AAG Email Signature Terms and Conditions
UK ROW Version July 2022 1
Email Signature UK/ROW Licence Terms
If you are based in any country excluding the EEA and the Americas, the following terms (collectively, the “Terms”) govern your use of the Email Signature cloud service that you have subscribed to (the “Service” or “Services”).
BY REGISTERING AS A USER ON OUR SELF-SERVICE PORTAL, SUBSCRIBING TO THE SERVICES THROUGH YOUR CHOSEN RESELLER AND/OR USING THE SERVICES OR UNDERLYING SOFTWARE,
YOU CONSENT TO BE LEGALLY BOUND BY THESE TERMS FOR EACH SERVICE THAT YOU SUBSCRIBE TO.
IF YOU ARE ENTERING INTO THESE TERMS ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU WARRANT AND REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THESE TERMS, IN WHICH CASE THE TERMS “YOU” OR “YOUR” OR THE “CUSTOMER” SHALL REFER TO SUCH ENTITY, IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS, YOU MUST NOT ACCEPT THESE TERMS AND MUST NOT USE THE SERVICES.
YOUR ATTENTION IS DRAWN TO CLAUSE 11 WHICH CONTAINS IMPORTANT LIMITATIONS AND EXCLUSIONS OF LIABILITY.
SUBJECT TO CLAUSE 9, THESE TERMS INCLUDE THE SCHEDULES AND ANNEXES. ANY REFERENCES TO THESE TERMS INCLUDES A REFERENCE TO THE SCHEDULE AND THE ANNEXES. REFERENCES TO CLAUSES ARE TO CLAUSES OF THE MAIN BODY OF THESE TERMS AND REFERENCES TO PARAGRAPHS ARE TO PARAGRAPHS OF THE SCHEDULE.
TO THE EXTENT THAT THE SCHEDULE APPLIES TO THESE TERMS PURSUANT TO CLAUSE 9 THE PARTIES ACKNOWLEDGE AND AGREE THAT IN THE EVENT OF ANY CONFLICT OR INCONSISTENCY BETWEEN THESE TERMS AND THE SCHEDULE (INCLUDING THE ANNEXES) IN RELATION TO THE PROCESSING OF PERSONAL DATA THEN (I) THE TERMS OF THE SCHEDULE SHALL PREVAIL TO THE EXTENT OF SUCH CONFLICT OR INCONSISTENCY AND (II) THE PROCESSOR SHALL BE DEEMED NOT TO BE IN BREACH OF THESE TERMS AS A RESULT OF COMPLYING WITH THE TERMS OF THE SCHEDULE. THESE TERMS SUPERCEDE ANY PRIOR TERMS APPLICABLE TO THE PARTIES UNLESS SPECIFICALLY AGREED IN WRITING.
1. TRIAL LICENSE
1.1. If you have applied for a trial licence of the Services and Email Signature has agreed, Email Signature grants you a personal, non-transferable, non-exclusive, royalty free licence to use the Services solely for the purposes of evaluation of the Services for your own internal business purposes (“Trial License”) and solely for the duration of 14 days from the date that the Services first commence unless a longer duration has been agreed in writing by us (“Trial Period”). You acknowledge and agree that, unless otherwise agreed in writing by us, this Trial Licence will automatically terminate at the end of the Trial Period and the Services will automatically cease to operate at the end of the Trial Period if you have not at that time entered into a full licence in respect of the same. We may terminate the Trial Licence at any time by giving you notice.
2. FULL SUBSCRIPTION LICENSE TO USE THE SERVICES
2.1. Conditional upon you paying the fees for the Service(s) we grant you a non-exclusive, non-transferable, and, other than as permitted in clause 3.1, non-sub-licensable right (“Full Subscription License”) for you and your staff to use the Services, the associated documentation and on-line guides, and the underlying software solely for your internal business operations during the term you have purchased (“Subscription Term”).
3. TERMS APPLICABLE TO BOTH TRIAL LICENSE AND FULL SUBSCIPTION LICENSE
3.1. You are prohibited from allowing access to the Services to third parties except as otherwise set forth herein.
However, you may choose to offer access to and use of the Services to your affiliates (meaning any entity that directly or indirectly controls, is controlled by, or is under common control with you) (“Permitted Access”) provided that where you offer such Permitted Access (a) you shall ensure that all such use and
UK ROW Version July 2022 2
access complies with these Terms; (b) you shall remain the contracting party with us and you shall be responsible for the payment of all subscription fees; (c) you shall retain full responsibility for all acts and omissions of your affiliates in relation to such access to and use of the Services and you shall be liable for all acts and omissions of your affiliates as if they were your own acts or omissions. All passwords and other access details provided by us to you are confidential and you shall ensure that all those with Permitted Access are aware of the confidential nature of such details.
3.2. You agree to notify us promptly upon becoming aware of any unauthorised use or access of the Services or the underlying software.
3.3. You agree on demand to indemnify us from and against all losses, costs, demands, damages, judgments, claims, settlements, interest, fees and expenses (including but not limited to legal fees and other professional fees) arising out of or in connection with a breach by you or your affiliates of any of the terms of clause 3.4.
3.4. You agree that you and your affiliates with Permitted Access will not:
3.4.1. take any action intended to interfere with or disrupt the Services or any other user’s use of the Services;
3.4.2. use or access the Services for transmission or posting of abusive, indecent, obscene or pornographic material, material that is libellous or offensive, spamming, sending junk mail, hacking, password cracking, IP spoofing, unsolicited or unauthorised advertising, illegal, immoral or any other similar improper purpose or in violation of our Acceptable Use Policy published at www.Email Signature.com;
3.4.3. use or access the Services to create products or services which compete with the Services or underlying software;
3.4.4. except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties:
22.214.171.124. attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Services or underlying software in any form or media or by any means;
126.96.36.199. attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to humanperceivable form all or any part of the Services or the underlying software;
3.4.5. license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services or underlying software available to any third party except those with Permitted Access;
3.4.6. allow Services or the underlying software to become the subject of any charge, lien or encumbrance;
3.4.7. in respect of any custom fonts which are uploaded to our systems by you (or on your behalf) for use in connection with the relevant Services: (i) breach the terms of the licence between you and the thirdparty grantor in respect of the use of such fonts or (ii) upload any such fonts unless you have in place at the time of upload and maintain in place for the duration of these Terms a license authorising use of such fonts in connection with the Services;
3.4.8. use the Services for bulk marketing purposes or in connection with automated mailing systems (other than in course of marketing your own goods and services as part of your normal business operations);
3.4.9. use the Services and the underlying software in any manner which will or may breach any laws, rules, regulations and/or codes which are legally binding and which are applicable to the use of the Services (and underlying software) including (without limitation) any laws applicable to the protection of personal data; and 3.4.10. use the Services in any manner or for a purpose not permitted by applicable export laws, regulations or sanctions; nor export or re-export the Services to any country, region, organisation or individual that is named as a restricted area or person on any applicable export laws, regulations or sanctions.
3.5. You are solely responsible for the content of emails or other communications sent using any of the Services and for selecting recipients of such emails. In the event that you are in breach of any of the terms of clause.
3.4, you agree that we may also suspend or terminate your subscription to the relevant Service(s).
3.6. Where the Service involves us sending email alerts to you, you agree to supply us in a timely manner: (i) the full and accurate details (including but not limited to names and email addresses) of all recipients of the emails (“Lists”); the content, images, designs and any other information you reasonably require to be sent by us in the emails (“Content”), and (iii) to instruct us as and when the emails are to be sent. Any date given by us to you for sending of such emails is conditional upon you providing the Lists and other information aforesaid.
3.7. You warrant that all Content submitted by you to us is your own original work and you have the right to make it available to us for the purpose of the Service. You will be responsible for dealing with any complaints from recipients of the Content and for any inaccuracies with the Lists. You shall ensure that you have the right under applicable data protection laws to send Content to the persons on the Lists.
UK ROW Version July 2022 3
4. FULL SUBSCRIPTION LICENSE DURATION, FEES, BILLING AND RENEWAL
4.1. The minimum duration of a Full Subscription Licence is twelve (12) months from and including the date that you start to use the Services (“Initial Licence Period”). Following the expiry of the Initial Licence Period, unless otherwise agreed in writing, your subscription shall continue automatically for additional terms of 12 months each (each a “Renewal Term”) unless and until cancelled in accordance with clause 6.2, or otherwise terminated in accordance with these Terms. If you purchase additional Services part way through a licensing period, the term of the new Services purchased shall be coterminous with the license duration.
4.2. By subscribing to the Services, you agree to pay the applicable fees for the Full Subscription Licence (as selected by you during the online subscription process or with your reseller as applicable) plus any applicable taxes and duties, if any.
4.3. If you are buying your Full Subscription Licence direct from us, we reserve the right to change the fees at the end of the Initial Full Subscription Period and each Renewal Term thereafter.
4.4. Our fees are based, as a minimum, on the total number of users you have purchased. If the number of users increases at any time, the increased number of users shall be the basis for all further subscription fees. You may not reduce the number of users during the Initial Full Subscription Licence Period or during any Renewal Term. In this context, “users” means the number of unique email addresses.
4.5. From time to time we may verify the number of users and if the number of users is greater than the licenced quantity, we will invoice you for that additional number of users for the remaining duration of the then current annual term or provide such information to your chosen reseller so they can invoice you appropriately.
5. PAYMENT TERMS
5.1. Unless otherwise agreed in writing by us subscription fees are payable monthly by direct debit.
5.2. If your subscription is cancelled by either you or us, we will not provide a refund or credit for any unused subscription period as we will incur costs as a result of the cancellation unless the cancellation was by you for our unremedied breach or by us for convenience.
5.3. We will email you with a copy of our invoice for the relevant payment period. It is your responsibility to ensure that we are updated on the email address to which you require invoices to be sent.
5.4. You are responsible for paying any taxes (including without limitation any sales, use or withholding taxes now or hereafter enacted), and any duties, levies, excises or tariffs (together “duties”), that are applicable to receipt of the Service. All payments hereunder shall be made without deduction for taxes or duties of any kind or nature.
5.5. If you fail to pay any amount due from you under these Terms on or before the Due Date for such amount, you shall pay interest on the overdue amount at the rate of four per cent (4%) per annum above the Bank of England’s base rate from time to time. Such interest shall accrue on a daily basis from the Due Date until actual payment of the overdue amount, whether before or after judgment. You shall pay the interest together with the overdue amount.
5.6. We may suspend all Services until all overdue payments have been made in full.
6. TERM AND TERMINATION
6.1. These Terms will remain in force for the duration of the Trial Period and/or the Subscription Term, as applicable.
6.2. You may cancel your Full Subscription Licence at the end of the Initial Licence Period or at the end of a Renewal Term by giving us at least 30 days prior notice in writing, such notice being effective at the end of the Initial Licence Period or a Renewal Term, as applicable.
UK ROW Version July 2022 4
6.3. Without affecting any other right or remedy available to us, we may terminate the Full Subscription Licence for convenience at any time by giving you not less than 60 days’ notice in writing.
6.4. Without affecting any other right or remedy available to it, either party may terminate the Full Subscription Licence with immediate effect by giving written notice to the other party if:
6.4.1. the other party is in breach of a material term and has failed to remedy the breach within 30 days of receipt of a notice specifying the breach and requiring it to be remedied; or
6.4.2. there is an order or a resolution for the liquidation, administration, dissolution or winding-up of the other party (except where such winding up is for the purpose of solvent amalgamation or reconstruction) or has an administrator or other receiver, manager, trustee, liquidator or similar officer appointed overall or any substantial part of its assets, or enters into or proposes any composition or arrangement with the other party’s creditors generally or is subject to any analogous event or proceedings in any applicable jurisdiction.
6.5. Without affecting any other right or remedy available to us, we may terminate the Full Subscription Licence with immediate effect by giving written notice to you if you fail to pay any amount due under these Terms by the Due Date for payment and remain in default for more than 14 days after being notified in writing to make such payment.
6.6. On termination:
6.6.1. all licences granted and Services supplied under these Terms shall immediately terminate and you shall immediately cease all use of the Services and the underlying software and shall procure that all those with Permitted Access cease the use of the Services and the underlying software;
6.6.2. you shall immediately pay all sums due and / or invoiced by us or your reseller in respect of fees payable under these Terms;
6.6.3. we may raise a further invoice which shall be payable immediately in respect of fees payable pursuant to these Terms in respect of which we have not previously raised an invoice;
6.6.4. we shall be under no obligation to retain any of your data (including Lists and email templates) and we may delete all such information in accordance with our policies and applicable data protection laws.
6.7. Termination shall not affect any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination or expiry.
6.8. Any provision of these Terms that expressly or by implication is intended to come into or continue in force on or after termination or expiry of these Terms shall remain in full force and effect.
7. INTELLECTUAL PROPERTY RIGHTS
7.1. You acknowledge that we (or where applicable our licensors) own all rights, title and interest in and to all intellectual property rights in the Services, the associated documentation and on-line guides, and the underlying software used to provide the Services. These Terms do not grant you any rights to the same other than the rights expressly set out in these Terms. We acknowledge that you own all rights, title and interest in and to all information and data you provide to us in connection with these Terms and otherwise upload to and use with the Services, and intellectual property and other proprietary rights thereto. Nothing in this Agreement grants us or our Affiliates any rights to the same other than the rights expressly granted in these Terms.
7.2. You agree not to remove any copyright or proprietary notices used in connection with the Services. Certain marks, words and logos displayed as part of the Services, which may or may not be designated by a “™” “®” ,“SM” or other similar designation, constitute trademarks, trade names, or service marks belonging to us or our suppliers. You are not authorized to use any such marks. Ownership of all such marks and the goodwill associated with them remains with us or our suppliers.
7.3. If any third party brings any claim or action or otherwise alleges that the use of the Services (or any part thereof) infringes any intellectual property rights of that third party (a “Claim”) or you become aware of any intention by a third party to make a Claim then you shall promptly:
7.3.1. give us written notice of the Claim, specifying in reasonable, clear, full and accurate detail the nature of the Claim;
7.3.2. not make any admission of liability, agreement or compromise in relation to the Claim without our prior written consent (which we may in our sole and absolute discretion withhold);
7.3.3. give us and our advisors access to your premises and your officers, representatives, directors, employees, sub-contractors and to any relevant documentations and records which are within your control and allow us and our advisors to take copies for the purposes of assessing the Claim;
7.3.4. procure that we and our advisors are given access to those with Permitted Access on terms equivalent to those set out in clause 7.3.3 above;
UK ROW Version July 2022 5
7.3.5. provide such assistance in managing, negotiating, settling and resolving the Claim as we reasonably request; and 7.3.6. allow us to have full conduct of the Claim including without limitation its management, negotiation, settlement and resolution.
8.1. The parties may not disclose or make available information which is proprietary or confidential and which is marked as “Confidential” or which would be regarded as confidential by a reasonable business person (the “Confidential Information”). Confidential Information shall include (but not be limited to) Lists, Content, details of the Services, the associated documentation, on-line guides, and the technology and software used to provide and use the Services and your Confidential Information shall include all data and other information you provide to us or otherwise upload to or use with the Services.
8.2. The parties agree not to use the Confidential Information of the other party for any purpose other than the use of or provision of the Services in accordance with these Terms. The parties agree not to disclose the Confidential Information of the other party to third parties and agree that they will restrict its disclosure to their employees who need to have the Confidential Information in order to carry out their employment duties.
We may disclose your Confidential Information to persons of the type detailed in clause 13.7 where we exercise our rights thereunder. Where we do this, we will put in place with such persons’ confidentiality obligations at least equivalent to, and in any case no less restrictive than, those set out in this clause 8.
8.3. Confidential Information shall not include any information that: (a) is or becomes publicly known through no action or inaction of the Receiving Party; (b) is in the possession of the Receiving Party at the time it receives the Confidential Information from the Disclosing Party; (c) the Receiving Party receives from a third party not under an obligation of confidentiality; or (d) is independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information.
9. DATA PROTECTION AND PROCESSING OF CUSTOMER PERSONAL DATA
9.1. The following definitions are used in this clause 9 and the Schedule hereto:
9.1.1. Data Controller, Data Processor, Data Subject, Personal Data, Data Breach, Processing, Processed and Process and appropriate technical and organisational measures shall have the meaning as defined in the Data Protection Legislation or if there is no such definition in the relevant Data Protection Legislation it shall have the meaning given to the phrase which mostly closely resembles the definition of “data controller” in the GDPR.
9.1.2. Data Protection Legislation means in each case as applicable to the activities undertaken by the respective parties under or in connection with these Terms: the UK Data Protection Legislation, the General Data Protection Regulations (EU 2016/679) (“GDPR”) and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including, without limitation, the privacy of electronic communications); and the guidance and codes of practice issued by the relevant data protection or supervisory authority and applicable to a party.
9.1.3. UK Data Protection Legislation means all applicable data protection and privacy legislation in force from time to time in the UK including the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) as applicable in the UK; the Data Protection Act 2018; the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended.
9.2. Each of the parties agrees to comply with all applicable requirements of the relevant Data Protection Legislation. This is in addition to, and does not relieve, remove or replace, either of our obligations under the Data Protection Legislation. If you are in the UK or the EEA, the provisions of Schedule 1 shall also apply.
9.3. Except as stated below or in the Annexes, we agree that we will not, when performing the Services, process Personal Data outside of the jurisdiction(s) in which the data centre(s) you choose when you set up the Services is / are located, or the jurisdiction(s) in which such other data centre(s) as you may subsequently specify from time to time is / are located.
9.4. You warrant to us that you have taken all steps that are required to enable us to process the Personal Data in compliance with all Data Protection Laws and any other applicable laws, enactments, regulations, orders, standards and other similar instruments, including without limitation that you have in place the necessary notices, consents from Data Subjects for you to lawfully transfer their Personal Data to us, or have another appropriate legal basis in place to enable lawful transfer of the Personal Data to us and for us to process use and transfer such personal data in connection with the provision of the Services.
UK ROW Version July 2022 6
9.5. The Data Controller shall indemnify the Data Processor against all liabilities, costs, expenses, damages and losses (including reasonable professional costs and expenses) suffered or incurred by the Data Processor as a result of the Data Controller’s breach of its obligations pursuant to clause 9.4 above.
9.6. We shall Process Personal Data only in accordance with your lawful instructions, including with regard to transfers of Personal Data to a further third country or an international organisation, unless required to do so by applicable law to which Email Signature is subject; in such a case, Email Signature shall inform you of that legal requirement before Processing, unless such applicable law prohibits Email Signature from so notifying you.
10. SERVICE LEVELS AND WARRANTY
10.1. We shall provide the Services to you with reasonable skill and care in a professional manner.
10.2. The availability of the Services may be affected (and we shall not be liable in such cases) by the following:
10.2.1. hardware or telecommunications failures;
10.2.2. the effects of the failure or interruption of the Service by third parties such as our platform providers;
10.2.3. factors outside our reasonable control;
10.2.4. your actions or omissions (including without limitation, breach of your obligations set out in these Terms) or those of any third parties (including but not limited to breaks in the continuity of the electricity supply or of the telecommunications linked to our server); and
10.2.5. interruptions to the Service resulting from any request by you.
If the Services are unavailable or defective in any way then to the extent that such defect or unavailability is caused by a breach of these Terms by us, we will, at our expense, use reasonable endeavours to correct any such unavailability or defect promptly. Such correction is your sole and exclusive remedy for i) the unavailability of the Services and ii) any breach of clause 10.1.
10.3. Notwithstanding the foregoing, we: 10.3.1. do not warrant that use of the Services will be uninterrupted or error-free; and 10.3.2. are not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including without limitation the internet, and you acknowledge that the Services may be subject to limitations, delays and other problems inherent in the use of such communications networks and facilities.
10.4. Save as expressly provided for in these Terms, all warranties or conditions of any kind including, but not limited to, the implied warranties or conditions of satisfactory quality and fitness for a particular purpose are excluded.
10.5. We provide no assurance or guarantee that the Services will provide a solution to your specific needs.
10.6. The Services are not bespoke or tailored to you and we do not warrant that the Services will meet your requirements. We offer no refund where you purchase the Services and then decide that they are not suitable for your requirements or are not required for any reason. We offer a trial service which allows you to evaluate the Services – we recommend you use this prior to purchasing the Services. Where you do not use the trial service to evaluate the suitability of the Services prior to purchase, you will not be entitled to a refund where you decide the Services are not suitable.
11. OUR LIABILITY
11.1.Nothing in these Terms shall limit or exclude our liability for:
11.1.1. death or personal injury caused by negligence;
11.1.2. fraud or fraudulent misrepresentation; or
11.1.3. any other liability which cannot be limited or excluded by applicable law.
11.2. Subject to clause 11.1, we shall not be liable to you, whether in contract, tort (including without limitation negligence), for breach of statutory duty, or otherwise, arising under or in connection with these Terms for loss of profits; loss of sales or business, business opportunity or goodwill; loss, corruption or recovery/restoration of data or information; loss of agreements or contracts; loss of anticipated savings; loss of or damage to goodwill; loss of use or corruption of software; or any indirect, special or consequential loss, whether foreseeable or not.
UK ROW Version July 2022 7
11.3. Subject to clauses 11.1 and 11.2, our maximum liability to you per claim or series of connected claims under or in connection with the Full Subscription License, whether in contract, tort (including without limitation negligence), for breach of statutory duty, or otherwise, arising under or in connection with the Full Subscription Licence shall be limited to the greater of (a) 125% of the fees paid by you in the 12 months’ period preceding the date of the incident(s) giving rise to the relevant claim and (b) £10,000 (ten thousand pounds). Subject to clauses 11.1 and 11.2, in respect of the Trial License, our maximum liability to you in aggregate is limited to £10.
11.4. Any email disclaimer texts provided or made available by us to you as part of the Services are purely for example purposes and we do not warrant the legality or accuracy of these examples or accept any liability for them.
12. FORCE MAJEURE
12.1. Neither party shall be liable or responsible for any failure to perform, or delay in performance of, any of its obligations under these Terms that is caused by an “Event Outside its Control” meaning any act or event beyond its reasonable control, including without limitation, failure of public or private telecommunications networks, breakdown or unavailability of computer hardware, software, viruses, hackers, errors, interruptions, bugs and power supply.
12.2. If an Event Outside its Control takes place that affects the performance of a party’s obligations under these Terms:
12.2.1. that party’s obligations under these Terms will be suspended and the time for performance of its obligations will be extended for the duration of the Event Outside its Control; and 12.2.2. it will use its reasonable endeavours to find a solution by which its obligations under these Terms may be performed despite the Event Outside its Control.
13.1. No failure or delay by either party in enforcing its rights or remedies shall prejudice or restrict any rights or remedies available to it. No waiver of any rights or remedies available to a party or of any breach of any contractual terms by the other party shall be valid unless in writing signed by each party’s directors or equivalent officer. A waiver shall not be deemed a waiver of any subsequent breach or default.
13.2. Subject to clause 4.3, we may amend these Terms from time to time. All revised Terms will be published on our website and shall be effective immediately on publication. If you do not agree with the revisions made to our Terms, you will have the right to terminate your subscription by giving us 30 days’ notice in writing any time thereafter.
13.3. The parties agree to comply with all applicable anti-bribery, corruption and anti-money laundering laws and regulations.
13.4. Save as set out in clause 4.3 and 13.2, no variation of these Terms shall be effective unless in writing and signed by the parties (or their appointed representatives).
13.5. If any provision or part-provision of these Terms is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of these Terms.
13.6. These Terms are personal to you and you shall not assign, transfer, mortgage, charge, subcontract, declare a trust over or deal in any other manner with any of your rights and obligations under these Terms.
13.7. We may at any time assign, transfer, mortgage, charge, subcontract, declare a trust over or deal in any other manner with any or all of our rights under these Terms. Where we subcontract any element of the Services, we shall be responsible for the acts and omissions of our subcontractors as if they were our own. You agree that you shall, on request, provide reasonable assistance to us as required to give effect to this clause 13.7.
13.8. Unless expressly stated to the contrary in these Terms (including without limitation under clause 13.2), all notices given to a party under or in connection with these Terms shall be in writing and shall be delivered by hand, by pre-paid postal delivery or by pre-paid courier at its registered office (if a company) or its principal place of business (in any other case). Notices shall be deemed to have been received:
13.8.1. when delivered, if delivered by hand or by courier; or 13.8.2. on the fourth day after posting if sent by pre-paid postal delivery; or 13.8.3. on the tenth day after posting, if posted by airmail.
This clause does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.
UK ROW Version July 2022 8
13.9. No one other than a party to these Terms, their successors and permitted assignees, shall have any right to enforce any of the Terms.
13.10. These Terms and the fee details referred to in clause 4 contain the whole agreement between you and us in relation to their subject matter and supersede all prior agreements, promises, assurances, warranties, representations, arrangements and understandings between you and us relating to that subject matter.
13.11. Each party agrees that it shall have no remedies in respect of any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in these Terms. Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in these Terms.
13.12. Nothing in these Terms is intended to, or shall be deemed to, establish any partnership or joint venture between any of the parties, constitute any party the agent of another party, nor authorise any party to make or enter into any commitments for or on behalf of any other party.
13.13. The parties hereby agree that these Terms and any dispute or claim (including without limitation non-contractual disputes or claims) arising out of or in connection with these Terms or their subject matter or formation shall be governed by and construed in accordance with the laws of England. The parties hereby irrevocably submit to the exclusive jurisdiction of the English courts to settle any dispute or claim (including without limitation-contractual disputes or claims) arising out of or in connection with these Terms or their subject matter or formation.
UK ROW Version July 2022 9
DATA PROCESSING AGREEMENT
Data exporter: You, the Customer using the Services
Your Role: Date Controller
Activities relevant to the data transferred under this Schedule: Provision of the Services by Email Signature.
Our Role: Data Processor
You and we acknowledge that for the purposes of the Data Protection Legislation, you are the Data Controller and we are the Data Processor in respect of any Personal Data processed in connection with the Services. The following provisions shall apply when applicable as stated in Clause 9.
1. You shall comply with all obligations, responsibilities and duties imposed on you by the Data Protection Legislation in respect of any Personal Data which you pass to us.
2. We shall Process Personal Data only in accordance with your lawful instructions, including with regard to transfers of Personal Data to a further third country or an international organisation, unless required to do so by applicable law to which we are subject; in which case, we shall inform you of that legal requirement before Processing, unless such applicable law prohibits us from so notifying you.
3. We may disclose your personal data to courts, government agencies and other third parties as and to the extent required by law; and maintain a record of its processing activities in accordance with Article 30 of the UK GDPR.
4. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk as set out in Annex II.
5. We shall take steps to ensure that any person acting under our authority who have access to Personal Data does not Process them except in accordance with the instructions from you unless he or she is required to do so by applicable law.
6. We shall ensure that all personnel who have access to and/or Process your Personal Data are obliged to keep such Personal Data confidential.
7. We may engage the services of third parties (Sub-Processors) for carrying out specific processing tasks.
Annex III sets out the ones we have already appointed.
8. Where Email Signature engages a Sub-Processor for carrying out specific Processing activities on your behalf, the same data protection obligations as set out in these Terms (including this Schedule) shall be imposed on that Sub-Processor by way of a contract, in particular providing sufficient assurances to implement appropriate technical and organisational measures in such a manner that the Processing will meet the requirements of Data Protection Legislation. We shall remain fully liable to you for all the acts and omissions of each SubProcessor as if they were our own.
UK ROW Version July 2022 10
9. Taking into account the nature of the Processing, we shall assist you by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of your obligation to respond to requests for exercising a Data Subject’s rights laid down in Chapter III of the UK Data Protection Legislation. The data subject’s rights in Chapter III of the UK Data Protection Legislation are the right to receive transparency information, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object and the right not to be subjected to automated decision-making.
10. We shall assist you in ensuring compliance with your obligations pursuant to Articles 32 to 36 of the UK Data Protection Legislation taking into account the nature of Processing and the information available to us.
The obligations pursuant to Articles 32 to 36 of the UK Data Protection Legislation are security of processing, notification of a personal data breach to the supervisory authority, communication of a Data Breach to the data subject, data protection impact assessments and prior consultation with the supervisory authority.
11. We shall unless otherwise instructed by you or as required by applicable law: (a) within no more than 180 days after termination of your subscription, delete all Personal Data processed on your behalf; and (b) ensure that we have not kept any copy of any Personal Data unless required to do so by applicable laws.
12. Upon your written request, we agree to provide sufficient information (to the extent that such information is within our control and we are not precluded from disclosing it by applicable law, a duty of confidentiality, or any other obligation owed to a third party) to demonstrate our compliance with the obligations laid down in these Terms and applicable Data Protection Laws. Such information shall be deemed to be confidential.
You agree that for the purposes of any request you may have in this regard, we may provide you with information relating to our ISO 27001 certification and annual testing thereto which shall ordinarily satisfy your request for information and /or audit or inspection. If despite this, you, acting reasonably and with appropriate evidence, need to audit us to verify our compliance, we agree to allow you to conduct a data processing audit provided that you give us at least 30 days’ prior notice in writing. Such audit must be carried out by an independent third party with a good market reputation, experience, and competence who is subject to the same duties of confidentiality as you are under these Terms to carry out data processing audits and confirmed by both you and us acting reasonably.
13. You shall bear the full costs of the audit and our costs for any reasonable requests for access to our relevant records, files, computer, or other communication systems, for the purposes of reviewing our compliance with the Data Protection Laws.
14. We shall notify you within 48 hours if we are contacted by a Data Subject seeking to exercise one or more of the Data Subject’s rights as laid down in Data Protection Legislation in respect of their information contained in Personal Data, or raises any concern or complaint about how we or you have handled their information contained in Personal Data
15. We shall provide you with full co-operation and assistance in relation to any request made by a Data Subject regarding the Data Subject’s rights in their Personal Data set out in the Data Protection Legislation in respect of their information contained in Personal Data.
16. Save as expressly provided for in these Terms, we shall not disclose Personal Data to any Data Subject or to any other person without your prior written consent.
17. In the event of any actual or suspected Data Breach concerning your Personal Data, we shall notify you promptly, and in any case, within forty-eight (48) hours) of becoming aware and shall provide you with full assistance and co-operation in relation to same.
18. Processing of Your Personal Data: Annex 1 sets out the processing activities and how we handle your Personal Data.
UK ROW Version July 2022 11
Annex 1 Processing Services
SCOPE AND PURPOSE OF PROCESSING
We will process Personal Data provided by you or collected by us in order to manage your account with us and to fulfil our contractual obligations to you. We may also process Personal Data in an aggregated and anonymised manner to analyse trends and to track your usages of and interactions with our Services to the extent necessary for our legitimate interest in developing and improving our Services and providing you with more relevant content and service offerings.
We will process the Personal Data for the duration of the period in which we provide Services to you.
CATEGORIES OF DATA SUBJECTS AND PERSONAL DATA PROCESSED
Personal Data provided by you to us or collected by us in order to manage your account. This includes the
• Customer name.
• Customer email address.
• Customer business address.
• Customer telephone number.
• Customer credit card or direct debit information.
• Debit/Credit card name.
• Debit/Credit card type.
• DebitCredit card expiry date.
• Debit/Credit card number.
Where you log a technical support case, we will process the name and contact details of the user logging the case and the other users involved in the case. If we are provided access to email content by you (with your express permission having been granted), we will have access to any Personal Data set out in that email.
Personal Data provided by you to us or collected by us in order to provide the Services. This includes data aggregated from your Active Directory or Google Directory or from Lists and Content such as:
• Sender’s/Recipient’s First, Last and Full name.
• Sender’s/Recipient’s business address.
• Sender’s/Recipient’s company name.
• Sender’s/Recipient’s telephone number.
• Sender’s/Recipient’s email address.
• Sender’s email subject line and content information for the inclusion of the signature
• Any other information that you expose to us via Custom Attributes within the signature
No sensitive data is processed by us unless you include it in the Content of emails.
NATURE OF PROCESSING
Personal Data provided by you to us or collected by us in order to manage your account is stored for the duration of your relationship with us.
Where you log a technical support case, the data relating to the case is stored within our CRM. Personal Data provided by you to us or collected by us in order to provide the Service(s) is aggregated from your Active Directory or Google Directory and stored. This stored copy of the data is then used during the processing of the signature block prior to inclusion within the signature. This data is held separately from the main signature block, with the signature block being deleted once it has been included within the email. The aggregated data is stored for the duration of your relationship with us, after which time it is deleted in its entirety.
SUBPROCESSORS The data centre that runs the Email Signature Email Signature Service is owned and operated by a sub-processor named in Annex 3. We also use CRM and other systems of third parties to assist us in providing the Services to you as stated in Annex 3
DURATION AND FREQUENCY OF PROCESSING
Only for the duration of your subscription to the Service and frequency is determined by the number of emails/surveys sent by you through our data centre.
UK ROW Version July 2022 12
Technical and Organisational measures to ensure the security of your Personal Data implemented by Email Signature:
Security Requirement How Data Importer implements security measures
Physical access control measures to prevent
unauthorized persons from gaining access to
Processing systems or premises where Personal Data are Processed or used.
Card access control system with documentation of key holders.
Security patrolled business park.
Physical security service inside building.
Monitored alarm system.
Locked server room with authorized personnel access only.
Access control measures to prevent Processing systems from being used without authorization. Including Importer’s representatives access permissions segregation to Processing systems and Personal Data such as read, copy, modify, delete.
Individual user log-in to corporate network.
All development, staging, production systems are located within secure Data Centres.
Access to production level infrastructure per tenancy is limited to secure certificate endpoint.
Processors Password policy procedures are regulated by Password Policy.
Automatic password-protected blocking of computer after a certain period of time without user activity.
Transmission control measures taken in by Importer and Exporter to ensure that Personal Data cannot be read, copied, modified or removed without authorization during electronic transmission or transport, and that it is possible to check and establish to which bodies the transfer of Personal Information by means of data transmission facilities is envisaged.
Encrypted access via TLS
Hard drive encryption of all processor employee machines used to facilitate business
performance protected by Bitlocker.
Locked server room at Processor‘s premises with authorized personnel access only.
Describe the measures of input control to ensure that it is possible to check and establish whether and by whom Personal Data have been entered into Processing systems, modified or removed.
Assignment control measures Importer takes to ensure that, in the case of commissioned Processing, the Personal Information are Processed strictly in accordance with the instructions of the principal.
Training of all Processor‘s representatives involved in Personal Data Processing for technical and organizational security measures. Follow-up training at regular intervals.
Specific clauses in Contractor/Employment agreements with all Processor’s representatives, such as: The Right for Work Results, Confidentiality, Policies and work processes, Non-compete, Non Disclosure.
Appointment of contact person in charge of data protection.
Availability control measures Importer applies to ensure that Personal Data are protected from accidental destruction or loss.
Active/Active and regional Data Centres.
Centralized virus protection and firewall at Processor‘s infrastructure
Air conditioning for work and server/network environment.
Fire alarm system.
Monitored alarm system.
Measures of pseudonymisation and encryption of personal data
All data at rest is encrypted.
Data in transit encrypted via TLS between user end-points and core services.
Pseudonymisation techniques assigned to all data sat within queues or at rest.
Measures for ensuring ongoing confidentiality,
integrity, availability and resilience of processing systems and services
Data Protection Officer, CTO and Director of Technical Services meet regularly to review current processes and risk register.
Regular Penetration tests carried out on infrastructure and application (service and code level).
3rd party IDS and Cloud Native security products built into solution.
Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident Multiple data centres operate in an active/active configuration.
All personal data is aggregated across all per-geo data centres.
UK ROW Version July 2022 13
Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing
3rd party assessments of our security process and policies as part of our various ISO accreditations.
Regular management reviews of process and risk register.
Tooling to ensure adherence to process and policies, including but not limited to IDS, automated compliance tools, Managed Detection and Response systems and Zero Trust Access systems.
Measures for user identification and authorisation MFA coupled with Zero trust.
Measures for the protection of data during transmission TLS Encryption at all points of transmission, including between internal services.
Measures for the protection of data during storage Data storage can only be accessed by internal services, all of which are protected by secured MFA access.
Secure and encrypted transmission of data prior to storage.
Storage technologies that incorporate encryption as standard.
Customers only have access to their own data based on secure authentication and authorisation.
Measures for ensuring physical security of locations at which personal data are processed
Access controls at all Data Centres and Email Signature offices.
Secure door access, which is recorded and regularly reviewed.
Camera surveillance and 24/7 security guard patrols in place.
Measures for ensuring events logging 3rd party tooling to ensure all external events are logged.
In product logging of all key events.
Measures for ensuring system configuration, including default configuration
New tenancies are created using standard image which is regularly checked against a baseline.
All delivery pipelines update default configurations where necessary, ensuring built-in security and compliance to standard images.
Measures for internal IT and IT security governance and management
Accredited to ISO27001 & 27018.
Robust process, policies and tooling to ensure compliance.
Measures for certification/assurance of processes and products
Regular external 3rd party penetration testing of product and infrastructure (on material infrastructure change, product change or annually).
3rd party quarterly assessment of compliance to process and certifications.
Real-time tooling notifications on compliance to process and certifications.
Measures for ensuring data minimisation Independent audit and product peer review of all data collected.
Measures for ensuring data quality Independent teams assess multiple streams of data, with a focus on quality. Any quality issues are fed back into the process and resolved promptly.
Measures for ensuring limited data retention All data storage retention timeframes are regularly reviewed and assessed.
Audits of data storage are conducted by independent teams to ensure adherence to policies. All employees, contractual sub processors or other service providers are contractually bound to respect the confidential nature of all sensitive information. Measures for allowing data portability and ensuring erasure.
Measures for ensuring accountability All core processes and procedures are owned by senior members of Email Signature.
All employees, contractual sub processors or other service providers are contractually bound to respect the confidential nature of all sensitive information.
Measures for allowing data portability and ensuring erasure
All data stored can be easily recreated from customers own store. Export and import routines exist across core data points. Data erasure policies exist as part of our wider information security policies.
Data erasure policies exist as part of our wider information security policies.
UK ROW Version July 2022 14
List of sub-processors
Name of Sub-Processor Company number
Address Service Provided
1. Microsoft Operations Limited (Where Signatures for O365 is used)
256796 70 Sir John Rogerson’s Quay
Cloud Provider for Email
2. Google Cloud EMEA Limited (and each member of the group of companies to which it belongs) (Where Signature for G-Suite is used)
03977902 70 Sir John Rogerson’s Quay,
Dublin 2, Ireland
Cloud Provider for Email
Signature Solutions (only utilised if using Google Workspace email service).
3 GoCardless 07495895 Sutton Yard
65 Goswell Road
Direct debit payment
4. Google Cloud EMEA Limited (and each member of the group of companies to which it belongs) (Where Signature for G-Suite is used)
03977902 70 Sir John Rogerson’s Quay,
Dublin 2, Ireland
Cloud Provider for Email
Signature Solutions (only utilised if using Google Workspace email service).