Terms & Conditions
END USER LICENCE AGREEMENT
We may change the terms of this Agreement from time to time and at our sole discretion. If material changes are made to the Agreement, we will notify you by placing a prominent notice on our Website or by sending you a notification by email in relation to this. If you do not agree to these changes, please do not continue to use the Service.
PLEASE READ THIS AGREEMENT CAREFULLY
This End User Licence Agreement (the “EULA”) is a legal agreement between you, the subscriber, and Lex Software Limited t/a Klyant, whose office is at Talent Garden, Claremont Avenue, Glasnevin, D11 YNR2 (us or we) for:
- the accounting solutions service that we provide for law firms, estate agents and barristers (the “Service”) through a cloud-based web application called Klyant (the “Software”); and
- the documentation for the Service produced by us and delivered or made available to you (the “Documentation”).
We license use of the Service and Documentation to you on the basis of this EULA. We do not sell the Service or Documentation to you. We remain the owners of the Service and Documentation at all times.
The purpose of the Software is to allow you to record accounting transactions, manage invoices, record payments, record practice expenditure and produce financial management reports from any location, at any time (the “Purpose”).
For the avoidance of doubt, we are entitled, as owner of the Service and Documentation, to use the Documentation and the data inputted into the Service by you to generate anonymised internal reports for our business management purposes and to develop the Service and Documentation.
AGREED TERMS
1. GRANT AND SCOPE OF TERMS OF USE, MINOR CHANGES, UPDATES
1.1 In consideration of you agreeing to abide by this EULA, we hereby grant to you a non-exclusive, non-transferable licence to use the Service and the Documentation, on the terms set out in this EULA, until terminated in accordance with this EULA.
1.2 You may use any Documentation which we may share with you in support of the use permitted under clause 1.1.
1.3 The Service may, at our discretion, be upgraded to reflect changes in the operating system through which the Service is accessed. We may also need to change these terms to reflect or deal with additional features of the Service which may be introduced.
1.4 You may not allow any other person to use the Service, whether for money, for other consideration or for free.
1.5 If you access the Service from a device not owned by you, you must have the owner's permission to do so.
2. RESTRICTIONS
Except as expressly set out in this EULA, you will not:
2.1 copy the Service, Software or Documentation, except where such copying is incidental to normal use of the Service;
2.2 use the Serviceto provide services to third parties or attempt to obtain, or assist third parties in obtaining, access to the Service, Software or Documentation;
2.3 access all or any part of the Service, Software or Documentation to build a product or service which competes with the Service, Software or the Documentation;
2.4 permit the use of the Service by persons who are not a party to this EULA; and
2.5 not to disassemble, de-compile, reverse engineer or create derivative works based on the whole or any part of the Service nor attempt to do any such things.
3. INTELLECTUAL PROPERTY RIGHTS (ACCEPTABLE USE RESTRICTIONS)
3.1 You acknowledge that all intellectual property rights in the Service and the Documentation throughout the world belong to us, that rights in the Service are licensed (not sold) to you, and that you have no intellectual property rights in, or to, the Service or the Documentation other than the right to use the Service and the Documentation for the Purpose and in accordance with this EULA.
3.2 You acknowledge that you have no right to have access to the Service in source code form other than as expressly provided in this EULA.
3.3 You must:
3.3.1 not use the Software or any Service in any unlawful manner, for any unlawful purpose, or in any manner inconsistent with this EULA, or act fraudulently or maliciously, for example, by hacking into or inserting malicious code, such as viruses, or harmful data into the Software;
3.3.2 not infringe our intellectual property rights or those of any third party in relation to your use of the Software or any Service, including by the submission of any material (to the extent that such use is not licensed by this EULA);
3.3.3 not transmit any material that is defamatory, offensive or otherwise objectionable in relation to your use of the Software or any Service;
3.3.4 not use the Software or any Service in a way that could damage, disable, overburden, impair or compromise our systems or security or interfere with other users; and
3.3.5 not collect or harvest any information or data from any Service or our systems or attempt to decipher any transmissions to or from the servers running any Service.
4. LIABILITY
4.1 Nothing in this EULA will:
4.4.1 limit or exclude any liability for death or personal injury resulting from negligence;
4.4.2 limit or exclude any liability for fraud or fraudulent misrepresentation;
4.4.3 limit any liabilities in any way that is not permitted under applicable law; or
4.4.4 exclude any liabilities that may not be excluded under applicable law,
4.2 Subject to clause 4.1, we will not be liable to you in respect of:
4.2.1 any loss of profits or anticipated savings;
4.2.2 loss of revenue or income;
4.2.3 any loss or business, contracts or opportunities;
4.2.4 any legal, tax or accounting compliance issues;
4.2.5 any loss or corruption of any data, database or software; and/or
4.2.6 any special, indirect or consequential loss or damage.
4.3 Subject to clause 4.1, our aggregate liability to you under this EULA in respect of any event or series of events shall not exceed a sum equal to the amount of thefees paid by the Customer to the Supplier for the Services in the twelve (12) months prior to the event giving rise to the liability.
4.4 You acknowledge that the Software has not been developed to meet your individual requirements, and that it is therefore your responsibility to ensure that the facilities and functions of the Service as described in the Documentation meet your requirements.
4.5 If our provision of the Services or support for the Software or the Services is delayed by an event outside our control then we will contact you as soon as possible to let you know and we will take steps to minimise the effect of the delay.
4.6 You acknowledge that the Service is not a professional legal or accounting service and is not in any way designed to supplement or replace the advice of qualified accounting or legal practitioners. To the maximum extent permitted by applicable law, you expressly agree we are not providing professional accounting or legal advice via the Service or the Documentation.
5. TERMINATION
5.1 We may terminate this EULA immediately by written notice to you if you commit a material or persistent breach of the terms of this EULA which you fail to remedy (if remediable) within 14 days after the service of written notice requiring you to do so.
5.2 We may terminate this EULA by giving you not less than 10 days’ written notice of termination.
5.3 Upon termination for any reason:
5.3.1 all rights granted to you under this EULA shall cease;
5.3.2 you must cease all activities authorised by this EULA; and
5.3.3 you must immediately delete or remove the Service from all devices in your possession and immediately destroy or return to us (at our option) all copies of the Service and Documentation then in your possession, custody or control and, in the case of destruction, certify to us that you have done so.
6. COMMUNICATIONS BETWEEN US
6.1 If you wish to contact us in writing, or if any condition in this EULA requires you to give us notice in writing, you can send this to us by email or by pre-paid post to Lex Software Limited at Talent Garden, Claremont Avenue, Glasnevin, D11 YNR2 or hello@klyant.com. We will confirm receipt of this by contacting you in writing, normally by email.
6.2 If we have to contact you or give you notice in writing, we will do so by email or by pre-paid post to the address you provide or confirm to us.
7. PERSONAL DATA
7.1 Under Data Protection Legislation, we are required to provide you with certain information about who we are, how we Process your Personal Data and for what purposes and your rights in relation to your Personal Data and how to exercise them. This information is provided in our Privacy and Cookies Policy and it is important that you read that information. Any information that you submit or upload to the platform shall be subject to the terms of our Privacy and Cookies Policy.
7.2 Any inquiries, feedback, suggestions, ideas, other information which is not part of the information required to be uploaded to the platform as part of the Service that you provide to us will be treated will be treated as non-confidential information.
7.3 To the extent that we Process your Personal Data pursuant to this EULA, in respect of which Data Protection Legislation applies, the provisions set out in Schedule 1 (Data Processing Provisions) shall apply to such Processing (“Process”, “Processing”, “Personal Data” and “Data Protection Legislation” have the meanings given to such terms in Schedule 1).
7.4 You are responsible for complying with all applicable obligations imposed by Data Protection Legislation in respect of any Personal Data, special category Personal Data or data relating to criminal convictions or offences that you upload to the platform (e.g. in the narratives of fee notes or letters of engagements), relating to you or your client(s) (“User Uploaded Data”). You hereby warrant and undertake that you have a lawful basis for processing all such User Uploaded Data and that you have complied and continue to comply at all times with your obligations under Data Protection Legislation in respect of such User Uploaded Data.
8. OTHER IMPORTANT TERMS
8.1 We may transfer our rights and obligations under this EULA to another organisation. We will always tell you in writing if this happens and we will ensure that the transfer will not affect your rights under this EULA.
8.2 You may only transfer your rights or your obligations under this EULA to another person if we provide our prior written consent to such transfer.
8.3 Each of the clauses of these terms operates separately. If any court or relevant authority decides that any of them are unlawful, the remaining clauses will remain in full force and effect.
8.4 If we do not insist immediately that you do anything you are required to do under the terms of this EULA, or if we delay in taking steps against you in respect of your breaking this agreement, that will not mean that you do not have to do those things and it will not prevent us taking steps against you at a later date.
8.5 This EULA is governed by Irish law and subject to the exclusive jurisdiction of the courts of the Republic of Ireland.
9. By using the Service, you warrant that:
9.1.1 You are legally capable of entering into binding contracts;
9.1.2 All registration information you submit on the platform is truthful and accurate;
9.1.3 You will maintain the accuracy of such information; and
9.1.4 Your use of the Service does not violate any applicable law or regulation.
10. You are responsible for maintaining the confidentiality of your account username, password and other information inputted on the platform and for restricting access to your mobile device to further help protect such information. You authorise us to assume that any person using the Service with your username and password, either is you or is authorised to act for you. You agree to notify us immediately if you suspect or become aware of any unauthorised use of your account or any unauthorised access to the password for your account. You further agree not to use the account or log in with the username and password of another user if (a) you are not authorised to use either or (b) the use would violate the terms of this EULA.
11. You must be 18 years of age to sign up as a registered user of the Service. By clicking the “Accept” button below you are undertaking to us that you are at least 18 years of age.
12. You have been provided with the use of this Service as an Authorised User of the Customer. We reserve the right to cancel your access to the Service if you cease being an Authorised User for any reason.
13. We are not responsible for monitoring your use of the Service to ensure compliance with any professional Code of Conduct or other ethical obligations that are imposed on you in the course of your duties.
14. Notwithstanding clause 13, we may suspend or terminate your use of the Service, without notice to you, where;
14.1 the Customer has notified us or we are otherwise notified that that you are in any way involved in criminal, unethical or improper activities (or suspected of involvement in criminal, unethical or improper activities), that you are using the Service in an improper or illegal way or so as to cause offence to anyone or, where false or misleading information has been provided in creating, marketing, or maintaining your Account; or
14.2 where you breach any of the terms of this EULA.
15. You agree not to upload, post, email or otherwise send or transmit or introduce any material that contains software viruses or any other computer code, files or programs designed to interrupt, harm, damage, destroy or limit the functionality of any computer software or hardware or equipment linked directly or indirectly with the Service. You agree not to interfere with the servers or networks underlying or connected to the Service or to violate any of the procedures, policies or regulations of networks connected to the Service. You may not access the Service in an unauthorised manner.
16. The platform or any Service may contain links to other independent websites which are not provided by us. Such independent sites are not under our control, and we are not responsible for and have not checked and approved their content or their privacy policies (if any). You will need to make your own independent judgement about whether to use any such independent sites, including whether to buy any products or services offered by them.
17. When you upload content to your account on the platform, you understand and acknowledge that you are solely responsible for suchcontent, including the accuracy of the content, your ability to legally process the uploaded content, and you are solely responsible for any legal action that may be instituted by other users or third parties as a result of or in connection with your content if it is legally actionable or defamatory. Further, you represent and warrant that you have the right, power, and authority to upload that content without violating the rights of third parties.
18. We are entitled, without restriction, to use any anonymised non-personally identifiable information contained on or created by the Software or Service to generate and publish aggregate, anonymised reports on system usage and content trends and type.
19. The successful use of the Service requires access to an internet enabled computer with access to the latest version of the market leading browsers.
20. The Software uses one code-base for all jurisdictions. You are required, using settings available within the Service, to configure the Service for your own jurisdiction and to verify that the settings meet your requirements. We will highlight known features that may require your review.
Schedule 1
DATA PROCESSING PROVISIONS
1. DEFINITIONS
1.1 The following definitions and rules of interpretation apply in this Schedule 1.
“Appropriate Safeguards” |
the measures set out in Article 46 of the GDPR; |
“Appropriate Technical and Organisational Measures” |
the appropriate technical and organisational measures referred to in Data Protection Legislation (including, as appropriate, the measures referred to in Article 32(1) of the GDPR); |
"Authorised Person" |
the personnel authorised on Your behalf to provide instructions to Us in relation to the Processing provisions in this Schedule; |
"Business Day" |
a day other than a Saturday, Sunday or public holiday in Ireland when banks are open for business; |
"Business Purpose" |
the provision of the Services; |
"Data" |
any data or information, in whatever form, including but not limited to images, still and moving, and sound recordings; |
"Data Controller" |
has the meaning given to such term in Data Protection Legislation; |
"Data Processor" |
has the meaning given to such term in Data Protection Legislation; |
"Data Protection Legislation" |
means the Irish Data Protection Acts 1988 to 2018, any other applicable law or regulation relating to the processing of personal data and to privacy (including the E-Privacy Directive and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (“E-Privacy Regulations”), as such legislation shall be supplemented, amended, revised or replaced from time to time, including by operation of the GDPR (and laws implementing or supplementing the GDPR, and laws amending or supplementing the E-Privacy Regulations); |
"Data Protection Officer" |
a data protection officer appointed pursuant to Data Protection Legislation; |
"Data Subject" |
an individual who is the subject of Personal Data which is contained in any document or information provided by You to Us (or made available to Us) through Your use of the Services; |
"Delete" |
to remove or obliterate Personal Data such that it cannot be recovered or reconstructed; |
“DPC” |
means the Supervisory Authority in Ireland for the purposes of Article 51 of the GDPR whose principal administrative offices are at 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland, or any replacement Supervisory Authority under Data Protection Legislation, appointed from time to time in Ireland; |
"EEA" or “European Economic Area” |
means those countries that are contracting parties to the Agreement on the European Economic Area from time to time; |
“End User Licence Agreement” |
the terms of agreement between You and Us to which this schedule is appended; |
"GDPR" |
General Data Protection Regulation (EU) 2016/679; |
"Normal Business Hours" |
9.00am to 5.00 pm in Ireland; |
"Our System" |
any information technology system or systems owned or operated by Us to which Your Data is delivered or on which the Services are performed; |
"Personal Data" |
has the meaning set out in Data Protection Legislation and relates only to personal data, or any part of such personal data, in respect of which You are the Data Controller, and in respect of which We are the Data Processor; |
"Personal Data Breach" |
means any “personal data breach” as defined in the GDPR in respect of the Personal Data which is caused by Us; |
"Processing" |
has the meaning given to such term in Data Protection Legislation, and Processed and Process shall be interpreted accordingly; |
"Representatives" |
a Party’s employees, officers, representatives, advisers or subcontractors involved in the provision or receipt of the Services; |
"Restricted Transfer" |
any transfer of Personal Data to countries outside of the EEA which are not subject to an adequacy decision by the European Commission, where such transfer would be prohibited by Data Protection Legislation; |
"Security Features" |
any security feature, including any encryption, pseudonymisation, key, PIN, password, token or smartcard; |
“Service” |
has the meaning given to such term in the End User Licence Agreement; |
"Specific Instructions" |
instructions meeting the criteria set out in paragraph 2.1 of this Schedule; |
"Standard Contractual Clauses" |
the contractual clauses dealing with the transfer of Personal Data outside the EEA, which have been approved by (i) the European Commission under Data Protection Legislation, or (ii) by the DPC or an equivalent Supervisory Authority under Data Protection Legislation. |
“Sub-processor” |
has the meaning given to such term in paragraph 12.1 of this Schedule; |
“Supervisory Authority” |
any court, regulatory agency or authority which, according to applicable laws and/or regulations (including Data Protection Legislation) supervises privacy issues and/or the Processing of Personal Data; |
"Term" |
the duration of the provision of the Services; |
"Us, Our, We" |
Lex Software Limited t/a Klyant; |
"You, Your" |
authorised user of the Customer Law Firm, estate agency or barrister’s practice availing of the Klyant software in accordance with the terms of the End User Licence Agreement; and |
"Your Data" |
the Personal Data uploaded during the Term by You or any Data Subject from time to time in respect of use of the Services, and any other Personal Data Processed by Us on behalf of You or any Data Subject. |
2. SERVICES
2.1 We shall not act on any specific instructions given by You from time to time during theTerm in respect of Processing unless they are:
2.1.1 in writing (including by electronic means); and
2.1.2 given by an Authorised Person.
2.2 We shall Process Your Data for the Business Purpose only and in compliance with Your instructions from time to time, which may be:
2.2.1 Specific Instructions; or
2.2.2 the general instructions set out in this Schedule
2.2.3 unless required to do otherwise by law, in which case, where legally permitted, We shall inform You of such legal requirement before Processing.
2.3 The subject matter and duration of the processing, the nature and purpose of the processing, the types of personal data processed and the categories of data subjects are as follows:
Subject Matter of the processing |
Processing the Personal Data included in the Controller Data in connection with the EULA. |
Duration of the processing |
For the duration of the EULA or until the Data Processor no longer Processes any Personal Data for the Data Controller. |
Nature and purpose of the processing |
Organisation, structuring, storage, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction of data in connection with the Business Purpose of the Data Controller. |
Categories of data subjects |
Authorised users of the Law Firm, estate agency or barrister’s practice who use the Klyant application and their clients. |
Types of personal data processed |
Identity information such as first and last name (including prefix or title), date of birth, place of birth, photograph and gender. Contact information such as billing, business and home postal address, email address and fax and phone number(s). Occupational information such as job titles, work history, education history, qualifications, professional memberships, employment records, salary and employment benefits, professional training history and training plans, national security (e.g. PPS) numbers, driving licences, health information, and employment or character references. Information pertaining to ongoing cases or trials which may include special category data (e.g. relating to political opinion of clients) or information regarding criminal convictions or offences that may be referred to in fee note narratives or letters of engagements to clients. Financial information such as VAT and other tax reference numbers, bank account or card details and bank account details. |
3. PARTIES' OBLIGATIONS
3.1 We shall:
3.1.1 only make copies of Your Data to the extent reasonably necessary for the Business Purpose (which, for clarity, may include for generating logs in relation to your use of the Services, back-up, mirroring (and similar availability enhancement techniques), security, disaster recovery and testing the Services); and
3.1.2 not extract, reverse-engineer, re-utilise, use, exploit, redistribute, re-disseminate, copy or store Your Data other than for the Business Purpose.
3.2 We shall notify You in writing without delay of any situation or envisaged development that shall in any way change the ability of Us to Process Your Data as set out in this Schedule.
3.3 In general, Your Data and any logs created by us relating to Your Data will be kept andstored for the duration of the Term. Notwithstanding this, we shall, and taking into account the nature of Our Processing of Personal Data, promptly comply with any written request from you requiring Us to amend, transfer or Delete any of Your Data in advance of the expiration of the Term.
3.4 At Your request, We shall provide to You a copy of all Your Data held by Us in a commonly used format.
3.5 At Your request, taking into account the nature of Our Processing of thePersonal Dataand the information available, We shall provide to You such information and such assistance as You may reasonably require, and within the timescales reasonably specified by You, to allow You to comply with Your obligations under DataProtection Legislation, including, but not limited to assisting You to:
3.5.1 comply with Your own security obligations as set out in this Schedule with respect to the Personal Data;
3.5.2 discharge Your obligations to respond to requests for exercising Data Subjects’ rights with respect to the Personal Data;
3.5.3 comply with Your obligations to inform Data Subjects about serious Personal Data Breaches;
3.5.4 carry out data protection impact assessments and audit data protection impact assessment compliance with respect to the Personal Data; and
3.5.5 comply with Your obligations in respect of the consultation with the DPC following a data protection impact assessment, where a data protection impact assessment indicates that the Processing of the Personal Data would result in a high risk to Data Subjects.
3.6 Any proposal by Us to in any way use or make available Your Data other than as provided for pursuant to this schedule shall be subject to prior written approval of You.
3.7 You acknowledge that We are under no duty to investigate the completeness, accuracy or sufficiency of (i) any instructions received from You, or (ii) any of Your Data.
3.8 In respect of Your Data (including any special category Personal Data that you upload), You shall:
3.8.1 ensure that You are entitled to transfer Your Data to Us so that We may lawfully process and transfer (if applicable) Your Data in accordance with this Schedule;
3.8.2 ensure that the relevant Data Subjects have been informed of, and have given their consent to, such use, processing, and transfer as required by Data Protection Legislation or that You have a lawful basis other than consent to provide Your Data to Us;
3.8.3 notify Us in writing without delay of any situation or envisaged development that shall or may in any way influence, change or limit the ability of Us to process Your Data as set out in this Schedule;
3.8.4 ensure that Your Data that You instruct Us to Process pursuant to this Schedule is:
(a) obtained lawfully, fairly and in a transparent manner in relation to the Data Subject (including in respect of how consent is obtained, where applicable);
(b) collected and processed for specified, explicit and legitimate purposes, and not further processed in a manner incompatible with those purposes;
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which itis processed;
(d) accurate, and where necessary kept up to date;
(e) erased or rectified without delay where it is inaccurate, having regard to the purposes for which they are processed;
(f) kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data are processed (subject to circumstances where Personal Data may be stored for longer periods insofar as it will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, and subject to the implementation of Appropriate Technical and Organisational Measures);
(g) processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using Appropriate Technical and Organisational Measures; and
(h) provide such information and such assistance to Us as We may reasonably require, and within the timescales reasonably specified by Us, to allow Us to comply with Our obligations under Data Protection Legislation.
3.9 Your Data passed to Us for Processing shall not be kept by You for a period that is longer than necessary.
4. OUR EMPLOYEES
4.1 We shall take reasonable steps to ensure that Our employees have committed themselves to a binding duty of confidentiality in respect of Your Data.
5. RECORDS
5.1 We shall keep at Our normal place of business records (including in electronic form) relating to all categories of Processing activities carried out on behalf of You, containing:
5.1.1 the general description of the security measures taken in respect of the Personal Data, including details of any Security Features and the Appropriate Technical and Organisational Measures;
5.1.2 the name and contact details of Us; any sub-supplier; and where applicable Our representatives; and where applicable any Data Protection Officer appointed by Us;
5.1.3 the categories of Processing by Us on behalf of You; and
5.1.4 details of any non-EEA Personal Data transfers, and the Appropriate Safeguards in place in respect of such
6. AUDITS
6.1 Subject to paragraph 6.2, 6.3 and 6.5 below, and to the extent required by Data Protection Legislation, You shall have the right to examine and review the use by Us of Your Data provided to Us by You only for the purpose of ascertaining that Your Data has been used and Processed in accordance with the terms of this Schedule.
6.2 An audit under this paragraph 6 shall be carried out on the following basis: (i) You must first contact Us by email asking for evidence of compliance with Our obligations under this Schedule, and We shall respond to such email within 30 Business Days; (ii) if We have not responded to Your email with a response which is reasonably satisfactory to You within such 30 Business Day period then, no more than once in any twelve (12) monthperiod and during Normal Business Hours during the course of one Business Day You may audit Our Processing of Your Personal Data at a location agreed by Us. Any such audit shall not interfere with the normal and efficient operation of Our business. We may require, as a condition of granting such access, that You (and representatives of You) enter into reasonable confidentiality undertakings with Us.
6.3 The scope of any examination and review by You of the use by Us of the Personal Data shall be agreed in writing prior to the commencement of any such examination and review.
6.4 In the event that the audit process determines that We are materially non-compliant with our obligations under this Schedule, You may, by notice in writing, deny Us further access to Your Data.
6.5 To the extent permitted under Data Protection Legislation, We may demonstrate Our and, if applicable Our Sub-processors’, compliance with Our obligations under this Schedule through Our compliance with a certification scheme or code of conduct approved under Data Protection Legislation.
7. DATA SUBJECT REQUESTS
7.1 Taking into account the nature of Our Processing of the Personal Data and, We shall assist You by employing Appropriate Technical and Organisational Measures, insofar as this is possible, in respect of the fulfilment of Your obligations to respond to requests from a Data Subject exercising his/her rights under Data Protection Legislation.
7.2 We shall notify You as soon as reasonably practicable if We receive:
7.2.1 a request from a Data Subject for access to that person’s Personal Data (relating to the Services);
7.2.2 any communication from a Data Subject (relating to the Services) seeking to exercise rights conferred on the Data Subject by Data Protection Legislation in respect of Personal Data; or
7.2.3 any complaint or any claim for compensation arising from or relating to the Processing of such Personal Data.
7.3 We shall not disclose the Personal Data to any Data Subject or to a third party other than at the request of You, as provided for in this Schedule, or as required by law in which case We shall to the extent permitted by law inform You of that legal requirement before We disclose the Personal Data to any Data Subject or third party.
7.4 We shall not respond to any request from a Data Subject except as required by law, in which case We shall to the extent permitted by law inform You of that legal requirement before We respond to the request.
8. DATA PROTECTION OFFICER
8.1 We shall appoint a Data Protection Officer, if required to do so pursuant to Data Protection Legislation, and provide You with the contact details of such Data Protection Officer.
8.2 You shall appoint a Data Protection Officer, if required to do so pursuant to Data Protection Legislation, and provide Us with the contact details of such Data Protection Officer.
9. SECURITY
9.1 We shall, in accordance with Our requirements under Data Protection Legislation, implement Appropriate Technical and Organisational Measures to safeguard Your Data from unauthorised or unlawful Processing or accidental loss, alteration, disclosure, destruction or damage, and that, having regard to the state of technological development and the cost of implementing any measures (and the nature, scope, context and purposes of Processing, as well as the risk to Data Subjects), such measures shall be proportionate and reasonable to ensure a level of security appropriate to the harm that might result from unauthorised or unlawful Processing or accidental loss, alteration, disclosure, destruction or damage and to the nature of the Personal Data to be protected.
9.2 We shall ensure that Your Data can only be accessed by persons and systems that are authorised by Us and necessary to meet the Business Purpose, and that all equipment used by Us for the Processing of Your Data shall be maintained by Us in a physically secure environment.
10. BREACH REPORTING
10.1 We shall promptly inform You if any of Your Data is lost or destroyed or becomes damaged, corrupted, or unusable, or if there is any accidental, unauthorised or unlawful disclosure of or access to any of Your Data. In such case, We will use Our reasonable endeavours to restore Your Data, and will comply with all of Our obligations under Data Protection Legislation in this regard.
10.2 We must inform You of any Personal Data Breaches, or any complaint, notice or communication in relation to a Personal Data Breach, without undue delay. Taking into account the nature of Our Processing of the Personal Data and the information available to Us and, We will provide sufficient information and assist You in ensuring compliance with Your obligations in relation to notification of Personal Data Breaches (including the obligation to notify Personal Data Breaches to the DPC within seventy two (72) hours), and communication of Personal Data Breaches to Data Subjects where the breach is likely to result in a high risk to the rights of such Data Subjects. Taking into account the nature of Our Processing of the Personal Data and the information available to Us and We shall co-operate with You and take such reasonable commercial steps as are directed by You to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
11. RESTRICTED TRANSFERS
11.1 A Restricted Transfer may not be made by Us (other than transfers to our Affiliates andby any agents and contractors for the purposes of performing the Services, and You shall endeavour to obtain explicit consent from relevant Data Subjects in respect of such potential transfers) without the prior written consent of You (such consent not to be unreasonably withheld,delayed or conditioned), and if such consent has been obtained (or is unnecessary), such Restricted Transfer may only be made where there are Appropriate Safeguards in place with regard to the rights of Data Subjects (including but not limited to the Standard Contractual Clauses, binding corporate rules, or any other model clauses approved by the DPC).
11.2 Subject to paragraph 11.3, in the event of any Restricted Transfer by Us to a contracted Sub-processor, to any Affiliate of You or otherwise (“Data Importer") for which your consent has been obtained (or is unnecessary), We and You shall procure that (i) You (where the Restricted Transfer is being made at the request of You) or Us acting as agent for and on behalf of You (where the Restricted Transfer is being made at the request of Us), and (ii) the Data Importer, shall enter into the Standard Contractual Clauses in respect of such Restricted Transfer. The Party who is entering into the Appropriate Safeguards with a Data Importer shall comply with the guidance of any relevant regulatory authority on Restricted Transfers in particular with respect to the use of Standard Contractual Clauses and any additional or supplementary measures required to be taken in the context of any such Restricted Transfers including the requirement to carry out risk assessments and to adopt mitigating measures to ensure essentially equivalent protection for Data Subjects in the jurisdiction of the Data Importer.
11.3 Paragraph 11.1 or 11.2 shall not apply to a Restricted Transfer if other compliance steps (which may include, but shall not be limited to, obtaining explicit consents from Data Subjects) have been taken to allow the relevant Restricted Transfer to take place without breach of applicable Data Protection Legislation.
11.4 In the event that (i) either Party is required to enter into the Standard Contractual Clauses in accordance with this paragraph 11 and (ii) there is any conflict or ambiguity between any provision contained in this Schedule and any provision contained in such Standard Contractual Clauses, the Standard Contractual Clauses shall take precedence in respect of such conflict (other than in respect of legislative references etc. which have been updated pursuant to Data Protection Legislation since the date of approval of such Standard Contractual Clauses).
12. SUB-PROCESSORS
12.1 You agree and acknowledge that We may seek to have Your Data Processed by any of Our Affiliates and by any agents and contractors listed at Schedule 2 for the purpose of providing the Service (a “Sub-processor”). The list of the categories of Sub-processors used by Us may be maintained on our website at or may be otherwise notified to You by Us from time to time. If you object to such sub-processing arrangements, then You should confirm this to Us and, if you do so confirm, You acknowledge that You may no longer be able to avail of some or all of Our Services.
12.2 We must enter into a data processing contract with the Sub-processor which places the same data protection obligations on the Sub-processor as We have in this Schedule (in particular, providing sufficient guarantees to implement Appropriate Technical and Organisational Measures in such a manner that the Processing will meet the requirements of Data Protection Legislation).
12.3 With respect to each Sub-processor, We shall, before the Sub-processor first Processes Your Data, ensure that the Sub-processor is capable of providing the level of protection for Your Data required by this Schedule.
12.4 We will respect the conditions for engaging Sub-processors as set out in Article 28 (4) of the GDPR.
13. WARRANTIES
13.1 We warrant and undertake to You that:
13.1.1 We will Process Your Data in compliance with our obligations under Data Protection Legislation;
13.1.2 We will maintain Appropriate Technical and Organisational Measures against the unauthorised or unlawful Processing of Your Data and against the accidental loss or destruction of, or damage to, Your Data; and
13.2 You hereby warrant and undertake that:
13.2.1 You have complied with and shall comply with Your obligations under Data Protection Legislation;
13.2.2 You have the right to transfer (or to authorise Data Subjects to transfer) Your Data to Us in accordance with the terms of this Schedule;
13.2.3 Your instructions that are set out in this Schedule accurately reflect the instructions of the Data Controller to the extent that We are a Data Processor on behalf of the Data Controller;
13.2.4 You shall and shall cause, appropriate notices to be provided to, and valid consents (where required) to be obtained from, Data Subjects, in each case that are necessary for Us to Process (and have Processed by Sub-processors) Personal Data under or in connection with this Schedule, including Processing outside the EEA on the basis of any of the legal conditions for such transfer and Processing set out in paragraph 12 above;
13.2.5 You shall not, by act or omission, cause Us to violate any Data Protection Legislation, notices provided to, or consents obtained from, Data Subjects as a result of Us or Our Sub-processors Processing the Personal Data; and
14. INDEMNITY
14.1 You agree to indemnify and keep indemnified and defend Us against all costs, claims, damages or expenses incurred by Us or for which We may become liable due to any failure by You or Your employees or agents to comply with any of our obligations under this Schedule and/or under Data Protection Legislation and/or any breach of any warranty provided by You in this Schedule.
14.2 If any third party makes a claim against the Indemnified Party, or notifies an intention to make a claim against the Indemnified Party, the Indemnified Party shall: (i) give written notice of the claim against the Indemnified Party to the Indemnifying Party as soon as reasonably practicable; (ii) not make any admission of liability in relation to the claim against Indemnified Party without the prior written consent of the Indemnifying Party; (iii) at the Indemnifying Party’s request, allow the Indemnifying Party to conduct the defence of the claim against the Indemnified Party including settlement; and (iv) co-operate and assist to a reasonable extent with the Indemnifying Party's defence of the claim against the Indemnified Party.
15. LIMITATION OF LIABILITY
15.1 To the extent permitted by law, We shall not under any circumstances be liable to You for any of Your costs or losses relating to this schedule.
15.2 For the avoidance of doubt, the limitation of liability provisions set out in clause 4 of the End User Licence Agreement apply in respect of the obligations of the Parties under this schedule.
15.3 Unless required to do so by the DPC or any other competent supervisory authority, We shall not make any payment or any offer of payment to any Data Subject in response to anycomplaint or any claim for compensation arising from or relating to the Processing of Your Data, without the prior written agreement of You.
15.4 You acknowledge and agree that We are reliant on You for direction as to the extent to which We are entitled to use and process Your Data. Consequently, We will not be liable for any claim brought by a Data Subject arising from any action or omission by Us, tothe extent that such action or omission resulted directly from Your instructions and/or the transactions contemplated by this Schedule.
16. CONSEQUENCES OF TERMINATION ON YOUR DATA.
16.1 Upon termination or expiry of the End User Licence Agreement, at the choice of You, We shall Delete or return all Your Data to You and Delete existing copies of Your Data, unless legally required/entitled to store Your Data for a period of time. If You make no such election within a ninety (90) day period of termination or expiry of the Agreement, We may Delete any of Your Data in our possession; and if You elect for destruction rather than return of Your Data, We shall as soon as reasonably practicable ensure that all Your Data is Deleted from Our System, unless legally required/entitled to store Your Data for a period of time.
Schedule 2
LIST OF AUTHORISED SUB-PROCESSORS
Name of Sub-processor |
Location of Sub-processor |
Details of service to be provided |
SWIFTAPP |
UK & Romania |
Carry out some development work to the software on behalf of Klyant. |