Kingston upon Hull,
(hereinafter “Service Provider””)
Customer Address #1
Customer Address #2
Customer Address #3
Customer Address #4
Customer Address #5
1. Scope of this Agreement
1.1 This Service and Supply Agreement (“Agreement”) is by and between Service Provider and Customer. This Agreement shall govern Customer´s use of on-prem and/or Cloud-Services consisting of the on-prem and/or cloud-based document management, applications (including Local Application Programs as defined below), storage space, computing capacity and other cloud-based services as made available by Anota Ltd on the DocuWare www.docuware.com/cloud service upon effective date of this Agreement. The commercial terms of the Cloud-Services (fees, term etc.) will be agreed between Anota Ltd and Customer in an order placed by Customer if confirmed by Anota Ltd (“Order”).
1.2 In consideration of the Customer´s compliance with this Agreement and the respective Order, the Service Provider will (on and subject to the terms and conditions of this Agreement and the respective Order) procure these Cloud-Services from a local affiliated company of the DocuWare-Group (such affiliate hereinafter referred to as “DocuWare”). DocuWare may, in its sole discretion, subcontract the provision of the Cloud-Services to third parties (e.g., external data centres) without notice to or approval of Customer (subject always to Schedule 1).
1. 3 Use of Cloud-Services requires licenses under intellectual property or copyrights of DocuWare and its third-party licensors, which intellectual property and copyrights are protected under governing law and under international statutory law. DocuWare reserves all rights, title and interest in and to the on-prem and/or Cloud-Services, including all related intellectual property rights. No rights are granted to Customer hereunder other than as expressly set forth in this Agreement. The on-prem and/or Cloud-Services are deemed DocuWare Confidential Information (as defined below).
2. Authorized User
Authorization for the use of Cloud-Services is limited to those individuals who are employed or otherwise working for Customer to the extent such individuals are specifically identified by Customer when configuring the on-prem and/or Cloud-Services (hereinafter, “Authorized User”). Any use by third parties, including but not limited to users employed by or working for companies that are affiliated with Customer, shall require a prior express prior agreement with the Service Provider in the Order.
3. Scope and Content of Cloud-Services
3.1 Scope and content of the on-prem and/or Cloud-Services are described online at www.docuware.com/cloud and within the applicable Order or in the most current whitepaper that has been published by DocuWare and are subject to change as per Sections 3.3 and 3.4.
3.2 The Authorized User will solely receive the online-support-documentation made available when accessing the on-prem and/or Cloud-Services. The Service Provider may, in its discretion, provide additional project documentation and/or workshops regarding the use of on-prem and/or Cloud-Services upon Customer´s request.
3.3 The Service Provider reserves the right, in its sole discretion, to change, modify or alter the on-prem and/or Cloud-Services during the term of this Agreement at any time (e.g., in relation to the user interface and functionalities of the applications); provided, however, the Service Provider will not materially impair the overall functional scope with such modifications.
3.4 Changes to the on-prem and/or Cloud-Services will, if any, be implemented through updates and upgrades, and the Service Provider will inform Customer of any such changes through the Customer’s registered email address(es) with DocuWare. For the avoidance of doubt, Customer needs to register at least one email address with DocuWare for purposes of such notification.
4. Restrictions to the Authorized User´s Rights
4.1 The Authorized User may receive local application programs for the on-prem and/or Cloud-Services. Authorized Users may use such local software application programs provided by Service Provider and accessible as part of the on-prem and/or Cloud-Services (“Local Application Programs”) solely for the purposes of using the Cloud-Services. For the term of this Agreement the Authorized User shall have the revocable, non-exclusive, non-sublicensable, non-transferable right:
(i) to install such Local Application Programs on hardware devices operated and controlled by Customer; and
(ii) to use such Local Application Programs for the purpose of using the on-prem and/or Cloud-Services in
compliance with the online-support-documentation available as part of the on-prem and/or Cloud Services.
4.2 Neither Customer nor any Authorized User is permitted to:
(i) modify, copy, create derivative works decompile or reverse-engineer the on-prem and/or Cloud-Services or Local Application Programs other than as expressly permitted by applicable statute to permit interoperability and then only after notice to Service Provider.
(ii) frame or mirror any content forming part of the on-prem and/or Cloud-Services; or
(iii) access the on-prem and/or Cloud-Services in order to (a) build a competitive product or service, or (b) copy any ideas, features, functions or graphics of the on-prem and/or Cloud-Services.
4.3 The on-prem and/or Cloud-Services and the Local Application Programs referred to under Section 4.1 may be used by Authorized Users for Customer´s internal business purposes only. Except as set forth in Section 1.3, neither the Customer nor the Authorized User shall
(i) have a right to license, sublicense, transfer, sell, resell, rent, lease, distribute, time share, assign share or otherwise commercially exploit or make the on-prem and/or Cloud-Services available to any third party, other than to Authorized Users or as otherwise expressly contemplated by this Agreement;
(ii) send spam or otherwise duplicative or unsolicited messages in violation of applicable laws; (iii) send or store infringing, obscene, threatening, libellous, or otherwise unlawful or tortious material, including material that is harmful to children or violates third party privacy rights;
(iv) send or store viruses, worms, time bombs, trojan horses or other harmful or malicious code, files, scripts, agents or programs;
(v) interfere with or disrupt the integrity or performance of the on-prem and/or Cloud-Services or the data contained therein;
(vi) attempt to gain unauthorized access to the on-prem and/or Cloud-Services or related systems or networks;
(vii) access the on-prem and/or Cloud-Services if Customer is a direct competitor of DocuWare; or
(viii) access the on-prem and/or Cloud-Services for purposes of monitoring its availability, performance or functionality, or for any other benchmarking or competitive purposes.
4.4 Service Provider will exercise reasonable efforts to provide a 99.5% availability of the on-prem and/or Cloud Services per calendar year, excluding any Downtime. “Downtime” shall mean unscheduled downtime of the on-prem and/or Cloud-Services caused by emergencies or Force Majeure Events (as defined below) and downtime due to scheduled maintenance activities of the on-prem and/or Cloud-Services (“Scheduled Maintenance”). Service Provider will use reasonable efforts to limit any downtime due to Scheduled Maintenance to four (4) times per year for up to eight (8) hours each, and to notify by way of e-mail or via the DocuWare website with a notice period of at least five (5) calendar days.
4.5 The Customer will install and configure on-prem and/or Cloud-Services in a way which avoids any excessive utilization of the DocuWare systems. In this case the Customer will be informed hereof, and the Service Provider reserves all rights resulting from such breach.
4.6 The use of the on-prem and/or Cloud-Services requires Internet access and computing facilities with the system requirements identified in the technical documentation available at www.docuware.com/cloud for the relevant on-prem and/or Cloud-Services. Customer is aware and accepts that such requirements may during the term of this Agreement be changed from time to time, and Service Provider shall use reasonable efforts to provide at least four (4) weeks’ notice of any such changes. Customer is responsible for all activities that occur in Authorized User accounts and for Authorized Users' compliance with this Agreement. Service Provider is not responsible for determining the requirements of laws applicable to Customer’s business, including those relating to on-prem and/or Cloud Services that Customer acquires under this Agreement, or Service Provider’s provision of or Customer’s receipt of a particular on-prem and/or Cloud Service under this Agreement meets the requirements of such laws.
5. Service Provider´s Rights to Customer Provided Data and Documents
5.1 Customer hereby grants Service Provider free of any charges the right to copy, store, modify, alter, archive or otherwise use any data and documents provided by Customer and Authorized User when utilizing the on-prem and/or Cloud-Services, including corresponding “have used” rights for DocuWare and DocuWare subcontractors, provided such subcontractors are subject to confidentiality and restricted use obligations similar to those under this Agreement. The Authorized User hereby represents, warrants and covenants to have been effectively granted all necessary rights by its customers, users and all affected third parties which are necessary for using the on-prem and/or Cloud-Services.
5.2 Service Provider shall process personal data within the on-prem and/or Cloud-Services only subject to Customer´s commission and instructions as per Schedule 1. The Customer and each Authorized User shall ensure that the collection, forwarding and such processing of personal data fully comply with all applicable data privacy and protection laws.
5.3 Customer shall and hereby covenants and agrees to defend and indemnify Service Provider against any third-party claims and to hold Service Provider harmless from any and all damages, claims or losses, including reasonable legal fees, resulting from Customer´s breach of Sections 4.3, 5.1 and/or 5.2 of this Agreement.
5.4 Customer shall be liable and responsible for any acts and omissions of the Authorized Users to the same extent Customer is liable and responsible for its own acts and omissions.
5.5 The Customer and the Authorized User shall immediately notify Service Provider of any loss of any access codes and/or of any use of the on-prem and/or Cloud-Services being not compliant with the terms of this Agreement.
6. Term / Termination of the Agreement and Order
6.1 This Agreement commences on the date this document is executed by both parties (“Effective Date”) and continues until such Order executed in connection with this Agreement has expired or been terminated (“Term”), unless this Agreement and the Order is terminated earlier pursuant to this Section 6.
6.2 Either party may terminate this Agreement and the applicable Order for convenience at any time after the initial minimum term of twelve (12) months from the Effective Date has elapsed (or such longer period as set forth in the applicable Order), upon ninety (90) days’ written notice. After the initial minimum term of twelve (12) months from the Effective Date has elapsed (or such longer period as set forth in the applicable Order), Customer may elect to reduce the scope under the applicable Order (i.e., volumes and/or capacities) upon at least ninety (90) days’ notice to the Service Provider.
6.3 Either party may terminate this Agreement and the applicable Order for cause. A cause shall exist: (i) in case DocuWare terminates its contract on on-prem and/or Cloud-Services with the Service Provider, or
(ii) in case of a material breach of the Agreement if such breach remains uncured for more than 28 days following receipt of a written notice of such material breach; or
(iii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors.
6.4 Upon termination of this Agreement or the applicable Order, the Service Provider will keep the Customer’s relevant data from such Cloud-Services for at least sixty (60) days after the effective date of the termination of this Agreement or the applicable Order (i.e., the termination of the Cloud-Services) and will delete such data no later than ninety (90) after the effective date of the termination of the Cloud-Services. Notwithstanding the foregoing, Customer is solely responsible for retrieving any data stored or used with the on-prem and/or Cloud-Services while Customer has access to the on-prem and/or Cloud-Services, and upon the effective date of the termination of the on-prem and/or Cloud Services, Customer will not have access to the on-prem and/or Cloud-Services.
7. Payment Terms/Invoicing
7.1 Customer shall pay to Service Provider monthly, yearly or multiyear fees for the relevant on-prem and/or Cloud Services and the ordered service categories as set forth in the applicable Order or as modified pursuant to Section 7.2.
7.2 Service Provider may adjust prices at any time by issuing a new price list or pricing update. Such new price list shall apply with immediate effect for Orders placed after the issuance of the new price list, unless the price list expressly specifies a different start date for the price adjustment.
7.3 If the applicable Order requires payment on a monthly basis, such payment will become due on the first day of each month for the on-prem and/or Cloud-Services to be provided in the upcoming month. If the applicable Order requires payment on a yearly basis (or other term), any such payments will be due in advance in one single amount. In either case, the payments will become due independent of Service Provider´s invoicing. Service Provider will use reasonable efforts to provide Customer with an invoice for such on-prem and/or Cloud-Services.
7.4 The date of receipt of the full payment due in the Service Provider’s bank account shall be of sole
relevance in determining whether Customer misses a payment due date. In the event of any delayed payment by Customer, Service Provider may, at its option, terminate or suspend the provision of the on-prem and/or Cloud-Services to Customer, and such termination or suspension shall be effective upon ten (10) days’ notice to Customer. Service Provider shall have no liability or responsibility for any termination or suspension pursuant to this Section 7.4.
7.5 Any payment in respect of the on-prem and/or Cloud-Services not received by the Service Provider by the due date may allow the Service Provider to:
(i) suspend or terminate the on-prem and/or Cloud-Services as per Section 7.4; and/or
(ii) charge the Customer interest on the overdue amount at the rate of 8% per year above the base rate of HSBC Bank Plc from time to time or if the interest permitted under governing law, if higher (which interest will accrue daily and be compounded quarterly).
7.6 Unless otherwise expressly provided, Service Providers’ fees do not include any direct or indirect local, state, federal or foreign taxes, levies, duties or similar governmental assessments of any nature, including value-added, use or withholding taxes (collectively, "Taxes"). Customer is responsible for paying all Taxes associated with Customer’s purchases hereunder, excluding taxes based on Service Provider’s net income or property. If Service Provider has the legal obligation to pay or collect Taxes for which Customer is responsible under this Section, the appropriate amount shall be invoiced to and paid by Customer, unless Customer provides Service Provider with a valid tax exemption certificate authorized by the appropriate taxing authority.
7.7 Customer may make any set off and withhold any payment due hereunder only in case Customer´s counterclaims are finally adjudicated by a competent court or accepted by Service Provider.
8. Cooperation duties of Authorized User
Customer and the Authorized User shall implement effective measures and processes enabling and safeguarding an additional backup archiving of all relevant documents and data outside of the IT system provided by the Cloud-Services as protection against any temporarily or permanent failures of the Cloud-Services.
9. Warranty of Service Provider
9.1 Customer shall immediately notify Service Provider in writing of any defects associated with the provision, running or standard design/functioning of the on-prem and/or Cloud-Services, which notification shall describe the defect and root cause (insofar as the user is able to describe) in detail. Subject to receipt of a proper notice as provided in this Section, Service Provider shall endeavour to remedy defects within a reasonable time, escalating them to DocuWare where required and advising Customer accordingly. Service Provider may, at its discretion, remedy defects either by providing patches, workarounds, updates or upgrades or by providing or having provided remote support as available under http://anota.co.uk/contact In case the remediation of a warranted defect would require commercially unreasonable expenditures or efforts, Service Provider may terminate the affected Order without any further liability upon thirty (30) days’ notice.
(i) such defect must be reproducible or documented by automatically created output (for example screenshots/sample documents);
(ii) the usability of the Cloud-Services must be materially adversely affected; and
(iii) written notice of the defect must be provided to Service Provider by Customer or an Authorized User on a timely basis pursuant to this Section 9.1.
9.2 In no event shall Service Provider be responsible for defects, operational, performance issues or other events resulting from Customer’s technology infrastructure, including but not limited to software applications, drivers, network hardware, digital traffic loading, other non-related software or broadband service, to the extent not provided by Service Provider. Customer shall not report the foregoing issues associated with such Customer technology infrastructure to Service Provider as Defects in the Cloud Services.
Customer shall compensate Service Provider for any efforts related to such non-warranty issues at Service Provider´s then current daily rates.
9.3 EXCEPT AS EXPRESSLY PROVIDED IN THIS SECTION 9, SERVICE PROVIDER MAKES NO WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AVAILABILITY OF THE ON-PREM AND/OR CLOUD-SERVICES, TITLE OR NON-INFRINGEMENT OF THIRD PARTY RIGHTS TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.
10. Copyright- Indemnification
10.1 Subject to Section 10.2 to 10.4, Service Provider will indemnify the Customer against any third
party claim that the Cloud-Services infringes that third party's copyrights.
10.2 The Customer shall:
(i) give Service Provider prompt notice of any relevant claim.
(ii) not admit any liability or attempt to settle the claim without Service Provider’s prior consent.
(iii) provide reasonable co-operation at its own expense to Service Provider in the defence
and settlement of the claim; and
(iv) give Service Provider sole authority to defend or settle the claim.
10.3 In the defence or settlement of any claim under Section 10.1, Service Provider may procure the right for the Customer to continue using the Cloud-Services or replace or modify it so that it becomes non-infringing or, if these remedies are not reasonably available, terminate this Agreement and applicable Order on thirty (30) working days' notice to the Customer without any additional liability or costs.
10.4 Service Provider will not be liable under this Section 10 to the Customer if an alleged copyright
infringement is based on:
(i) any modification of the on-prem and/or Cloud-Services by anyone other than Service Provider or DocuWare; or
(ii) the Customer's use of the on-prem and/or Cloud-Services is contrary to the instructions given to the Customer or documentation provided by Service Provider or DocuWare; or
(iii) the Customer's continued use of the on-prem and/or Cloud-Services after receiving notice of the alleged or actual infringement; or
(iv) a combination of the on-prem and/or Cloud-Services with any other product or service which in the absence of such combination would not have resulted in any infringement.
10.5 THIS SECTION 10 STATES THE CUSTOMER'S SOLE AND EXCLUSIVE RIGHTS AND REMEDIES, AND SERVICE PROVIDER'S ENTIRE LIABILITY, FOR INFRINGEMENT OF ANY INTELLECTUAL PROPERTY RIGHTS.
11. Limited Liability of Service Provider
11.1 WITHOUT PREJUDICE TO SECTION 11.4, IN NO EVENT SHALL SERVICE PROVIDER’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT OR ORDER, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, IN RELATION TO COSTS AND DAMAGES NOT EXCLUDED UNDER SECTION 11.2 EXCEED THE AMOUNTS ACTUALLY PAID BY AND DUE FROM CUSTOMER UNDER THE APPLICABLE ORDER IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE INCIDENT GIVING RISE TO THE LIABILITY.
11.2 CUSTOMER AGREES THAT THE CONSIDERATION WHICH SERVICE PROVIDER IS CHARGING HEREUNDER DOES NOT INCLUDE CONSIDERATION FOR ASSUMPTION BY SERVICE PROVIDER OF THE RISK OF ANY INCIDENTAL, SPECIAL, PUNITIVE OR CONSEQUENTIAL DAMAGES. IN NO EVENT SHALL SERVICE PROVIDER AND/OR ITS LICENSORS BE LIABLE TO ANYONE FOR ANY INDIRECT, PUNITIVE, SPECIAL, EXEMPLARY, INCIDENTAL, CONSEQUENTIAL OR LOSS OF, OR DAMAGE TO, CUSTOMER DATA, REVENUE, PROFITS, USE OR OTHER ECONOMIC ADVANTAGE (WHETHER DIRECT OR INDIRECT) ARISING OUT OF, OR IN ANY WAY CONNECTED WITH THE CLOUD-SERVICES, WHETHER OR NOT THE CUSTOMER HAS BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
11.3 All liability claims of Customer against Service Provider shall become time barred after one year following the date on which a material breach of Service Provider’s obligations or responsibilities occurred.
11.4 NOTHING IN THIS AGREEMENT WILL LIMIT OR EXCLUDE THE LIABILITY OF A PARTY
- FOR DEATH OR PERSONAL INJURY RESULTING FROM NEGLIGENCE OF THAT PARTY;
- FOR FRAUD OR FRAUDULENT MISREPRESENTATION BY THAT PARTY;
- IN ANY WAY THAT IS NOT PERMITTED UNDER APPLICABLE LAW.
12. Force Majeure Event
12.1 “Force Majeure Event” means an event, or a series of related events, that is outside the reasonable control of the party affected (including, but not limited to power failures, industrial disputes affecting any third party, changes to the law, natural disasters, epidemics, explosions, fires, floods, riots, terrorist attacks and wars).
12.2 Where a Force Majeure Event gives rise to a failure or delay in either party performing its obligations under this Agreement (other than obligations to make payment hereunder), those obligations will be suspended for the duration of the Force Majeure Event.
12.3 A party who becomes aware of a Force Majeure Event which gives rise to, or which is likely to give rise to, any failure or delay in performing its obligations under this Agreement, will:
(a) forthwith notify the other; and
(b) inform the other of the period for which it is estimated that such failure or delay will continue.
12.4 The affected party will take reasonable steps to mitigate the effects of the Force Majeure Event.
13.1 As used herein, "Confidential Information" means all confidential and proprietary information of a party ("Disclosing Party") disclosed to the other party ("Receiving Party"), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, including the terms and conditions of this Agreement or the applicable Order (including pricing), the Cloud-Services, business and marketing plans, technology and technical information, product designs, and business processes. Each party shall keep confidential and use any such Confidential Information only to the extent required for the purposes of this Agreement and to impose similar obligations to persons who have a right and need to know such Confidential Information (e.g., Authorized Users).
13.2 Confidential Information does not include information which (and only to the extent that) the Receiving Party can establish through documentary evidence that such information:
(i) was rightfully received without restrictions from third parties who owe no obligations of confidentiality to the Disclosing Party with respect to such information;
(ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party;
(iii) was independently developed by the Receiving Party without breach of any obligation owed to the Disclosing Party; or
(iv) was already publicly known at the time of disclosure or subsequently becomes publicly known through no breach by the Receiving Party of its obligations under this Section.
13.3 Each party agrees to protect the confidentiality of the Confidential Information of the other party in the same manner that it protects the confidentiality of its own proprietary and confidential information of like kind (but in no event using less than reasonable care).
13.4 If the Receiving Party is compelled by law to disclose Confidential Information of the Disclosing Party, it shall provide the Disclosing Party with prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at Disclosing Party's cost, if the Disclosing Party wishes to contest the disclosure.
13.5 If the Receiving Party discloses or uses (or threatens to disclose or use) any Confidential Information of the Disclosing Party in breach of confidentiality protections hereunder, the Disclosing Party shall have the right, in addition to any other remedies available to it, to seek injunctive relief to enjoin such acts, it being specifically acknowledged by the parties that any other available remedies are inadequate.
14.1 Customer represents and warrants that it will comply with all applicable laws, statutes, regulations, rules, ordinances, codes, and standards, including but not limited to any export laws of the EU and U.S. Without limiting the foregoing, (i) Customer represents that it and any Authorized User is not named on any U.S. government list of persons or entities prohibited from receiving exports, and (ii) Customer shall not permit Authorized Users to access or use Cloud Services in violation of any U.S. export embargo, prohibition or restriction.
14.2 All disputes and litigation arising out of or related to this Agreement and each Order, including without limitation matters connected with their conclusion, performance or termination, will be construed, interpreted, applied and governed in all respects in accordance with the laws of England and Wales, without reference to conflict of laws principles. The provisions of the United Nations Convention on Contracts for the International Sale of Goods will not apply. The courts of England and Wales will have the exclusive jurisdiction to decide upon any dispute arising out of or in connection with this Agreement and each Order, including any question regarding their existence, validity or termination,
14.3 Changes to this Agreement must be made by a written agreement.
14.4 Should any provision of this Agreement or Order be held by a court to be invalid, the validity of the remaining provisions shall not be affected thereby.
14.5 The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties.
14.6 No failure or delay by either party in exercising any right under this Agreement or Order shall constitute a waiver of that right.
14.7 Customer shall not assign its rights or delegate its obligations under this Agreement or Order without the prior written consent of Anota Ltd.
14.8 In signing this SOP013S the Customer and Service Provider agree to be bound to these Terms and conditions of service and supply.
Customer will not, without the prior written consent of Service Provider, employ, solicit or endeavour to entice away any employee of Service Provider who is or has been engaged in the development, support or otherwise provision of software and/or services pursuant to work undertaken in regards the Software or solution/s provided.
16. Customer Obligations
16.1 For the duration of any service/software agreement, Customer will offer to Service Provider all reasonable help and support together with any necessary access to enable completion and/or support in relation to said agreement/s.
16.2 Customer will also ensure that the software and associated applications are used in the prescribed manner by competent persons and will not be modified, duplicated or reverse engineered in any way.
17. Intellectual Property Rights and Legal Compliance
17.1 The copyright and all other intellectual property rights of whatever nature in programs or services comprising the applications and/or software (installed, licenced, rented or otherwise) and all related services and documentation (including form designs for specific applications, workflow, created scripts, views or ancillary/additional scripts, source code and compiled/installed applications etc.) vest in Service Provider and DocuWare (as applicable) and shall remain the Service Provider’s property during the term of the agreement and thereafter.
Schedule 1 to Exhibit 1
This Schedule 1 specifies the obligations of the parties in relation to the Cloud-Services described in the Service and Supply Agreement (“Agreement”).
1. For the purposes of this Schedule:
1.1 “data controller” means the person which, alone or jointly with others, determines the purposes and means of the processing of personal data;
1.2 “data processor” means the person which processes personal data on behalf of the data controller;
1.3 “personal data” means any information relating to an identifiable individual that is processed by DocuWare as a result of, or in connection with, the provision of the Cloud Services;
An identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity; and
1.4 “processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking erasure or destruction.
2. Service Provider acknowledges that the Customer is the data controller in respect of any personal data that Service Provider processes on the Customer’s behalf in the course of providing the Cloud-Services and that Service Provider is a data processor of such data.
3. Service Provider agrees that it shall (and shall procure that each of its sub-contractors shall):
3.1 only carry out processing of personal data in accordance with the Customer’s instructions (which may be specific instructions or instructions of a general nature as set out in this Agreement or as otherwise notified by the Customer to Service Provider during the term of this Agreement);
3.2 implement appropriate technical and organisational measures against the accidental, unauthorised or unlawful processing, destruction, loss, damage or disclosure of personal data and adequate security programmes and procedures to ensure that unauthorised persons do not have access to the personal data or to any equipment used to process the personal data;
3.3 ensure that the technical and organisational measures shall be appropriate to the harm which might result from any unauthorised or unlawful processing and accidental loss, destruction or damage to the personal data and having regard to the nature of the personal data which is to be protected;
3.4 ensure the reliability of any employees who have access to personal data and that all employees involved in the processing of personal data have undergone adequate training in the care, protection and handling of personal data;
3.5 promptly refer to the Customer any queries from individuals, any data protection authority or any other law enforcement authority, for the Customer to resolve;
3.6 at no additional cost, promptly provide such information to the Customer as the Customer may reasonably require to allow it to comply with the rights of individuals under applicable data protection laws, including subject access rights, or with information or assessment notices served by any data protection authority;
3.7 notify the Customer of any unauthorised or unlawful processing or any accidental loss, destruction, damage, alteration or disclosure of personal data as soon as it becomes aware and keep the Customer informed of any related developments;
3.8 not process or permit the processing of personal data outside the EEA other than with the prior written consent of the Customer and, where such consent is granted, Service Provider undertakes to enter into a suitable agreement with the Customer and/or any relevant parties and/or adopt any necessary measures in order to ensure an adequate level of protection with respect to the privacy rights of individuals.
4. The Customer acknowledges and agrees, that Service Provider’s affiliates, as well as third party sub-contractors engaged by an affiliate or Service Provider itself (including Microsoft Azure) are permitted have access to personal data in connection with the provision of the Cloud Services. Any of such sub-contractors will be permitted to obtain personal data only to deliver the service the Service Provider has retained them to provide. The Service Provider shall exercise the due care required by law by the selection of subcontractors. The Service Provider may engage its own affiliated companies or other sub-contractors for the performance of the Agreement without written consent of Customer.