MAJENTA SOLUTIONS LIMITED

TERMS AND CONDITIONS FOR MX AND/OR MX+

1. DEFINITIONS AND INTERPRETATION

1.1 The definitions and rules of interpretation in this clause apply in this agreement.

Authorised Users: those external third parties chosen by the Customer and agreed in writing by the Supplier who shall be entitled to use the Exchange under the terms of this agreement, and as further set out in clause 2.2.

Business Day: any day which is not a Saturday, Sunday or public or bank holiday in England.

Confidential Information: all confidential information (however recorded or preserved) disclosed by a party or its employees, officers, representatives, advisers, contractors or sub-contractors (Representatives) involved in the provision or receipt of the Services who need to know the confidential information in question to the other party and that party’s Representatives in connection with this agreement, which is either labelled as such or else which should reasonably be considered as confidential because of its nature and the manner of its disclosure.

Customer: the person, firm or company who purchases the Services from the Supplier.

Customer Data: any data and content stored or transmitted via the Services by the Customer or Authorised Users.

Data Processing Agreement: the data processing agreement, as set out in Schedule 2.

Effective Date: the date on which the last party signs this agreement.

Exchange: the Supplier’s data exchange service known as MX and/or MX+ accessible through cloud storage which is hosted by the Supplier or a third party on its behalf via a secure login, details of which will be provided by the Supplier.

Fees: the fees payable to the Supplier by the Customer, as described in the Proposal.

Intellectual Property Rights: patents, rights to inventions, copyright and related rights, trade marks, trade names, rights in domain names, rights in get-up, rights in goodwill or to sue for passing off, unfair competition rights, rights in designs, rights in computer software, database rights, topography rights, moral rights, rights in confidential information (including know-how and trade secrets) and any other intellectual property rights in each case whether registered or unregistered, and including all applications for, and renewals or extensions of, such rights, and all similar or equivalent rights or forms of protection in any part of the world.

Normal Business Hours: 9.00 am to 5.00 pm local UK time, each Business Day.

Proposal: the Supplier’s quotation for the Services, as set out in Schedule 1.

Service Level Agreement: the service level agreement provided by the Supplier.

Services: the use of the Exchange and any Customer software.

Supplier: Majenta Solutions Limited (Company Registration No: 3056978) whose registered office is at 3 Argosy Court, Scimitar Way, Whitley Business Park, Whitley, Coventry CV3 4GA, England.

1.2 Clause, Schedule and paragraph headings shall not affect the interpretation of this agreement.

1.3 A person includes a natural person, corporate or unincorporated body (whether or not having separate legal personality).

1.4 A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.

1.5 Unless the context otherwise requires, words in the singular shall include the plural and vice versa and a reference to one gender shall include a reference to the other genders.

1.6 A reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time.

1.7 A reference to writing or written includes e-mail.

1.8 References to clauses and Schedules are to the clauses and Schedules of this agreement and references to paragraphs are to paragraphs of the relevant Schedule.

1.9 Any words following the terms including, include, in particular, for example, or any similar expression shall be interpreted as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.

2. SERVICES

2.1 The Customer may access and use the Services made available by the Supplier under this agreement. The Service Level Agreement shall apply with effect from the Effective Date.

2.2 In relation to Authorised Users:

(a) the Customer’s access to the Exchange shall be limited to the number of individual Authorised Users as set out in the Proposal;

(b) the Customer shall ensure and be responsible for:

(i) it and each Authorised User keeping and maintaining the confidentiality of secure passwords for its use and the Authorised User’s use of the Exchange; and

(ii) managing access to the Exchange;

(c) the Supplier may audit the number of Authorised Users of the Exchange from time to time. Such audit shall be exercised with reasonable prior notice and in a manner so as to not substantially interfere with the Customer’s normal conduct of business. If such audit reveals that passwords have been provided to persons or companies who are not Authorised Users, and without prejudice to the Supplier’s other rights, the Customer shall promptly disable such passwords and shall not issue any new passwords to such persons or companies;

(d) the Customer shall represent and procure that Authorised Users’ access to the Exchange is in strict compliance with the terms and conditions of this agreement;

(e) the Customer will obtain and maintain any consents from Authorised Users to allow the Supplier to provide the Services set out in this agreement;

(f) the Customer will, at its own expense, respond to questions and complaints from Authorised Users or third parties relating to use of the Services. The Customer shall use its reasonable endeavours to resolve support issues before escalating them to the Supplier.

2.3 In relation to the Exchange the Customer shall not:

(a) sell, resell or lease the Services; or

(b) attempt to copy, duplicate, modify, create derivative works from or distribute all or any portion of the Exchange; or

(c) use the Services for activities where use or failure of the Services could lead to physical damage, death or personal injury.

3. CUSTOMER DATA

3.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.

3.2 Subject to the terms set out in this agreement, in the event of any loss or damage to Customer Data caused by the negligence or wilful damage by the Supplier’s Representatives, the Supplier shall use commercially reasonable efforts to restore the lost or damaged Customer Data from the latest back-up of such Customer Data, and the Supplier shall be responsible for the reasonable costs of input material, data reconstruction and reloading as evidenced by the Customer in writing. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).

3.3 In the event that the Supplier processes personal data of data subjects in the context of performing the Services, the parties have agreed to enter into the Data Processing Agreement (Data Processing Agreement) as set out in Schedule 2.

4. SUPPLIER’S OBLIGATIONS

4.1 The Supplier shall perform the Services with reasonable skill and care.

4.2 The Supplier confirms that it holds all necessary licences, permits and consents to provide the Services.

4.3 The Supplier may update the Services from time to time. If the Supplier changes the Services in a manner that materially reduces their functionality the Supplier will inform the Customer.

4.4 The Supplier may impose reasonable limitations on bandwidth usage for the Services.

4.5 The provisions of clause 4.1 shall not apply to the extent of any non-conformance which is caused by use of the Exchange contrary to the Supplier’s instructions, or modification or alteration of the Exchange by any party other than the Supplier or the Supplier’s duly authorised contractors or agents. The Services are provided “as is”. Subject to the restrictions set out in this agreement if the Exchange does not conform with the material terms of this agreement, the Supplier will, at its expense, use commercially reasonable efforts to correct any such non-conformance, or provide the Customer with an alternative means of accomplishing the desired performance. Subject to clause 10.3, such correction or substitution constitutes the Customer’s sole and exclusive remedy for any breach of the terms of this agreement. Notwithstanding the foregoing, Supplier does not warrant that the Customer’s use of the Exchange and the Services will be uninterrupted or error-free.

4.6 This agreement shall not prevent the Supplier from entering into similar agreements with third parties, or from independently developing, using, selling or licensing materials, products or services which are similar or identical to those provided under this agreement.

5. CUSTOMER’S OBLIGATIONS

The Customer shall:

(a) provide the Supplier with:

(i) all necessary co-operation in relation to this agreement; and

(ii) all necessary access to such information as may be required by the Supplier;
in order for the Supplier to perform the Services, including but not limited to Customer Data, security access information and, where applicable, software interfaces to the Customer’s other business applications;

(b) provide such personnel assistance, as may be reasonably requested by the Supplier from time to time;

(c) comply with all applicable laws and regulations with respect to its activities under this agreement; and

(d) carry out all other Customer responsibilities set out in this agreement or the Proposal in a timely and efficient manner. In the event of any delays in the Customer’s provision of such assistance as agreed by the parties, the Supplier may adjust any timetable or delivery schedule set out in this agreement as reasonably necessary. For the avoidance of doubt, the timetable and delivery schedule shall not be of the essence of this agreement.

6. CHARGES AND PAYMENT

6.1 The Customer shall pay the amounts (without deduction or set off) in full as set out in the Proposal (Charges).

6.2 All amounts and fees stated or referred to in this agreement are exclusive of value added tax, which shall be added to the Supplier’s invoice(s) at the appropriate rate.

6.3 Time for payment shall be of the essence of this agreement.

6.4 The Supplier shall invoice the Customer at the time of placing the order for all Services to be provided or performed by the Supplier. Each invoice is due and payable in full and cleared funds 30 days after the invoice date. If the Supplier has not received payment within five days after the due date, and without prejudice to any other rights and remedies of the Supplier:

(a) the Supplier shall be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid;

(b) interest shall accrue on such due amounts at an annual rate equal to 4% over the then current base lending rate of Barclays Bank plc at the date the relevant invoice was issued, commencing on the due date and continuing until fully paid, whether before or after judgment; and

(c) terminate the agreement or suspend any further availability of the Exchange to the Customer until all outstanding invoices have been paid in full.

6.5 The Supplier may, without prejudice to any other rights it may have set off any liability of the Customer to the Supplier against any liability of the Supplier to the Customer.

6.6 The Supplier may vary and increase the Charges from time to time by giving not less than 30 days’ written notice to the Customer.

6.7 Without prejudice to the provisions of clauses 6.5 and 6.6, in the event of the Supplier suffering an increase in the costs borne by it in the provision of the Services for reasons outside the Supplier’s control (including the introduction or implementation of any law, statute, decision, regulation or directive which has the effect of increasing the Supplier’s costs), the Supplier shall be entitled to increase its charges by an equivalent amount.

6.8 All payments payable to the Supplier under this agreement shall become due immediately on termination of this agreement, despite any other provision. This clause is without prejudice to any right to claim for interest under the law, or any such right under this agreement.

7. PROPRIETARY RIGHTS

7.1 The Customer acknowledges and agrees that the Supplier and/or its licensors own all Intellectual Property Rights in the Exchange. Except as expressly stated herein, this agreement does not grant the Customer any rights to such Intellectual Property Rights, or any other rights or licences in respect of the Exchange, Services or any related documentation.

7.2 The Supplier confirms that it has all the rights in relation to the Exchange that are necessary to grant the rights it purports to grant under, and in accordance with, the terms of this agreement.

8. CONFIDENTIALITY

8.1 The term Confidential Information does not include any information that:

(a) is or becomes generally available to the public (other than as a result of its disclosure by the receiving party or its Representatives in breach of this clause 8);

(b) was available to the receiving party on a non-confidential basis before disclosure by the disclosing party;

(c) was, is, or becomes, available to the receiving party on a non-confidential basis from a person who, to the receiving party’s knowledge, is not bound by a confidentiality agreement with the disclosing party or otherwise prohibited from disclosing the information to the receiving party;

(d) was known to the receiving party before the information was disclosed to it by the disclosing party; or

(e) the parties agree in writing is not confidential or may be disclosed.

8.2 Each party shall keep the other party’s Confidential Information confidential and shall not:

(a) use any Confidential Information except for the purpose of exercising or performing its rights and obligations under this agreement (Permitted Purpose); or

(b) disclose any Confidential Information in whole or in part to any third party, except as expressly permitted by this clause.

8.3 A party may disclose the other party’s Confidential Information to those of its Representatives who need to know that Confidential Information for the Permitted Purpose, provided that:

(a) it informs those Representatives of the confidential nature of the Confidential Information before disclosure; and

(b) at all times, it is responsible for the Representatives’ compliance with the confidentiality obligations set out in this clause 8.

8.4 A party may disclose Confidential Information to the extent required by law, by any governmental or other regulatory authority, or by a court or other authority of competent jurisdiction provided that, to the extent it is legally permitted to do so, it gives the other party as much notice of the disclosure as possible.

8.5 Each party reserves all rights in its Confidential Information. No rights or obligations in respect of a party’s Confidential Information, other than those expressly stated in this agreement, are granted to the other party, or are to be implied from this agreement.

8.6 The provisions of this clause 8 shall continue to apply after termination of this agreement.

9. INDEMNITY

9.1 The Customer shall defend, indemnify and hold harmless the Supplier from and against all claims, actions, proceedings, losses, damages, expenses and costs (including, without limitation, court and settlement costs and reasonable legal fees) arising out of or in connection with the Customer and its Authorised User’s use of the Exchange or Services, provided that:

(a) the Customer is given prompt notice of any such claim;

(b) the Supplier provides reasonable co-operation to the Customer in the defence and settlement of such claim, at the Customer’s expense; and

(c) the Customer is given sole authority to defend or settle the claim.

9.2 The Supplier shall defend the Customer against any claim by a third party brought against the Customer to the extent that the Exchange infringes any copyright, database right or right of confidentiality, and shall indemnify the Customer for any amounts awarded against the Customer in judgment or settlement of such claims, provided that:

(a) the Supplier is given prompt notice of any such claim;

(b) the Customer provides reasonable co-operation to the Supplier in the defence and settlement of such claim, at the Supplier’s expense; and

(c) the Supplier is given sole authority to defend or settle the claim.

9.3 In the defence or settlement of the claim, set out in clause 9.2 the Supplier may obtain for the Customer the right to continue using the Exchange, replace or modify the Exchange so that it becomes non-infringing or, if such remedies are not reasonably available, terminate this agreement without liability to the Customer. In no event will the Supplier have any obligations or liability under this agreement arising from:

(a) a modification of the Exchange by anyone other than the Supplier; or

(b) the Customer’s use of the Exchange or the Services in a manner contrary to the instructions of the Supplier; or

(c) use of the Exchange or Services in combination with for example, software, data or materials not recommended by the Supplier; or

(d) any content, information or data provided by the Customer, Authorised Users or other third parties; or

(e) the Customer’s use of the Exchange or the Services after notice of the alleged or actual infringement from the Supplier or any appropriate authority.

9.4 The foregoing states each party’s sole and exclusive rights and remedies, and the Supplier’s entire obligations and liability, for any infringement.

10. LIMITATION OF LIABILITY

10.1 This clause 10 sets out the entire financial liability of the Supplier (including any liability for the acts or omissions of its Representatives) to the Customer in respect of:

(a) any breach of this agreement;

(b) any use made by the Customer of the Exchange, the Services or any part of them; and

(c) any representation, misrepresentation (whether innocent or negligent), statement or tortious act or omission (including negligence) arising under or in connection with this agreement.

10.2 Except as expressly and specifically provided in this agreement:

(a) the Customer assumes sole responsibility for results obtained from the use of the Exchange and the Services by the Customer, and for conclusions drawn from such use. The Supplier shall have no liability for any damage caused by errors or omissions in any information, instructions or scripts provided to the Supplier by the Customer or its Representatives in connection with the Services, or any actions taken by the Supplier at the Customer’s direction; and

(b) all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this agreement.

10.3 Nothing in this agreement excludes the liability of the Supplier:

(a) for death or personal injury caused by the Supplier’s negligence; or

(b) for fraud or fraudulent misrepresentation.

10.4 The Service Level Agreement states the Customer’s full and exclusive right and remedy, and the Supplier’s only obligation and liability in respect of, the performance and/or availability of the Exchange and the Services, or their non-performance and non-availability.

10.5 Subject to clause 10.3 and clause 10.4:

(a) the Supplier shall not be liable whether in tort (including negligence or breach of statutory duty however arising), contract, misrepresentation (whether innocent or negligent); or restitution or otherwise for any loss of profits; or loss of business; or depletion of goodwill and/or similar losses; or loss or corruption of data or information; or loss of anticipated savings; or loss of contract; or wasted expenditure; or pure economic loss; or for any special, indirect, incidental, exemplary, punitive or consequential loss, costs, damages, charges or expenses however arising under this agreement even if such loss was reasonably foreseeable; and

(b) the Supplier’s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation (whether innocent or negligent);, restitution or otherwise, arising in connection with the performance or contemplated performance of this agreement shall be limited to the price paid for the Services during the 12 months preceding the date on which the claim giving rise to the liability arose.

11. TERM AND TERMINATION

11.1 This agreement shall commence on the Effective Date and shall continue for the period set out in the Proposal (Initial Term), unless otherwise terminated as provided in this clause 11.

11.2 Without prejudice to any other rights or remedies to which the parties may be entitled, either party may terminate this agreement without liability to the other if:

(a) the other party commits a material breach of any of the terms of this agreement and (if such a breach is remediable) fails to remedy that breach within 30 days of that party being notified in writing of the breach; or

(b) an order is made or a resolution is passed for the winding up of the other party, or circumstances arise which entitle a court of competent jurisdiction to make a winding-up order in relation to the other party; or

(c) an order is made for the appointment of an administrator to manage the affairs, business and property of the other party, or documents are filed with a court of competent jurisdiction for the appointment of an administrator of the other party, or notice of intention to appoint an administrator is given by the other party or its directors or by a qualifying floating charge holder (as defined in paragraph 14 of Schedule B1 to the Insolvency Act 1986); or

(d) a receiver is appointed of any of the other party’s assets or undertaking, or if circumstances arise which entitle a court of competent jurisdiction or a creditor to appoint a receiver or manager of the other party, or if any other person takes possession of or sells the other party’s assets; or

(e) the other party makes any arrangement or composition with its creditors, or makes an application to a court of competent jurisdiction for the protection of its creditors in any way; or

(f) the other party ceases, or threatens to cease, to trade; or

(g) the other party takes or suffers any similar or analogous action in any jurisdiction in consequence of debt.

11.3 On termination or expiry of this agreement for any reason:

(a) all licences and rights granted by the Supplier under this agreement shall immediately terminate;

(b) all licences and rights granted to the Authorised Users shall immediately terminate;

(c) each party shall return (if specifically requested in writing by the other party) and make no further use of any equipment, property, materials and other items (and all copies of them) belonging to the other party;

(d) the accrued rights of the parties as at termination, or the continuation after termination of any provision expressly stated to survive or implicitly surviving termination, shall not be affected or prejudiced.

12. FORCE MAJEURE

The Supplier shall have no liability to the Customer under this agreement if it is prevented from or delayed in performing its obligations under this agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, acts of any governmental body, war, insurrection, sabotage, armed conflict, embargo, fire, flood, strike or other labour disturbance, pandemic, interruption of or delay in transportation, unavailability of or interruption or delay in telecommunications, internet disturbance, electrical or any other third party services, failure of hardware or network components, virus attacks, or hackers, failure of third party software (including without limitation, ecommerce software, payment gateways, chat, statistics or free scripts), delays due to dependence on third parties, or inability to obtain raw materials, supplies, or power used in or equipment needed for the provision of this agreement.

13. WAIVER

13.1 A waiver of any right under this agreement is only effective if it is in writing and it applies only to the party to whom the waiver is addressed and to the circumstances for which it is given.

13.2 Unless specifically provided otherwise, rights arising under this agreement are cumulative and do not exclude rights provided by law.

14. SEVERANCE

14.1 If any provision (or part of a provision) of this agreement is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, the other provisions shall remain in force.

14.2 If any invalid, unenforceable or illegal provision would be valid, enforceable or legal if some part of it were deleted, the provision shall apply with whatever modification is necessary to give effect to the commercial intention of the parties.

15. ENTIRE AGREEMENT

15.1 This agreement, the Service Level Agreement and the Data Processing Agreement, and any documents referred to in it, constitutes the whole agreement between the parties and supersedes and extinguishes all previous and contemporaneous arrangements, promises, understandings or agreements between them, whether written or oral, relating to the subject matters they cover.

15.2 This agreement shall prevail over any inconsistent terms or conditions contained in the Customer’s purchase order, confirmation of order, or specification or implied by law, trade custom, practice or course of dealing.

15.3 Each of the parties acknowledges and agrees that in entering into this agreement it does not rely on any undertaking, promise, assurance, statement, representation, warranty or understanding (whether in writing or not) of any person (whether party to this agreement or not) relating to the subject matter of this agreement, other than as expressly set out in this agreement.

16. ASSIGNMENT

16.1 Except in respect of an assignment of either party’s entire business and assets to a third party, neither party shall, without the prior written consent of the other party, assign, transfer, charge, sub-contract or deal in any other manner with any of its rights or obligations under this agreement.

16.2 The Supplier may subcontract or delegate in any manner any or all of its obligations under this agreement to any third party or agent acting on the Supplier’s behalf.

17. NO PARTNERSHIP OR AGENCY

Nothing in this agreement is intended to or shall operate to create a partnership between the parties, or authorise either party to act as agent for the other, and neither party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way (including, but not limited to, the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).

18. VARIATION

18.1 No variation of this agreement shall be effective unless it is in writing and signed by the parties (or their authorised representatives).

18.2 No employee, subcontractor or agent of the Supplier has any authority to add to or vary this agreement or to make any representation or warranty unless such addition or variation or representation or warranty is in writing and signed by a duly authorised representative of the Supplier.

19. THIRD PARTY RIGHTS

This agreement does not confer any rights on any person or party (other than the parties to this agreement and (where applicable) their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.

20. NOTICES

20.1 Any notice given to a party under or in connection with this agreement shall be in writing and shall be:

(a) delivered by hand or by pre-paid first-class post or other next working day delivery service at its registered office (if a company) or its principal place of business (in any other case); or

(b) sent by email to the following addresses (or an address substituted in writing by the party to be served):

Supplier: [ADDRESS].
Customer: [ADDRESS].

20.2 Any notice shall be deemed to have been received:

(a) if delivered by hand, at the time the notice is left at the proper address;

(b) if sent by pre-paid first-class post or other next working day delivery service, at 9.00 am on the third Business Day after posting; or

(c) if sent by email, at the time of transmission, or, if this time falls outside Normal Business Hours in the place of receipt, when Normal Business Hours resume.

20.3 This clause does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.

21. GOVERNING LAW AND JURISDICTION

21.1 This agreement and any disputes or claims arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) are governed by, and construed in accordance with, the law of England.

21.2 The parties irrevocably agree that the courts of England have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this agreement or its subject matter or formation (including non-contractual disputes or claims).

This agreement has been entered into the date stated at the beginning of it.

Schedule 1

Proposal

[Attach agreed proposal]

Schedule 2
Data Processing Agreement

1. Interpretation

1.1 For the purpose of this Schedule:

“Customer” means the person, firm or company who purchases the services from Majenta.
“Data Protection Legislation” means Data Protection Act 2018, the EU Data Protection Directive 95/46/EC, the GDPR, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and all applicable laws and regulations relating to the processing of personal data and privacy, as amended, extended or re-enacted from time to time, including where applicable, any guidance notes and codes of practice issued by the European Commission and applicable national Regulators including the United Kingdom Information Commissioner;
“Majenta” means Majenta Solutions Limited (company number 03056978), a company registered in England with its registered office and main trading address at 3 Argosy Court, Scimitar Way, Whitley Business Park, Whitley , Coventry, CV3 4GA, England;
“GDPR” means the EC Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;
“Regulator” means any regulatory body with responsibility for ensuring compliance with Data Protection Legislation; and
“Security Breach” means accidental or deliberate, unauthorised or unlawful acquisition, destruction, loss, alteration, corruption, access, use or disclosure of personal data processed under this agreement or breach of Majenta’s security obligations under this Agreement.

1.2 In this agreement, references to “data controller”, data processor”, “processing”, “data protection officer” and “personal data” and “personal data breach” shall have the same meaning as defined in Data Protection Legislation.

1.3 Annex 1 sets out the subject matter and duration of the processing; nature and purpose of the processing; the type of personal data being processed; and the categories of data subject.

1.4 The parties agree that in respect of any personal data processed in connection with this agreement that Customer shall be the “data controller” and Majenta shall be the “data processor”.

2. Obligations

2.1 Each party shall, in respect of the personal data, comply with those obligations applicable to it under the Data Protection Legislation.

2.2 Majenta shall, at its own expense (except where otherwise expressly stated in this agreement) and without prejudice to its other rights or obligations, in respect of its processing of such personal data:

a) process the personal data only to the extent, and in such a manner, as is necessary for the purposes of this agreement and in accordance with the Customer’s written instructions from time to time. Majenta shall not process or permit the processing of the personal data for any other purpose unless such processing is required by the European Union or a law of a Member State to which Majenta is subject, in which case Majenta shall notify the Customer in advance of its intention to carry out such processing and allow the Customer the opportunity to object (unless that law prohibits such information on important grounds of public interest).;

b) only make copies of the personal data to the extent reasonably necessary (which may include back-up, mirroring (and similar availability enhancement techniques), security, disaster recovery and/or testing of the data);

c) not extract, re-utilise, use, exploit, redistribute, re-disseminate, copy, store or otherwise process the personal data other than as permitted under the terms of this agreement;

d) only permit access to the personal data to those of Majenta’s personnel who require such access in order to carry out their roles in the performance of Majenta’s obligations under this agreement, and ensure the reliability of all such personnel who have access to the personal data and shall in particular ensure that any person authorised to process the personal data in connection with this agreement is subject to a duty of confidentiality that at a minimum is materially equivalent to the duty of confidentiality imposed on Majenta under or in connection with this agreement;

e) comply with the obligations applicable to data processors under Data Protection Legislation, including where applicable, the obligation to maintain records of processing activities, appointing a data protection officer, and the provisions of the Customer’s IT and data security policies as notified to Majenta in advance;

f) not do anything or omit to do anything that may put the Customer in breach of its obligations under Data Protection Legislation and take such steps and provide the Customer with such cooperation and assistance as the Customer may reasonably request from time to time to enable the Customer to comply with Data Protection Legislation;

g) having regard to the state of technological development and the cost of implementing any measures, take appropriate technical and organisational measures against the unauthorised or unlawful processing of data and against the accidental loss or destruction of, or damage to data, to ensure a level of security appropriate to: (a) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage of the data; and (b) the nature of the data to be protected. Such measures shall include: (i) pseudonymisation and anonymisation of the personal data, where possible; (ii) having the ability to ensure the on-going confidentiality, integrity, availability and resilience of Majenta’s systems; (iii) having the ability to restore the availability and access to the personal data in a timely manner in the event of a physical or technical incident; (iv) having a process of regularly testing, assessing, and evaluating the effectiveness of the technical and organisational measures referred to in this agreement; and (v) the measures set out in the Customer’s security policies notified to Majenta from time to time and any code of conduct and/or certification mechanism approved by the Regulator relating to security measures, in each case as may be amended from time to time;

h) assist the Customer by using appropriate technical and organisational measures in responding to, and complying with, requests from data subject. In particular, Majenta shall immediately comply with any request from the Customer requiring Majenta at its cost to amend, transfer or delete the personal data, either during or after the term of this agreement;

i) provide the Customer with full co-operation and assistance in relation to the Customer’s obligations and rights under Data Protection Legislation, including its obligations to keep personal data secure, providing the Customer and Regulators (as applicable) with all information and assistance necessary to investigate Security Breaches and where relevant notify the relevant Regulators and/or affected data subjects of the relevant Security Breach, carry out data privacy impact assessments (“DPIA”), consult with the relevant Regulator where a DPIA indicates there is a high risk that cannot be mitigated, or otherwise to assess or demonstrate compliance by the parties with Data Protection Legislation;

j) without undue delay and in any event within 24 hours of becoming aware notify the Customer in writing, and provide such co-operation, assistance and information as the Customer may reasonably require, if Majenta:

(i) receives any complaint, notice or communication which relates directly or indirectly to the processing of the personal data under this agreement or to either party’s or any member of the Customer’s group compliance with Data Protection Legislation;

(ii) becomes aware of any Security Breach or personal data breach relating to the processing of personal data under this agreement.;

k) keep a written record of data processing carried out in the course of the services and of its compliance with its obligations set out in this agreement (“Records”);

l) permit the Customer, its third-party representatives or a Regulator or its third party representatives, on reasonable notice during normal business hours, but without notice in case of any reasonably suspected breach of this agreement by Majenta, access to inspect, and take copies of, the Records and any other information held at Majenta’s or on Majenta’s systems relating to this agreement, for the purpose of auditing Majenta’s compliance with its obligations under this agreement. Majenta shall give all necessary assistance to the conduct of such audits;

m) not engage any processor to process data (or otherwise sub-contract or outsource the processing of any data to a third party) without the prior written consent of the Customer acting in its sole discretion.

n) return or destroy (as directed in writing by the Customer) all personal data in relation to this agreement that it has in its possession and promptly delete existing copies unless applicable law requires storage of the personal data. If the Customer elects for destruction rather than return of the personal data, the Customer shall as soon as reasonably practicable ensure that all of the personal data is destroyed and deleted from Majenta’s systems and provide written confirmation of compliance with this clause within 14 days of the Customer’s election; and

o) not transfer the personal data outside the United Kingdom (as relevant) without the prior written consent of the Customer, which can be withheld at the sole discretion of Customer, and subject to any additional Customer requirements.

ANNEX 1

Data Processing Services

1. Subject Matter and Duration of Processing

Details of:
– the subject matter and duration of the processing: it is necessary for Majenta to process personal data in order to provide Services under this agreement for the duration of this agreement.
– the type of personal data being processed: names, business addresses, emails, telephone numbers, job roles/functions).
– the categories of data subject: personnel of Customer, personnel of Customer’s clients
– processing restrictions: only make copies of the data to the extent reasonably necessary (which, for clarity, includes back-up, mirroring (and similar availability enhancement techniques), security, disaster recovery and testing of the data) and not extract, re-utilise, use, exploit, redistribute, re-disseminate, copy or store the Data other than permitted under the terms of this agreement.

2. Nature and Purpose of the Processing

Details of the nature and purpose of the processing: Majenta may be required to access, receive, generate, store or otherwise process personal data in order to provide the Services, and for communicating with the Customer.

3. Location of the Processing

The data is held on Majenta’s CRM and the MX Portal.