Terms + Conditions

In using our websites, you are deemed to have read and agreed to the following terms and conditions:

The following terminology applies to these Terms and Conditions, Privacy Statement and any disclaimer Notice and any or all Agreements: “Customer”, “You” and “Your” refers to you, the person accessing our websites and accepting the Company’s terms and conditions. “The Company”, “Ourselves”, “We” and “Us”, refers to our Company. “Party”, “Parties”, or “Us”, refers to both the Customer and ourselves, or either the Customer or ourselves. All terms refer to the offer, acceptance and consideration of payment necessary to undertake the process of our assistance to the Customer in the most appropriate manner, whether by formal meetings of a fixed duration, or any other means, for the express purpose of meeting the Customer’s needs in respect of provision of the Company’s stated services/products, in accordance with and subject to, prevailing EU Law. Any use of the above terminology or other words in the singular, plural, capitalization and/or he/she or they, are taken as interchangeable and therefore as referring to same.

Privacy Policy & Cookie Policy

Background

Outreach Humans (Spaceboat LTD) understands that your privacy is important to you and that you care about how your information is used and shared online. We respect and value the privacy of everyone who visits Our Sites and will only collect and use information in ways that are useful to you and in a manner consistent with your rights and Our obligations under the law.

This Policy applies to Our use of any and all data collected by us in relation to your use of Our Sites. Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of Our Privacy Policy is deemed to occur upon your first use of Our Sites. If you do not accept and agree to this Privacy Policy, you must stop using Our Sites immediately.

1. DEFINITION AND INTERPRETATION

In this Policy the following terms shall have the following meanings:“Account”means an account required to access and/or use certain areas and features of Our Sites;“Cookie”means a small text file placed on your computer or device by Our Sites when you visit certain parts of Our Sites and/or when you use certain features of Our Sites. Details of the Cookies used by Our Sites are set out in section 12, below;“Our Sites”means our websites, outreachhumans.com;“UK and EU Cookie Law”means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended in 2004, 2011 and 2015; and“We/Us/Our”means Outreach Humans.

2. INFORMATION ABOUT US

2.1 Our Sites, outreachhumans.com, are owned and operated by Spaceboat LTD, a limited liability company in the United Kingdom.

3. SCOPE – WHAT DOES THIS POLICY COVER?

This Privacy Policy applies only to your use of Our Sites. It does not extend to any websites that are linked to from Our Sites (whether We provide those links or whether they are shared by other users). We have no control over how your data is collected, stored or used by other websites and We advise you to check the privacy policies of any such websites before providing any data to them.

4. WHAT DATA DO WE COLLECT?

Some data will be collected automatically by Our Sites (for further details, please see section 12 on Our use of Cookies), other data will only be collected if you voluntarily submit it and consent to Us using it for the purposes set out in section 5, for example, when signing up for an Account. Depending upon your use of Our Sites, We may collect some or all of the following data:

4.1 Name;

4.2 date of birth;

4.3 gender;

4.4 business/company name

4.5 job title;

4.6 profession;

4.7 contact information such as email addresses and telephone numbers;

4.8 demographic information such as postcode, preferences and interests;

4.9 financial information such as credit / debit card numbers;

4.10 IP address (automatically collected);

4.11 web browser type and version (automatically collected);

4.12 operating system (automatically collected);

4.13 a list of URLs starting with a referring site, your activity on Our Sites, and the site you exit to (automatically collected);

5. HOW DO WE USE YOUR DATA?

5.1 All personal data is stored securely in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679)(GDPR). For more details on security see section 6, below.

5.2 We use your data to provide the best possible products and services to you. This includes:

5.2.1 Providing and managing your Account;

5.2.2 Providing and managing your access to Our Sites;

5.2.3 Personalizing and tailoring your experience on Our Sites;

5.2.4 Supplying Our products and services to you;

5.2.5 Personalizing and tailoring Our products and services for you;

5.2.6 Responding to communications from you;

5.2.7 Supplying you with email newsletters and alerts that you have subscribed to (you may unsubscribe or opt-out at any time by Insert Description of Unsubscription Method;

5.2.8 Market research;

5.2.9 Analyzing your use of Our Sites and gathering feedback to enable Us to continually improve Our Sites and your user experience;

5.3 In some cases, the collection of data may be a statutory or contractual requirement, and We will be limited in the products and services We can provide you without your consent for Us to be able to use such data.

5.4 With your permission and/or where permitted by law, We may also use your data for marketing purposes which may include contacting you by email and/or telephone and/or text message and/or post with information, news and offers on Our products and/or services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended in 2004, 2011 and 2015.

5.5 Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following basis applies:

a) you have given consent to the processing of your personal data for one or more specific purposes;

b) processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;

c) processing is necessary for compliance with a legal obligation to which we are subject;

d) processing is necessary to protect the vital interests of you or of another natural person;

e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or

f) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

6. HOW AND WHERE DO WE STORE YOUR DATA?

6.1 We only keep your data for as long as We need to in order to use it as described above in section 5, and/or for as long as We have your permission to keep it. In any event, We will conduct an annual review to ascertain whether we need to keep your data.

6.2 Some or all of your data may be stored or transferred outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland and Liechtenstein). You are deemed to accept and agree to this by using Our Sites and submitting information to Us. If We do store or transfer data outside the EEA, We will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EEA and under the GDPR. Such steps may include, but not be limited to, the use of legally binding contractual terms between Us and any third parties We engage and the use of the EU-approved Model Contractual Arrangements.

6.3 Data security is of great importance to Us, and to protect your data We have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through Our Sites.

6.4 Notwithstanding the security measures that We take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to Us data via the internet.

7. DO WE SHARE YOUR DATA?

7.1 We may contract with third parties to supply products and services to you on Our behalf. These may include payment processing, delivery of goods, search engine facilities, advertising and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.

7.2 We may compile statistics about the use of Our Sites including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymised and will not include any personally identifying information. We may from time to time share such data with third parties such as prospective investors, affiliates, partners and advertisers. Data will only be shared and used within the bounds of the law.

7.3 In certain circumstances, We may be legally required to share certain data held by Us, which may include your personal information, for example, where We are involved in legal proceedings, where We are complying with the requirements of legislation, a court order, or a governmental authority. We do not require any further consent from you in order to share your data in such circumstances and will comply as required by any legally binding request that is made of Us.

8. WHAT HAPPENS IF OUR BUSINESS CHANGES HANDS?

8.1 We may, from time to time, expand or reduce Our business and this may involve the sale and/or the transfer of control of all or part of Our business. Data provided by users will, where it is relevant to any part of Our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use the data for the purposes for which it was originally collected by Us.

8.2 In the event that any of your data is to be transferred in such a manner, you will not be contacted in advance and informed of the changes.

9. HOW CAN YOU CONTROL YOUR DATA?

9.1 When you submit information via Our Sites, you may be given options to restrict Our use of your data. We aim to give you strong controls on Our use of your data (including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emailsand at the point of providing your details and/or by managing your Account).

10. YOUR RIGHT TO WITHHOLD INFORMATION AND YOUR RIGHT TO WITHDRAW INFORMATION AFTER YOU HAVE GIVEN IT

10.1 You may access certain areas of Our Sites without providing any data at all. However, to use all features and functions available on Our Sites you may be required to submit or allow for the collection of certain data.

10.2 You may restrict your internet browser’s use of Cookies. For more information, see section 12.

10.3 You may withdraw your consent for Us to use your personal data as set out in section in 5 at any time by contacting Us using the details set out in section 15, and We will delete Your data from Our systems. However, you acknowledge this may limit Our ability to provide the best possible products and services to you.

11. HOW CAN YOU ACCESS YOUR DATA?

You have the legal right to ask for a copy of any of your personal data held by Us (where such data is held). Please contact Us for more details at italo@spaceboat.io or using the contact details below in section 15.

12. WHAT COOKIES DO WE USE AND WHAT FOR?

12.1 Our Sites may place and access certain first party Cookies on your computer or device. First party Cookies are those placed directly by Us and are used only by Us. We use Cookies to facilitate and improve your experience of Our Sites and to provide and improve Our products and services. For more details, please refer to section 5, above, and to section 12.6 below. We have carefully chosen these Cookies and have taken steps to ensure that your privacy is protected and respected at all times.

12.2 By using Our Sites you may also receive certain third party Cookies on your computer or device. Third party Cookies are those placed by websites, services, and/or parties other than Us. For more details, please refer to section 5, above, and to section 12.6 below. These Cookies are not integral to the functioning of Our Sites.

12.3 All Cookies used by and on Our Sites are used in accordance with current English and EU Cookie Law.

12.4 Before Cookies are placed on your computer or device, subject to section 12.5 and/or section 12.8, you will be shown a pop-up requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling Us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of Our Sites may not function fully or as intended.

12.5 Certain features of Our Sites depend on Cookies to function. The EU Cookie Law deems these Cookies to be “strictly necessary”. These Cookies are shown below in section 12.6. Your consent will not be sought to place these Cookies. You may still block these Cookies by changing your internet browser’s settings as detailed below in section 12.9, but please be aware that Our Sites may not work as intended if you do so. We have taken great care to ensure that your privacy is not at risk by allowing them.

12.6 ABOUT COOKIES Cookies are small files – usually consisting of letters and numbers – placed on your computer, tablet, phone, or similar device, when you use that device to visit a Website. The Service use cookies and similar technologies such as pixel tags, web beacons, clear GIFs, and JavaScript to enable our servers to recognize your web browser and tell us how and when you visit and use our Website and Service, to analyze trends, learn about our user base and operate and improve our Service. We will refer to cookies and similar technologies simply as “Cookies” for the remainder of this Cookie Policy.

We sometimes combine information collected through Cookies that is not Personal Data with Personal Data that we have about you, for example, to tell us who you are or whether you have an account with us. We may also supplement the information we collect from you with information received from third parties. For more information about the kinds of Cookies we use and the purposes for which we use Cookies, please consult the chart below.

a) SESSION COOKIES VS. PERSISTENT COOKIES Cookies can either be “session Cookies” or “persistent Cookies”. Session Cookies are temporary Cookies that are stored on your device while you are visiting our Website or using our Service, whereas “persistent Cookies” are stored on your device for a period of time after you leave our Website or Service. The length of time a persistent Cookie stays on your device varies from Cookie to Cookie. We use persistent Cookies to store your preferences so that they are available for the next visit and to keep a more accurate account of how often you visit our Service, how often you return, how your use of the Service may vary over time. We also use persistent Cookies to measure the effectiveness of advertising efforts. Through these Cookies, we may collect information about your online activity after you leave our Service.

b) THIRD-PARTY COOKIES Some Cookies are placed by a third party on your device and may provide information to us and third parties about your browsing habits (such as your visits to our Service, the pages you have visited and the links and advertisements you have clicked). These Cookies can be used to determine whether certain third party services are being used, to identify your interests, to retarget advertisements to you and to serve advertisements to you that we or others believe are relevant to you. We do not control third-party Cookies, however, users may opt out from certain third-party Cookies (e.g. Retargeting/Advertising cookies) by using our TrustArc cookie management solution (see Cookie Settings below).

c) FURTHER INFORMATION Further information about Cookies can also be found at http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htmhttps://ico.org.uk/for-the-public/online/cookies/, and http://www.allaboutcookies.org/.

d) WHAT TYPES OF COOKIES DO WE USE AND FOR WHICH PURPOSES?

12.6.1 ESSENTIAL COOKIES Essential (or “Required”) Cookies that are required for providing you with features or services that you have requested. For example, certain Cookies enable you to sign in to secure areas of our Website or use a shopping cart feature within our Service. Disabling these Cookies may make certain features and services unavailable.

12.6.2 FUNCTIONALITY COOKIES Functional Cookies are used to record your choices and settings regarding our Service, maintain your preferences over time and recognize you when you return to our Service. These Cookies help us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).

12.6.3 PERFORMANCE/ANALYTICAL COOKIES Performance/Analytical Cookies allow us to understand how visitors use our Website and Service such as by collecting information about the number of visitors to the Website, what pages visitors view on our Website and how long visitors are viewing pages on the Website. Performance/Analytical Cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Service’s content for those who engage with our advertising.

12.6.4 RETARGETING/ADVERTISING COOKIES Retargeting/Advertising Cookies collect data about your online activity and identify your interests so that we can provide advertising that we believe is relevant to you.

12.6.5 COOKIE SETTINGS You can decide whether or not to accept Cookies. One way you can do this is through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You can also delete all Cookies that are already on your computer. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some Service and functionalities may not work.

12.6.6 To explore what Cookie settings are available to you, look in the “preferences” or “options” section of your browser’s menu. To find out more information about Cookies, including information about how to manage and delete Cookies, please visit https://ico.org.uk/for-the-public/online/cookies/ or http://www.allaboutcookies.org/.

12.6.7 We also allow you the ability to opt out of certain types of Cookies by clicking on the cookie banner when you first enter the applicable website (for EU users), or by clicking here to adjust your cookie settings.

12.6.8 QUESTIONS If you have any queries regarding this Cookie Policy, please contact us at italo@spaceboat.io

12.7 Our Sites use analytics services provided by Google, WordPress and Amazon. Website analytics refers to a set of tools used to collect and analyse usage statistics, enabling Us to better understand how people use Our Sites. This, in turn, enables Us to improve Our Sites and the products and services offered through it. You do not have to allow Us to use these Cookies, as detailed below, however, whilst Our use of them does not pose any risk to your privacy or your safe use of Our Sites, it does enable Us to continually improve Our Sites, making it a better and more useful experience for you.

12.8 The analytics service(s) used by Our Sites use(s) Cookies to gather the required information. Certain of these Cookies may be placed immediately when you first visit Our Sites and it may not be possible for Us to obtain your prior consent. You may remove these Cookies and prevent future use of them by following the steps set out below in section 12.9.

12.9 You can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third-party cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.

12.10 You can choose to delete Cookies at any time however you may lose any information that enables you to access Our Sites more quickly and efficiently including, but not limited to, login and personalization settings.

12.11 It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.

13. SUMMARY OF YOUR RIGHTS UNDER GDPR

Under the GDPR, you have:

13.1 the right to request access to, deletion of or correction of, your personal data held by Us;

13.2 the right to complain to a supervisory authority;

13.3 be informed of what data processing is taking place;

13.4 the right to restrict processing;

13.5 the right to data portability;

13.6 object to the processing of your personal data;

13.7 rights with respect to automated decision-making and profiling (see section 14 below).

To enforce any of the foregoing rights or if you have any other questions about Our Sites or this Privacy Policy, please contact Us using the details set out in section 15 below.

14. AUTOMATED DECISION-MAKING AND PROFILING

14.1 In the event that We use personal data for the purposes of automated decision-making and those decisions have a legal (or similarly significant effect) on You, You have the right to challenge to such decisions under GDPR, requesting human intervention, expressing their own point of view, and obtaining an explanation of the decision from Us.

14.2 The right described in section 14.1 does not apply in the following circumstances:

a) The decision is necessary for the entry into, or performance of, a contract between the You and Us;

b) The decision is authorised by law; or

c) You have given you explicit consent.

14.3 Where We use your personal data for profiling purposes, the following shall apply:

a) Clear information explaining the profiling will be provided, including its significance and the likely consequences;

b) Appropriate mathematical or statistical procedures will be used;

c) Technical and organizational measures necessary to minimize the risk of errors and to enable such errors to be easily corrected shall be implemented; and

d) All personal data processed for profiling purposes shall be secured in order to prevent discriminatory effects arising out of profiling.

14.4 We currently make the following automated decisions: None.

14.5 We currently profile your personal data for the following purposes: Sales, Marketing, Service Operations

15. CONTACTING US

If you have any questions about Our Sites or this Privacy Policy, please contact Us by email at italo@spaceboat.io. Please ensure that your query is clear, particularly if it is a request for information about the data We hold about you (as under section 11, above).

16. CHANGES TO OUR PRIVACY POLICY

We may change this Privacy Policy as we may deem necessary from time to time, or as may be required by law. Any changes will be immediately posted on Our Sites and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Sites following the alterations. We recommend that you check this page regularly to keep up-to-date.

Copyright © 2019 Spaceboat.

Data Processing Agreement

Between Spaceboat LTD (also. d.b.a outreachhumans.com), the Processor and You, the Customer & Controller

This Agreement is dated from the day of your sign-up with our services.

PARTIES

  1. Spaceboat LTD, a limited liability company registered in the United Kingdom.
  2. You and/or your company/companies (Controller) hereinafter collectively referred to as ‘Parties’ and individually ‘Party’

BACKGROUND

(A) References to the term “Data Processing Agreement” means this Agreement and the following schedules attached hereto:

Schedule 1

Services, Processing, Personal Data and Data Subjects

Schedule 2

Security Measures

1. AGREED TERMS

The terms and expressions set out in this Agreement shall have the following meanings:

1.1 Data Protection Legislation: (i) unless and until the GDPR is no longer directly applicable in the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in (ii) any successor legislation to the GDPR or the Data Protection Act 1998;

1.2 “Controller”, “Processor”, “Processing” and “Data Subject” shall have the meanings given to them in the Data Protection Legislation;

1.3 ICO means the Information Commissioner’s Office;

1.4 Personal Data means all such “personal data” as defined in the Data Protection Legislation as is, or is to be, processed by the Processor on behalf of the Controller;

1.5 Services means those services and/or facilities described in Schedule 1 which are provided by the Processor to the Controller and which the Controller uses for the purpose(s) described in Schedule 1.

1.6 “Security Measures” means the security measures set out in Schedule 2

1.7 Clause, Schedule and paragraph headings shall not affect the interpretation of this agreement.

1.8 A person includes a natural person, corporate or unincorporated body (whether or not having separate legal personality).

1.9 The Schedules form part of this Agreement and shall have effect as if set out in full in the body of this Agreement. Any reference to this Agreement includes the Schedules.

1.10 A reference to a company shall include any company, corporation or other corporate bodies, wherever and however incorporated or established.

1.11 Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular. Unless the context otherwise requires, a reference to one gender shall include a reference to the other genders.

IT IS AGREED AS FOLLOWS:

2. SCOPE OF PROCESSING

2.1 The Controller determines the purposes and means of the processing of Personal Data. The Controller shall comply with its obligations pursuant to Data Protection Legislation, including the responsibility to ensure the necessary legal basis for collecting, processing and transfer of Personal Data.

2.2 The terms of this Agreement supersede any other arrangement, understanding or agreement made between the Parties at any time relating to the protection of Personal Data.

2.3 This Agreement concerns the Processor’s processing of Personal Data on behalf of the Controller in connection with the Processor’s provision of the Services or otherwise as described in Schedule 1.

2.4 The nature and the purpose of the processing, including operations and activities, are specified in Schedule 1 but the Processor is only to carry out the Services, and only to process Personal Data received from the Controller or tasked by the Controller to generate, acquire or organize:

  • for the purposes of those Services and not for any other purpose;
  • to the extent and in such manner as is necessary for those purposes; and
  • strictly in accordance with the express authorization and instructions of designated contacts at the Controller (which may be specific instructions or instructions of a general nature or as otherwise notified by the Controller to the Processor).

2.5 The Processor, its Sub-processors, and other persons acting under the authority of the Processor who has access to the Personal Data shall process the Personal Data only on behalf of the Controller and in compliance with its documented instructions and in accordance with the Processing Agreement unless otherwise stipulated in applicable statutory laws.

2.6 The Processor shall immediately inform the Controller if, in the Processor’s opinion, an instruction infringes the Data Protection Legislation.

2.7 The Processor shall promptly comply with any request from the Controller requiring the Processor to amend, transfer or delete the Personal Data.

2.8 The Processor agrees to comply with any reasonable measures required by the Controller, and the Controller agrees to comply with any reasonable measures required by the Processor, to ensure that its obligations under this Agreement are satisfactorily performed in accordance with the Data Protection Legislation and all applicable legislation from time to time in force and any best practice guidance issued by the ICO.

2.9 Where the Processor processes Personal Data (whether stored in the form of physical or electronic records) on behalf of the Controller it shall:

2.9.1 be resolved that the Controller gives the Processor explicit permission to process the Personal Data outside the European Union where applicable under the transfer obligations of Chapter V of the Data Protection Legislation;

2.9.2 process the Personal Data only to the extent, and in such manner, as is necessary in order to comply with its obligations to the Controller or as is required by law or any regulatory body including but not limited to the ICO;

2.9.3 implement appropriate technical and organizational measures and take all steps necessary to protect the Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure, and promptly supply details of such measures as requested from the Controller;

2.9.4 any transfer of Personal Data is subject to the Data Protection Legislation’s standard contractual clauses or another legal basis for such transfer or disclosure; and

2.9.5 if so requested by the Controller supply details of the technical and organizational systems in place to safeguard the security of the Personal Data held and to prevent unauthorized access.


2.10 The Processor shall notify the Controller (within five working days) if it receives:

2.10.1 a request from a data subject to have access to that person’s Personal Data; or

2.10.2 a complaint or request relating to the Controller’s obligations under the Data Protection Legislation.

2.11 The Processor agrees to provide the Controller with full cooperation and assistance in relation to any complaint or request made, including by:

2.11.1 providing the Controller with full details of the complaint or request;

2.11.2 complying with a data access request within the relevant timescale and in accordance with the Controller’s instructions;

2.11.3 providing the Controller with any Personal Data it holds in relation to a data subject (within the timescales required by the Controller);

2.11.4 providing the Controller with any information requested by the Controller;


2.12 notify the Controller immediately if it becomes aware of any unauthorised or unlawful processing, loss of, damage to or destruction of any of the Personal Data.


3. SECURITY MEASURES

3.1 The Processor shall implement appropriate technical and organisational measures as stipulated in Data Protection Legislation and/or measures imposed by the ICO to ensure an appropriate level of security and these are outlined in Schedule 2.

3.2 The Processor shall assess the appropriate level of security and take into account the risks related to the processing, including risk for accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Person Data transmitted, stored or otherwise processed.

3.3 All transmissions of Personal Data between the Processor and the Controller or between the Processor and any third party shall be done by means of adequate encryption agreed between the Parties.

3.4 The Processor shall provide reasonable assistance to the Controller, taking into account relevant information available to the Processor, if the Controller is obliged to perform an impact assessment and/or consult ICO in connection with the processing of Personal Data. The Controller shall bear any costs accrued by the Processor related to such assistance.

4. NOTIFICATION OF ANY BREACH

4.1 The Processor shall notify the Controller without undue delay after becoming aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed (“Personal Data Breach“). The Controller is responsible for notifying the Personal Data Breach to the ICO within 72 hours of any such breach.

4.2 The notification to the Controller shall as a minimum describe (i) the nature of the Personal Data Breach including where possible, the categories and approximate number of Data Subjects concerned and the categories and approximate number of Personal Data records concerned; (ii) the likely consequences, in the reasonable opinion of the Processor, of the Personal Data Breach; (iii) the measures taken or proposed to be taken by the Processor to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.

4.3 In the event the Controller is obliged to communicate a Personal Data Breach to the Data Subjects, the Processor shall assist the Controller, including the provision, if available, of necessary contact information to the affected Data Subjects. The Controller shall bear any costs related to such assistance provided by the Processor and to such communication to the Data Subject.

5. SUB-PROCESSING

5.1 The Processor may engage another processor (“Sub-processor“) in the processing of the Personal Data without the written consent of the Controller.

5.2 The Processor shall ensure that its data protection obligations set out in this Agreement and the Data Protection Legislation are imposed to any Sub-processors by way of a written agreement. Any Sub-processor shall, in particular, provide sufficient guarantees to implement appropriate technical and organisational measures to comply with Data Protection Legislation. The Processor shall remain fully liable to the Controller for the performance of any Sub-processor.


6. WARRANTIES AND INDEMNITIES

6.1 Each party warrants to the other that it will process the Personal Data in compliance with this Agreement and in accordance with the Data Protection Legislation.

6.2 The Parties shall each be liable for and shall indemnify (and keep indemnified) each other against each and every action, proceeding, liability, cost, claim, loss, expense (including reasonable legal fees and disbursements on a solicitor and client basis) and demand incurred by the other which arise directly or in connection with any data processing activities which are subject to this Agreement.

6.3 LIMITATIONS ON LIABILITIES. IN NO EVENT OR ANY CIRCUMSTANCES WHATSOEVER SHALL ANY PARTY BE LIABLE FOR LOST PROFITS OR OTHER INCIDENTAL OR CONSEQUENTIAL, INDIRECT, SPECIAL, EXEMPLARY OR PUNITIVE DAMAGES, EVEN IF SUCH PARTY HAD BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF THEY WERE OTHERWISE FORESEEABLE. EACH PARTY’S TOTAL LIABILITY FOR TORT, CONTRACT AND OTHER DAMAGES SHALL NOT EXCEED THE TOTAL AMOUNT OF ALL MONTHLY SUBSCRIPTION FEES AS DEFINED ON EXHIBIT B PAID TO COMPANY BY THE CUSTOMER IN THE TWELVE-MONTH PERIOD IMMEDIATELY PRECEDING THE DATE UPON WHICH A CLAIM IS FIRST ASSERTED, LESS AGGREGATE DAMAGES PREVIOUSLY PAID BY SUCH PARTY UNDER THIS AGREEMENT. NEITHER PARTY SHALL BE LIABLE FOR ANY CLAIM OR DEMAND AGAINST THE OTHER PARTY BY ANY THIRD PARTY EXCEPT FOR THE INDEMNIFICATION SET FORTH IN THIS SECTION 6. THESE LIMITATIONS OF LIABILITY SHALL APPLY TO ALL CLAIMS AGAINST EACH PARTY IN THE AGGREGATE (NOT PER INCIDENT) AND TOGETHER WITH THE DISCLAIMER OF WARRANTIES SHALL SURVIVE FAILURE OF ANY EXCLUSIVE REMEDIES PROVIDED IN THIS AGREEMENT.


7. CONFIDENTIALITY

7.1 The Controller is subject to a duty of confidentiality regarding any documentation and information, received by the Processor, related to the Processor’s and its Sub-processors’ implemented technical and organisational security measures.

7.2 The obligations in this Clause 7 shall continue for a period of five years after the cessation of the provision of Services by the Processor to the Controller. Nothing in this Agreement shall prevent either party from complying with any legal obligation imposed by the ICO or a court. Both parties shall, however, where possible, discuss together the appropriate response to any request from the ICO or court for disclosure of information.


8. TERM AND TERMINATION

8.1 The Processing Agreement is valid for as long as the Processor processes Personal Data on behalf of the Controller.

8.2 In the event of the Processor’s breach of the Processing Agreement, the Controller may (i) instruct the Processor to stop further processing of Personal Data with immediate effect; (ii) terminate the Processing Agreement with immediate effect; the Controller may not claim damages for direct economic loss caused by the Processor’s breach, subject always to the provisions (including limitation of liability provisions) of the agreement(s) pursuant to which the Services are provided.

8.3 The Processor shall, upon the termination of this Agreement and at the choice of the Controller or the Processor, delete all the Personal Data collected or used on behalf of the Controller, unless otherwise stipulated otherwise in the Data Protection Legislation.


9. GENERAL

9.1 This Agreement may only be amended by the Parties subject to mutual consent and in accordance with the Data Protection Legislation.

9.2 The Processor shall not subcontract to any third party any of its rights or obligations under this Agreement save for where permitted by the Parties under this Agreement.

9.3 This Agreement shall be governed by the laws of the United Kingdom.