with clause 22, whichever is later.

23.3. On expiry or termination of all or any part of this agreement for any reason Data Connect shall promptly produce a list of the Customer-site Equipment and the Transferring Contracts. Data Connect shall sell, and the Customer shall buy, the Customer-site Equipment for net book value, calculated in accordance with Data Connect’s reasonable then-current depreciation policy. Title to such Customer-site Equipment shall pass to the Customer on payment for the same.

23.4. Data Connect and Customer shall co-operate to procure the novation or assignment to the Customer and/or Replacement Supplier of the Transferring Contracts.

23.5. The Customer shall:

23.5.1. accept assignments from Data Connect or join with Data Connect in procuring a novation of each Transferring Contract; and

23.5.2. once a Transferring Contract is novated or assigned to the Customer or the Replacement Supplier, carry out, perform and discharge all the obligations and liabilities created by or arising under that Transferring Contract and exercise its rights arising under that Transferring Contract or, as applicable, procure that the Replacement Supplier does the same.

24. FORCE MAJEURE

24.1. Neither party shall have any liability to the other under this agreement if it is prevented from, or delayed in, performing its obligations under this agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, except to the extent that it could reasonably have avoided such circumstances by (in the case of Data Connect) fulfilling its obligations in accordance with clause 24.3 or otherwise exercising the level of diligence that could reasonably have been expected of it (having exercised Good Industry Practice), including strikes, lock-outs or other industrial disputes (excluding any industrial disputes involving the workforce of Data Connect), act of God, war, riot, civil commotion, compliance with any law or regulation, fire, flood or storm (each a Force Majeure Event), provided that:

24.1.1. the other party is notified of such an event and its expected duration; and

24.1.2. it uses all reasonable endeavours to mitigate, overcome or minimise the effects of the Force Majeure Event concerned,

and that if the period of delay or non-performance continues for three consecutive months or more, the party not affected may terminate this agreement by giving not less than 14 days’ written notice to the other party.

24.2. If the Force Majeure Event results in the suspension of all or any part of the Services, then the Customer shall not be obliged to pay the relevant Charges until such time as the Force Majeure Event shall have ceased to have effect and the Services recommence in accordance with this agreement.

24.3. Data Connect shall have in place an appropriate Disaster Recovery Plan to ensure that it is able to comply with its obligations under this agreement and shall maintain, update and test such Disaster Recovery Plan at appropriate intervals. If such Disaster Recovery Plan is invoked, the cost and expense of invoking and executing such Disaster Recovery Plan shall be borne by Data Connect.

25. AUDIT

25.1. For the term of this agreement, and for a period of seven years from expiry or termination of this agreement for any reason, Data Connect shall maintain full and accurate records in accordance with Generally Accepted Accounting Principles, in an agreed form, of all Charges, prices, costs and expenses associated with and invoiced in respect of the Services and its performance against the Service Level Arrangements and all processing of data under this agreement.

25.2. For the term of this agreement, Data Connect shall ensure that monthly management accounts are produced in addition to its annual audited accounts and shall, if requested, promptly provide to the Customer copies of such records and accounts and any other financial information reasonably requested by the Customer. The Customer shall state the purpose (where permitted by law) of such a request and shall be responsible for and shall ensure that any auditors treat the information disclosed as Confidential Information.

25.3. Data Connect shall, on reasonable advance written notice:

25.3.1. allow the Customer, any designated auditors of, or other advisers to, the Customer, and any regulators of the Customer to access any of Data Connect’s (and any of Data Connect’s sub-contractors’) premises, personnel, relevant records and systems used by Data Connect (or any of its sub-contractors) in the provision of the Services (including Data Connect’s System and its (or any of its sub-contractors’) data processing facilities) as may be reasonably required to verify that the Services are being provided in accordance with this agreement, the adequacy of Data Connect’s (and any of Data Connect’s sub-contractors’) financial standing and Data Connect’s compliance with applicable law and regulation (including without limitation compliance with the Data Protection Legislation); and

25.4. The Customer shall use its reasonable endeavours to ensure that the conduct of each audit does not unreasonably disrupt Data Connect (or any of its sub-contractors) or delay the provision of any of the Services by Data Connect.

25.5. Subject to the Customer’s obligations of confidentiality, Data Connect shall provide (and procure that its sub-contractors provide) the Customer (and its auditors and other advisers) with all reasonable co-operation, access and assistance in relation to each audit.

25.6. The parties shall bear their own costs and expenses incurred in respect of compliance with their obligations under this clause.

26. ANTI-BRIBERY AND SLAVERY POLICY

26.1. Data Connect shall:

26.1.1. comply with all applicable laws, statutes and regulations relating to anti-bribery and anti-corruption, including the Bribery Act 2010 (Relevant Requirements);

26.1.2. not engage in any activity, practice or conduct that would constitute an offence under sections 1, 2 or 6 of the Bribery Act 2010 if such activity, practice or conduct had been carried out in the UK;

26.1.3. have and maintain in place throughout the term of this agreement its own policies and procedures, including adequate procedures under the Bribery Act 2010, to ensure compliance with the Relevant Requirements, and clause 26.1.2, and shall enforce them where appropriate;

26.1.4. promptly report to the Customer any request or demand for any undue financial or other advantage of any kind received by Data Connect in connection with the performance of this agreement;

26.1.5. immediately notify the Customer (in writing) if a foreign public official becomes an officer or employee of Data Connect or acquires a direct or indirect interest in Data Connect (and Data Connect warrants and represents that it has no foreign public officials as officers or employees or direct or indirect owners at the date of this agreement);

26.1.6. On reasonable request Data Connect shall certify to the Customer in writing signed by an officer of Data Connect, compliance with this clause 26 by Data Connect and all persons associated with it and all other persons for whom Data Connect is responsible under clause 26.1.5. Data Connect shall provide such supporting evidence of compliance as the Customer may reasonably request.

26.1.7. comply with all applicable anti-slavery and human trafficking laws, statutes, regulations from time to time in force including but not limited to the Modern Slavery Act 2015;

26.1.8. have and maintain throughout the term of this agreement its own policies and procedures to ensure its compliance; and

26.1.9. not engage in any activity, practice or conduct that would constitute an offence under sections 1, 2 or 4, of the Modern Slavery Act 2015 if such activity, practice or conduct were carried out in the UK.

26.2. Breach of this clause 26 shall be deemed a material breach under clause 22.3.2.

26.3. For the purpose of this clause 26, the meaning of adequate procedures and foreign public official and whether a person is associated with another person shall be determined in accordance with section 7(2) of the Bribery Act 2010 (and any guidance issued under section 9 of that Act), section 6(5) and (6) of that Act, and section 8 of that Act respectively. For the purposes of this clause 26 a person associated with Data Connect also includes any sub-contractor of Data Connect.

27. ANTI-TAX AVOIDANCE

27.1. Data Connect hereby warrants and confirms to the Customer that:

27.1.1. neither it nor its Relevant Associates are involved or have been involved in any contract, agreement or other arrangement of any kind which could or may result in tax evasion or the facilitation thereof; and

27.1.2. it shall notify the Customer immediately in writing should it become aware at any time during the term of this agreement of any fact or circumstance which indicates that it or any of its Relevant Associates are or could be involved in tax evasion or the facilitation thereof in connection with the services to be provided by it pursuant to this agreement.

27.2. Data Connect hereby agrees to fully indemnify the Customer in respect of any losses, damages, fines, penalties, charges or other costs which the Customer or any Relevant Associate or other entity within the Customer’s group suffers in the event that Data Connect is in breach of the warranties given at sub-clauses 27.1.1 and 27.1.2 above.

27.3. In the event of a breach of either or both of the warranties given at sub-clauses 27.1.1 and 27.1.2 above and notwithstanding the provisions of clause 27.2, the Customer may, in its absolute discretion, terminate this agreement without notice and without the need for further recourse to Data Connect and such termination shall be communicated in writing to Data Connect within 10 Business Days of the Customer becoming aware of such breach(es).

27.4. For the purposes of this clause, “Relevant Associates” means any employee, agent, contractor or any other person acting for or on behalf of the relevant person or entity.

28. WAIVER

28.1. No failure or delay by a party to exercise any right or remedy provided under this agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it preclude or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall preclude or restrict the further exercise of that or any other right or remedy.

29. SEVERANCE

29.1. If any provision or part-provision of this agreement is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of this agreement.

29.2. If one party gives notice to the other of the possibility that any provision or part-provision of this agreement is invalid, illegal or unenforceable, the parties shall negotiate in good faith to amend such provision so that, as amended, it is legal, valid and enforceable, and, to the greatest extent possible, achieves the intended commercial result of the original provision.

30. ENTIRE AGREEMENT AND VARIATION

30.1. This agreement and all Statements of Work in force from time to time constitute the entire agreement between the parties and supersedes all previous discussions, correspondence, negotiations, arrangements, understandings and agreements between them relating to its subject matter.

30.2. Each party acknowledges that in entering into this agreement it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in this agreement. Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in this agreement.

30.3. No variation of this agreement shall be effective unless it is in writing and signed by the parties (or their authorised representatives).

31. ASSIGNMENT

31.1. Neither party may at any time assign, transfer, mortgage, charge, sub-contract, delegate, declare a trust over or deal in any other manner with all or any of its rights and obligations under this agreement without the consent of the other party.

32. NO PARTNERSHIP OR AGENCY

32.1. Nothing in this agreement is intended to, or shall be deemed to, establish any partnership or joint venture between any of the parties, or (except as expressly provided herein. And no provision shall constitute any party the agent of another party nor authorise any party to make or enter into any commitments for or on behalf of any other party.

32.2. Each party confirms it is acting on its own behalf and not for the benefit of any other person.

33. THIRD PARTY RIGHTS

33.1. Except as expressly provided elsewhere in this agreement, no one other than a party to this agreement, its successors and permitted assignees, shall have any right to enforce any of its terms.

34. RIGHTS AND REMEDIES

34.1. Except as expressly provided in this agreement, the rights and remedies provided under this agreement are in addition to, and not exclusive of, any rights or remedies provided by law.

35. NOTICES

35.1. Any notice or other communication required to be given to a party under or in connection with this agreement shall be in writing and shall be:

35.1.1. delivered by hand or by registered post at its registered office; or

35.2. Any notice or communication shall be deemed to have been received:

35.2.1. if delivered by hand, on signature of a delivery receipt or at the time the notice is left at the proper address;

35.2.2. if sent by registered post, at 9.00 am on the second Business Day after posting or at the time recorded by the delivery service;

35.3. This clause does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution. For the purposes of this clause 34, “writing” shall not include e-mail or fax.

36. DISPUTE RESOLUTION

36.1. If a dispute arises under or in connection with this agreement (Dispute), including any Dispute arising out of any amount due to a party, then before bringing any legal proceedings or commencing any other alternative dispute resolution procedure in connection with such Dispute, a party must first give written notice (Dispute Notice) of the Dispute to the other party describing the Dispute and requesting that it is resolved under the dispute resolution procedure described in this clause 35.

36.2. If the parties are unable to resolve the Dispute within 30 days of delivery of the Dispute Notice, each party shall promptly (and in any event within five Business Days):

36.2.1. appoint a representative who has authority to settle the Dispute and is at a higher management level, where one exists, than the person with direct responsibility for the administration of this agreement (Designated Representative); and

36.2.2. notify the other party of the name and contact information of its Designated Representative.

36.3. Acting reasonably and in good faith the Designated Representatives shall discuss and negotiate to resolve the Dispute, including agreeing the format and frequency for such discussions and negotiations, provided that all reasonable requests for relevant information relating to the Dispute made by one party to the other party shall be complied with as soon as reasonably practicable).

36.4. If the parties are unable to resolve the Dispute within 30 days after the appointment of both Designated Representatives, the parties agree to enter into mediation in good faith to settle such a dispute and will do so in accordance with the Centre for Effective Dispute Resolution (CEDR) Model Mediation Procedure in the UK. Unless otherwise agreed between the parties within 14 Working Days of notice of the dispute, the mediator will be nominated by CEDR. In the event of an unsuccessful mediation either party may proceed with any other available remedy.

36.5. Notwithstanding any other provision of this agreement, a party may seek interim or other equitable relief necessary (including an injunction) where damages would be an inadequate remedy.

37. GOVERNING LAW AND JURISDICTION

37.1. This agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales.

37.2. Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this agreement or its subject matter or formation (including non-contractual disputes or claims).

This agreement has been entered into on the date stated at the beginning of it.

SCHEDULE 1Pro-Forma Statement of Work

[Please see page 48 of PDF here]

SCHEDULE 2 Available Services

1. SERVICES AVAILABLE TO BE ORDERED:

1.1. SIEM Service

1.2. Network and/or security consultation

1.3. Managed firewall and network

1.4. Third party products

1.5. Enhanced vendor support

1.6. Phishing and user awareness

1.7. Penetration testing

1.8. System auditing

1.9. Monthly security checks

1.10. Training and knowledge transfer workshops

1.11. Vulnerability Management

1.12. Endpoint security

EXCLUDED SERVICES

For the avoidance of doubt any service that are being provided by Data Connect to the Customer under a contract already existing as at the date of this Agreement shall continue to be provided under such existing contract unless and until such service is ordered under a Statement of Work which expressly refers to this Agreement.

SCHEDULE 3– Maintenance and support

1. TRAINING

1.1. Data Connect shall provide knowledge transfer to employees of the Customer as is allowed for as specified in the Statement of Work, Proposal or Quote document, and is otherwise in accordance with, the Project Plan.

1.2. Knowledge Transfer is not a direct replacement for official vendor lead training but rather a practical information sharing session regarding the Customer setup, specific technology acquired or area of interest. All as described within the commercial Quote or Proposal.

2. MAINTENANCE ACTION

2.1. Maintenance work that may require interruption of the Services (Maintenance Action) shall not normally be performed during Normal Business Hours. Data Connect may interrupt the Services outside Normal Business Hours for maintenance provided that it has given the Customer at least three days’ advance written notice.

2.2. Any Maintenance Actions that occur during Normal Business Hours, or that occur with less than three day’s notice, and which were not requested or expressly approved in writing by the Customer, shall be considered downtime for the purpose of service availability measurement. Data Connect shall at all times endeavour to keep any service interruptions to a minimum.

3. TECHNICAL SUPPORT SERVICES

3.1. Should the Customer determine that the Services include a defect, a CSR can file error reports or support requests in accordance with paragraph 3.2 below. Data Connect shall provide technical support services only to CSRs.

3.2. Data Connect shall accept voicemail, e-mail and web form-based incident submittal from CSRs 24 hours a day, seven days a week. Data Connect shall accept telephone calls for English language telephone support during Normal Business Hours. Data Connect shall use reasonable endeavours to process support requests, issue trouble ticket tracking numbers if necessary, determine the source of the problem and respond to the Customer. Data Connect shall use reasonable endeavours to respond to and resolve all support requests from CSRs within the time periods specified below, according to priority.

3.3. Data Connect shall, at its sole discretion (acting reasonably), determine the priority of a support request in accordance with the following table. SLAs described are for all customer raised requests in relation to any vSOC Service or Data Connect ‘ONE Support’.

This does not relate to Service Availability, Security Incidents or any other service level agreements or similar arrangements which are described in a relevant Statement of Work.

3.4. All support requests must be reported to Data Connect via one of the following methods:

3.4.1. Email to support@dataconnect.co.uk;

3.4.2. or Telephone;

3.4.3. or via the ticketing system at https://support.dataconnect.co.uk

3.5. P1 or P2 requests must be raised via the telephone.

3.6. A technical escalation process is in place, which allows our engineers to progress tickets with the assistance of our senior engineers. Where progress has stunted for whatever reason, management escalation can be requested and involves the following 4 stages.

  • Support Manager Escalation
  • Service/Account Manager Escalation
  • Technical Director Escalation
  • Managing Director Escalation

Once escalation has been initiated, the process below is followed:

The de-escalation process does not necessarily involve the end of an incident, but may signify further involvement from vendor support, or that a vendor escalation process has been implemented.

3.7. The Customer shall provide front-line support to Services users who are not the designated CSRs. The Customer’s designated CSRs may contact Data Connect technical support in order to report problems that the Customer’s designated CSRs cannot resolve themselves after they have performed a reasonable level of diagnosis.

3.8. The SLAs within this agreement are specific to Data Connect Services. Third party products are provided with a third party SLA. This applies where we have supplied or are managing customer owned systems/services and the vendor support is direct with the customer. Data Connect’s SLA shall apply only where expressly ordered as part of the SoW and shall be supplemental and in addition to applicable third party SLAs which shall govern the relevant products.

4. CONFIGURATION MANAGEMENT

4.1. There are two types of configuration changes that can be raised with our managed services. These are standard and non-standard configuration changes.

4.2. Standard Changes – These are changes that are part of your managed service and will include (but not limited to):

  • Rule modification/addition
  • Web filtering modification/addition
  • IPS modification
  • VPN creation

4.2.1. Standard changes that have been requested will follow our standard change procedure.

4.2.2. In words, a change can be raised by either the customer or Data Connect. Before being implemented, this change must be approved by appointed CSRs. A visual representation of how this process might look is shown below:

4.3. Non-standard Changes are those deemed at the discretion of Data Connect to be outside the scope of a Managed Service or Support agreement. For example this includes changes that enable new features or functionality within a system under management or a number of changes that could be deemed to require project like planning and execution of multiple changes.

4.3.1. This type of change will be referred to the project team and may be chargeable as a separate piece of work and/or affect the overall costs of the Support or Managed Service.

4.4. For the avoidance of doubt, any non-configuration changes to the Services and/or the agreement shall be dealt with as per the process set out in clause 17.

SCHEDULE 4 – Personal Data, Processing and Data Subjects

This Schedule includes certain details of the Processing of the Personal Data as required by Article 28(3) GDPR or equivalent provisions of any Data Protection Legislation.

Subject matter and duration of the Processing of the Personal Data

The subject matter and duration of the Processing of the Personal Data are set out in the Agreement, any SoW and other written instructions of the Customer until such time as the Agreement is completed, expired or when Data Connect is instructed to return the Personal Data.

The nature and purpose of the Processing of the Personal Data

Data Connect shall process the Personal Data for the purposes of providing the Services as set out in the Agreement.

The types of the Personal Data to be Processed (Dependant on Service)

  • Personal Data
  • Name
  • Date of Birth
  • Contact details
  • Web browsing data including sites visited and category of site
  • System access data including username, email address, IP address and other login information; and
  • PII data found in transit or stored on disk including file transfer, email and office documents

The categories of Data Subject to whom the Personal Data relates

Customer employees (including, without limitation, CSRs, project managers and other employees of the Customer)

The obligations and rights of the Data Controller and Data Controller Affiliates

The obligations and rights of the Data Controller are set out in the Agreement.

SCHEDULE 5– Technical And Organisational Security Measures (TOMs)

Data Security Technical and Organisational Measures Statement

This statement describes Data Connect’s approach to Cyber security and has been developed in accordance with the following four aims:

  • Management of security
  • Protection of data against cyber-attack
  • Detection of security events
  • Minimising the impact

Risk Management

Data Connect takes appropriate steps to identify, assess and understand security risks to data and the systems that process this data.

Data Connect takes steps to assess these risks and include appropriate organisational measures to make effective risk-based decisions based upon:

  • the state of the art (of technology);
  • the cost of implementation;
  • the nature, scope, context and purpose of processing activity; and
  • the severity and likelihood of the risk(s).

Beyond this and where personal data is involved, where the processing is likely to result in a high risk to the rights and freedoms of individuals, Data Connect also undertake a Data Protection Impact Assessment (DPIA) to determine the impact of the intended processing on the protection of personal data. The DPIA considers the technical and organisational measures necessary to mitigate that risk.

Protection of data against cyber-attack

Data Connect has proportionate security measures in place to protect against cyber-attack which cover:

  • data we process; and
  • the systems that process such data.

Service protection policies and processes

Data Connect defines, implements, communicates and enforces appropriate policies and processes that direct overall approach to securing systems involved in the processing of data.

Data Connect assess its systems and implements specific technical controls as laid out in frameworks such as Cyber Essentials.

Identity and access control

Data Connect understands, documents and manages access to data and systems. Access rights are granted to specific users, limited to those users who reasonably need such access to perform their function and removed when no longer needed. Data Connect undertakes activities to check and validate that the technical system permissions are consistent with documented user access rights.

Data Connect appropriately authenticates and authorises users (or any automated functions) that can access systems or data. Data Connect enforces strong authentication for users who have privileged access.

Data Connect prevents users from downloading, transferring, altering or deleting data where there is no legitimate organisational reason to do so. Data Connect appropriately constrains legitimate access and ensures there is an appropriate audit trail.

Data Connect has a robust password policy which avoids users having weak passwords, such as those trivially guessable. Data Connect changes all default passwords and removes or suspends unused accounts.

Data Security

Data Connect implements technical controls (such as appropriate encryption) to prevent unauthorised or unlawful processing of data, whether through unauthorised access to user devices or storage media, backups, interception of data in transit or at rest or accessing data that might remain in memory when technology is sent for repair or disposal.

System Security

Data Connect implements appropriate technical and organisational measures to protect systems, technologies and digital services from cyber-attack.

Typical examples of security measures Data Connect takes include:

  • tracking and recording all assets that process data, including end user devices and removable media;
  • minimising the opportunity for attack by configuring technology appropriately, minimising available services and controlling connectivity;
  • actively managing software vulnerabilities, including using in-support software and the application of software update policies (patching), and taking other mitigating steps, where patches can’t be applied;
  • managing end user devices (laptops and smartphones etc.) so that Data Connect can apply organisational controls over software or applications that interact with or access data;
  • encrypting data at rest on devices (laptops, smartphones, removable media) that are not subject to strong physical controls;
  • encrypting sensitive data when transmitted electronically;
  • ensuring that web services are protected from common security vulnerabilities such as SQL injection and others described in widely-used publications such as the OWASP Top 10; and
  • ensuring our processing environment remains secure throughout its lifecycle. Data Connect also undertake regular testing to evaluate the effectiveness of security measures, including virus and malware scanning, vulnerability scanning and penetration testing as appropriate. Data Connect record the results of any testing and remediating action plans.

Employment Checks

From the 1st January 2018 Data Connect operates pre-employment screening checks that verifies an individual’s credentials. In addition, the screening process reveals important information about a candidate’s prior behaviour which can help Data Connect assess potential risk posed by the candidate. At a minimum, this includes a criminal record check.

Staff awareness and training

Data Connect gives staff appropriate support to help them manage data securely, including the technology they use. This includes relevant training and awareness as well as provision of the tools they need to effectively undertake their duties in ways that support the security of all systems.

Security Monitoring

Data Connect appropriately monitors the status of systems processing data and monitors user access to data and systems, including anomalous user activity.

Data Connect records user access to all systems. Where unexpected events or indications of a breach are detected, Data Connect has processes in place to act upon those events as necessary in an appropriate timeframe.

Data Connect do this to:

  • minimise the impact of a breach;
  • restore systems and services;
  • manage the incident appropriately; and
  • learn lessons for the future.

Response & Recovery

Data Connect has well-defined and tested incident management processes in place in case of a data or system breach. Data Connect also has mitigation processes in place that are designed to contain or limit the range of data or systems that could be compromised following a breach.

Where the loss or availability of data could cause harm, Data Connect has measures in place to ensure appropriate recovery. This includes maintaining (and securing) appropriate backups.

The supply chain

Data Connect understands and manages security risks that may arise as a result of using third parties such as data processors. This includes ensuring that they employ appropriate security measures.

In the case of data processors, Data Connect choose those that provide sufficient guarantees about their technical and organisational measures.