AAG IT Services Managed Services Terms & Conditions

THESE TERMS are applicable from 16th May 2018.

IT IS AGREED as follows:

During the term of your Managed Service Provision with AAG IT Services Ltd (“AIS”) it is agreed that authorised representatives of both parties have signed a separate Service Agreement detailing the services provided. The Service Agreement will be subject to and forms part of AIS standard Terms & Conditions of business, which are detailed below.

For avoidance of doubt the Services shall commence on the date stated in the relevant Service Agreement and not above.

1                DEFINITIONS

1.1             In these terms and conditions, the following words shall have the following meanings:

“AIS Equipment”

Means any hardware provided by AIS (whether owed by AIS or by a Third-Party Provider) to the Client as specified in an Order or required to provide the Services

“Acceptance”

Means acceptance by AIS of an Order from the Client in writing or by email, or by commencement of the provision of the Goods and/or Services in accordance with clause 2.5 (and “Accepted” shall be interpreted accordingly).

“Acceptable Use Policy”

Means AIS’s acceptable use policy that is available to view below, which may be modified from time to time by AIS
AAG Acceptable Use Policy

“Application”

Means any application or software supplied to the Client by AIS in performance of the Services

“Applicable Laws”

Means (a) European Union or Member State laws with respect to any Client Personal Data in respect of which any Client Group Member is subject to EU Data Protection Laws; and (b) any other applicable law with respect to any Client Personal Data in respect of which any Client Group Member is subject to any other Data Protection Laws

“Asset Schedule”

Means the asset schedule listing details of Client Equipment (as defined in the Service Agreement/ Proposal Document/ Client Inventory Report) to be supported by AIS, where a given Service includes support, as included in the Service Agreement

“Billing Rate”

Means AIS’s standard billing rates and other rates from time to time for the provision of its services

“Charges”

Means the charges payable by the Client to AIS for the provision of the Goods and/or Services, as set out in the Order(s) (which, for the avoidance of doubt, may refer to a price list published by AIS from time to time)

“Client Data”

Means all data processed by AIS or otherwise provided to AIS pursuant hereto

“Client Affiliate”

Means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Client, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise

“Client Group Member”

Means Client or any Client Affiliate

“Client Personal Data”

Means any Personal Data Processed by a Contracted Processor on behalf of a Client Group Member

“Contracted Processor”

Means AIS or a Subprocessor

“Coverage Hours”

Means the hours specified in the relevant Service Contract or, if no hours are specified then, the hours of 8:00am to 6:00pm Monday to Friday excluding bank holidays.

“Data Exporter”

Means Client or any Client Affiliate

“Data Importer”

Means AIS or a Subprocessor

“Data Protection Laws”

means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country

“Documentation”

Documentation used or provided by AIS in connection with the provision of the Services hereunder

“EEA”

Means the European Economic Area

“Equipment”

Means the Equipment explicitly and specifically listed in the relevant Service Contract together with any additional charges which may become payable pursuant to Clause 5.2.

“EU Data Protection Laws”

Means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR

“Event of Force Majeure”

Means an instance of force majeure as defined in Clause 11.1

“Fee”

Means the charges specified in the relevant Service Agreement together with any additional charges which may become payable.

“Fault”

Means either (a) material failure of the Services, or the infrastructure to perform in accordance with the Documentation; or (b) a cessation, interruption or degradation of the functionality of the Services or the Infrastructure

“GDPR”

Means EU General Data Protection Regulation 2016/679

“Goods”

Means the goods to be provided by AIS, as set out in the Order(s)

“Infrastructure”

Means the network infrastructure either owned by AIS or the Client, as set out in the Order(s) and/or Asset Schedule

“Incident”

Means an unplanned interruption to the normal operation of the equipment

“Intellectual Property Rights”

Means patents, trademarks, service marks, design rights, domain names, database rights, registrations and applications for registration for any of the foregoing copyright and all rights in the nature of copyright, trade secrets, know-how and other industrial and intellectual property rights, wherever subsisting

“Master Agreement”

Means the Master Agreement for services entered into by AIS and the Client incorporating these Conditions pursuant to which all Service Contracts are agreed.

“Minimum Term”

Means any minimum term for provision of the Services set out in an Order Form

“Order”

Means an order for the provision of Goods and/or Services submitted by the Client to AIS on the relevant Order Form or the acceptance by the Client of a Quotation

“Order Form(s)”

Means order form(s) for some or all of the Services, as may be provided to the Client by AIS from time to time.  For the avoidance of doubt, where an Order Form has been provided by AIS for a particular part of the Services, the Client shall use such Order Form to order such Services

“Quotation”

Means a quotation for the provision of Goods and/or Services which has been prepared by AIS and delivered to the Client.  Unless otherwise set out in a Quotation, all Quotations shall be valid for 30 days from the date of issue.

“Relevant Event”

Means any act or omission or delay by the Client the effect of which is materially to prejudice the ability of AIS to perform its obligations in accordance with an Order or this Agreement

“Restricted Transfer” means:

a)      a transfer of Client Personal Data from any Client Group Member to a Contracted Processor; or

b)      an onward transfer of Client Personal Data from a Contracted Processor to a Contracted Processor, or between two establishments of a Contracted Processor,

in each case, where such transfer would be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws) in the absence of the Standard Contractual Clauses to be established under section 18.4 or 24 below;

“Service Agreement”

Means the AIS Service Agreement document for the Service(s) including the Order Form for the Services and the Service Terms

“Service Terms”

Means any specific terms and conditions set out separately or within a Service Agreement or with an Order which are specific to the Services being delivered

“Services”

means the services and other activities to be supplied to or carried out by or on behalf of AIS for Client Group Members

“Site”

Means the location of the Client’s business operations and its infrastructure as set out in the Service Agreement document.

“Standard Contractual Clauses“

Means the contractual clauses set out in the terms and conditions listed below

“Subprocessor”

Means any person (including any third party, but excluding an employee of AIS or any of its sub-contractors) appointed by or on behalf of AIS to Process Personal Data on behalf of any Client Group Member

“T&M Charges”

Means additional sums which may be charged under this Agreement in accordance with AIS’s rates from time to time for work undertaken on a time and materials basis

“Third Party Provider”

Means the provider of Third Party Services

“Third Party Services”

Means any part of the Services which AIS procures from a third party, including broadband access connections and any third-party hosting services, telecommunications services and/or licencing or equipment

“Third Party Software”

Means any open source or third-party application or software used or supplied pursuant to this Agreement and the use of which is subject to the relevant vendor’s licence agreement as specified in an Order

“Working Day”

Means a weekday other than UK bank and public holidays

“Working Hours”

Means the hours in which the Services are to be provided in accordance with the Order(s) and Section 14 of this document.

The terms, “Commission“, “Controller“, “Data Subject“, “Member State“, “Personal Data“, “Personal Data Breach“, “Processing” and “Supervisory Authority” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.

The word “include” shall be construed to mean include without limitation, and cognate terms shall be construed accordingly.

1.2             The clause headings are included for convenience only and shall not affect the construction or interpretation of this Agreement;

1.3             Use of the singular includes the plural and vice versa;

1.4             Words importing a particular gender to not exclude other genders;

1.5             Any reference to ‘persons’ incudes natural persons, firms, partnerships, bodies corporate, corporations, associations, organisations, governments, states, foundations and trusts (in each case whether or not incorporated and whether or not having separate legal personality);

1.6             Any reference to a statute, statutory provision or statutory instrument includes a reference to that statute, statutory provision of statutory instrument together with al rules and regulations made under it as amended or consolidated as at the date of this Agreement.

1.7             In the event of a conflict between the terms of this Agreement and the Services Term or Order, the Service Terms will prevail over this Agreement and the Order will prevail over the Service Terms.

2.0             ORDER PROCESS

2.1             Each Order shall be deemed to be an offer by the Client subject to this Agreement.  The Client shall ensure that each Order is complete and accurate.

2.2             A binding contract for the provision of the Goods and/or Services shall not come into existence between AIS and the Client until Acceptance by AIS of the Client’s Order as determined in accordance with clause 2.5.

2.3             For the avoidance of doubt, in the event that an Order Form is submitted by the Client and contains its own terms and conditions, those terms and conditions shall not form part of the contract between the parties.

2.4             In order validly to submit an Order, the Client must either: –

2.4.1          Sign the Quotation and return it to AIS by post or email; or

2.4.2          Use AIS’s electronic document signature service – an online facility through which Quotations may be transmitted.

2.5             AIS will convey Acceptance of an Order either by any of the following means: –

2.5.1          By first class post in which case it will be effective on posting;

2.5.2          By email in which case it will be effective on transmission, subject in the case of a to an “ok” confirmation; or

2.5.3          By commencement of delivery of the Services, in which case Acceptance will be effective on such commencement.

3                SERVICES

3.1             From the Effective Date and for the duration of this Agreement, and in consideration of the payment of the Charges and any other sums due hereunder and subject to Events of Force Majeure and Relevant Events, AIS shall provide, or procure the provision of the Goods and/or Services to the Client in accordance with the terms of this Agreement and any applicable Service Terms and the terms within the Order.  The parties may agree amendments to this Agreement by the submission and Acceptance of new Orders.

3.2             AIS will use reasonable endeavours to provide the Services promptly, having regard to the availability of personnel, necessary supplies and facilities and commitments to other clients.  All dates or times quoted for commencement or completion of any part of the Services and for delivery of the Goods are estimates only.

3.3             Any setup fees for the service will be made clear in our recommendations. There may also be a requirement to bring inappropriate systems to a suitable support level prior to the contract being enabled. If AIS undertakes such remediation work on behalf of the client, then separate fees may be incurred and the work will be considered separate to the provision of this service.

3.4             Clients requiring additional works not covered by MSP — such as new installations or projects, or changes outside the scope of MSP — will be charged at AAG’s normal Contract Hourly Rates without commitment, this will be quoted before any work commences. This includes any and all works undertaken prior to the contract start date.

3.5             Any service level agreement or order provided by AIS shall supersede any third party providers service level agreement, where the timescales within the third parties agreements are higher than those within the AIS’s. If any third party breaches their own service level agreement, which is out of AISs control, AIS will not be held responsible for this.

If the Client submits an Order for Third-Party Services, the Client’s continued use of the Services shall be deemed as confirmation that the Client has accepted all terms and conditions of the Third-Party Provider. AIS will publish any 3rd party services on its company website which can be found at www.aag-it.com/legal

3.6             Services may be provided remotely via the Client’s internet connection or by telephone.  Where, in AIS’s sole opinion, it is necessary and/or desirable for the Client to install remote support and/or management software, such software, of AIS’s own choosing, will be provided by AIS at AIS’s own expense.  If the Client wishes to use alternative remote support and/or management software, then the cost for sourcing and implementing such software will be borne by the Client.

3.7             Where appropriate, AIS shall provide the Services remotely.  If, in AIS’s sole opinion, remote provision or support is not appropriate, AIS may send personnel to the Site to enable provision or support of the Services.  In such event T&M Charges shall be payable for each hour during which AIS personnel are in attendance at the Site, unless otherwise included or waived in the Service Agreement for the Service(s) or otherwise agreed in writing between the parties.  At AIS’s sole discretion, it may also charge for any incurred expenses and/or travel time at its then current rates.

3.8             AIS shall be entitled to make variations and additions to the Services from time to time (acting reasonably) including:

3.8.1          To improve or add to the Services

3.8.2          To make changes for operational reasons where these do not have a materially adverse effect on the Services;

3.8.3          To pass through any change made by any third party to any Third-Party Services;

3.8.4          In order to comply with any law or legal obligation (whether under common law, statute, tort or otherwise), or any change to any law or legal obligation;

3.8.5          In order to comply with any final order, provisional order, direction, notice, specification, designation or consent made by the Office of Communications (Ofcom) or any other regulatory body; and

3.8.6          In order to maintain the integrity, efficiency or security of the Services and/or any part of the Infrastructure and/or AIS’s Systems.

3.9             AIS may suspend the Services without notice or liability to the Client if AIS reasonably believes the circumstances justify this to protect itself or others or to comply with any law, please refer to our Acceptable Use Policy as published at https://www.aag-it.com. In making the decision to suspend the Services, AIS is not obliged to consider the cost or damage to the Client that may be caused by suspension of the Services to the Client.

3.10           AIS represents and warrants to the Client that:

3.10.1          AIS warrants and represents that, before it processes any Client Personal Data on behalf of any Client Group Member, AIS entry into the signed Service Agreement and TCs as an agent for and on behalf of that Client Group Member and will have been duly and effectively authorised (or subsequently ratified) to do so.

3.10.2          AIS has full right power and authority to provide the Services to the Client in accordance with the terms of this Agreement and has obtained all necessary licences to enable it to perform the Services and to enable the Client to use the Services;

3.10.3        Subject to Events of Force Majeure and Relevant Events, AIS will use its reasonable efforts to provide the Services and all other services to be provided to the Client using reasonable care and skill and in accordance with good industry practice in accordance with the terms of this Agreement and any Order; and

3.10.4        AIS has all requisite registrations and complies to all current data protection legislation and will maintain such registrations throughout the term of this Agreement and will comply with the provisions of such legislation

3.11           AIS makes no warranty, representation or undertaking in respect of any Application and, save as set forth in this Agreement, all warranties and representations (including without limitation any as to fitness for any particular purpose satisfactory quality or merchantability of an Application) are hereby excluded to the fullest extent permitted by law.  Any and all software provided or utilised under or pursuant to this Agreement or an Order is licensed to AIS by third parties and shall therefore be provided on an “as is” basis with no warranty or representation of any kind whatsoever.

3.12           AIS makes no warranty that operation of the Services will be uninterrupted or error-free.

3.13           If during the performance of the Services, the Client wishes to modify or add to the Services:

3.13.1        The Client shall provide to AIS written particulars of the proposed change(s) (the “Addition”) and such further details as AIS may require;

3.13.2        If requested to do so, AIS will provide the Client with a fixed cost for the Addition, otherwise costs of the Addition may be estimated on a time and materials basis;

3.13.3        Upon notification of the cost for the Addition via Quotation, the Client may elect to either:

3.13.3.1     Accept the Quotation in which case the Order will be amended in accordance with its terms; or

3.13.3.2     Withdraw the proposed amendments in which case the Order shall continue in force unchanged.

3.13.4        If the Client determines that the Addition is to be carried out, full particulars of the Addition are to be recorded in a written memorandum to be appended to the Order as a document in the form of a schedule

3.13.5        Additions will be carried out as part of and on the terms and conditions of this Agreement.

3.14           The Client may not resell the Services, in whole or in part, without the written permission of AIS.

4                SUPPLY OF GOODS

4.1             Risk of loss of or damage to the Goods shall pass to the Client on delivery of the Goods to the Client or the Client’s carrier and the Client shall insure the Goods from that time until ownership of and title to them passes to the Client.

4.2             Ownership of the Goods shall not pass to the Client until AIS has received in full (in cash or cleared funds) all sums due to it in respect of the Goods and all other sums which are or which become due to AIS from the Client on any account.

4.3             Until ownership of the Goods has passed to the Client, the Client shall:

4.3.1          Hold the Goods on a fiduciary basis as AIS’s Bailee;

4.3.2          Store and hold the Goods (at no cost to AIS) in such a way that they remain readily identifiable as AIS’s property and not destroy, deface or obscure any identifying mark or packaging on or relating to the Goods;

4.3.3          Maintain the Goods in satisfactory condition insured through a reputable insurance Client on AIS’s behalf for their full price against all risks to the reasonable satisfaction of AIS;

4.3.4          Produce on request the policy of insurance to and hold the proceeds of such insurance on trust for AIS and not mix them with any other money, nor pay the proceeds into an overdrawn bank account; and

4.3.5          Grant to AIS, its agents and employees an irrevocable licence at any time to enter any premises where the Goods are or may be stored in order to inspect them, or, where the Client’s right to possession has terminated, to recover them.

4.4             The Client may not resell, use or otherwise dispose of the Goods before ownership has passed to it.

4.5             Until ownership of the Goods has passed to the Client, the Client’s right to possession of the Goods shall terminate immediately if:

4.5.1          Any of the events set out in clause 8.5 occur; or

4.5.2          The Client encumbers or in any way charges any of the Goods.

4.6             AIS shall be entitled to recover payment for the Goods notwithstanding that ownership of any of the Goods has not passed from AIS.

4.7             All Goods supplied by AIS to the Client pursuant to this Agreement shall be supplied without any warranty, representation or condition, whether express or implied by common law or statute and all such warranties, representations and conditions are excluded to the fullest extent permitted by law, save that any manufacturers’ or suppliers’ warranties that are capable of assignment shall be assigned by AIS to the Client.

4.8             RETURNS POLICY

4.8.1          If the need for a return has been identified, whether due to AIS error, Client error and or Vendor error, this needs to be reported to AIS within 3 working days of receipt of delivery.

4.8.2          If any good(s) are ordered in client error: AIS will require authorisation from the Vendor for the good(s) supplied before accepting a return(s).

4.8.3          If the packaging of the good(s) is opened your return(s) may be rejected, subject to the Vendor’s terms and conditions.

4.8.4          If a return(s) is an AIS error, this will be collected free of charge and a credit will be applied to the Client’s account.

4.8.5          If an advanced replacement is required, then AIS will arrange for this to be completed, subject to availability. Before an advanced replacement will be approved, signed confirmation via the AIS electronic signature tool will be required from the Client ensuring that the original good(s) delivered will be returned.

4.8.6          Any good(s) received by AIS without a valid Returns Number will be returned to the Client.

4.8.7          Any good(s)/packaging that are delivered in a damaged condition, must be signed for with the courier as damaged on delivery. AIS must be notified within 2 working days of the damaged condition.

4.8.8          If the return(s) is due to Client error, the Client will need to return the good(s), within 3 working days of the return(s) being issued back to AIS at the Client’s own cost. If the good(s) are not returned to AIS within this time frame, AIS reserve the right to reject the claim.

4.8.9          If the return(s) has been confirmed to be a Client error, the manufacturer’s packaging needs to be in pristine condition. If the manufacturer’s seal has been broken the good(s) will be returned to the Client and payment in full will be required

4.8.10        AIS is not responsible for loss or damaged packages of good(s) that are being returned under our Returns Policy. Please insure your return and obtain a tracking number as a safeguard. AIS also recommend you utilise appropriate and adequate packaging when shipping your return(s) to avoid damage to the product.

4.8.11        P.O. Box addresses are NOT accepted for returns. You must provide us with a physical address to continue with our Returns Policy. If a P.O. Box is used, AIS will not be responsible for lost packages.

4.8.12        Damages, defects or missing goods must be reported within 5 business days of receipt of good(s).

4.8.13        International Clients are responsible for custom charges including, but not limited to, brokerage, taxes, duties and other fees.

4.8.14        Replacements are processed upon product availability.

4.8.15        Any personal data should be removed before returning products to AIS. AIS is not liable for loss or misuse of any personal data stored on returned products.

4.8.16        AIS will attempt to collect a return(s) from a Client’s location a maximum of 3 times before the return is cancelled.

5                CLIENT’S OBLIGATIONS

5.1             The Client shall at all times and at its own cost, throughout the term of this Agreement and any Order:

5.1.1          Provide and maintain such hardware, software, connections and configurations at the Site and/or on its infrastructure as recommended by AIS;

5.1.2          Give the personnel of AIS such rights of access to the Client’s personnel and premises and infrastructure as are reasonably required by AIS for the purpose of providing the Goods and/or Services;

5.1.3          Procure that, where personnel of AIS work on the Client’s premises, such personnel are provided with reasonable office accommodation and facilities, including telephone, power and communication links.  The infrastructure must be readily accessible from such accommodation and facilities;

5.1.4          Procure that its employees and any sub-contractors co-operate with the reasonable requests of AIS in relation to the provision of the Goods and/or Services;

5.1.5          Procure that the personnel of AIS are entitled to carry out the Services without being subjected to either verbal or physical abuse.  Furthermore, the Client undertakes to treat the personnel of AIS in a courteous manner.  Any breach of this clause 5.1.5 will entitle AIS to suspend provision of the Services or delay delivery of any Services without penalty;

5.1.6          Care for and operate all AIS Equipment and Infrastructure and other hardware related to the Services in accordance with the user and/or operator manuals and AIS’s instructions;

5.1.7          Not permit any persons other than AIS and its authorised representatives to modify, alter or enhance the infrastructure without the prior written permission of AIS;

5.1.8          Use reasonable endeavours to perform all Client administered tasks and routines requested by AIS in accordance with the schedule and specification for such tasks and routines agreed with AIS;

5.1.9          Maintain a written dated and timed record of any routines, modifications, alterations or enhancements to the Infrastructure performed by the Client or any third party, including, but not limited to, software and hardware configuration changes, installations and removals;

5.1.10        Notify AIS promptly on detecting that the Infrastructure is not operating correctly;

5.1.11        Permit only authorised and suitably experienced and qualified personnel to contact AIS to request provision of the Services;

5.1.12        Ensure that there is a legitimate licence for every copy of a software program in use, whether the software is installed on individual or networked computers and, further, to ensure that such licences permit use by AIS as required to perform the Services and that the Client complies with such licence terms and conditions;

5.1.13        Be responsible for obtaining and maintaining any consents, permits, licences and authorisations to enable the Services to be provided whether or not AIS is responsible for obtaining any consents, permits, licences or authorisations required by the Services themselves;

5.1.14        Other than where AIS has agreed to be responsible for the management and administration of part or all of the Infrastructure, be responsible for the management and administration of the Infrastructure;

5.1.15        Store safely all disks, manuals, hard copy licence agreements and/or Documentation relating to such software;

5.1.16        Within a reasonable time, furnish AIS with such information and documents as it may reasonably request for the proper performance of its obligations hereunder.  The Client shall use reasonable endeavours to ensure all such information or documents are complete and accurate;

5.1.17        Provide access to all personnel, including decision-makers, reasonably required by AIS in order to provide the Goods and/or Services;

5.1.18        Take all reasonable steps including any steps specified by AIS or the relevant manufacturer to ensure that, as far as reasonably practicable, any equipment, facilities or offices will be safe and without risks to health at all times;

5.1.19        Keep AIS informed of any change to the Client’s address as set out herein and other such information as may affect the payment of charges due;

5.1.20        Where the Service includes the provision of AIS Equipment, the Client will not interfere with any markings, plates, trademarks, logos or service marks indicating ownership of the equipment, and will be responsible for regularly cleaning the exterior surfaces of all such equipment in accordance with the instructions provided by AIS, and will not, without the prior written consent of AIS, remove or keep such equipment or permit the same to be removed or kept outside of the United Kingdom; and

5.1.21        Unless otherwise provided as a separate Service by AIS to the Client, and subject to any applicable terms for that Service, the Client shall be solely responsible for the security and provision of backup copies of its own data and for ensuring that any backups are protected.

5.2             The Client shall not, and shall procure that its employees and sub-contractors shall not:

5.2.1          Use the Good or Services to transfer an illegal material (including but not limited to material which may be deemed to be offensive, abusive, indecent, defamatory, obscene, menacing or in breach of copyright, privacy or other rights);

5.2.2          Use the Goods or Services to send menacing, offensive, abusive or annoying messages (commonly referred to as, but not exclusively, ‘spam’ or Unsolicited Commercial Email ‘UCE’);

5.2.3          Divulge one or more passwords that allow the Client to have access to the Services to a third party and shall keep all passwords confidential and inaccessible to third parties;

5.2.4          Announce by any means any and all internet addresses allocated to the Client as part of an internet autonomous system (AS); and

5.2.5          Use or permit the usage of the Goods or Services in an unlawful manner or in contravention of published legislation and regulations governing the internet.

5.3             In the event that the Client requires AIS to correct a Fault (in accordance with a relevant Order for Services), the Client shall follow the procedure as outlined in the Service Agreement or Order or as otherwise notified to the Client by AIS for reporting Faults.

5.4             The Client shall comply with the Acceptable Use Policy at all times.  If, in the opinion of AIS, the Client has violated the Acceptable Use Policy, AIS may, without any liability for the consequences thereof or any prejudice to the Client’s payment obligations hereunder, suspend the provision of all or part of the Services to the Client and may restrict or block internet traffic to or from the infrastructure.

5.5             The Client shall not, and will not allow any other person to, violate or attempt to violate any aspect of the security of AIS’s Systems.  The Client understands that any such violation is unlawful in many jurisdictions and that any contravention of law may result in criminal prosecution.  Examples of violations are:

5.5.1          Accessing, copying, moving, transferring, deleting or in any way modifying data unlawfully or without consent;

5.5.2          Attempting to probe, scan or test the vulnerability of any computer system or network or to breach security or authentication measures;

5.5.3          Attempting to interfere with service to any user, host or network, including, without limitation, via means of overloading, “flooding”, “denial of service attacks”, “mail bombing” or “crashing”

5.5.4          Forging any TCP/IP packet header or any part of the header information in any e-mail or newsgroup posting;

5.5.5          Taking any action in order to obtain services to which the Client is not entitled.

5.6             Delays by the Client

5.6.1          Where any delay in the performance or delivery of the Services by AIS is caused directly or indirectly by the Client’s actions the time for performance or delivery of the Services as set out in the Work Order Schedule shall be extended by a period of time equivalent to the delay caused directly by the Client’s actions.

5.6.2          To the extent that any delay is directly or indirectly caused by any act or omission of the Client, AIS shall be entitled to charge the Client for the effects of such delay at the Billing Rate.

5.6.3          In the event that Client requests a delay in respect of the delivery, installation or provision of any Services in respect of which AIS has procured/is procuring certain or all elements from third parties, AIS reserves the right to raise invoices in respect thereof and to be paid in accordance with the Order.

5.7             The Client hereby acknowledges and agrees that AIS shall not be liable for any delay or failure to comply with its obligations hereunder, and shall indemnify AIS in full and on demand in respect of any costs, claims, damages or liabilities arising from any delay or failure by the Client to comply with the provisions of this clause 5.

5.8             If a client is covered under 24/7/365 support by AIS as stipulated in the Service Terms and an out of hours site visit is requested by the client or determined by AIS that a site visit is recommended then the client is responsible for ensuring and confirms that all appropriate access and all insurances, health and safety requirements have been met, according to all current and any updated legislations to English Laws in return AIS agrees to adopt all of the clients processes and procedures while on the clients site. If the out of hours site visit was prevented due to means out of AAG’s control caused directly by the client, then AIS may seek financial reimbursements. If this occurs an out of hours charge may apply, the rate of this can be found on AAG’s Service Catalogue, which can be updated at the discretion of AAG.

6                PAYMENT

6.1             The Client shall pay the Charges set out in the Order(s) and otherwise arising pursuant to the provisions herein in accordance with the payment terms set out herein.  AIS reserves the right to increase the Charges and will give at least 30 days’ written notice of any such intention.

6.2             AIS will issue invoices to the Client in accordance with the terms set out in the Service Agreement document.

6.3             The Client shall pay the Charges in accordance with the terms of the relevant Order or, where no payment terms are set out in an Order, within thirty (30) days of invoice date.

6.4             Unless otherwise expressly set out to the contrary in the applicable Order Forms, the Client shall pay all expenses reasonably incurred by AIS that are attributable to the provision of the Goods and/or Services. Such expenses shall include without limitation the cost of travel outside Working Hours to and from supported sites, attendance at meetings, and preparation of reports, telephone charges and courier costs.

6.5             AIS reserves the right to invoice the Client in advance in respect of all fees payable as disbursements to third parties such as hardware or software vendors.  In such cases, all monies paid by the Client shall be held on account by AIS on behalf of the Client.

6.6             Except as otherwise stated the Charges are exclusive of VAT and all other taxes which shall be payable by the Client. Where applicable the Charges are also exclusive of other fees and charges payable to any third party, including but not limited to third party hardware and software suppliers, internet service providers, and domain name and Client registries.

6.7             If payment is not received by the due date, AIS is entitled to charge interest on any unpaid amount at a daily rate which shall (after, as well as before, any unsatisfied judgement in respect thereof) be five per cent (5%) per annum above the Sterling base rate of HSBC Bank Plc.  AIS shall also be entitled to recover its expenses in connection with such default in payment including legal expenses and costs of collection.

6.8             In the event of the Client’s failure to pay outstanding invoices, AIS reserves the right without any liability for the consequences thereof or any prejudice to the Client’s payment obligations hereunder, to suspend provision of the Services forthwith.

6.9             All amounts due under this Agreement shall be paid in full without any deduction or withholding other than as required by law and the Client shall not be entitled to assert any credit, set-off or counterclaim against AIS in order to justify withholding payment of any such amount in whole or in part.

6.10           The acceptance of any monies by AIS shall not be construed as an acceptance of such monies as the correct and full amount due and owing to AIS or as a waiver by AIS of any claims it may have against the Client.

7                LIMITATION OF LIABILITY

7.1             All warranties, representations, guarantees, conditions and terms, other than those expressly set out in this Agreement whether express or implied by statute, common law, trade usage or otherwise and whether written or oral are hereby expressly excluded to the fullest extent permissible by law.

7.2             Subject to clause 7.3, 7.4, 7.5 and 7.6, the maximum aggregate liability of AIS (including its respective agents and sub-contractors) arising from or in connection with this Agreement, whether arising in contract, tort (including negligence) or otherwise, shall not exceed four times the total Charges paid by the Client under the relevant Order.

7.3             In no event shall AIS (including its respective agents and sub-contractors) be liable for any loss or damage that is due to:

7.3.1          Defects in systems, hardware or software owned by third parties or the Client, supplied to the Client by third parties or procured by AIS from third parties;

7.3.2          Any defect or default arising from or caused by any changes made to the Infrastructure which have not been made or expressly approved in writing by AIS or resulting from what AIS reasonably considers to be abnormal usage;

7.3.3          Any unauthorised access to the Client’s Infrastructure, unless the parties have agreed in writing that AIS is responsible for the security of such networks and/or systems;

7.3.4          Any failure of the Goods and/or Services which results from interference (including maintenance, development or adaptation) by the Client or any third party which is not in accordance with the provided Service Teams or AIS’s specific instructions;

7.3.5          Any failure to the Client’s delay in providing information as reasonably requested by AIS.  Any such failure which results in AIS spending additional time and expense to fulfil the Services shall be recoverable from the Client at the Billing Rate;

7.3.6          Any failure of Goods and/or Services that is due to any integration or interoperability issues arising with any third party or Client systems or legacy systems;

7.3.7          Any failure of the Services that is due to any failure of Third Party Services;

7.3.8          Any loss or corruption of data or information due to viruses or malicious damage or otherwise.

7.4             In no event shall AIS (including its respective agents and sub-contractors) be liable for:

7.4.1          Any loss of profits or business or revenue, damage to, destruction or loss of data, business interruption, loss of use, loss of contracts, loss of goodwill (whether direct or indirect), any failure to make anticipated savings or any wasted management time or any special, indirect, consequential or pure economic loss, costs, damages, charges or expenses;

7.4.2          Any special, indirect, incidental, punitive, exemplary, or consequential damages arising out of or in connection with this Agreement, even if AIS has been advised of the possibility of such damages; whether or not caused by or resulting from its negligence or a breach of its statutory duties or a breach of its obligations howsoever caused even if it is advised of the possibility of such loss.

7.5             Interruptions to or other impact on the Services arising directly or indirectly from: –

7.5.1          Interruptions to the flow of data to or from the Client and/or other parts of the internet;

7.5.2          Changes to AIS’s own network or servers (including the implementation of any necessary upgrades and operating system patches) and other housekeeping tasks which need to be made;

7.5.3          The effects of the failure or interruption of services provided by third parties;

7.5.4          Factors outside of AIS’s reasonable control;

7.5.5          Any actions or omissions of the Client (including, without limitation, breach of Client’s obligations set out in this Agreement) or of any third parties;

7.5.6          Issues with the Client’s equipment and/or third-party equipment; or

7.5.7          Any interruptions to the Services requested by the Client.

7.6             For the avoidance of doubt, nothing in this Agreement shall be deemed to exclude, restrict or limit liability of either party (or their respective agents or sub-contractors) for death or personal injury resulting from their negligence or any liability for fraudulent misrepresentation.

7.7             Both parties accept that the limitations and exclusions set out in this Agreement are reasonable having regard to all the circumstances.

8                TERMS AND TERMINATION

8.1             This Agreement shall come into force on the Effective Date and shall, subject to any Minimum Term provision in the Order Form, remain in force until terminated by either party on the provision of not less than ninety (90) days’ notice in writing (save that no termination may take effect until all Goods and/or Services set out in all Orders have been provided and all payments received by AIS), passed unless terminated earlier in accordance with clauses 8.2 or 8.5.

8.2             Subject to clause 8.1 herein, the Client may terminate the Service Agreement prior to the completion of the Minimum Term subject always that the Client shall (I) give AIS ninety (90) days prior written notice; and (ii) forthwith pay AIS the remaining Charges and all other monies owed to AIS during the Minimum Term all of which, for the avoidance of doubt shall become due and payable upon termination in accordance with clauses 8.2.

8.3             Upon termination of the applicable Service Agreement for any reason and where the Client’s equipment is retained in AIS’s premises, the Client shall remove such of its equipment from AIS’s premises within five (5) Working Days of the date of the Client’s payment of all monies owed.  In the event the Client fails to remove its equipment in accordance with this clause 8.3, AIS shall remove and deliver such equipment to the Client’s premises at the Client’s expense.

8.4             Notwithstanding the foregoing, all or any part of the Services may be suspended in the event that the Client does or suffers anything to be done that jeopardises the provision of the Services by AIS.  No such suspension shall affect the liability of the Client to pay charges and other amounts to AIS hereunder.

8.5             In any event the Agreement may be terminated immediately on written notice:

8.5.1          By either party if the other party is in material breach of its contractual obligations and has not remedied such breach within ninety (90) days after receipt of a written notice of default from the other party;

8.5.2          By either party if the other party shall convene a meeting of its creditors or if a proposal shall be made for a voluntary arrangement within Part 1 of the Insolvency Act 1986 or a proposal for any other composition scheme or arrangement with or assignment for the benefit of its creditors or if the other shall be unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986 or if a trustee, receiver, administrative receiver, administrator or liquidator or similar officer is appointed in respect of the other party or all or any part of its business or assets or if a petition is presented or a meeting is convened for the purpose of considering a resolution or other steps are taken for the winding up of the other party or for the making of an administration order (otherwise than for the purpose of an amalgamation or reconstruction) or if any analogous step is taken in any jurisdiction;

8.5.3          By AIS if there is a change of control (as defined in Section 416 of the Income and Corporation Taxes Act 1988) in the Client or the Client’s parent company and we feel that there may be a threat to AIS’s intellectual property and vice versa; or

8.5.4          By the Client on at least 90 day’s written notice to AIS if it does not accept any increases made pursuant to clause 6.1 above.

8.6             Termination of this Agreement shall be without prejudice to any rights of either party arising on or before termination, which includes without limitation entitlement to payment of all sums due to AIS for Goods and/or Services supplied (including for the avoidance of doubt any Charges incurred in respect of work in progress) prior to the time when termination takes effect.

8.7             The provisions of clauses 6 (to the extent of any unpaid obligations), 7, 8.7, 9, 10 and 12 shall survive the termination of this Agreement and shall remain in full force and effect.

8.8             Termination of the Agreement, however arising, shall not affect or prejudice the accrued rights of the parties as at termination or the continuation of any provision expressly stated to survive in Clause 8.9, or implicitly surviving, termination.

8.9             The clauses relating to liability, confidentiality and data security shall survive termination of this Agreement.

8.10           If, during the term of this Agreement, AIS receives written notice from Client of any breach by AIS of the representations and warranties contained in this Agreement, AIS shall, at its own option and expense, endeavour to remedy that breach within a reasonable period following receipt of such notice, or terminate this Agreement and any relevant Service Agreement immediately on written notice to Client and repay to Client that part of the Charges which Client has paid to AIS under this Agreement or any relevant Service Agreement which relates to any unexpired part of the Service as per the Service Agreement. Client shall provide all information reasonably necessary to enable AIS to comply with its obligations under this Clause 8.10.  This clause sets out Client’s sole remedy and AIS’s entire liability for breach by AIS of the representations and warranties contained in this Agreement and the relevant Service Terms and Service Agreement.

9                CONFIDENTIALITY

9.1             Each party recognises that under this Agreement it may receive trade secrets and/or confidential or proprietary information belonging to the other.  Subject to the exclusions detailed in Clause 9.3, all such information which is designated as confidential or which is otherwise clearly confidential in nature constitutes “Confidential Information”.  Such matters include, without limitation, information or secrets relating to: corporate and marketing strategy, business development and plans, sales reports and research results, business methods and processes, technical information and know-how relating to the other’s business and which is not in the public domain, including inventions, designs, programs, techniques, database systems, formulae and ideas; business contacts, lists of clients and suppliers and details of contracts with them; and any document marked “confidential”.

9.2             Each party agrees not to divulge Confidential Information belonging to the other or to any third party, without the other party’s prior written consent.

9.3             The following shall not be Confidential Information for the purposes of this clause:

9.3.1          Information which is in, or which comes into, the public domain otherwise than by reason of a breach of this Agreement or of any other duty of confidentiality relating to that information;

9.3.2          Information obtained from a third party without that third party being under an obligation (express or implied) to keep the information confidential;

9.3.3          Information which is lawfully in the possession of the other party before the date of this Agreement and in respect of which that party is not under an existing obligation of confidentiality.

9.4             Each party shall be permitted to disclose Confidential Information to the extent that it is required to do so:

9.4.1          To enable the disclosing party to perform its obligations under this Agreement;

9.4.2          By any applicable law or by a court, arbitral or administrative tribunal in the course of proceedings before it;

9.4.3          By any regulatory body (including any investment exchange) acting in the course of proceedings before it or any regulatory body (including any investment exchange) acting in the course of its duties, or

9.4.4          In order to give proper instructions to any professional adviser of that party who also has an obligation such Confidential Information confidential.

9.5             The obligation in Clause 9.1 above will survive the expiry or termination of this Agreement for a period of 5 years or, in respect of any particular item of Confidential Information, until such earlier time as that item of Confidential Information reaches the public domain otherwise than by reason of a breach of this Agreement or of any other duty of confidentiality relating to that information.

9.6             Each party shall ensure all relevant employees, agents and sub-contractors are aware of the confidentiality of the Confidential Information and take all such steps to ensure compliance by its employees, agents and sub-contractors with these confidentiality provisions.

9.7             For the avoidance of doubt, all Client Data shall remain at all times the exclusive property of the Client and may only be used by AIS in order to fulfil its obligations pursuant hereto.

10              NON-SOLICITATION OF EMPLOYEES

10.1           During the period this Agreement is in effect and for a period of 6 months thereafter, the Client agrees not to (either personally or by its agent or by letters, circulars or advertisements and whether for itself or on behalf of any other person) solicit or offer to any employees of AIS or any sub-contractors used by AIS hereunder without the prior written consent of AIS.  The Client undertakes to use its reasonable endeavours to procure that its employees shall observe the terms of this clause provided that nothing in this clause shall prevent the Client from placing job advertisements in the general press or from making offers of employment in response to unsolicited enquiries.

10.2           In the event that the Client breaches clause 10.1, it shall be liable to pay, immediately on demand, and without prejudice to any other remedy that AIS may have, the equivalent of 12 months’ gross remuneration of the employee or sub-contractor or so solicited and/or employed.

11              FORCE MAJEURE

11.1           “Event of Force Majeure” means an event which falls within one or more of the following categories:

11.1.1        Riot, civil unrest, military action or terrorism;

11.1.2        Damage to or destruction of premises or equipment;

11.1.3        Earthquake, storm, flood or other natural disaster;

11.1.4        Deliberate sabotage of, or malicious damage to equipment or data (not attributable to AIS or any of its employees);

11.1.5        Industrial action, strikes or lock-outs by employees of third parties (excluding suppliers or sub-contractors of AIS except where no substitute is reasonably available);

11.1.6        Inability to obtain supplies of power, fuel, or transport;

11.1.7        Exercise of emergency powers by any United Kingdom governmental authority whether national, regional or local.

11.2           Either party shall be released from its obligations (other than an obligation to pay money) to the extent that performance thereof is delayed hindered or prevented by any circumstances beyond its reasonable control.

11.3           The party claiming to be affected by an Event of Force Majeure shall not be entitled to invoke the provisions of Clause 11.2 unless it fully performs the following obligations, namely:

11.3.1        On becoming aware of any Event of Force Majeure which gives rise, or which is likely to give rise, to any failure or delay in the performance of its obligations under this Agreement, it notifies the other party by the most expeditious method then available, giving details of the Event of Force Majeure, the obligations on its part which are affected and its reasonable estimate of the period for which such failure or delay shall continue;

11.3.2        It provides written confirmation and reasonable evidence of such Event of Force Majeure within 10 Working Days of notification under sub-Clause 11.3.1; and

11.3.3        It takes all reasonable steps to prevent, avoid, overcome and mitigate the effects of such Event of Force Majeure.

11.4           If either party is prevented from performing its obligations under this Agreement by an Event of Force Majeure which continues for more than 3 months, then either party shall be entitled to terminate this Agreement without liability to the other party forthwith on giving written notice of termination to the other party.

12              INTELLECTUAL PROPERTY RIGHTS

12.1           In consideration of payment of the associated Charges, AIS shall use its reasonable endeavours to procure that the third-party owner of the Third-Party Software grants to the Client a licence to use the Third-Party Software for the purposes of the Client’s receipt of the Services and such use by the Client shall be subject to the terms of such licence.

12.2           Without prejudice to the Client’s rights in its own materials the parties hereby agree that the Client shall not acquire any Intellectual Property Rights whatsoever in respect of any software, Documentation or other materials used by AIS in connection with or related to the provision of the Services hereunder.

12.3           AIS obtains no proprietary interest or Intellectual Property Rights in any Client Data but the Client hereby confirms to AIS that AIS is entitled to use such Client Data in connection with the provision of the Services and for the purposes of any additional services, including without limitation Client Data restoration and the Client hereby indemnifies and holds harmless AIS for the direct and indirect consequences of such use.

12.4           The Client hereby grants to AIS:

12.4.1        A non-exclusive, royalty-free, world-wide licence during the term of provision of the Services to uses, copy, store, reproduce, and manipulate Client Data for the purposes of using such data for the provision of the Services; and

12.4.2        A non-exclusive, royalty-free, world-wide licence during the term of provision of the Services to use, reproduce and display the Client’s trademarks for the provision of the Services.

12.5           Subject to any contrary provision in an Order, AIS undertakes only to use the Client’s trademarks for the purpose of providing the Services to the Client.

13              MISCELLANEOUS

13.1           References to clauses and schedules shall be to clauses and schedules of this Agreement.  The Order Form(s) form part of this Agreement and shall be interpreted accordingly.

13.2           Each party recognises that it is impossible to maintain flawless security but (where relevant) AIS shall take all reasonable steps to prevent security breaches in its interaction with Client and security breaches in any interaction with resources or users outside of any firewall that may be built into AIS’s servers.

13.3           Any failure to exercise or any delay in exercising a right or remedy provided by this Agreement or at law or in equity shall not constitute a waiver of the right or remedy or a waiver of any other rights or remedies.  A waiver of a breach of any of the terms of this Agreement or of a default under this Agreement shall not constitute a waiver of any other breach or default and shall not affect the other terms of this Agreement.

13.4           Subject to clause 13.5, this Agreement, together with the Service Agreements entered into by the parties, constitute the entire agreement and understanding between the parties in respect of the matters dealt with in them and supersedes cancels and nullifies any previous agreement between the parties relating to such matters notwithstanding the terms of any previous agreement or arrangement expressed to survive termination.  In entering into this Agreement neither party has relied on any representation made by the other party unless such representation is expressly included herein.  Nothing in this clause 13.4 shall relieve either party of liability for fraudulent misrepresentations and neither party shall be entitled to any remedy for either any negligent or innocent misrepresentation except to the extent (if any) that a court, arbitrator or expert by the parties may allow reliance on the same as being fair and reasonable.

13.5           No alteration, modification or addition to this Agreement shall be valid unless made in writing and signed by the duly authorised representatives of both parties.

13.6           The Client is responsible for maintaining the confidentiality of any passwords which are required to benefit from the Services and is solely responsible for any damage caused by any such unauthorised access.

13.7           AIS shall be entitled without liability or notice to the Client to delete any Client Data which AIS determines is infected by viruses or other malware which AIS is unable to eradicate.

13.8           Subject to clauses 2.4 and 2.5, all notices, documents and other communications relating this this Agreement must be in writing and delivered, or posted by first class registered or recorded pre-paid post or sent by facsimile transmission to the registered office of AIS or the Client, as appropriate, and any such notice shall be deemed to have been duly served upon and received by the party to whom it is addressed at the time of delivery if delivered by hand, on the expiry of 48 hours after posting or at the time of transmission in the case of facsimile transmission.

13.9           The rights and remedies provided by this Agreement are cumulative and (subject as otherwise provide in this Agreement) are not exclusive of any rights or remedies provided at law or in equity.

13.10         Nothing in this Agreement is intended to create a partnership or joint venture of any kind between the parties, or to authorise either party to act as agent for the other.  Save where expressly so stated in this Agreement, neither party shall have authority to act in the name or on behalf of or otherwise to bind the other.

13.11         Neither party may assign any benefit or obligation arising under this Agreement, without the prior written consent of the other party (which consent shall not be unreasonably withheld or delayed).  Any purported assignment which does not comply with the terms of this clause shall, as between the parties to this Agreement be null and void.

13.12         Without prejudice to any liability for fraudulent misrepresentation or fraudulent misstatement, each of the parties acknowledges and agrees that in entering into this Agreement, and the documents referred to in it, it does not rely on, and shall have no remedy in respect of, any statement, representation, warranty or understanding (whether negligently or innocently made) of any person (whether party to this Agreement or not) other than as expressly set out in this Agreement.  The only remedy available to it for breach of the warranties shall be for breach of contract under the terms of this Agreement.

13.13         No term of this Agreement is enforceable under the Contracts (Rights of Third Parties) Act 1999 by a person who is not a party to this Agreement executed in any number of counterparts or duplicates each of which shall be an original and such counterparts or duplicates shall together constitute or duplicates shall together constitute one and the same agreement.

13.14         Each party shall bear its own legal costs and other costs and expenses arising in connection with the drafting, negotiation, execution and registration (if applicable) of this Agreement, any Service Agreements and any Orders.

13.15         If any part of this Agreement is found to be unreasonable, invalid or unlawful under any enactment or rule of law the Court shall have the power to strike out or override that part whether it be an entire clause or clauses or some part of parts thereof and enforce this Agreement as if the offending part or parts had not been included.

13.16 Variations

13.16.1    AIS may change this Agreement (Terms and Conditions, AUP, and the Service Level Agreement) from time to time. In the event of a material adverse change AIS will give the Client at least ninety (90) days’ notice before the change is to take effect, save where compliance with any legal or regulatory obligation requires a shorter period of notice or no notice. The Client’s continued use of the Services following any such changes shall constitute the Client’s acceptance of such changes.

13.16.2    Except as set out within this clause, no variations of the Agreement, including the introduction of any additional terms and conditions, shall be effective unless it is agreed in writing and signed by a Director of AIS.

14              SERVICE LEVEL AGREEMENT (SLA)

14.1           AIS shall make the Support function available 24 hours a day, 7 days a week, 365 days a year to the Client for reporting incidents on endpoints that are covered on a 24/7/365 basis as stated within the terms of the signed Service Agreement. Any endpoints that are not covered by AIS’s 24/7/365 MSP provision will be able to contact the Service Desk during normal business hours.

14.1.1        Normal Business Hours = 08:00 – 18:00, Monday to Friday (excluding UK bank holidays)

14.1.2        Out of Hours = 18:00 – 08:00, Monday to Friday & 24 x 7, Saturday & Sunday (Remote Coverage ONLY).

14.1.3        24 x 7 = 24 hours a day, 7 days a week (including UK bank holidays)

14.2           AIS’s Managed Service is governed by a Service Level Agreement (SLA).  Details of AIS’ Service Level Agreement can be found in your Welcome Pack.

14.3     In relation to 3rd party applications and services, AIS will use its best endeavours or so far as it is reasonably practicable to do so and dependant on the 3rd parties response times and SLAs.

PROCESSING OF CLIENT PERSONAL DATA

15.1    AIS Ltd shall:

15.1.1   comply with all applicable Data Protection Laws in the Processing of Client Personal Data; and

15.1.2   not Process Client Personal Data other than on the relevant Client Group Member’s documented instructions unless Processing is required by Applicable Laws to which the relevant Contracted Processor is subject, in which case AIS shall to the extent permitted by Applicable Laws inform the relevant Client Group Member of that legal requirement before the relevant Processing of that Personal Data.

15.2    Each Client Group Member:

15.2.1   instructs AIS (and authorises AIS to instruct each Subprocessor) to:

15.2.1.1            Process Client Personal Data; and

15.2.1.2            in particular, transfer Client Personal Data to any country or territory which is governed under the regulatory data protection act, as reasonably necessary for the provision of the Services; and

15.2.2   warrants and represents that it is and will at all relevant times remain duly and effectively authorised to give the instruction set out in section 15.2.1 on behalf of each relevant Client Affiliate.

15.3    Subject to the signed Service Agreement sets out certain information regarding the Contracted Processors’ Processing of the Client Personal Data as required by article 28(3) of the GDPR (and, possibly, equivalent requirements of other Data Protection Laws). Client may make reasonable amendments to the details of processing of client personal data by written notice to AIS from time to time as Client reasonably considers necessary to meet those requirements. Nothing in the signed Service Agreement (including as amended pursuant to this section 15.3) confers any right or imposes any obligation on any party.

16        AIS PERSONNEL

AIS shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Contracted Processor who may have access to the Client Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Client Personal Data, as strictly necessary for the purposes of the fulfilling the Service Agreement, and to comply with Applicable Laws in the context of that individual’s duties to the Contracted Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.

17        SECURITY

17.1    Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, AIS shall in relation to the Client Personal Data implement appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.

17.2    In assessing the appropriate level of security, AIS shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.

18        SUBPROCESSING

18.1    Each Client Group Member authorises AIS to appoint (and permit each Subprocessor appointed in accordance with this section 18 to appoint) Subprocessors in accordance with this section 18 and any restrictions in these terms and conditions.

18.2    AIS may continue to use those Subprocessors already engaged by AIS as at the date of the signed Service Agreement, subject to AIS in each case as soon as practicable meeting the obligations set out in section 18.4.

18.3    AIS shall give Client prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within 30 days of receipt of that notice, Client notifies AIS in writing of any objections (on reasonable grounds) to the proposed appointment:

18.4    AIS shall ensure that each Subprocessor performs the obligations under sections 15.1, 16, 17, 19.1, 20.2, 21 and 23.1, as they apply to Processing of Client Personal Data carried out by that Subprocessor, as if it were party to these terms and conditions in place of AIS.

19        DATA SUBJECT RIGHTS

19.1    Taking into account the nature of the Processing, AIS shall assist each Client Group Member by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Client Group Members’ obligations, as reasonably understood by Client, to respond to requests to exercise Data Subject rights under the Data Protection Laws.

19.2    AIS shall:

19.2.1   promptly notify Client if any Contracted Processor receives a request from a Data Subject under any Data Protection Law in respect of Client Personal Data; and

19.2.2   ensure that the Contracted Processor does not respond to that request except on the documented instructions of Client or the relevant Client Affiliate or as required by Applicable Laws to which the Contracted Processor is subject, in which case AIS shall to the extent permitted by Applicable Laws inform Client of that legal requirement before the Contracted Processor responds to the request.

20        PERSONAL DATA BREACH

20.1    AIS shall notify Client without undue delay upon AIS or any Subprocessor becoming aware of a Personal Data Breach affecting Client Personal Data,  providing Client with sufficient information to allow each Client Group Member to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.

20.2    AIS shall co-operate with Client and each Client Group Member and take such reasonable commercial steps as are directed by Client to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

21        DATA PROTECTION IMPACT ASSESSMENT AND PRIOR CONSULTATION

AIS shall provide reasonable assistance to each Client Group Member with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Client reasonably considers to be required of any Client Group Member by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Client Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.

22        DELETION OR RETURN OF CLIENT PERSONAL DATA

22.1    Subject to sections 22.2 and 22.3 AIS shall promptly and in any event within thirty [30] days of the date of cessation of any Services involving the Processing of Client Personal Data (the “Cessation Date”), delete and procure the deletion of all copies of those Client Personal Data.

22.2    Subject to section 22.3, Client may in its absolute discretion by written notice to AIS within thirty [30] days of the Cessation Date require AIS to (a) return a complete copy of all Client Personal Data to Company by secure file transfer in such format as is reasonably notified by Client to AIS; and (b) delete and procure the deletion of all other copies of Client Personal Data Processed by any Contracted Processor. AIS shall comply with any such written request within thirty [30] days of the Cessation Date.

22.3    Each Contracted Processor may retain Client Personal Data to the extent required by Applicable Laws and only to the extent and for such period as required by Applicable Laws and always provided that AIS shall ensure the confidentiality of all such Client Personal Data and shall ensure that such Client Personal Data is only Processed as necessary for the purpose(s) specified in the Applicable Laws requiring its storage and for no other purpose.

22.4    AIS shall provide written certification to Client that it has fully complied with this section 10 within thirty [30] days of the Cessation Date.

23        Audit rights

23.1    Subject to sections [23.2 to 23.4], AIS shall make available to each Client Group Member on request all information necessary to demonstrate compliance, and shall allow for and contribute to audits, including inspections, by any Client Group Member or an auditor mandated by any Client Group Member in relation to the Processing of the Client Personal Data by the Contracted Processors.

23.2    Information and audit rights of the Client Group Members only arise under section 23.1 to the extent that these terms and conditions does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law (including, where applicable, article 28(3)(h) of the GDPR).

23.3    A Client Group Member may only mandate an auditor for the purposes of section 23.1 if the auditor has been mutually agreed upon with AIS. AIS shall not unreasonably withhold or delay an agreement to the appointment of an auditor.

23.4    Client or the relevant Client Affiliate undertaking an audit shall give AIS reasonable notice of any audit or inspection to be conducted under section 23.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavours to avoid causing (or, if it cannot avoid, to minimise) any damage, injury or disruption to the Contracted Processors’ premises, equipment, personnel and business while its personnel are on those premises in the course of such an audit or inspection. A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection:

23.4.1   to any individual unless he or she produces reasonable evidence of identity and authority;

23.4.2   outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Client or the relevant Client Affiliate undertaking an audit has given notice to AIS that this is the case before attendance outside those hours begins; or

23.4.3   for the purposes of more than one audit or inspection, in respect of each Contracted Processor, in any calendar year, except for any additional audits or inspections which:

23.4.3.1      Client or the relevant Client Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to AIS’s compliance with these terms and conditions; or

23.4.3.2      A Client Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory,

where Client or the relevant Client Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to AIS of the audit or inspection.

24        RESTRICTED TRANSFER

24.1    Subject to section 24.3, each Client Group Member (as “data exporter”) and each Contracted Processor, as appropriate, (as “data importer”) hereby enter into the Standard Contractual Clauses in respect of any Restricted Transfer from that Client Group Member to that Contracted Processor.

24.2    The Standard Contractual Clauses shall come into effect under section 24.1 on the later of:

24.2.1   the data exporter becoming a party to them;

24.2.2   the data importer becoming a party to them; and

24.2.3   commencement of the relevant Restricted Transfer.

24.3    Section 24.1 shall not apply to a Restricted Transfer unless its effect, together with other reasonably practicable compliance steps (which, for the avoidance of doubt, do not include obtaining consents from Data Subjects), is to allow the relevant Restricted Transfer to take place without breach of applicable Data Protection Law.

24.4    AIS warrants and represents that, before the commencement of any Restricted Transfer to a Subprocessor, AIS entry into the Standard Contractual Clauses under section 24.1, and agreement to variations to those Standard Contractual Clauses made under section 25.4.1, as agent for and on behalf of that Subprocessor will have been duly and effectively authorised (or subsequently ratified) by that Subprocessor.

25        GOVERNING LAW AND JURISDICTION

25.1    Without prejudice to clauses 26.7 (Mediation and Jurisdiction) and 26.9 (Governing Law) of the Standard Contractual Clauses:

25.1.1   the parties hereby submit to the choice of jurisdiction stipulated in these terms and conditions with respect to any disputes or claims howsoever arising under these terms and conditions, including disputes regarding its existence, validity or termination or the consequences of its nullity; and

25.1.2   all non-contractual or other obligations arising out of or in connection with it are governed by the laws of the country or territory stipulated for this purpose in these terms and conditions.

Order of precedence

25.2    Nothing within these terms and conditions reduces AIS obligations in relation to the protection of Personal Data or permits AIS to Process (or permit the processing of) Personal Data in a manner which is prohibited by these terms and conditions.

Changes in Data Protection Laws, etc.

25.3    Client may:

25.3.1   by at least 60 (sixty) calendar days’ written notice to AIS from time to time make any variations to the Standard Contractual Clauses (including any Standard Contractual Clauses entered into under section 24.1), as they apply to Restricted Transfers which are subject to a particular Data Protection Law, which are required, as a result of any change in, or decision of a competent authority under, that Data Protection Law, to allow those Restricted Transfers to be made (or continue to be made) without breach of that Data Protection Law; and

25.3.2   propose any other variations to these standard terms and conditions which Client reasonably considers to be necessary to address the requirements of any Data Protection Law.

25.4    If Client gives notice under section 25.3.1:

25.4.1   AIS shall promptly co-operate (and ensure that any affected Subprocessors promptly co-operate) to ensure that equivalent variations are made to any agreement put in place under section 18.4; and

25.4.2   Client shall not unreasonably withhold or delay agreement to any consequential variations to these terms and conditions as proposed by AIS to protect the Contracted Processors against additional risks associated with the variations made under section 25.3.1 [and/or 25.4.1].

13.5    If Client gives notice under section 25.3.2, the parties shall promptly discuss the proposed variations and negotiate in good faith with a view to agreeing and implementing those or alternative variations designed to address the requirements identified in Client’s notice as soon as is reasonably practicable.

26        DATA PROTECTION

The data exporter has entered into a Service Agreement with the data importer. Pursuant to the terms, it is contemplated that services provided by the data importer will involve the transfer of personal data to data importer. To ensure compliance with Directive 95/46/EC and applicable data protection law, the controller agrees to the provision of such Services, including the processing of personal data incidental thereto, subject to the data importer’s execution of, and compliance with, the terms of these Clauses.

26.1    Definitions

26.1.1   ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

26.1.2   ‘the data exporter’ means the controller who transfers the personal data;

26.1.3   ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

26.1.4   ‘the subprocessor’ means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

26.1.5   ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

26.1.6   ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

26.2    Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in the Proposal Document and signed Service Agreement which forms an integral part of the Clauses.

26.3    Third-party beneficiary clause

26.3.1   The data subject can enforce against the data exporter this Clause, Clause 26.4.2 to 26.4.9, Clause 26.5.1 to 26.5.5, and 26.5.7 to 26.5.10, Clause 26.6.1 and 26.6.2, Clause 26.7, Clause 26.8.2, and Clauses 26.9 to 26.12 as third-party beneficiary.

26.3.2   The data subject can enforce against the data importer this Clause, Clause 26.5.1 to 26.5.5 and 26.5.7, Clause 26.6, Clause 26.7, Clause 26.8.2, and Clauses 26.9 to 26.12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

26.3.3   The data subject can enforce against the subprocessor this Clause, Clause 26.5.1 to 26.5.5 and 26.5.7, Clause 26.6, Clause 26.7, Clause 26.8.2, and Clauses 26.9 to 26.12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.

26.3.4   The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

26.4    Obligations of the data exporter

The data exporter agrees and warrants:

26.4.1   that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

26.4.2   that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;

26.4.3   that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures;

26.4.4   that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

26.4.5   that it will ensure compliance with the security measures;

26.4.6   that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

26.4.7   to forward any notification received from the data importer or any subprocessor pursuant to Clause 26.5.2 and Clause 26.8.3 to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;

26.4.8   to make available to the data subjects upon request a copy of the Clauses, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

26.4.9   that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 26.11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and

26.4.10 that it will ensure compliance with Clause 26.4.2 to 26.4.9.

26.5    Obligations of the data importer

The data importer agrees and warrants:

26.5.1   to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

26.5.2   that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

26.5.3   that it has implemented the technical and organisational security measures required before processing the personal data transferred;

26.5.4   that it will promptly notify the data exporter about:

any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
any accidental or unauthorised access, and
iii.     any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;

26.5.5   to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

26.5.6   at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;

26.5.7   to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, and a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

26.5.8   that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;

26.5.9   that the processing services by the subprocessor will be carried out in accordance with Clause 26.11;

26.5.10 to send promptly when requested a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.

26.6    Liability

26.6.1   The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 26.3 or in Clause 26.11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.

26.6.2   If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 26.3 or in Clause 26.11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.

26.6.3   The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.

26.6.4   If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 26.3 or in Clause 26.11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.

26.7    Mediation and jurisdiction

26.7.1 The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

a)     to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
b)     to refer the dispute to the courts in the Member State in which the data exporter is established.
26.7.2   The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

26.8    Cooperation with supervisory authorities

26.8.1   The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

26.8.2   The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.

26.8.3   The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 26.5.2.

26.9    Governing Law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

26.10  Variation of the contract

26.10.1 The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

26.11  Subprocessing

26.11.1 The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor’s obligations under such agreement.

26.11.2 The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 14.3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 14.6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.

26.11.3 The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.

26.11.4 The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 26.5.10, which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority upon request.

26.12  Obligation after the termination of personal data processing services

26.12.1 The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

26.12.2 The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.