GSPV LIMITED STANDARD TERMS AND CONDITIONS OF BUSINESS
These Terms and Conditions of Business (“Terms”) shall apply to the provision of Services by GSPV Limited (“GSPV”), registered in England and Wales under company number 09888099 and having its registered office at 4 Graham Street, London, United Kingdom, N1 8GB, to the Customer (as detailed in the Order Form) (together the “Parties”). The Terms and the Order Form shall together form the “Agreement” between the Parties.
1.1 The definitions and rules of interpretation in this clause apply to the Agreement.
Affiliate(s): means, with respect to any entity, any other entity that now or in the future directly or indirectly controls, is controlled by, or is under common control with such entity or its successor entity, but only for so long as such control exists.
Confidential Information: means any and all information and data, however conveyed or presented and whether technical or commercial, disclosed by one Party to the other or obtained or received by a Party as a result of entering into or performing its obligations under this Agreement, including any information that is clearly labelled as such or is identified as Confidential Information in clause 10.5.
Customer: has the meaning set out in the Order Form.
Customer Data: the data inputted to the Portal by the Customer (or any relevant member of the Customer Group) or GSPV on the Customer’s behalf for the purpose of using the Services or facilitating the Customer’s (and any relevant member of the Customer Group’s) use of the Services.
Customer Group: means the Customer and any Affiliates that will receive the Services, as further detailed in the Order Form.
Dashboard: means the online financial summary dashboard made available to the Customer as part of the Services.
Data Protection Legislation: means all applicable laws and regulations relating to the processing of Personal Data and privacy including the EU Data Protection Directive (95/46/EC), the Electronic Communications Data Protection Directive (2002/58/EC) and the EU’s General Data Protection Regulation (2016/679/EC), including all law and regulations implementing or made under them and any amendment or re-enactment of them.
Dedicated Account Manager: means a representative of GSPV designated as the Customer’s first point of contact for Support Services.
Deliverables: means all outputs generated by the Services specifically and uniquely from compiling or processing Customer Data.
Documentation: means the operating manuals, user instruction manuals, technical literature and all other related materials made available to the Customer by GSPV from time to time in respect of the Services.
Effective Date: means the date set out in the Order Form.
Fees: means the total fees as set out in section 4 of the Order Form.
Initial Term: has the meaning set out in the Order Form.
Licence Fees: means the licence fees payable by the Customer to GSPV for the Software, as set out in the Order Form.
Normal Business Hours: means 9.00 am to 5.00 pm local UK time, Monday to Friday excluding UK public holidays.
Order Form: means the order form signed by both Parties.
Portal: means the website portal created and hosted by GSPV through which the Customer accesses the Services, as further described in Appendix 1.
Renewal Period: means the period described in clause 13.1.
Services: means the services provided by GSPV to the Customer under this Agreement as set out in Appendix 1 to these Terms as specified in the Order Form.
Set Up Services: means those services set out in Appendix 1 to these Terms which shall be provided to the Customer in accordance with the terms of clause 3.3.
Software: the Xelix Software platform provided by GSPV as part of the Services and made available via the Portal.
Support Services: the support services set out in Appendix 1 to these Terms which shall be provided to the Customer during the Term.
Term: means the Initial Term and all Renewal Terms.
Users: means the users permitted to use the Services in accordance with the Agreement as set out in the Order Form.
1.2 If the event of conflict between the Order Form and these Terms, the Order Form shall take precedence.
2. LICENCE AND USER RESTRICTIONS
2.1 Subject to the Customer paying the Fees in accordance with clause 7, and complying with the restrictions set out in this clause 2 and any further obligations or restrictions set out in the Terms and/or the Order Form, GSPV hereby grants to the Customer a non-exclusive, non-transferable licence to enable use of the Services and/or Documentation by any Customer (and any relevant member of the Customer Group) Users in accordance with the terms of the Agreement.
2.2 The number of permitted Users will be as set out in the Order Form. Should the Customer wish to increase such number of Users, the Customer shall notify GSPV (using the contact details set out in the Order Form) of such request and GSPV shall, within a reasonable period of time, provide access to such further Users. The Parties agree that, following the provision of such access, the new Users will be considered to have been added to the number of Users permitted under the Order Form and will be treated accordingly.
2.3 The Customer (and any relevant member of the Customer Group) shall not do, and shall procure that any Users shall not do, any of the following in respect of the Services:
(a) access and/or use (or allow the access and/or use of) the Services, Software and Documentation in any way which is contrary to the terms of this Agreement;
(b) access, extract, reutilise, use, exploit, copy, store, redistribute, redisseminate, offer, resell, disclose or otherwise make the Services, Software and Documentation available other than as specifically permitted this Agreement;
(c) access and/or use (or allow the access and/or use of) the Services for any purpose contrary to any law or regulation or any regulatory code, guidance or request applicable to the Services, GSPV or the Customer (and Customer Group); or
(d) modify, alter, manipulate, disassemble, decompile, reverse engineer or otherwise distort the Software or the Services, reference the Services or use the Services or the Software to create a derivate work; or
(e) act or omit to act in any way which may reasonably be considered to bring or have the effect of bringing the Services, and/or GSPV into disrepute;
(f) access all or any part of the Software and Documentation in order to build a product or service which competes with the Software and/or the Documentation; or
(g) license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services, Software and/or Documentation available to any third Party;
(h) rent, lease, or provide access to the Services on a time-share or service bureau basis; or
(i) use the Services to engage in or promote any other harmful, offensive, inappropriate, fraudulent, deceptive or illegal activities; or
(j) attempt to obtain, or assist third parties in obtaining, access to the Services, Software and/or Documentation, other than as provided under this clause 2.
2.4 The Customer (and any relevant member of the Customer Group) shall prevent any unauthorised access to, or use of, the Services and/or the Documentation and, in the event of any such unauthorised access or use, promptly notify GSPV.
2.5 The rights provided under this clause 2 are granted to the Customer (and and relevant member of the Customer Group) only as further described in the Order Form, and shall not be considered granted to any subsidiary or holding company of the Customer except as explicitly set out in the Order Form.
3.1 GSPV shall, during the Term, provide the Services and make available the Documentation to the Customer (and any relevant member of the Customer Group) in accordance with this Agreement.
3.2 GSPV shall use commercially reasonable endeavours to make the Services available 24 hours a day, seven days a week, except that GSPV may be required to undertake maintenance of the Services at any time. GSPV shall use reasonable endeavours to give the Customer (and any relevant member of the Customer Group) at least 12 business hours’ notice in advance of any maintenance work that may affect the availability of the Services.
3.3 GSPV shall carry out the Set Up Services at a time agreed between the parties. GSPV shall use reasonable commercial endeavours to start and complete the Set Up Services within the agreed timescales but the Customer agrees that such timescales are approximate only.
4. CUSTOMER DATA
4.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 GSPV and the Customer acknowledge that for the purposes of the Data Protection Legislation, the Customer is the Data Controller and GSPV is the Data Processor in respect of any Personal Data (as defined in the Data Protection Legislation).
4.3 The Parties shall comply with their data protection obligations as set out in Appendix 2 to this Agreement.
5. GSPV'S OBLIGATIONS
5.1 GSPV shall perform the Services substantially in accordance with the Documentation and the Order Form with reasonable skill and care.
5.2 GSPV shall apply reasonable security measures in supplying the Services and shall use all reasonable endeavours to provide the Services in accordance with the ‘Xelix Security Whitepaper’ (available on request).
5.3 The obligation at clause 5.1 shall not apply to the extent of any non-conformance which is caused by use of the Services contrary to GSPV’s instructions, or modification or alteration of the Services by any Party other than GSPV or GSPV’s duly authorised contractors or agents. If the Services do not conform with the foregoing obligation, GSPV will, at its expense, use all reasonable commercial endeavours to correct any such non-conformance promptly, or provide the Customer (and any relevant member of the Customer Group) with an alternative means of accomplishing the desired performance. Such correction or substitution constitutes the Customer’s sole and exclusive remedy for any breach of the obligation set out in clause 5.1.
5.4 Except as expressly provided in this Agreement, the Customer agrees that the Services are provided by GSPV on an “as is” and “as available” basis and GSPV:
(a) does not warrant that the Customer’s (or any relevant member of the Customer Group’s) use of the Services will be uninterrupted or error-free; nor that the Services, Software, Documentation and/or the Deliverables will meet the Customer’s (or any relevant member of the Customer Group’s) requirements;
(b) is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Services, Software and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities; and
(c) except to the extent prohibited by law, GSPV excludes all warranties, including any implied warranties of merchantability, satisfactory quality, fitness for a particular purpose, non-infringement, or quiet enjoyment, and any warranties arising out of any course of dealing or usage of trade.
5.5 GSPV will have no liability for breach of the obligations set out above caused by GSPV’s compliance with the Customer’s (and any relevant member of the Customer Group’s) specifications, specific instructions or other information received from Customer (or any relevant member of the Customer Group).
5.6 This Agreement shall not prevent GSPV from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar or the same to those provided under the Agreement.
5.7 GSPV warrants that it has and will maintain all necessary licences, consents, and permissions necessary for the performance of its obligations under the Agreement.
6. CUSTOMER'S OBLIGATIONS
6.1 The Customer, shall procure that any relevant member of the Customer Group shall:
(a) provide GSPV with:
(i) all necessary co-operation in relation to the Agreement; and
(ii) all necessary access to such information as may be required by GSPV;
in order to provide the Services;
(b) comply with all applicable laws and regulations with respect to its activities under the Agreement;
(c) ensure that its (and any Users’) use of the Services and the Documentation is in accordance with the terms and conditions of the Agreement;
(d) obtain and shall maintain all necessary licences, consents, and permissions necessary for GSPV, its contractors and agents to perform their obligations under the Agreement, including without limitation the Services;
(e) be solely responsible for procuring and maintaining its network connections and telecommunications links from its systems to the Portal, and that all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer’s (and any relevant member of the Customer Group’s) network connections or telecommunications links or caused by the internet;
(f) be responsible at all times for the content, accuracy and timeliness of Customer Data submitted to GSPV via the Portal and shall ensure that it only submits Customer Data to GSPV that it believes is accurate and complete.
7.1 The Customer shall pay the Fees as set out in the Order Form.
7.2 In the case that the Customer (and/or the relevant members of the Customer Group) submits a number of invoices in any 12 month period that exceeds 10% more than the agreed annual number of invoices to the Portal (as set out in section 4 of the Order Form), GSPV reserves the right to increase the Licence Fee to reflect such increase in invoice numbers.
7.3 In the case that the number of invoices submitted to the Portal in the Initial Term, or any Renewal Term, by the Customer equals an amount that is less than 90% of the agreed annual number of invoices in any 12 month period to the Portal (as set out in section 4 of the Order Form), GSPV will discuss with the Customer, in good faith, a reduction in the Licence Fee to reflect such shortfall.
8.1 GSPV shall invoice the Customer as set out in Section 4 of the Order Form.
8.2 The Customer shall pay each invoice within 7 days of the date of such invoice.
8.3 If GSPV has not received payment within 7 days after the due date, and without prejudice to any other rights and remedies of GSPV:
(a) GSPV may, without liability to the Customer (or any member of the Customer Group), suspend the Customer’s (or any relevant member of the Customer Group’s) password, account and access to all or part of the Services and GSPV shall be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid; and
(b) interest shall accrue on such due amounts at an annual rate equal to 6% over the then current base lending rate of Barclays Bank Plc at the date the relevant invoice was issued, commencing on the due date and continuing until fully paid, whether before or after judgment.
8.4 All amounts and fees stated or referred to in the Agreement:
(a) shall be payable in pounds sterling;
(b) are, subject to clause 9.6(c), and 13.4(b), non-cancellable and non-refundable;
(c) are exclusive of any applicable value added tax, or withholding tax which shall be added to GSPV’s invoice(s) at the appropriate rate.
8.5 GSPV shall be entitled to increase the Fees at the start of each Renewal Period upon 30 days’ prior notice to the Customer and the Order Form shall be deemed to have been amended accordingly.
9. PROPRIETARY RIGHTS
9.1 The Customer acknowledges and agrees that GSPV and/or its licensors own all intellectual property rights in the Software, the Services (other than as set out in clause 9.3 and the Documentation. Except as expressly stated herein, the Agreement does not grant the Customer (or any member of the Customer Group) any rights to, or in, patents, copyrights, database rights, trade secrets, trade names, trade marks (whether registered or unregistered), or any other rights or licences in respect of the Services or the Documentation.
9.2 GSPV confirms that it has all the rights in relation to the Services and the Documentation that are necessary to grant all the rights it purports to grant under, and in accordance with, the terms of the Agreement.
9.3 Subject to payment of all the fees and expenses due and owing to GSPV and the exclusions in this clause 9.3, the Customer shall be entitled to own all intellectual property rights in the Deliverables. To the extent that those Deliverables include Software source code, generic software tools, routines, frameworks, and components; generic content, application building blocks; templates; analytical models; project tools; or development tools then intellectual property rights in those elements of the Deliverables shall continue to belong to GSPV. All other intellectual property developed by GSPV during the course of this Agreement shall belong to GSPV.
9.4 GSPV acknowledges that the intellectual property rights in the Customer Data or other material provided by the Customer (or any member of the Customer Group) to GSPV (the “Customer Materials”) are and shall remain the property of the Customer (or any member of the Customer Group) or its licensors as the case may be and that GSPV will not obtain any rights in the intellectual property rights in the Customer Materials other than expressly granted to it under this Agreement. The Customer grants (and shall procure that the any relevant member of the Customer Group grants) to GSPV an irrevocable, non-exclusive, non-transferable, royalty-free license to use the Customer Materials only to the extent necessary for it to carry out its obligations under this Agreement.
9.5 GSPV warrants that, as far as it is aware, the Software and the Services do not infringe a third Party’s intellectual property rights.
9.6 If any valid claim of breach of the warranty in clause 9.5 is brought to GSPV’s attention, it may, at its option and expense:-
(a) obtain the right for the Customer (and any relevant member of the Customer Group) to continue to use the Services; or
(b) modify or replace the Services without materially reducing their overall performance so they do not infringe; or
(c) if the remedies above cannot be achieved at reasonable cost and within a reasonable time, refund to the Customer that portion of the Fees paid to GSPV attributable to the infringing element of the Services, on a pro-rata basis to reflect the Customer’s use of the infringing element to date.
9.7 Clauses 9.6 states the Customer’s sole and exclusive rights and remedies, and GSPV’s (including GSPV’s employees’, agents’ and sub-contractors’) entire obligations and liability, for infringement of any patent, copyright, trade mark, database right or right of confidentiality.
10.1 Each Party may be given access to Confidential Information from the other Party in order to perform its obligations under the Agreement. A Party’s Confidential Information shall not be deemed to include information that:
(a) is or becomes publicly known other than through any act or omission of the receiving Party;
(b) was in the other Party’s lawful possession before the disclosure;
(c) is lawfully disclosed to the receiving Party by a third Party without restriction on disclosure;
(d) is independently developed by the receiving Party, which independent development can be shown by written evidence; or
(e) is required to be disclosed by law, by any court of competent jurisdiction or by any regulatory or administrative body.
10.2 Each Party shall hold the other’s Confidential Information in confidence and, unless required by law, not make the other’s Confidential Information available to any third Party, or use the other’s Confidential Information for any purpose other than the implementation of the Agreement.
10.3 Each Party shall take all reasonable steps to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of the Agreement.
10.4 Neither Party shall be responsible for any loss, destruction, alteration or disclosure of Confidential Information caused by any third Party.
10.5 The Customer acknowledges that details of the Services, and the results of any performance tests of the Services, constitute GSPV’s Confidential Information.
10.6 GSPV acknowledges that the Customer Data is the Confidential Information of the Customer.
10.7 This clause 10 shall survive termination or expiry of the Agreement, however arising, for a period of five years from the date of termination or expiry.
11.1 For the avoidance of doubt, GSPV may disclose the fact of the existence of this Agreement and that the Customer (and any member of the Customer Group) is a user of the Services, using Customer’s (and any member of the Customer Group) name and logo, on its website and in other promotional materials.
12. LIMITATION OF LIABILITY
12.1 This clause 12 sets out the entire financial liability of GSPV (including any liability for the acts or omissions of its employees, agents and sub-contractors) to the Customer (and any member of the Customer Group) in respect of:
(a) any breach of the Agreement;
(b) any use made by the Customer (or any member of the Customer Group) of the Services, including the Deliverables and the Documentation or any part of them; and
(c) any representation, statement or tortious act or omission (including negligence) arising under or in connection with the Agreement.
12.2 Except as expressly and specifically provided in the Agreement:
(a) the Customer assumes sole responsibility for confirming the accuracy of all Customer Data and all Deliverables, and for all use of, and conclusions drawn from, such Deliverables. GSPV shall have no liability for any damage caused by errors or omissions in the Deliverables, any Customer Data, information, instructions or scripts provided to GSPV by the Customer (or any member of the Customer Group) in connection with the Services, or any actions taken by GSPV at the Customer’s direction; and
(b) all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from the Agreement.
12.3 Nothing in the Agreement excludes the liability of either Party:
(a) for death or personal injury caused by a Party’s negligence;
(b) for any breach of Clause 10;
(c) for fraud or fraudulent misrepresentation; or
(d) any losses which cannot be excluded or limited by applicable law or regulation.
12.4 Subject to clause 12.2 and clause 12.3:
(a) GSPV shall not be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or for any special, indirect or consequential loss, costs, damages, charges or expenses however arising under the Agreement; and
(b) GSPV’s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of the Agreement shall be limited to the Fees paid during the 12 months immediately preceding the date on which the liability arose.
13. TERM AND TERMINATION
13.1 This Agreement shall, unless otherwise terminated as provided in this clause 13, commence on the Effective Date and shall continue for the Initial Term and, thereafter, the Agreement shall be automatically renewed for successive periods of 12 months (each a Renewal Period), unless otherwise terminated in accordance with the provisions of the Agreement.
13.2 Without prejudice to any other rights or remedies to which the parties may be entitled, either Party may terminate the Agreement without liability to the other:
(a) at any time during the Term upon giving the other Party not less than 30 days’ written notice;
(b) if the other Party commits a material breach of any of the terms of the Agreement and (if such a breach is remediable) fails to remedy that breach within 30 days of that Party being notified in writing of the breach; or
(c) if the other Party becomes insolvent or bankrupt, assigns all or a substantial part of its business or assets for the benefit of creditors, permits the appointment of a receiver for its business or assets, becomes subject to any legal proceeding relating to insolvency or the protection of creditors’ rights or otherwise ceases to conduct business in the normal course or any action anywhere similar or analogous to any of the foregoing; provided that this right to termination shall not apply if the other Party is ordered to be wound up by the court for the purpose of a bona fide reconstruction or amalgamation.
13.3 On termination of the Agreement for any reason:
(a) all licences granted under the Agreement shall immediately terminate;
(b) the Customer shall return and make no further use of Documentation and other items (and all copies of them) belonging to the other Party; and
(c) the accrued rights of the parties as at termination, or the continuation after termination of any provision expressly stated to survive or implicitly surviving termination, shall not be affected or prejudiced.
13.4 On termination in accordance with clause 13.2(a);
(a) no refund of the Fees shall be due if the Customer is the terminating Party;
(b) the proportion of the Fees representing the terminated element of the Term shall be refunded to the Customer in the event that the terminating Party is GSPV.
14. FORCE MAJEURE
14.1 GSPV shall have no liability to the Customer (or any member of the Customer Group) under the Agreement if it is prevented from or delayed in performing its obligations under the Agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control.
15.1 A waiver of any right under the Agreement is only effective if it is in writing and it applies only to the Party to whom the waiver is addressed and to the circumstances for which it is given.
15.2 The exercise or waiver, in whole or in part, of any right, remedy, or duty provided for in this Agreement will not constitute the waiver of any prior, concurrent or subsequent right, remedy, or duty within this Agreement. Failure or delay by either Party at any time to enforce any term or condition of this Agreement shall not be construed as a waiver by such Party nor affect such Party’s right to take any subsequent action. No single or partial exercise of any right, power, privilege or remedy under this Agreement shall prevent any further or other exercise thereof or the exercise of any other right, power, privilege or remedy.
15.3 Unless specifically provided otherwise, rights arising under the Agreement are cumulative and do not exclude rights provided by law.
16.1 If any provision (or part of a provision) of the Agreement is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, the other provisions shall remain in force.
16.2 If any invalid, unenforceable or illegal provision would be valid, enforceable or legal if some part of it were deleted, the provision shall apply with whatever modification is necessary to give effect to the commercial intention of the Parties.
17. FURTHER ASSURANCE
17.1 Each Party undertakes, at the request and cost of the requesting Party (unless otherwise agreed or specified in this Agreement) to do all acts and execute all documents which may be necessary to give full effect to this Agreement.
18. ENTIRE AGREEMENT
18.1 This Agreement, and any documents referred to in it, constitute the whole agreement between the Parties and supersede any previous arrangement, understanding or agreement between them relating to the subject matter they cover.
18.2 Each of the Parties acknowledges and agrees that in entering into the Agreement it does not rely on any undertaking, promise, assurance, statement, representation, warranty or understanding (whether in writing or not) of any person (whether Party to the Agreement or not) relating to the subject matter of the Agreement, other than as expressly set out in the Agreement.
19.1 Neither Party shall assign rights or delegate responsibilities without the prior written permission of the other Party, such permission not to be unreasonably withheld or delayed except to an affiliate of such Party who has the financial standing to meet the assigning Party’s obligations.
20. NO PARTNERSHIP OR AGENCY
20.1 Nothing in the Agreement is intended to or shall operate to create a partnership between the Parties, or authorise either Party to act as agent for the other, and neither Party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way (including, but not limited to, the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).
21. THIRD PARTY RIGHTS
21.1 Except as expressly stated in this Agreement, a person who is not a Party to this Agreement may not enforce or enjoy the benefit of any of its terms pursuant to the Contracts (Rights of Third Parties) Act 1999 (or equivalent third Party rights legislation in any other relevant jurisdiction).
21.2 Should any member of the Customer Group wish to bring a claim against GSPV, the Customer shall pursue such claim, and recover any losses (subject to the limitations in this Agreement), on the relevant member of the Customer Group’s behalf and shall procure that the relevant member of the Customer Group will do all acts and execute all documents which may be necessary for the Customer to do so.
22.1 Any notice required to be given under the Agreement shall be made:
(a) by email to the address set out in the Order Form; or
(b) in writing and shall be delivered by hand or sent by pre-paid first-class post or recorded delivery post to the contact set out in the Order Form.
22.2 A notice delivered by email shall be deemed delivered at the point it is transmitted to the correct email address as set out in the Order Form. A notice sent by hand shall be deemed to have been received when delivered (or if delivery is not in business hours, at 9 am on the first business day following delivery). A correctly addressed notice sent by pre-paid first-class post or recorded delivery post shall be deemed to have been received at the time at which it would have been delivered in the normal course of post.
23. GOVERNING LAW AND JURISDICTION
23.1 This Agreement and any disputes or claims arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) are governed by, and construed in accordance with, the law of England.
23.2 The parties irrevocably agree that the courts of England have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with the Agreement or its subject matter or formation (including non-contractual disputes or claims).
23.3 This Agreement has been entered into on the date stated on the Order Form.
Appendix 1 - Scope of Services
The Xelix portal is a web-based platform that provides data and analytics on a company’s supply chain and payment performance.
The platform features covered by this agreement are:
Set up Services: Xelix provides support to the Customer during onboarding. This includes working with IT to setup any required data feed and working with finance to build in company-specific rules and assumptions.
Payment Reporting: Dashboards for 1) Payment Performance Reporting and, 2) Summary of Ledgers
Supplier Analytics: Dashboards for 1) All Suppliers and, 2) Procurement Trend
Working Capital: Dashboards for 1) Target KPIs and, 2) Working Capital
Duplicate Invoice Alerts: Data section of the platform, highlighting ledger errors and potential duplicate invoices
Support Services: Xelix provides ongoing support to the Customer during the duration of the contract, as laid out in the Xelix Security Whitepaper.
Appendix 2 - Personal Data Processing Requirements
1. In this Schedule the following definitions apply:
“Personal Data” means personal data (as defined in the Data Protection Legislation) which the Data Processor is provided with, obtains, generates or creates in connection with the performance of its obligations under this Agreement;
“processing” shall have the meaning given to that term in the Data Protection Legislation and “process” and “processed” shall have a corresponding meaning;
“Personal Data Breach” means the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
“Regulatory Bodies” means those government departments and regulatory, statutory and other bodies, entities and committees which, whether under statute, rule, regulation, code of practice or otherwise, are entitled to regulate, investigate or influence the matters relating to the security of data, personal data and privacy; and
“Representatives” mean the employees, officers, independent contractors, agency workers and agents of the Data Processor.
2. The Data Processor shall:
(A) on behalf of the Data Controller, carry out Personal Data processing activities necessary for the performance of its obligations under this Agreement and in processing Personal Data act only on the written instructions of the Data Controller except to the extent that a legal requirement prevents the Data Processor from complying with such written instructions or if, in the Data Processor’s opinion, the Data Controller’s written instructions infringe the Data Protection Legislation (each a “Conflict”)., In the event of a Conflict, the Data Processor shall not be obliged to carry out the data processing affected by the Conflict and shall, unless such legal requirement prohibits it from doing so, inform the Data Controller of the relevant legal requirement before carrying out the affected processing activities;
(B) take reasonable and appropriate technical and organisational measures against unauthorised or unlawful processing of the Personal Data and against accidental loss or destruction of, or damage to, the Personal Data, including such measures as are required by Article 32 of the EU’s General Data Protection Regulation (2016/679) as amended, extended, re-enacted or replaced from time to time;
(C) ensure that any Representatives that have access to the Personal Data have been informed by the Data Processor of the confidential nature of the Personal Data and such Representatives agree in writing to be bound by a duty of confidentiality in respect of the Personal Data;
(D) not disclose any of the Personal Data to any third Party, nor allow any third Party to process the Personal Data on the Data Processor’s behalf, unless the Data Controller has given its prior written consent (which, for the avoidance of doubt, may be given by way of the rights and obligations imposed on the Data Processor in this Agreement. Where the Data Controller gives such written consent and the Data Processor allows a third Party to process the Personal Data:
(a) the Data Processor shall ensure that the third Party is bound by the same data protection obligations that the Data Processor is subject to under this Schedule;
(b) the Data Processor shall remain liable to the Data Controller for the that third Party’s compliance with this Schedule; and
(c) unless explicitly stated otherwise, any consent provided by the Data Controller shall be deemed to be a general consent that is not limited to a specific third Party. The Data Processor shall inform the Data Controller of any intended changes concerning the addition or replacement of a third Party processing Personal Data on its behalf pursuant to a general consent provided by the Data Controller;
(E) transfer the Personal Data outside the European Economic Area (“EEA”) only on the written instructions of the Data Controller except to the extent that a Conflict prevents the Data Processor from complying with such written instructions (in which case the Data Processor shall comply with paragraph 2(A) above). The Data Controller agrees that the Data Processor shall be entitled to transfer Personal Data outside the European Economic Area where:
(a) the recipient has entered into an agreement with the Data Controller (or, in respect of sub-processor, an agreement with the Data Processor to which the Data Controller is a third Party beneficiary) containing the standard contractual clauses for the transfer of personal data from data controllers in the EU to data processors in jurisdictions outside the European Economic Area, adopted by the European Commission pursuant to Decision 2010/87/EU, as amended or replaced from time to time; or
(b) the recipient is located in a country in respect of which the European Commission has issued a finding of the adequacy of the protection of personal data; or
(c) the Data Processor is able to demonstrate to the Data Controller’s reasonable satisfaction that the transfer otherwise satisfies the requirements of the Data Protection Legislation;
(F) provide the Data Controller with reasonable cooperation and assistance (taking into account the nature of the processing undertaken by the Data Processor and the information available to the Data Processor) in connection with the Data Controller’s compliance with:
(a) Articles 32 – 36 (inclusive) of the EU’s General Data Protection Regulation (2016/679/EC); and
(b) its obligations to respond to the exercise of data subject rights under the Data Protection Legislation;
(G) subject to the Data Controller [providing reasonable prior written notice and agreeing to confidentiality obligations reasonably satisfactory to the Data Processor and any of its sub-contractors]:
(a) make available information; and
(b) permit, not more than once in each calendar year (unless there is a material breach of this Schedule or a Regulatory Body otherwise requires additional audits to be undertaken), the Data Controller or a third Party auditor appointed by the Data Controller to audit and inspect the Data Processor’s records, in each case only to the extent that the same is reasonably necessary in order to establish whether the Data Processor has complied with its obligations under this Schedule;
(H) if there is a Personal Data Breach, notify the Data Controller without undue delay of becoming aware of the breach and provide the Data Controller with reasonable cooperation and assistance (taking into account the nature of the processing undertaken by the Data Processor and the information available to the Data Processor) in making any mandatory notifications to Regulatory Bodies and/or affected data subjects in connection with the Personal Data Breach.
3. Upon expiry or termination of this Agreement for any reason, the Data Processor shall (at the Data Controller’s option) deliver all records of the Personal Data to the Data Controller or irretrievably delete the Personal Data (except to the extent that the Data Processor is required by law to retain copies of the Personal Data).