Services – Terms and Conditions
General terms
- Definitions
- “Confidential Information”: any information in any form that falls within any of the following categories:
- it has been provided by one party (the “disclosing party”) to the other party (the “receiving party”) or that is otherwise shared in connection with this agreement and which was marked confidential (or a similar designation) or was stated to be confidential at the time of disclosure;
- it comprises or contains training materials provided by the Supplier to the Customer;
- it concerns the customers, finances, sales, marketing, products, suppliers, employees, business operations, forecasts, management, or network or computer systems information, of the disclosing party, or it would ordinarily be deemed by a reasonable person to be confidential or proprietary;
- if, in the course of providing the Services, the Customer is a Controller and the Supplier is its Processor in respect of any Personal Data, those Personal Data (which are the Customer’s Confidential Information) (Controller, Processor, and Personal Data are as defined in clause ); or
- the provisions (but not the existence) of this agreement and the process of its negotiation.
- ”Customer”: the person identified as the customer in the Proposal.
- ”Due Date”: the date by which the Supplier must have received the Customer’s payment, as set out in or calculated in accordance with the Proposal.
- ”Intellectual Property Rights”: any patents, copyright, database right, design right, trade mark, service mark, trade secret, logo, know-how and any other intellectual property rights (whether registered or unregistered or capable of registration) together with any current applications for any registrable items of the foregoing and all rights and forms of protection having equivalent or similar effect anywhere in the world.
- “Material Breach”: with respect to a given breach, that a reasonable person in the position of the nonbreaching party would wish to terminate this agreement because of that breach. Any breach by the Customer of clause is a Material Breach.
- ”Proposal”: the document provided by the Supplier to the Customer, which describes the Services.
- ”Services”: the services which the Supplier will provide to the Customer, as set out in the Proposal.
- “Service Commencement Date”: the date set out in the Proposal, on which the Supplier will begin to provide the Services.
- ”Supplier”: Samurai Digital Security Limited, a company registered in England and Wales with company number 10511079. The Supplier’s registered office address is Unit 3, Hazel Court Midland Way, Barlborough, Chesterfield, England, S43 4FD.
- “Confidential Information”: any information in any form that falls within any of the following categories:
- The agreement
- This agreement comprises these general terms, the schedules, and the Proposal.
- This agreement applies to the exclusion of any terms the Customer may supply to the Supplier, or which accompany or are referenced in or linked from any purchase order or communication sent by the Customer. This agreement supersedes all previous negotiations, understandings, and representations, in each case relating to the subject matter of this agreement.
- This agreement, and any claim, dispute or matter arising out of or in connection (including non-contractual claims), is and will be governed by English law.
- Any provision of this agreement which refers to a charge or fee which the Supplier may levy on the Customer confers an obligation on the Customer to pay those charges or fees.
- Duration
- This agreement starts on the day set out in the Proposal, and lasts for the duration set out in the Proposal unless terminated earlier in accordance with this agreement.
- Postponement or cancellation of Services
- The Customer may request in writing (including by email) to the Supplier at any time that the Supplier postpones the Service Commencement Date. Following receipt of the Customer’s notification, the Supplier will confirm in writing (including by email) to the Customer if it agrees to the postponement or not. If the Customer does not receive written (including by email) confirmation from the Supplier of the postponement, the Service Commencement Date will be unchanged. The Customer may still cancel the Services in accordance with this clause .
- The Customer may cancel Services at any time, but the Customer will not be eligible for a refund of the Charges, or a waiver of its obligation to pay the Charges, other than as set out in this clause .
- The Customer is not eligible for a refund of any or all of the Charges, or a waiver of its obligation to pay the Charges, in either of the following situations:
- If the Supplier does not receive written (including by email) notification of the cancellation from the Customer more than two clear weeks before the Service Commencement Date. If there are not two full weeks between the date of this agreement and the Service Commencement Date, the Customer will not be eligible for a refund or waiver of the Charges. The Customer remains liable to pay the Charges in full. The Supplier may invoice for the full Charges immediately.
- For Services which entail or include the provision of software. This applies whether or not the Supplier has, at the point of cancellation, provided any software. The Customer remains liable to pay the Charges in full. The Supplier may invoice for the full Charges immediately.
- Subject to clause 3., if the Supplier receives written (including by email) notification of cancellation from the Customer more than four clear weeks before the Service Commencement Date, the Customer will be entitled to a 100% refund of any pre-paid Charges, and a waiver of 100% of any post-paid Charges, for the cancelled Services.
- Subject to clause 3., if the Supplier receives written (including by email) notification of cancellation from the Customer more than two clear weeks before the Service Commencement Date, the Customer will be entitled to a 50% refund of any pre-paid Charges, or a waiver of 50% of any post-paid Charges, for the cancelled Services. The Supplier may invoice for the remaining Charges immediately.
- If the Customer is entitled to a refund of pre-paid Charges under this clause, the Supplier shall pay the refund to the Customer within 28 days of the date on which the Supplier receives written notification of cancellation from the Customer.
- Supplier obligations
- The Supplier shall:
- begin to provide the Services on the Service Commencement Date;
- provide the Services to the standard of a reasonable and prudent operator providing services similar to the Services in the ordinary course of business; and
- comply with all applicable laws.
- The Supplier will not provide the Services outside normal business hours in the United Kingdom, unless agreed otherwise in the Proposal.
- Notwithstanding clause 1.2., the nature of the Services means that the Supplier cannot, and does not, guarantee:
- it will, find, identify, or attribute all indicators of compromise;
- it will, find, identify, or attribute all possible vectors of attack or vulnerabilities; or
- the security of any system.
- The Supplier shall:
- Supplier independence
- The Supplier acts as an independent and impartial observer, and retains editorial control over the scope and content of any reports or feedback it provides to the Customer, as determined by the Services. The final content of any such report or feedback, including classifications of risk, will be determined solely by the Supplier.
- The Customer shall not attempt to influence or pressurise the Supplier including as to its investigation, and the content of any report or feedback.
- Customer obligations
- The Customer shall, and shall ensure that its staff shall:
- comply with the Supplier’s reasonable instructions, guidelines and directions relating to the Services;
- behave at all times in a polite and professional manner towards the Supplier and its staff;
- keep secret and personal to itself any access credentials provided by the Supplier to systems or services used by the Supplier to provide the Services, and the Customer shall notify the Supplier immediately if the Customer becomes aware of, or suspects, that its access credentials have or may have been obtained by a third party.
- provide to the Supplier, both proactively and promptly in response to requests from the Supplier, all relevant information and documentation, and shall ensure that this information and documentation is (and remains) complete, accurate, and up-to-date;
- provide to the Supplier, promptly following the Supplier’s request, all such assistance, including access to the Customer’s systems and premises, as the Supplier reasonably requires to provide the Services; and
- comply with all applicable law.
- If, directly or indirectly because of a breach by the Customer of one or more of the provisions of this agreement, the Supplier is unable to perform the Services in full, or is unable to perform the Services to the expected standard, or to begin performance on the Service Commencement Date:
- the Supplier shall use reasonable efforts to perform the Services, but will not be liable for any defective or inadequate performance, including no performance.
- The Customer remains liable to pay the Charges in full. In addition, the Customer may need to book and pay for additional services to enable the Supplier to complete performance of the Services to the expected standard.
- The Customer shall, and shall ensure that its staff shall:
- Pricing
- Unless stated otherwise in the Proposal, prices exclude VAT. The Supplier will add VAT to the price, at the prevailing rate.
- Payments and invoicing
- The Customer shall pay the fees for the Services as set out in the Proposal, and all other sums due under this agreement.
- To invoice the Customer, the Supplier will send its invoice by email, to the Customer’s address set out in the Proposal.
- If the Customer requires the Supplier to include particular information on an invoices (such as a purchase order number, or supplier reference), the Customer must notify the Supplier of all relevant information before the Supplier issues the invoice.
- The Customer shall read any invoices the Supplier issues promptly. If there is an error, the Customer must notify the Supplier within 14 days of the invoice date. To dispute the whole of part of an invoice, the Customer must notify the Supplier, identify the disputed charges, and explain why they are in dispute, and provide any relevant supporting documentation. After those 14 days, the Customer cannot bring any dispute or claim relating to an incorrect invoice. The Customer shall still pay any undisputed part of the invoice in accordance with this agreement. The Customer shall work with the Supplier to resolve the dispute.
- The Customer shall pay the undisputed part of each invoice by the Due Date.
- The Customer shall pay the fees using a payment method offered by the Supplier.
- If, for any reason, the Supplier does not receive the Customer’s payment in full by the Due Date, the Supplier may do any, some, or all of the following:
- send the Customer reminders by email and post, or contact the Customer by phone or other communications channel, at regular intervals. The Supplier may charge the Customer an admin fee for each reminder, by way of liquidated damages.
- charge the Customer penalties and interest as specified in the Late Payment of Commercial Debts (Interest) Act 1998.
- charge the Customer reasonable costs and expenses (including legal costs) for seeking payment of the overdue amount.
- change the Due Date for future invoices.
- If, for any reason, the Supplier does not receive the Customer’s payment in full thirty days after the Due Date, the Supplier may do any, some, or all of the following:
- suspend the Services.
- terminate this agreement.
- If the Supplier suspends or terminates the Services or the agreement in accordance with clause 8., the Supplier will not be liable for any losses, costs, claims, expenses and liabilities whatsoever arising out of or in connection with that suspension or termination.
- The Customer shall not cancel, reverse, revoke, or do anything similar, any payment the Customer makes to the Supplier. If any payment the Customer makes is cancelled, reversed, revoked, or similar (including any claim under the Direct Debit Guarantee), that payment shall be deemed as having never been made to the Supplier.
- Intellectual property
- The Supplier or its licensors, as applicable, remains the owner of any Intellectual Property Rights subsisting in any reports, documentation, training materials, and any other materials or deliverables made available to the Customer under this agreement. Unless stated otherwise in the Proposal, nothing in the agreement transfers any Intellectual Property Rights to, or vests any Intellectual Property Rights in, the Customer.
- Varying this agreement
- The Supplier may amend this agreement at any time by notice to the Customer, provided that the amendment does not impose an additional cost or other material burden upon the Customer.
- Terminating this agreement
- Either party may terminate this agreement in the event of Material Breach by the other party, by giving notice to the other party.
- Termination of this agreement will not affect any rights, obligations or liabilities of either party that have accrued before termination or that are intended to continue to have effect beyond termination or expiration.
- Other than as set out in clause , the Customer is not entitled to a refund of any payments in the event of termination.
- The following clauses survive termination of this agreement , 4.., 5.3., 6., 7.2.2., 12.3., 13., 15.-19., schedule 1 paragraphs 2.6. and 3., schedule 2 paragraph 4., schedule 3 paragraph 4. and schedule 4 paragraph 6.2..
- Limits on liability
- All conditions, warranties or terms which might have effect between the Customer and us, or be implied or incorporated into this agreement (whether by statute, common law or otherwise) are excluded to the extent permitted by law, including the implied conditions, warranties or other terms as to satisfactory quality, fitness for purpose or the use of reasonable skill and car
- Neither party limits or excludes its liability to the other for personal injury or death caused by its negligence, for fraud or fraudulent misrepresentation, or for any matter for which, at law, a party cannot limit or exclude its liability.
- Subject to clauses 1. – 13.2.neither party shall be liable to the other for special, indirect, or consequential losses, nor for the following types of loss, whether direct, indirect, special or consequential, in each case however caused:
- financial loss (other than in respect of sums due from the Customer to the Supplier under this agreement), including loss of profits, earnings, business, goodwill, business interruption;
- expected or incidental losses; loss of expected savings; loss of sales; failure to reduce bad debt; reduction in the value of an asset; and
- loss of, or corruption to, data.
- Subject to clauses 1. – 13.3., the Supplier’s total liability to the Customer for claims (whether contractual or non-contractual) arising out or in connection with this agreement, , is a “money back guarantee”, meaning:
- in the case of ongoing services, the sum received by the Supplier from the Customer for those Services for the month in which the Customer notified the Supplier of the breach.
- in all other cases, the sum received by the Supplier from the Customer in respect of the Services to which the breach relates, for the period in which the Supplier was in breach of this agreement.
- Any liability owed under this agreement to the Customer is owed solely by the Supplier, and the Customer shall not attempt to enforce any personal responsibility or liability on, or bring any claim against, any individual.
- Data protection
- References in this clause to a “Regulation” are to the Applied GDPR. References to the “Applied GDPR” are to EC regulation 2016/679 as amended by the UK’s Data Protection Act 2018. References to an Article are to an Article of the Regulation. Capitalised terms in this clause have the meaning defined by the Regulation unless otherwise defined in this agreement.
- The Customer shall ensure that:
- any instructions the Customer gives the Supplier with respect to the Processing of Personal Data are lawful and will not cause the Supplier to breach any law; and
- the Customer has complied with, and will, for the duration of the Processing of Personal Data on the Customer’s behalf, comply with, all applicable data protection laws.
- The Customer shall not transfer any Personal Data to the Supplier, or make accessible any Personal Data to the Supplier, unless that transfer or access is necessary to enable the Supplier to provide the Services.
- If, in the course of providing the Services, the Customer is a Controller and the Supplier is the Customer’s Processor in respect of any Personal Data or if the Customer is a Processor and the Supplier is the Customer’s sub-processor, the Supplier shall:
- Process Personal Data in accordance with all applicable law;
- Process the Personal Data only on the Customer’s documented instructions as set out in this Agreement, including with regard to transfers of Personal Data to a third country or an international organisation;
- unless prohibited by law, notify the Customer before Processing the Personal Data, if the Supplier is required by law to act other than in accordance with the Customer’s instructions.
- have the Customer’s general authorisation to obtain other Processors (“Sub-processors”) and shall respect the conditions referred to in paragraphs 2 and 4 of Article 28 for any such engagement. Subject to the limitations of liability in this agreement, the Supplier shall be liable for the acts and omissions of its Sub-processors, and the Supplier shall ensure that the Sub-processor contract (as it relates to the Processing of Personal Data) is on terms which are substantially the same as, and in any case no less onerous Supplier than, this clause ;
- ensure that persons authorised to Process the Personal Data have committed themselves to confidentiality;
- take all measures required pursuant to Article 32;
- taking into account the nature of the Processing, assist the Customer, at the Customer’s cost, by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Customer’s obligation to respond to requests for exercising the Data Subject’s rights laid down in Chapter III of the Regulation;
- provide, at the Customer’s cost, reasonable assistance on written request by the Customer in ensuring compliance with the Customer’s obligations pursuant to Articles 32 to 36, taking into account the nature of Processing and the information available to the Supplier;
- at the Customer’s choice, delete or return all the Personal Data to the Customer after the end of the provision of the Service, and delete existing copies. The Supplier is not required to delete Personal Data if the Supplier is required by law to continue store those Personal Data.
- at the Customer’s cost and following written agreement as to the details, make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in Article 28, and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer; and
- notify the Customer without undue delay if the Supplier become aware of a Personal Data Breach for which the Supplier is responsible.
- For the purpose of clause 4.:
- the subject matter, nature, and purpose of our Processing is to perform the Supplier’s obligations under this agreement, which will depend on the Services.
- the duration of the Processing is the duration of the agreement.
- the type of Personal Data and categories of Data Subjects are as determined by the Customer through the Customer’s use of the Services.
- Confidentiality
- Subject to clauses 2. to 15.5., each party:
- shall treat the other party’s Confidential Information as strictly confidential;
- shall not, except with the prior written consent of the disclosing party, make use of (save for the purposes of performing its obligations under this Agreement) or disclose or make available in whole or part to any person any Confidential Information except on a need to know basis or for the performance of the Services;
- shall keep the other party’s Confidential Information in a safe and secure place and use reasonable measures to prevent unauthorised access, destruction, corruption or loss; and
- shall notify the other party immediately if it becomes aware that any Confidential Information has been disclosed to, or is in the possession of, any unauthorised person; and
- shall upon written request immediately destroy any Confidential Information of the other party which is in its possession at that time. The destroying party may retain Confidential Information as required by law or regulatory requirement or that it may reasonably require for evidential or archival purposes. The provisions of this agreement continue to apply to any retained Confidential Information.
- Clause 1. does not apply if and to the extent that the party using or disclosing Confidential Information can demonstrate that:
- the disclosure is required by law or by any court or other authority having applicable jurisdiction provided that, as far as it is legally permitted to do so, it gives the other party as much notice of the disclosure as possible;
- the Confidential Information has been placed in the public domain other than through the fault of that party;
- the Confidential Information has been independently developed by that party without reference to the Confidential Information of the other party;
- the Confidential Information was already known by that party prior to the disclosure without an obligation of confidentiality, or without a breach of such an obligation of confidentiality or law; or
- the Confidential Information was, is, or becomes independently received from a third party without any obligation of confidence and the party using or disclosing Confidential Information has made reasonable enquiries that the third party owed no obligation of confidence to the other party.
- Either party may disclose Confidential Information to its professional advisors where such disclosure is reasonably required for the purposes of exercising its rights or performing its obligations under this agreement, provided that party disclosing Confidential Information to its professional advisors shall ensure those professional advisors are subject to confidentiality obligations no less onerous than those contained in this agreement.
- Nothing in this clause restricts the disclosure of Confidential Information that a party is required to disclose by law or to a regulatory authority, provided that that party, prior to such disclosure:
- shall give the other reasonable notice to allow the other party a reasonable opportunity to seek a protective order or similar; or
- shall use reasonable endeavours to obtain written assurance from the applicable judicial or regulatory authority that it will afford the Confidential Information a reasonable level of protection.
- The obligations in this clause survive for two years from the termination or expiration of this agreement.
- Subject to clauses 2. to 15.5., each party:
- Events outside reasonable control
- Neither party will be liable to the other for any delay or failure in the performance of that party’s obligations caused by events outside that party’s reasonable control, but only if that party promptly notifies the other of the circumstances of the event. This clause 1. does not apply to the Customer’s obligation to pay any sums due under this agreement.
- If the event persists for 28 days or more, the party not affected by the event may give notice to the other to terminate this agreement with effect from a future date specified in the notice without penalty or other liability (except for any liability on the Customer’s part to pay any sums due under this agreement).
- Notices
- To give notice (except for the service of court proceedings), a party must email the other party’s nominated email address for service. For the Supplier, this is [email protected]. For the Customer, this is the email address set put in the Proposal.
- To change the Customer’s email address, the Customer must notify the Supplier and the change will take effect from the date on which the Supplier confirms that the Supplier has changed the Customer’s email address.
- Notice by email is deemed given on receipt by the recipient’s mailserver.
- To give notice for the service of court proceedings, a party must use a signed-for postal service which provides proof of delivery, or by courier, and such notice must be addressed:
- to the Supplier, addressed to the Managing Director, and sent to the Supplier’s registered office address; and
- to the Customer, to the most recent address which the Supplier has on file for the Customer or, where no such address exists, to an address which the Supplier reasonably believe is linked with the Customer. The Supplier may instead serve the Customer by email, if the Supplier is not reasonably able to serve notice to the Customer by post or courier.
- Dispute resolution procedure
- In the event of any disputes or claims arising out of or in connection with this agreement or its subject matter or formation (including non-contractual disputes or claims), the parties will attempt to resolve the dispute as follows:
- the complaining party will refer the issue in dispute to a person working for the other party with whom the complaining party has routine contact; and
- if the dispute is not resolved, the complaining party’s general manager (or equivalent) shall discuss the dispute with the other party’s general manager.
- Subject to clause 3., if, after exhausting the procedure set out in clause 18.1., the dispute is still not resolved, either party may bring a claim before the courts of England. Each party agrees to the exclusive jurisdiction of the courts of England in respect of any claim, dispute or matter arising out of or in connection (including non-contractual claims) with this agreement.
- Clauses 1. and 18.2. do not affect either party’s ability to seek an injunction, or other appropriate interim relief, from the courts of England. Either party may do this without exhausting the dispute resolution procedure.
- To bring any claim arising out of or in connection with this agreement, a party must serve the other party with the particulars of claim within 12 months of the date on which the cause of action accrued.
- Each party will bear its own costs for this dispute resolution procedure, up to the involvement of the courts. Costs related to the involvement of the courts are at the court’s discretion.
- In the event of any disputes or claims arising out of or in connection with this agreement or its subject matter or formation (including non-contractual disputes or claims), the parties will attempt to resolve the dispute as follows:
- Miscellaneous terms
- A person who is not a party to this agreement has no rights under this agreement.
- Neither party shall, for a period of two years from the end of the performance of the Services, directly or indirectly solicit or entice into their employment any person employed by the other party, without the other party’s prior written consent.
- If any part of this agreement is found to be invalid or unenforceable by any court, this will not affect the other provisions of this agreement and those provisions will remain in full force and effect.
- If a party fails to exercise a right or remedy, this failure will not prevent that party from exercising that right or remedy subsequently for that or any other incident.
- A waiver of any breach or provision of this agreement will only effective if made by email or in other writing.
- The Supplier may assign, transfer, charge, sub-contract or deal in any other manner with any of it rights or obligations under this agreement. The Customer may not do these things without the Supplier’s prior written consent.
- Nothing in this agreement establishes any partnership, joint venture, or agency. The Customer shall not hold itself out as being an agent, partner, representative or otherwise being entitled to bind the Supplier.
Schedule 1: Penetration Testing
- Applicability
- This schedule applies to Services which comprise penetration testing.
- Authorisation of access
- The Customer authorises the Supplier’s access to and use of all systems. networks. and premises within the scope of the Services, and which might reasonably be impacted by the Services. The Customer shall ensure that the Supplier is authorised to do this for the duration of the Services.
- If, at any point, the Customer is not able to give or maintain the authorisation set out in paragraph 1., the Customer shall:
- notify the Supplier immediately;
- promptly procure the authorisation from the person or people who can grant that authorisation; and
- promptly provide written evidence to the Supplier of that authorisation.
- The Customer shall, promptly following the Supplier’s reasonable request, issue the Supplier with a written letter of authority which:
- documents the nature and scope of the Services;
- authorises the Supplier by name to carry out the Services;
- provides the name, direct phone number and email address of a senior member of the Customer to which the bearer of the letter can direct any person (including any person connected with the Customer) who has questions relating to the Services; and
- is signed by that senior member of the Customer.
- The Customer indemnifies the Supplier against all losses, costs, claims, expenses and liabilities whatsoever arising out of or in connection with the Customer’s breach of this paragraph .
- If, at any point, the Supplier is unable to perform, in whole or in part, the Services because it lacks the evidence of authorisation to access or use the systems, networks, or premises in question, the Supplier is deemed to have completed satisfactorily the Services in respect of those systems and networks.
- If, at any point, including after performance of the Services or termination of this agreement, the Supplier requests confirmation of the Customer’s authorisation of access, the Customer shall, within 7 days of receipt of the Supplier’s request, issue the Supplier with a written letter containing the content set out in paragraph 2.3 of this schedule.
- No liability for outages or failures
- The Supplier is not liable for degraded system or network performance, loss of or corruption to any data, system or network outages, or any other defects or adverse effects arising out of or in connection with the Services, irrespective of the system, network, data, or nature or scope of the effect.
- The Customer shall maintain such backups, disaster recovery, and resiliency, plans, as are appropriate to its situation.
- Confidentiality
- The results of the Services will be the Confidential Information of the Customer, and the Supplier shall comply with clause of the main agreement in respect of this Confidential Information.
Schedule 2: Software and Accompanying Services
- Applicability
- This schedule applies to Services which comprise the Supplier making available to the Customer software, and accompanying services.
- Adherence to third party licences
- The Customer shall comply with all applicable third party contracts and licences (as amended from time to time) governing the software or its use.
- Network connectivity
- The Customer shall provide all network connectivity at the Customer’s sites, including Internet connectivity where relevant, as is necessary to make full use of the software, and as reasonably required by the Supplier to provide the Services.
- No liability for the software
- Unless stated otherwise in the Proposal, the Supplier will not be responsible for, nor liable to the Customer for any losses, costs, claims, expenses, or liabilities whatsoever relating to any or all of the following:
- the functionality or performance of the software.
- customer or end user support for the software.
- the installation or configuration of the software.
- claims of infringement relating to the software or the Customer’s use of the software.
- the suitability of the software.
- Unless stated otherwise in the Proposal, the Supplier will not be responsible for, nor liable to the Customer for any losses, costs, claims, expenses, or liabilities whatsoever relating to any or all of the following:
Schedule 3: Data Protection Officer Services
- Applicability
- This schedule applies if the Services comprise the Supplier acting as a data protection officer.
- Assessment of suitability
- The Customer is responsible for determining that the Supplier is suitable to be designated as a data protection officer for the Customer.
- The Supplier shall provide, promptly following its receipt of the Customer’s request, all such information as is reasonably requested by the Customer from time to time to enable the Customer to assess the Supplier’s suitability for the role of data protection officer.
- Supplier contact details
- The Customer shall not publish any contact details for the Supplier as the Customer’s data protection officer, other than those provided by the Supplier for this purpose.
- The Customer shall update the details provided by the Supplier promptly following the provision by the Supplier of updated details.
- Effect of suspension or termination
- If this agreement is suspended or terminated, the Supplier ceases to act as a data protection officer for the Customer.
- On suspension or termination of this agreement, the Customer shall promptly:
- remove the name and contact details of the Supplier from any materials indicating that the Supplier is the Company’s data protection officer; and
- communicate to all relevant data protection supervisory authorities that the Supplier is no longer the Company’s data protection officer and ensure that each relevant authority removes the Supplier’s name and contact details from its record of the Customer’s data protection officer.
Schedule 4: Training, examination, and certification
- Applicability
- This schedule applies to any training, examination, and certification services supplied as part of the Services.
- No recording
- The Customer shall not, and shall ensure that its attendees do not, record the training.
- Suitability
- The Supplier does not warrant that:
- the course will meet any specific requirements; or
- the Customer will obtain any particular result from, or obtain any particular qualification on completion of, the training.
- The Supplier does not warrant that:
- Postponements
- Notwithstanding clause 1.1. of the general terms, if the Supplier is unable to deliver the training on the agreed date due to staff sickness, or other elements outside its reasonable control, the Supplier will notify the Customer of the rescheduled date for the training.
- Use of course materials
- The Customer shall not provide, or provide access to, all or part of the training materials to any third party, with the exception of the Customer’s own staff.
- Intellectual property
- The Customer shall notify its staff of the content of clause 10 of this agreement.
- The Customer shall, at its own cost, cooperate in good faith with any investigation by the Supplier into any actual or suspected breach of clause 10 by the Customer or its staff.
- Retraining and re-examination
- Retraining or re-examination, or both, is at the Supplier’s discretion.