SUBSCRIBER TERMS AND CONDITIONS
PARTIES:
TRANSACTOR SYSTEMS LIMITED a company registered in England and Wales with company number 04153911, whose registered office is located at 2 Upperton Gardens, Eastbourne, England BN21 2AH (“Transactor”)
The SUBSCRIBER whose details are provided in the Order (“Subscriber”)
These terms and conditions set out the terms and conditions on which Transactor will contract with the Subscriber to supply the Subscriber with the Services.
By agreeing an Order, as described below, you agree, on behalf of the Subscriber, to be bound by the terms herein. If you do not have authorization to bind the Subscriber, or you do not agree with these terms, do not register to use the Services.
Transactor may amend, modify or update these Terms from time to time to comply with applicable laws or better serve our users. You should check these Terms whenever you access place and Order or use our Services to ensure that you are aware of the most up-to-date version of our Terms.
(A) Transactor renders the provision of the Services (as defined below), to which end it is endowed with its own structure, comprising specialised technical staff, with the appropriate technical qualifications to provide the services it proposes to carry out, as well as having the appropriate material resources and equipment necessary to provide the aforementioned services, having all the legal and regulatory authorisations applicable to the carrying out of its activity.
(B) Subscriber wishes to use, and Transactor has agreed to permit Subscriber to use, the Services in accordance with the terms of this Agreement.
NOW THEREFORE, the Parties hereby agree as follows:
1. DEFINITIONS
1.1. In this Agreement the following expressions shall, unless the context otherwise requires, have the following respective meanings:
“Agreement” means the agreement between Transactor and the Subscriber, which shall comprise the Order and these Terms and Conditions and all Schedules.
“Charges” means the Subscription Fee specified in the Order.
“Commencement Date” means the date on which the provision of the Services shall commence as set out in the Order.
“Confidential Information” means this Agreement and all information, data, drawings, benchmark tests, specifications, trade secrets, object code and machine-readable copies of the Services, software, source code relating to the software, training any other proprietary information supplied to Subscriber by Transactor, or by Subscriber to Transactor (excluding Non-Personal Data, which shall not be deemed to be Confidential Information), and which ought reasonably to be considered as “confidential information”, including all items defined as “confidential information” in any other agreement between Subscriber and Transactor whether executed prior to or after the Commencement Date of this Agreement.
“Effective Date” means the date on which the Order is accepted by all parties.
“Event of Force Majeure” an event outside the parties reasonable control including, without limitation: natural disaster, epidemic or pandemic, terrorist attack, civil war, civil commotion or riots, war or armed conflict; nuclear, chemical or sonic boom, collapse of buildings, fire, explosion or accident; any labour or trade dispute, strikes, industrial action or lockouts (other than in each case by the party seeking to rely on this clause, or companies in the same group as that party).
“Intellectual Property Rights” means all intellectual property rights, including patents, utility models, trade and service marks, trade names, domain names, right in designs, copyrights, moral rights, topography rights, rights in databases, trade secrets and know-how, in all cases whether or not registered or registrable and including registrations and applications for registration of any of these and rights to apply for the same, and all rights and forms of protection of a similar nature or having equivalent or similar effect to any of these anywhere in the world.
“Non-Personal Data” means all data which is not Personal Data and, for the avoidance of doubt, Non-Personal Data includes, without limitation, all laboratory product, dental service and pricing data which the Subscriber makes available for processing using the Services.
“Order” means the order placed by the Subscriber for the Subscriber’s use of the Services, which has been accepted by the other parties in writing, by email, or by provision of access to the Services.
“Personal Data” shall have the meaning set out in the Data Processing Addendum.
“Portal” means, where the Order specifies that the Services will be accessed via desktop as a service, the website portal used to facilitate Use of the Services.
“Services” means the services to be provided by Transactor to the Subscriber, which shall include the provision of such software and software as a service as is set out in the Order, together with the Set Up Services and Support Services.
“Set Up Services” means the set up services (if any) agreed between Transactor and the Subscriber, which may include but not be limited to, set up and configuration; customization; data input; data migration; back end modifications.
“Subscriber Data” means all data, materials, or content uploaded by the Subscriber or its Users in connection with the Services. This does not include any data or information comprised within Transactor Data.
“Support Schedule” means the support schedule attached at Annex 1.
“Support Services” means the support services in respect of the Services more particularly described in the Support Schedule.
“Term” means the minimum term set out in the Order.
“Training Services” means the training services, if any, in respect of the Services more particularly described on the Order or otherwise agreed between the Subscriber and Transactor.
“Transactor Data” means data which may be made available to the Subscriber by Transactor, at Transactor’s sole discretion, via the Services from time.
“Use” means to access (and permit users to access) the Services in the manner set out in the Order, and to use the Services for the Subscriber’s own internal business purposes and only to the extent necessary to receive the benefit of the Services as expressly contemplated hereunder.
“User Manual” means the documentation (if any) provided by Transactor to the Subscriber which contains information about the use of the Services, including governance requirements and laboratory procedures, Portal security procedures and other generally applicable policies governing the use of the Services which are issued by Transactor to the Subscriber from time to time and/or is available on the Portal applicable to the relevant Services, as may be updated from time to time.
“Users” means the permitted number of Subscriber’s employees and/or self-employed consultants as from time to time may Use the Services as required by the Subscriber and specified on the Order or otherwise agreed in writing between the parties.
“Working Hours” means 09:00 to 17:00, Monday to Friday, excluding all bank and public holidays.
1.2. The Order(s) form part of this Agreement and shall be subject to the terms and conditions set out herein.
2. ORDER PROCESS
2.1. Orders may be agreed between the parties in writing, or through the registration functionality that forms part of the Services.
2.2. A binding contract for the provision of the Services shall not come into existence between Transactor and the Subscriber until acceptance of the Order by Transactor.
2.3. Acceptance of the Order by Transactor shall be deemed to have occurred on the earlier of: written notification by Transactor to the other parties of acceptance of the Order; where applicable, notification by Transactor that the Portal has been made available; or, if applicable, provision by Transactor of the Services. Transactor may reject the Order for any reason, in which case Transactor shall notify the Subscriber that the Order has been rejected.
3. PURPOSE
3.1. From the Commencement Date, for the Term, Transactor shall provide the Services to the Subscriber.
3.2. Subject to the payment of the Charges and to all the terms of this Agreement, Transactor shall provide the Set Up Services in accordance with the Order.
3.3. In the event that the Order specifies, or the parties otherwise agree, that Training Services will be provided, the following provisions shall apply:
3.3.1. the date and timing of the training days and/or online training sessions will be agreed by the Subscriber and Transactor provided that Transactor reserves the right to decide when each online training session and/or training day will take place and to modify these dates provided it gives the Subscriber reasonable notice;
3.3.2. all online training sessions and/or training days must be used prior to the termination of this Agreement.
3.4. Transactor reserves the right to update and/or upgrade the Services at any time on the provision of reasonable notice to the Subscriber.
3.5. Subscriber agrees to give Transactor access and assistance as may be necessary for Transactor to audit Subscriber’s operations wherever situated, as and to the extent that Transactor deems necessary to confirm Subscriber’s compliance with this Agreement.
4. SUBSCRIBER’S OBLIGATIONS
4.1. Where the Subscriber uses the Services to procure items from another subscriber, the Subscriber acknowledges and agrees that the contract for such procurement is between the Subscriber and the other subscriber. Provider shall have no rights, obligations or liabilities under such contract, and the Subscriber shall be responsible for agreeing appropriate terms with the other subscriber.
4.2. The Subscriber shall:
4.2.1. ensure that the Subscriber and its Users are and shall remain compliant with the User Manual; and
4.2.2. act in accordance with the reasonable instructions of Transactor.
4.3. The Subscriber acknowledges that it is solely responsible for setting the permissions and access rights for its Users; and shall be liable for all Use made of the Services, whether authorised or unauthorised, by the Users or by any person using a login registered to one of its Users.
4.4. The Subscriber will not:
4.4.1. attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Services in any form or media or by any means;
4.4.2. attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form for all or any part of the Services;
4.4.3. access, store, distribute or transmit Viruses or any harmful or illegal material during the course of its use of the Services; or
4.4.4. introduce or permit the introduction of, any Virus or Vulnerability into the Provider’s network and information systems.
5. USE OF THE SERVICES
5.1. Subject to the payment of the Charges by the Subscriber, Transactor hereby grants to the Subscriber the non-exclusive, non-assignable, non-sub-licensable right to access and Use the Services in the manner set out in the Order, and to permit Users to Use the Services for the term of this Agreement.
5.2. The Subscriber shall and shall procure that each User shall use the Services only in accordance with the terms of this Agreement and the User Manual. The Subscriber shall be responsible for the use of the Services by Users and shall be liable for breach of this Agreement by a User as if it were a breach by the Subscriber. In addition to any other remedies in respect of such breach, Transactor shall be entitled to suspend the access of a User who fails to comply with the User Manual.
5.3. The Subscriber shall not, and shall procure that Users shall not, except as expressly permitted in this Agreement (i) modify, translate, create or attempt to create derivative copies of or copy the Services and/or the Portal in whole or in part; (ii) reverse engineer, decompile, disassemble or otherwise reduce the object code of the Services and/or the Portal to source code form; (iii) distribute, sub-license, assign, share, timeshare, sell, rent, lease, transmit, grant a security interest in or otherwise transfer the Subscriber’s right to use the Services and/or the Portal.
5.4. Transactor shall use reasonable endeavours to ensure that access to the Services is available during Working Hours however the Subscriber acknowledges and agrees that the Services may not be accessible to the Subscriber from time to time.
5.5. Transactor shall provide the Support Services to the Subscriber during the Working Hours. Transactor shall use reasonable endeavours to schedule service interruptions outside of the Working Hours and reasonable endeavours to give as much prior written notice of such scheduled service interruptions to the Subscriber as possible.
5.6. Subscriber agrees that it will not, directly or indirectly, or through any intermediate or ultimate direct or indirect parent, affiliate, holding company, subsidiary, subsidiary of any such holding company, agent, or other third party:
5.6.1. use the Services to provide to any third parties, computing services or access thereto, including but not limited to commercial software or computer timesharing, rental or sharing arrangements, or data processing services offered on a service bureau basis;
5.6.2. provide, disclose, divulge or make available to, or permit use of the Services by persons other than Users without Transactor’s prior written consent;
5.6.3. remove or alter any copyright or other proprietary notice on any of the Services;
5.6.4. fail to comply with the User Manual.
6. CHARGES, BILLING AND PAYMENT
6.1. In consideration for the provision of the Services to Subscriber hereunder, the Subscriber (as set out in the Order) shall pay Transactor the Charges. The Charges shall be due and payable thirty (30) days from the date of an invoice in respect thereof issued by Transactor. In the event that the Charges are not paid in accordance with the provisions herein, Transactor shall be entitled to terminate or suspend the provision of the Services forthwith on notice.
6.2. Transactor reserves the right to charge the Subscriber (as applicable) interest on any payment not made in accordance with the payment terms. Interest will be calculated on a daily basis, both before and after any judgement, at the rate of 8 per cent per annum above the base rate from time to time of the Bank of England’s base rate, for the period from the due date until the date on which the outstanding payment is actually paid.
6.3. All payments made or to be made under this Agreement shall be made in full, without any deduction, withholding, set-off or counterclaim on account of any taxes or otherwise.
6.4. In the event of a bona fide dispute regarding any invoice or other request for payment, the Subscriber shall immediately notify Transactor in writing and the Parties shall attempt promptly and in good faith to resolve any dispute regarding the amounts owed. In each such case, the Subscriber shall pay all undisputed amounts on or before the due date for payment of such invoice.
6.5. The Charges are exclusive of any applicable sales, use or service tax or any other applicable tax of any nature whatsoever, including any Value Added Tax; all such taxes will be added to the appropriate invoice and shall be payable by the Subscriber in accordance with the law from time to time and the terms hereof. If any applicable law requires the Subscriber to withhold amounts from any payments to Transactor hereunder, (i) the relevant party shall effect such withholding, remit such amounts to the appropriate taxing authorities and promptly furnish Transactor with tax receipts evidencing the payments of such amounts, and (ii) the sum payable by the relevant party upon which the deduction or withholding is based shall be increased to the extent necessary to ensure that, after such deduction or withholding, Transactor receives and retains, free from liability for such deduction or withholding, a net amount equal to the amount Transactor would have received and retained in the absence of such required deduction or withholding.
6.6. Transactor may increase the Charges from time to time on the provision of reasonable notice to the Subscriber, as applicable.
7.1. Each party warrants to the other that they have the authority to enter into this Agreement and that doing so shall not put such party in breach of any obligations that it may have to any third parties.
7.2. Subscriber hereby represents that it shall (i) comply with all applicable local and foreign laws and regulations which may govern the use of the Services, and (ii) use the Services only for lawful purposes and in accordance with the terms of this Agreement.
7.3. The Subscriber hereby warrants that the information provided by the Subscriber to Transactor is true, accurate and correct and does not infringe or violate the rights of any third party. The Subscriber further warrants that it shall promptly notify Transactor in the event of any changes to such information provided.
7.4. The express warranties set forth in this clause 7 are exclusive and in lieu of all other warranties, express or implied, including without limitation the implied warranties of merchantability, fitness for a particular purpose, and any warranties arising by statute or otherwise in law or from course of dealing, course of performance, or use of trade and whether written or oral, all of which are hereby excluded and disclaimed to the fullest extent permissible by law. Without prejudice to the generality of the foregoing, Transactor (including its respective licensors, agents and sub-contractors, if any) does not warrant that that operation of the Services will be uninterrupted and hereby disclaims any and all liability in respect thereof.
8. LIABILITY
8.1. Subject to clauses 8.2 and 8.4, the Subscriber’s sole remedy at any time with respect to any claims arising out of the Agreement shall be limited in the aggregate to the monies paid by the Subscriber to Transactor under this Agreement during the twelve (12) month period preceding the earliest event giving rise to such liability.
8.2. In no event shall any party (including its respective licensors, agents and sub-contractors, if any) be liable for:
8.2.1. any loss of profits, loss of anticipated savings, loss of data, business interruption, loss of use, loss of contracts, loss of goodwill business or business benefit, or the cost of procurement of substitute services by any other party (whether direct or indirect);
8.2.2. any special, indirect, incidental, or consequential damages or losses of any nature whatsoever.
8.3. In no event shall Transactor (including its respective licensors, agents and sub-contractors, if any) be liable for:
8.3.1. any losses, damages or costs that arise wholly or partly as a result of any Subscriber or third party act, omission, software, services or systems;
8.3.2. any losses or costs that arises as a result of the supply by the Subscriber or the display by the Services of any incorrect or incomplete Non-Personal Data and/or Transactor Data; or
8.3.3. the provision of or failure to provide any Transactor Data to the Subscriber.
8.4. For the avoidance of doubt, nothing in the agreement shall be deemed to exclude, restrict or limit liability of any party (or their respective agents or sub-contractors) for death or personal injury resulting from their negligence or any liability for fraudulent misrepresentation.
8.5. All Parties accept that the limitations and exclusions set out in this Agreement are reasonable having regard to all the circumstances.
8.6. The Subscriber hereby agrees to afford Transactor not less than thirty (30) days (following notification thereof by Subscriber) in which to remedy any event of default hereunder.
8.7. No employee, agent, representative or affiliate of Transactor has authority to bind Transactor to any oral representations or warranty concerning the Services. Any written representation or warranty not expressly contained in this Agreement is unenforceable except that this shall not exclude liability for fraudulent misrepresentation.
9. INTELLECTUAL PROPERTY RIGHTS
9.1. Subscriber acknowledges that except for the limited rights expressly granted hereunder, it has no claim, right, title or interest with respect to any of the Intellectual Property Rights in the Services.
9.2. The Subscriber hereby grants to Transactor the non-exclusive, non-assignable, non-sub-licensable right to use the Subscriber Data to the extent necessary to provide the Services for the term of this Agreement.
9.3. The Subscriber hereby grants to the Subscriber the non-exclusive, non-assignable, non-sub-licensable right to use the Subscriber Data to assess, analyse and report on the provision of the Subscriber’s products and services to the (and the products and services of other subscribers to the Services) to the Subscriber’s customers.
9.4. Transactor may use Transactor Data for any purpose, including without limitation usage data or audit logs, which Transactor may monitor independently for their internal purposes, including but not limited to improving the Services, ensuring accurate billing, and providing support.
10.1. Each Party acknowledges that the Confidential Information constitutes valuable trade secrets and each Party agrees that it shall use the Confidential Information of the other Party solely in accordance with the provisions of this Agreement and will not disclose, or permit to be disclosed, the same, directly or indirectly, to any third party without the other Party’s prior written consent. Each Party agrees to exercise due care in protecting the Confidential Information of the other from unauthorised use and disclosure. However this Clause 10.1 shall not apply to information that is: (i) is publicly available, (ii) obtained by the other Party from a third party without restrictions on disclosure, (iii) independently developed by the other Party without reference to Confidential Information, or (iv) required to be disclosed by order of a court, other governmental entity or applicable regulatory body.
10.2. The Parties agree that damages would not be an adequate remedy in respect of any breach of Clause 10.1 and in addition to all other remedies that either Party may be entitled to as a matter of law each Party shall be entitled to injunctive relief and any other form of equitable relief available in order to enforce the provisions of Clause 10.1.
11.1. This Agreement shall commence on the Effective Date and shall continue for the Term, unless terminated by either party in accordance with clause 11.2. Thereafter, this Agreement shall continue until terminated by either Party by giving at least thirty (30) days’ written notice to the other parties.
11.2. Without prejudice to any compensation or penalties that may be due under the law or this agreement, either Party may immediately terminate this Agreement in the following cases:
11.2.1. Any material breach by the other party of the respective contractual obligations, provided that the party in breach, notified to correct its conduct, fails to comply with this determination, within the timeframe of eight days as from said notification;
11.2.2. Bankruptcy, insolvency or any other fact or event that makes it impossible or extremely unlikely for the other party to fully fulfil its contractual obligations;
11.2.3. Any sanction that temporarily or permanently prevents any of the parties from fulfilling their contractual obligations.
11.3. The termination must be carried out by recorded delivery with acknowledgement of receipt, which must specifically indicate its underlying causes and the date as from when it takes effect.
11.4. The following clauses shall survive termination of this Agreement for any reason: 1, 6 (to the extent of any unpaid obligations), 7, 8, 9, 10, 11.5, 11.6, 11.7, 12, 13, 15, 16 and 17 and Schedule 2.
11.5. Any termination of this Agreement shall be without prejudice to any other rights or remedies a Party may be entitled to hereunder or at law and shall not affect any rights or liabilities of either Party nor the coming into or continuance in force of any provision hereafter which is expressly or by implication intended to come into or continue in force on or after such termination.
11.6. On termination or expiry of this Agreement for any reason:
11.6.1. the Subscriber’s and all Users’ access to the Services will be terminated and, subject to the provisions of clause 11.7, the Subscriber and Users will be unable to access any data stored by the Services or otherwise use the Services in any way;
11.6.2. all rights granted to the Subscriber and Users under this Agreement shall cease;
11.6.3. the Subscriber shall and shall procure that the Users shall cease all activities permitted pursuant this Agreement;
11.6.4. the Subscriber shall immediately destroy or return to Transactor (at Transactor’s option) all copies of the Confidential Information in its possession or that of the Users (if any) and certify to Transactor that it has complied with the foregoing.
11.7. The Subscriber hereby acknowledges that it is the Subscriber’s responsibility to extract and save any data stored using the Services prior to the termination or expiry of this Agreement and, for the avoidance of doubt, Transactor shall not be liable for any losses, damages, costs or expenses resulting from Subscriber’s failure to do so.
12.1. Neither party shall be in breach of this Agreement nor liable for delay in performing, or failure to perform, any of its obligations under this Agreement if such delay or failure result from any Uncontrollable Events.
12.2. In such circumstances the affected party shall be entitled to a reasonable extension of the time for performing such obligations. If the period of delay or non-performance continues for 90 days’, the party not affected may terminate this Agreement by giving 30 days’ written notice to the affected party.
13. PERSONAL AND NON-PERSONAL DATA
13.1. Subscriber hereby grants to Transactor a non-exclusive perpetual licence (such licence to survive expiry or termination of this Agreement) to use, copy, distribute and disclose all Non-Personal Data for any purpose which Transactor shall determine from time to time, including, without limitation aggregating, analysing and publishing such data via the Portal or other media.
13.2. Each party shall comply with the provisions of the Data Processing Agreement in respect of their processing of personal data.
14. OUTSOURCING
14.1. Transactor may outsource its contractual position under this Agreement to third parties provided always that it shall remain primarily liable for all acts and omissions of the sub-contactor in its performance of Transactor’s obligations hereunder.
15. NON-ASSIGNMENT AND BINDING AGREEMENT
15.1. Neither this Agreement nor any rights under this Agreement may be assigned or otherwise transferred by Subscriber, in whole or in part, whether voluntarily or by operation of law, including by way of sale of assets, merger or consolidation, without the prior written consent of Provider. Subject to the foregoing, this Agreement will be binding upon and will inure to the benefit of the Parties and their respective successors and permitted assignees.
16.1. Any notice required or permitted under the terms of this Agreement or required by law must be in writing and must be: (a) delivered in person, or (b) sent by registered mail, return receipt requested, or (c) sent by overnight air courier, or (d) delivered by facsimile, in each case forwarded to the appropriate address set forth herein. Either Party may change its address for notice by written notice to the other Party given in accordance herewith. Notices will be considered to have been given: (i) at the time of actual delivery in person; or (ii) three (3) business days after mailing; or (iii) one (1) day after (i) delivery to an overnight air courier service; or (iv) the moment of transmission by facsimile provided that a successful transmission report was received, and further, that if the moment of transmission falls outside regular business hours, notice shall be considered to have been given at the beginning of the next business day.
17. MISCELLANEOUS
17.1. Any waiver of the provisions of this Agreement or of a Party’s rights or remedies under this Agreement must be in writing to be effective. Failure, neglect or delay by a Party to enforce the provisions of this Agreement or its rights or remedies at any time will not be construed or be deemed to be a waiver of such Party’s rights under this Agreement and will not in any way affect the validity of the whole or any part of this Agreement or prejudice such Party’s right to take subsequent action.
17.2. If any part of any provision of this Agreement shall be invalid or unenforceable, then the remainder of such provision and all other provisions of this Agreement shall remain valid and enforceable.
17.3. This Agreement contains the entire agreement of the Parties with respect to the subject matter of this Agreement and supersedes all previous communications, representations, understandings and agreements, either oral or written, between the Parties with respect to the subject matter.
17.4. No terms, provisions or conditions of any purchase order, acknowledgement or other business form that Subscriber may use in connection with the acquisition or licensing of the Services will have any effect on the rights, duties or obligations of the Parties hereunder, or otherwise modify this Agreement, regardless of any failure of Transactor to object to such terms, provisions or conditions.
17.5. Subscriber agrees that upon execution of this Agreement, Transactor may issue a press release announcing that it has entered into a contract with Subscriber and stating the general financial value of this Agreement. Additionally, Transactor may on an ongoing basis during the term of this Agreement use Subscriber’s name and logo on Transactor’s website and in press releases, product brochures and financial reports indicating that Subscriber is a customer of Transactor.
17.6. A person who is not a party to this Agreement has no right under the Contracts (Rights of Third Parties) Act 1999 to enforce or enjoy the benefit of any terms of this Agreement.
17.7. This Agreement shall be construed in accordance with English law and the parties irrevocably submit to the exclusive jurisdiction of the English courts to settle any disputes, which may arise in connection with this Agreement.
Schedule 1
SUPPORT SERVICES
1.1 The Support Services shall comprise and be limited to the services set out in this Schedule 1.
1.2 The Support Service shall be provided during the Working Hours.
1.4 The Support Service shall comprise:
1.4.1 e-mail responses; and
1.4.2 remote diagnosis and, where possible, correction of issues.
1.4.3 basic instruction on the use of the Services;
1.4.4 basic explanation of the processes and calculations used in the Services.
1.5 Transactor may provide the Subscriber with maintenance releases from time to time during the term of this Agreement at its sole discretion. The Subscriber shall promptly follow all instructions provided by Transactor in respect of the maintenance releases.
1.6 Scheduled maintenance releases may take place at any time. It is a condition of the provision of the Services that maintenance releases (which may correct issues, add functionality, or otherwise amend or upgrade the Services, save in the case of new versions of the relevant Services which from time to time is publicly marketed and offered for purchase by Transactor in the course of its normal business, which shall not be considered a maintenance release) shall be applied to all installations of the Services and the Subscriber (i) may not refuse to take such maintenance release; and (ii) such maintenance release shall not materially adversely affect the functionality of the Services to which it relates.
1.7 The Subscriber agrees to provide Transactor with all information required, within reason, to identify the reported problem. Transactor shall use its reasonable endeavours to reproduce the reported problem. In the event that Transactor cannot reproduce a problem reported by the Subscriber, Transactor will notify Subscriber who shall demonstrate such non reproducible Issue to Transactor at which point Transactor will use reasonable endeavours to correct the issue.
1.8 Without prejudice to the foregoing Subscriber shall provide Transactor a detailed description of any issue requiring Support and shall include sufficient material and information to enable Transactor to duplicate the problem to the extent the information is available to Subscriber, including, but not limited to:
1.8.1 a clear and accurate description of the issue;
1.8.2 the area of the Services to which it relates and which User(s) have experienced the issue;
1.8.3 what function was being performed when the issue occurred and/or the sequence of events leading up to the occurrence of the issue;
1.8.4 the error message displayed, if any;
1.8.5 any other information relating to the Services or the issue which Transactor requires to perform its obligations hereunder, including but not limited to a copy of data held on the database that forms part of the Services.
1.9 The Support Services shall not include the diagnosis and rectification of any issue resulting from:
1.9.1 any repair adjustment alteration or modification of the Services by Subscriber without Transactor’s prior consent;
1.9.2 the use of the Services for a purpose for which they were not designed;
1.9.3 an issue in the Subscriber’s equipment or in any other software operating in conjunction with or integrating with the Services;
or for
1.9.4 rectification of lost or corrupted data arising for any reason other than Transactor’s own negligence; or
1.9.5 loss or damage caused directly or indirectly by Subscriber’s error or omission.
Schedule 2
TRANSACTOR SYSTEMS LIMITED
DATA PROCESSING AGREEMENT
BACKGROUND
This Data Processing Agreement (“DPA”) forms part of the Subscriber Terms and Conditions (Agreement) to which this is attached, as updated from time to time. In the event of any conflict or inconsistency between this DPA and the Agreement, this DPA shall prevail.
All capitalised terms shall have the meaning assigned to them in the Agreement unless otherwise defined in this DPA.
1 DEFINITIONS
|
Applicable Law |
means as applicable and binding on Subscriber or Transactor: (a) any law, statute, regulation, byelaw or subordinate legislation in force from time to time to which a party is subject and/or in any jurisdiction that the Services are provided to or in respect of; (b) the common law and laws of equity as applicable to the parties from time to time; (c) any binding court order, judgment or decree; or (d) any applicable direction, policy, rule or order that is binding on a party and that is made or given by any regulatory body having jurisdiction over a party or any of that party’s assets, resources or business; |
|
Appropriate Safeguards |
means such legally enforceable mechanism(s) for transfers of Personal Data as may be permitted under Data Protection Laws from time to time; |
|
Business Day |
means any day except Saturdays, Sundays, banks holiday and public holidays; |
|
Data Controller |
has the meaning given to that term (or to the term ‘controller’) in Data Protection Laws; |
|
Data Processor |
has the meaning given to that term (or to the term ‘processor’) in Data Protection Laws; |
|
Data Protection Laws |
means any laws and regulations relating to privacy or the use or processing of data relating to natural persons, including: (a) EU Directive 2002/58/EC (as amended by 2009/136/EC) and any legislation implementing or made pursuant to such directive; (b) EU Regulation 2016/679 (“GDPR”); (c) the GDPR as it forms part of the law in England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (“UK GDPR”) and the Data Protection Act 2018 (“DP Act”); (d) the Swiss Federal Act on Data Protection of 1 September 2023 and its corresponding ordinances (“Swiss FADP”); (e) any laws or regulations ratifying, implementing, adopting, supplementing or replacing the GDPR, UK GDPR, DP Act or Swiss FADP; (f) in each case, to the extent in force, and as such are updated, amended or replaced from time to time; and (g) any mandatory guidance or codes of practice issued by a Supervisory Authority in each case, to the extent in force and applicable to the parties, and as such are updated, amended or replaced from time to time; |
|
Data Subject |
means a natural person who can be identified, directly or indirectly, by the Personal Data; |
|
Data Subject Request |
means a request made by a Data Subject to exercise any rights of Data Subjects under Data Protection Laws; |
|
International Organisation |
means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries; |
|
Personal Data |
means any information relating to an identified or identifiable natural person, including an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; |
|
Personal Data Breach |
means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Protected Data; |
|
processing |
means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (and related terms such as process have corresponding meanings); |
|
Processing Instructions |
has the meaning given to that term in clause 3.1.1; |
|
Protected Data
|
means Personal Data received from or on behalf of Subscriber in connection with the performance of Transactor’s obligations under the Agreement and this DPA, including on or through the Platform; |
|
Standard Contractual Clauses or “EU-SCCs” |
means the standard contractual clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (Text with EEA relevance) as amended, superseded or replaced from time to time; |
|
Services |
means all services provided by Transactor to Subscriber, including the Platform; |
|
Sub-Processor |
means another Data Processor engaged by Transactor for carrying out processing activities in respect of the Protected Data on behalf of Subscriber; and |
|
Supervisory Authority |
means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering Data Protection Laws; and |
|
UK Addendum |
means the International Data Transfer Addendum (version B1.0) issued by the Information Commissioner's Office under S119(A) of the UK Data Protection Act 2018, as may be amended, superseded, or replaced from time to time. |
2 Data Processor and Data Controller
2.1 The parties agree that, for the Protected Data, Subscriber shall be the Data Controller and Transactor shall be the Data Processor.
2.2 Transactor shall process Protected Data in compliance with:
2.2.1 the obligations of Data Processors under Data Protection Laws in respect of the performance of its obligations under this DPA; and
2.2.2 the terms of this DPA.
2.3 Subscriber shall comply with:
2.3.1 all Data Protection Laws in connection with the processing of Protected Data, the Services and the exercise and performance of its rights and obligations under this DPA, including maintaining all relevant regulatory registrations and notifications as required under Data Protection Laws; and
2.3.2 the terms of this DPA.
2.4 Subscriber warrants, represents and undertakes, that:
2.4.1 all data sourced by Subscriber for use in connection with the Services shall comply in all respects, including in terms of its collection, storage and processing (which shall include Subscriber providing all of the required fair processing information to, and obtaining all necessary consents from, Data Subjects), with Data Protection Laws;
2.4.2 all instructions given by Subscriber to Transactor in respect of Personal Data shall at all times be in accordance with Data Protection Laws; and
2.4.3 it is satisfied that:
(a) Transactor’s processing operations are suitable for the purposes for which Subscriber proposes to use the Services and engage Transactor to process the Protected Data; and
(b) Transactor has sufficient expertise, reliability and resources to implement technical and organisational measures that meet the requirements of Data Protection Laws.
3 Instructions and details of processing
3.1 Insofar as Transactor processes Protected Data on behalf of Subscriber:
3.1.1 unless required to do otherwise by Applicable Law, Transactor shall (and shall take steps to ensure each person acting under its authority shall) process the Protected Data only on and in accordance with Subscriber’s documented instructions as set out in this clause 3 and Schedule 1, Annex 1 to this DPA (“Data processing details”), as updated from time to time (“Processing Instructions”);
3.1.2 notwithstanding any other provision of this DPA, if any Applicable Law requires Transactor to conduct Processing of the Personal Data other than in accordance with Subscriber’s Instructions, such Processing shall not constitute a breach of this DPA;
3.1.3 if Applicable Law requires it to process Protected Data other than in accordance with the Processing Instructions, Transactor shall notify Subscriber of any such requirement before processing the Protected Data (unless Applicable Law prohibits such information on important grounds of public interest); and
3.1.4 shall promptly inform Subscriber if Transactor becomes aware of a Processing Instruction that, in Transactor’s opinion, infringes Data Protection Laws, provided that:
(a) this shall be without prejudice to clauses 2.3 and 2.4; and
(b) to the maximum extent permitted by mandatory law, Transactor shall have no liability howsoever arising (whether in contract, tort (including negligence) or otherwise) for any losses, costs, expenses or liabilities arising from or in connection with any processing in accordance with Subscriber’s Processing Instructions following Subscriber’s receipt of that information.
4 Technical and organisational measures
4.1 Transactor shall implement and maintain appropriate technical and organisational measures in relation to the processing of Protected Data by Transactor, as set out in Schedule 1, Annex 2 to this DPA (“Technical and organisational measures”).
5 Using staff and other processors
5.1 Subscriber hereby gives Transactor a general consent to engage Sub-Processors for Processing of Personal Data on behalf of Subscriber. Transactor’s list of its current Sub-Processors is in Schedule 1, Annex 3. Where Transactor adds a new Sub-Processor, the list will be updated promptly. Subscriber shall notify Transactor if it objects to a Sub-Processor. Where such objection is reasonable and is raised within seven (7) days of the Sub-Processor first appearing on the list, Transactor shall, at its sole option, either:
5.1.1 remove such Sub-Processor from the list and not engage such Sub-Processor to Process any Protected Data, in which case this DPA shall continue; or
5.1.2 discuss alternative solutions with Subscriber, in which case, where the parties have failed to agree on a solution within reasonable time, Transactor shall have the right to terminate this DPA and the Service with a reasonable notice period. During the notice period, Transactor shall not transfer any Personal Data to the Sub-Processor.
5.2 Transactor shall enter into appropriate written agreements with all of its Sub-Processors on terms substantially similar to this DPA, including without limitation Subscriber’s right to conduct audits at the Sub-Processor, or ensure that the Sub-Processor will conduct audits using external auditors at least once per year. Transactor shall remain primarily liable to Subscriber for the performance or non-performance of the Sub-Processor’s obligations.
5.3 Upon Subscriber’s request, Transactor shall provide information regarding any Sub-Processor, including name, email address and the Processing carried out by the Sub-Processor.
6 Assistance with Subscriber’s compliance and Data Subject rights
6.1 Transactor shall refer all Data Subject Requests it receives to Subscriber within three (3) Business Days of receipt of the request.
6.2 Transactor shall provide such reasonable assistance as Subscriber reasonably requires (taking into account the nature of processing and the information available to Transactor) to Subscriber in ensuring compliance with Subscriber’s obligations under Data Protection Laws with respect to:
6.2.1 security of processing;
6.2.2 data protection impact assessments (as such term is defined in Data Protection Laws);
6.2.3 prior consultation with a Supervisory Authority regarding high risk processing; and
6.2.4 notifications to the Supervisory Authority and/or communications to Data Subjects by Subscriber in response to any Personal Data Breach,
6.3 The Subscriber shall pay Transactor’s reasonable charges for providing the assistance described in this clause 6.
7 International data transfers
7.1 Subscriber consents that Transactor may transfer Protected Data outside the United Kingdom (“UK”), European Economic Area (“EEA”) and Switzerland, where this is reasonably necessary to provide the Services, to a jurisdiction for which the European Commission, the UK Supervisory Authority or the Swiss Supervisory Authority has not issued an adequacy decision (“Data Transfer”), provided that Transactor has implemented a transfer solution compliant with Data Protection Laws.
8 Records, information and audit
8.1 Transactor shall maintain, in accordance with Data Protection Laws binding on Transactor, written records of all categories of processing activities carried out on behalf of Subscriber.
8.2 Transactor shall, in accordance with Data Protection Laws, make available to Subscriber such information as is reasonably necessary to demonstrate Transactor’s compliance with its obligations under Article 28 of the UK GDPR (and under any Data Protection Laws equivalent to that Article 28), and allow for and contribute to audits, including inspections, by Subscriber (or another auditor mandated by Subscriber) for this purpose, subject to Subscriber:
8.2.1 giving Transactor reasonable prior notice of such information request, audit and/or inspection being required by Subscriber;
8.2.2 ensuring that all information obtained or generated by Subscriber or its auditor(s) in connection with such information requests, inspections and audits is kept strictly confidential (save for disclosure to the Supervisory Authority or as otherwise required by Applicable Law);
8.2.3 ensuring that such audit or inspection is undertaken during normal business hours, with minimal disruption to Transactor 's business, the Sub-Processors’ business and the business of other customers of Transactor; and
8.2.4 paying Transactor's reasonable costs for assisting with the provision of information and allowing for and contributing to inspections and audits.
9 Breach notification
9.1 In respect of any Personal Data Breach involving Protected Data, Transactor shall, without undue delay:
9.1.1 notify Subscriber of the Personal Data Breach; and
9.1.2 provide Subscriber with details of the Personal Data Breach.
10 Deletion or return of Protected Data and copies
10.1 Transactor shall, at Subscriber’s written request, either delete or return all the Protected Data to Subscriber in such form as Subscriber reasonably requests within a reasonable time after the earlier of:
10.1.1 the date on which all payments under the applicable Services have been made and the applicable Service Agreements terminated or expired; or
10.1.2 once processing by Transactor of any Protected Data is no longer required for the purpose of Transactor’s performance of its relevant obligations under the applicable Service Agreement this DPA,
and delete existing copies, unless storage of any data is required by Applicable Law and, if so, Transactor shall inform Subscriber of any such requirement. Notwithstanding the Subscriber hereby authorises Transactor to retain one copy of the Protected Data for backup purposes only.
11 Dispute Resolution
11.1 This DPA shall be governed by the law of England and Wales and the parties hereby submit to the exclusive jurisdiction of the English Courts.
SCHEDULE 1 TO THE DPA
ANNEX 1
DETAILS OF PROCESSING
Under Data Protection Law, Transactor shall only Process Personal Data in accordance with Subscriber’s Processing Instructions, as regulated in the DPA. This document forms part of Subscriber’s Processing Instructions, directing Transactor on the scope, nature, and purpose when Processing Personal Data on behalf of Subscriber.
The Processing Instructions may be amended in writing by Subscriber from time to time, as communicated in writing to Processor by authorised representative of Subscriber or through Subscriber’s use of the Service.
1. Purpose of Processing
Transactor shall process personal data only for the purpose of performance of the Services for Subscriber.
2. Categories of Data Subjects
· Individuals who are patients/customers of the Subscriber
· Where the Subscriber is a laboratory, patients/customers of dental clinics who use the Subscriber’s services.
· Individuals engaged by the Subscriber’s customers or suppliers, but who are not themselves registered users of the Services. These could be staff of a dental clinic or laboratory whose details the Subscriber inputs into the Services.
3. Types of Personal Data
· Name
· Contact Details
In respect of patients only:
· Photographs
· Information relating to any treatment recommended and provided.
4. Special categories of Personal Data
In respect of patients only:
· Racial or ethnic origin
· Religious or philosophical beliefs
· Genetic data
· Health data
5. Processing activities
· Collection
· Analysis
· Storing
· Accessing, reading or consultation
· Erasure or destruction
· Sharing with other subscribers, as expressly requested by the Subscriber
6. Duration of Processing
Personal Data shall not be processed for a period longer than is necessary for serving its purpose. The processing of data collected in respect of a project shall cease on expiry or termination of the services provided in connection with such project and all personal data will be returned to customer and all copies destroyed, save for one copy that Transactor will keep securely for its own records for 7 years after termination of the applicable services.
7. Processing Location
Processing takes place in the following country/countries: EU and UNITED KINGDOM ONLY.
ANNEX 2
TECHNICAL AND ORGANISATIONAL MEASURES
The Subscriber can choose whether to pseudonymise personal data that appears on-screen, on internal reports, or on reports designed to be used externally. E.g. by showing only patient reference number, and/or initials.
Data is encrypted in transit and at rest.
Individual user permissions for access to features within the software (e.g. financial information, exporting) is controlled by the subscriber.
Multi-factor authentication is used for all access by users.
Back-ups are taken daily and stored offline at a separate location.
Servers are run in isolated private networks and protected with industry standard firewalls and anti-malware software with real-time protection and nightly scans.
Security and maintenance updates are applied routinely.
Changes to cloud server user accounts and virtual machines are logged at the hosting partner level, with visibility to our administrators. Server environment changes are logged, including user account changes. Logging of user actions within the LabManager software is logged and visible to users with permission for this.
All public IPs have anti-DDoS protection included and connections to customer office resources are made using site-to-site IPsec VPNs.
Applications are compiled using ASLR or DEP memory protection to prevent buffer overflow attacks, and contain code signed digital signatures.
ANNEX 3 - LIST OF SUB-PROCESSORS
The controller has authorised the use of the following sub-processors:
V2 Cloud, 1801 Avenue McGill College, Montreal, Quebec, H3A 1Z4, Canada – Hosted Desktop as a Service – hosted in London, UK
Microsoft, Microsoft Campus Thames Valley Park Reading RG6 1WG - Azure Cloud hosting – hosted in the UK
Catalyst2,
Team Blue Internet Services UK Limited, t/a Catalyst2
Acton House, Perdiswell Park, Worcester, Worcestershire, WR3 7GD – servers
hosted in Reading, UK