Supply of Services Agreement
THIS AGREEMENT is made between:
Our App Limited is a company incorporated in England and Wales with registered number 15232804, whose registered office is at 14 London Street Andover SP10 2PA (Supplier);
Our customers who have bought a product or service from the supplier, online or in person (Customer)
AGREEMENT as of 22 November 2023
1. In this Agreement, the following words are defined:
this agreement for the provision of the Services (as confirmed in Schedule 2) including any schedules;
in relation to either party, any information (whether or not stated to be confidential or marked as such) which that party discloses to the other, or which the other party obtains from any information disclosed to it by that party, either orally or in writing or by any other means, under or connection with this Agreement;
Person, Company or Organisation in any form who buys goods and services from Our App Limited
all documents, items, plans, products, goods and materials supplied by the Supplier, including any methodologies, ideas, designs, computer programs, data, disks, tapes, and reports, in whatever form, which are developed, created, written, prepared, devised or discovered by the Supplier or its agents, sub-contractors, consultants and employees in relation to the Services;
Effective Date the date and time on which the Agreement is confirmed;
any equipment, systems, tools, cabling, items, materials or facilities requested or used directly or indirectly in the supply of the Services, by the Supplier or its sub-contractors
Intellectual Property Rights
any invention, patent, utility model right, copyright and related right, registered design, unregistered design right, trade mark, trade name, internet domain name, design right, design, service mark, database rights, topography rights, rights in get-up, rights in goodwill or to sue for passing off and any other rights of a similar nature or other industrial or intellectual property rights owned or used by the Supplier in any part of the world whether or not any of the same is registered (or capable of registration), including applications and the right to apply for and be granted, extensions or renewals of, and rights to claim priority from, such rights and all equivalent or similar rights or protections which subsist now or will subsist in the future;
the services which are set out and described in Schedule 1 of this Agreement, together with any other services which the Supplier provides or agrees to provide to the Customer through the change control procedure set out below (Change Control);
the charges for the Services, which are set out in Schedule 2 of this Agreement;
the service levels, standards or performance targets applicable to the Services, which are set out in Schedule 3 of this Agreement;
the description or specification for the Services as set out in Schedule 1 of this Agreement or as otherwise agreed between the parties through Change Control;
any day other than a Saturday, Sunday or public holiday in England and Wales. In this Agreement, unless the context requires a different interpretation:
a. the singular includes the plural and vice versa;
b. references to sub-clauses, clauses, schedules or appendices are to sub-clauses, clauses, schedules or appendices of this Agreement; c.a reference to a person includes firms, companies, government entities, trusts and partnerships;
d. "including" is understood to mean "including without limitation";
e. reference to any statutory provision includes any modification or amendment of it;
f. the headings and sub-headings do not form part of this Agreement; and
g. "writing" or "written" will include fax and e-mail unless otherwise stated.
Provision of Services
2. The Supplier shall provide the Services to the Customer on the terms and conditions of this Agreement from the Effective Date and as set out in Schedule 1.
3. The Services will be provided by the Supplier either:
a. on an ongoing basis; or
b. in response to each request from the Customer from time to time as specified in Schedule 1.
4. The Agreement begins on the Effective Date and will continue for the full period of the agreement unless terminated earlier by either party under the clause below (Termination). All agreements will automatically be renewed for one year at a time, on the anniversary of the original Effective Date and on the same terms as the initial Contract Period until notice to cancel the agreement is given by one party to the other at least 24 hours from the renewal date
5. The Supplier shall provide the Services (including any Deliverables) in accordance with the Specification and the Service Levels in all material respects. Time is of the essence for any dates for delivery of the Services under this Agreement, unless specifically stated otherwise in any schedule.
6. The Supplier shall perform the Services with reasonable care and skill, in accordance with:
a. generally recognised commercial practices and standards in the applicable industry; and
b. all laws and regulations applicable to the Services, including all laws and regulations related to (i) anti-bribery and corruption, and (ii) data protection.
7. No amendment shall be made to Schedule 1 except on terms agreed in writing by the Parties in accordance with the clause below Change Control. 8. The Customer must:
a. co-operate with the Supplier in all matters relating to the Services;
b. provide, in a timely manner, any Equipment, materials and any information as the Supplier may reasonably require; in the case of Equipment, the Customer shall ensure that it is in good working order and suitable for the purposes for which it is used, and in the case of information, the Customer shall ensure that it is accurate in all material respects;
c. obtain and maintain all necessary licenses and consents and comply with all relevant legislation in relation to the Services before the date on which the Services are to start;
9. The Supplier shall promptly notify the Customer of:
a. any delays or problems from time to time in the provision of the Services of which the Supplier becomes aware;
b. any circumstances from time to time which may prevent the Supplier from providing the Services in accordance with this Agreement together with (where practicable) recommendations as to how such circumstances can be avoided; and
c. any complaint (whether written or not) or other matter which comes to its attention and which it reasonably believes may give rise to any loss by or claim against the Customer or which may result in any adverse publicity for the Customer.
10. The Customer shall, without limiting any right or remedy of the Customer, promptly report to the Supplier any defects in the Supplier's performance of the Services as soon as reasonably practicable after any such defect comes to the attention of the Customer.
11. Where any defect in the provision of the Services is reported to the Supplier by the Customer or otherwise comes to the attention of the Supplier, the Supplier shall, without limiting any other right or remedy of the Customer, use its reasonable endeavours to provide such further services as are necessary in order to rectify the default as soon as is reasonably practicable.
Charges, Payment and Time Records
12. In consideration of the provision of the Services by the Supplier, the Customer shall pay the Service Charges as set out in Schedule 2 which specifies whether the charges are on a time and materials basis, a fixed price basis or a combination of both. Time is of the essence for the payment of the Service Charges.
13. All charges quoted to the Customer are exclusive of VAT, which the Supplier shall add to its invoices at the appropriate rate.
14. Where Services are provided on a time and materials basis:
a. the charges payable for the Services shall be calculated in accordance with the Supplier's standard daily fee rates for each individual person and are calculated on the basis of an eight-hour day, worked between 9 am and 5 pm on Working Days and otherwise by arrangement between the parties;
b. the Supplier will ensure that every individual whom it engages in relation to the Services completes time sheets recording time spent on the Services or Deliverables; and
c. the Supplier will invoice the Customer monthly in arrears for its charges for time, expenses and materials (together with VAT where appropriate) for the month concerned, accompanied by any relevant receipts for any Equipment, materials and expenses as incurred in accordance with the clause below.
15. Where Services are provided for a fixed price, the total price for the Services is set out in Schedule 2. These charges are due before any work done by the supplier. The Supplier shall invoice the Customer for the charges that are then payable, together with any Equipment, materials and expenses, which have not been expressly included in the fixed price and VAT.
16. Expenses incurred by the Supplier may include: the cost of hotel, subsistence, travelling and any other expenses reasonably incurred by the individuals whom the Supplier engages in connection with the Services, the cost of any materials and the cost of services reasonably and properly provided by third parties and required by the Supplier for the supply of the Services. Any expenses in excess of £100 must be pre-approved by the Customer in writing. Such expenses, materials and third-party services must be invoiced by the Supplier at cost, together with VAT, which the Supplier will add to its invoices at the appropriate rate.
17. The Customer is required to pay first years full cost of the goods or services in advance of supply of these goods and services by credit card when placing the order. The payment shall be non-refundable unless the Supplier fails to provide the Services and is at fault for such failure (where the failure is not the fault of the Supplier, no refund will be made).
18. The Customer shall pay each invoice submitted to it by the Supplier, in full and in cleared funds, as stated on each invoice to a bank account nominated in writing by the supplier (the Due Date).
19. Without prejudice to any other right or remedy that it may have, if the Customer fails to pay the Supplier on the Due Date:
a. the Customer shall pay interest on the overdue amount at the rate of 4% per annum above the Bank of England base rate or 8% whichever the greater at the relevant time. Such interest will accrue on a daily basis from the due date until actual payment of the overdue amount, whether before or after judgment. The Supplier may choose to charge statutory interest due. The Customer shall pay the interest together with the overdue amount; and
b. the Supplier may suspend all Services until payment has been made in full.
20. All sums payable to the Supplier under this Agreement shall become due immediately on its termination, despite any other provision.
21. The Supplier and the Customer shall pay all amounts due under this Agreement in full without any deduction except as required by law and neither party shall be entitled to assert any credit, set-off or counterclaim against the other in order to justify withholding payment of any amount due, in whole or in part.
22. The Customer may at anytime during the term of this Agreement request an increase or decrease in the volume of the Services, subject to no reduction in the agreed fees payable, a change in the Specification, or the addition of new Services (Change Request) by notifying the Supplier in writing of its requirements.
23. The Supplier shall give due consideration to any Change Request from the Customer and shall, within 5 Working Days of receiving a Change Request from the Customer:
a. confirm its acceptance of the Change Request, without any further variation to the terms of the Agreement, in which case the parties shall execute a variation to the Agreement as soon as reasonably practicable and the Supplier shall implement the Change Request accordingly; or
b. provide a written proposal for accepting the Change Request, subject to any variation that it reasonably considers necessary to the Services, the Specification or the Service Charges, including any new Services (Change Proposal) agreement date; or
c. if the Supplier believes it is not reasonably practicable to accept the Change Request, with or without any such variation, provide the Customer with a written statement of its reasons for doing so.
24. Any Change Proposal provided by the Supplier under the above clause shall be based on the Service Charges or, if this is not appropriate, shall be a fair and reasonable quotation for the Change Request.
25. The Customer shall give due consideration to the Supplier's Change Proposal under the clause above and shall within 5 Working Days after receipt of the Change Proposal either give the Supplier a written notice accepting the Change Proposal (subject to or without further negotiation) or rejecting the Change Proposal. If the Customer accepts the Change Proposal, the parties shall as soon as reasonably practicable execute a variation to the Agreement and the Supplier shall implement the agreed variation.
26. The Supplier shall have the right to make any changes to the Services which are necessary to comply with any applicable law or safety requirement, provided that the Supplier gives the Customer reasonable notice of such changes and that such changes do not materially affect the nature/scope of the Services or the Service Charges.
27. The Supplier shall indemnify the Customer against any claim by any other person that the provision of the Services to the Customer in accordance with this Agreement infringes on any Intellectual Property Rights of that other person.
Liability and Insurance
28. If the Supplier's performance of its obligations under this Agreement is prevented or delayed by any act or omission of the Customer, its agents, sub-contractors, consultants or employees, the Supplier shall not be liable for any costs, charges or losses sustained or incurred by the Customer that arise directly or indirectly from such prevention or delay.
29. Nothing in this Agreement limits or excludes either party's liability for:
a. death or personal injury caused by its negligence;
b. fraud or fraudulent misrepresentation; or
c. breach of the terms implied by section 2 of the Supply of Goods and Services Act 1982 (title and quiet possession); or d. any other liability which cannot be limited or excluded by applicable law.
30. Subject to the above clause and the clause above (Indemnity), neither party shall have any liability to the other party, whether in contract, tort (including negligence), for breach of statutory duty, or otherwise, arising under or in connection with this Agreement for:
a. loss of profits;
b. loss of sales or business;
c. loss of agreements or contracts;
d. loss of anticipated savings;
e. loss of or damage to goodwill;
f. loss of use or corruption of software, data or information; g. any indirect or consequential loss.
31. Subject to the two proceeding clauses and the clause above (Indemnity), the total liability of the Supplier for any other loss of the Customer in respect of any one event or series of connected events shall not exceed £500.
32. The terms implied by sections 3 to 5 of the Supply of Goods and Services Act 1982 are, to the fullest extent permitted by law, excluded from this Agreement.
33. During this Agreement, the Supplier and the Customer shall each maintain in force with a reputable insurance company, insurance sufficient to indemnify risks for which they may be responsible, including for their respective sub-contractors, agents and employees, in connection with the Services and shall, on either parties' request, produce both the insurance certificate giving details of cover and the receipt for the current year's premium.
34. Each party will only use Confidential Information to perform its obligations under the Agreement and will not cause or allow the information to be disclosed except:
a. where required by law, court order or any governmental or regulatory body;
b. to any of its employees, officers, sub-contractors, representatives or advisers who need to know the information in order to discharge its obligations under the Agreement and agree only to use the information for that purpose and not to cause or allow disclosure of that information; c. where the information has become generally available to the public (other than as a result of disclosure in breach of the Agreement by the party or any of its employees, officers, sub-contractors, representatives or advisers);
d. where the information was available or known to it on a non-confidential basis before being disclosed under the Agreement; or
e. where the information was developed by or for it independently of the Agreement and is received by persons who are not the disclosing party.
35. Subject to the clause below, the Supplier reserves all Intellectual Property Rights (if any) which may subsist in any Deliverables, or in connection with, the provision of the Services. The Supplier reserves the right to take such action as may be appropriate to restrain or prevent the infringement of such Intellectual Property Rights.
36. The Supplier licenses all such rights to the Customer free of charge and on a non-exclusive, worldwide basis to such extent as is necessary to enable the Customer to make reasonable use of the Deliverables and the Services.
37. If this Agreement is terminated, this licence will automatically terminate.
38. Each party shall comply with its obligations and may exercise its respective rights and remedies under Schedule 4.
39. The Supplier and its agents, sub-contractors, consultants or employees shall:
a. comply with all applicable laws, regulations, statutes, and codes relating to anti-bribery and anti-corruption including but not limited to the Bribery Act 2010 (Bribery Laws);
b. not commit an offence under sections 1, 2 or 6 of the Bribery Act 2010;
c. comply with any relevant industry code related to Anti-Bribery (Bribery Policies);
d. shall have, maintain, and enforce throughout the term of this Agreement its own policies and procedures, to ensure compliance with the Bribery Laws and the Bribery Policies; and
e. promptly report to the Customer any request or demand for any undue financial or other advantage of any kind received by the Supplier in connection with the performance of this Agreement.
40. The Customer shall not, without the prior written consent of the Supplier, at any time from the date of this Agreement to the expiry of 24 months after the last date of supply of the Services or termination of this Agreement (whichever is the latest), solicit or entice away from the Supplier or employ or attempt to employ any person who is, or has been, engaged as an employee, consultant or sub-contractor of the Supplier in the provision of the Services.
Circumstances beyond the control of either party
41. Neither party shall be liable for any failure or delay in performing their obligations where such failure or delay results from any cause that is beyond the reasonable control of that party.
42. Such causes include but are not limited to: power failure, Internet Service Provider failure, acts of God, epidemic, pandemic, civil unrest, fire, floods, droughts, storms, earthquakes, the collapse of buildings, explosions or accidents, acts of terrorism, acts of war, governmental action, any law or any action taken by a government or public authority, including without limitation imposing an export or import restriction, quota or prohibition, or any other event that is beyond the control of the party in question.
43. The party affected by a circumstance beyond its control shall use all reasonable endeavours to mitigate the effect of the force majeure upon the performance of its obligations.
44. The corresponding obligations of the other party will be suspended to the same extent as those of the party affected by a force majeure event. 45. If the delay continues for a period of 90 days, either party may terminate or cancel the Services to be carried out under this Agreement.
46. A party may terminate the Agreement immediately by giving written notice to the other party if that other party:
a. does not pay any sum due to it under the Agreement within 30 days of the due date for payment;
b. commits a material breach of the Agreement which, if capable of remedy, it fails to remedy within 30 days after being given written notice specifying full particulars of the breach and requiring it to be remedied);
c. persistently breaches any term of the Agreement;
d. is dissolved, ceases to conduct substantially all of its business or becomes unable to pay its debts as they fall due;
e. is a company over any of whose assets or property a receiver is appointed;
f. makes any voluntary arrangement with its creditors or (if a company) becomes subject to an administration order (within the meaning of the Insolvency Act 1986);
g. (if an individual or firm) has a bankruptcy order made against it or (if a company) goes into liquidation;
h. undergoes a change of control (within the meaning of section 1124 of the Corporation Tax Act 2010); or
i. (if an individual) dies or as a result of illness or incapacity becomes incapable of managing his or her own affairs.
Consequences of Termination
47. On termination or expiry of this Agreement:
a. the Customer shall immediately pay to the Supplier all of the Supplier's outstanding unpaid invoices and interest and, in respect of Services supplied but for which no invoice has been submitted, the Supplier may submit an invoice, which shall be payable immediately on receipt;
b. the Customer shall, within a reasonable time, return all of the Supplier's Equipment and any relevant Deliverables remaining the property of the Supplier. Until they have been returned or repossessed, the Customer shall be solely responsible for their safe keeping.
48. Termination or expiry of the Agreement shall not affect any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination or expiry, including the right to claim damages in respect of any breach of the agreement which existed at or before the date of termination or expiry.
49. Other than as set out in the Agreement, neither party shall have any further obligation to the other under the Agreement after its termination.
50. This Agreement contains the whole agreement between the parties relating to its subject matter and supersedes all prior discussions, arrangements or agreements that might have taken place about the Agreement. Nothing in this clause limits or excludes any liability for fraud or fraudulent misrepresentation.
51. The Customer may not assign, transfer or sub-contract to any third party the benefit and/or burden of the Agreement without the prior written consent (not to be unreasonably withheld) of the other party.
52. No variation of the Agreement will be valid or binding unless it is recorded in writing and signed by or on behalf of both parties.
53. The Contracts (Rights of Third Parties) Act 1999 does not apply to the Agreement and no third party has any right to enforce or rely on any provision of the Agreement.
54. Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
55. A provision which by its intent or terms is meant to survive the termination of the Agreement will do so.
56. If any court or competent authority finds that any provision (or part) of the Agreement is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of the Agreement will not be affected.
57. Unless specifically provided by the parties, nothing in the Agreement will establish any employment relationship, partnership or joint venture between the parties, or mean that one party becomes the agent of the other party, nor does the Agreement authorise any party to enter into any commitments for or on behalf of the other party.
58. Any notice (other than in legal proceedings) to be delivered under the Agreement must be in writing and delivered by pre-paid first-class post to or left by hand delivery at the other party's registered address or place of business, or sent by email to the other party's main business email address as notified to the sending party.
a. sent by post will be deemed to have been received, where posted from and to addresses in the United Kingdom, on the second Working Day and, where posted from or to addresses outside the United Kingdom, on the tenth Working Day following the date of posting;
b. delivered by hand will be deemed to have been received at the time the notice is left at the proper address; and
c. sent by email will be deemed to have been received on the next Working Day after sending.
59. The supplier can from time to time recommend third-party software and products that might assist clients in getting more from their App. The supplier does this on the basis that the recommendation(s) and use of these third-party products and services are not supported in any way by the supplier and are for the avoidance of any doubt, specifically excluded from this agreement.
60 The supplier may change and/or alter any of the terms set out in this document. Customers will be informed of any changes by email and can choose to end their contract if they cannot agree with the new terms. Customers using the product(s) after 14 days will be considered that they agree6 and will comply with the new terms.
Governing law and jurisdiction
61. This Agreement shall be governed by and interpreted according to the law of England and Wales and all disputes arising under the Agreement (including non-contractual disputes or claims) shall be subject to the exclusive jurisdiction of the English and Welsh courts.
SCHEDULE 1 - SPECIFICATION OF SERVICES
The Supplier will either provide access to the shared apps portfolio or create a Native App for the Customer based on the Our App Template code and publish it on both the Apple and Google Play App Stores. The supplier will provide links to the app pages on both app stores.
The Supplier will provide the Customer with a unique URL and QR codes. These media assets are for the customer to promote their app to users.
The service only works on Apple or Android mobile phones and some tablets and is not available online.
The Customer has chosen an initial contract period of 1-3 years as stated on the order form
The app has a fixed layout which can be personalised by the customer. The customer can change the look and feel of their app using their own images, Branding and colour scheme together with personalisation of the content widgets available for the customer's use.
The customer has access to the supplier's complimentary content data sets. All complimentary content is kept up to date at the supplier's sole discretion and the supplier reserve the right to charge for updating these dataset if the customer requests additions to the data.
The supplier will host the app content and code of their UK servers; the customer has no right to access this. The Supplier will be responsible for providing the following services (subject to change):
Managing the apps and databases
Maintaining the service
Provision of content app widgets for the customer to utilise to display their content
Provide data UK sets on the following subjects:
Sports Club Data,
Doctors Data (England Only)
Things to do Data and
Incorporating customer's reasonable requests for additional content.
Please note that although the content of our datasets is comprehensive it is impossible to be 100% accurate. Pocket App has sole editorial control of what is included in our data sets. Reasonable requests to add or remove listings will always be considered.
The Customer will be responsible for:
Providing all their information content, images and video for publication within their App(s)
Instructing the Supplier on any new innovative ideas the customer would like added/Implemented that are within the bounds of the app infrastructure (subject to clauses 23-27)
Provide media assets required for the production of their app(s).
to fully use and distribute effectively to customers and users.
Pay your bill on time.
Safeguard and take responsibility for any third-party copyrighted content uploaded to the App(s)
Fill out and return the Native App Information Form provided immediately after the order is received.
The Customer accepts that the Supplier lends the app, code and datasets to the Customer for the entire period of the agreement. The Customer acknowledges that the Supplier is the sole owner of the app design and code and generic content. The customer further acknowledges that they will not have access to the supplier's code and must instruct the supplier to make any changes or repair any part of the code.
SCHEDULE 2 - CHARGES
The Supplier will set up the basic Customer-branded app free of charge. The app will be set up with the appropriate information widgets as set out on the artwork and information form the customer fills out immediately after ordering the app.
Annual App Fee
We charge an annual fee for the use of the app and its associated services.
This Agreement automatically renews for one-year periods on the anniversary of the effective date under the same terms and period as the original agreement, unless notice to quit the agreement is received within 24 hours prior to the end of the current agreement. (Clause 4)
This contract must be read in conjunction with the original order form a copy of which has been / will be emailed.
Additional work beyond the remit of this agreement will be quoted before the work has been done and charged on the invoice.
SCHEDULE 3 - SERVICE LEVELS
The Supplier will maintain the app
The Supplier will run all technical aspects of running the app(s) for the entire period of the agreement. We will endeavor to rectify any issues that occur from time to time within 72 working hours of receiving notice of an issue or problem.
The Supplier will offer a technical and development service between 9 am and 5 pm Monday and Friday excluding public and bank holidays.
SCHEDULE 4 - DATA PROTECTION PART A
60. For the purposes of this Schedule:
a. Data Protection Laws means any applicable law relating to the processing of Personal Data, as applicable to either party or the Services, including i. the Directive 95/46/EC (Data Protection Directive) or the GDPR;
ii. any laws which implement such laws;
iii. any laws that replace, extend, re-enact, consolidate or amend any of the laws stated in (i) and (ii) above;
iv. all guidance, codes of practice and codes of conduct issued by any relevant Data Protection Supervisory Authority relating to such Data Protection Laws (whether legally binding or not).
b. GDPR means the General Data Protection Regulation (EU) 2016/679;
c. Protected Data means Personal Data received from or on behalf of the Customer, or obtained in connection with the performance of the Supplier's obligations under the Agreement; and
d. Sub-processor means any agent, subcontractor or any other third party engaged by the Supplier (or by any other Sub-Processor) for carrying out any processing activities in respect of the Protected Data.
The terms "Controller", "Data Subject", "International Organisation" "Member State", "Personal Data", "Personal Data Breach", "Processor", "Processing" and "Supervisory Authority" shall have the same meaning as in the GDPR.
Compliance with data protection laws
61. The parties agree that the Customer is a Controller and the Supplier is a Processor for the processing of Protected Data pursuant to this
62. The Supplier shall, and shall ensure its Sub-Processors and each of the Supplier personnel shall comply with all Data Protection Laws in connection with the processing of Protected Data and the provision of the Services.
63. Nothing in this Agreement relieves the Supplier of any responsibilities or liabilities under Data Protection Laws.
64. Each party shall be liable for and shall indemnify (and keep indemnified) the other against all actions, proceedings, liabilities, costs, claims, losses, expenses, compensation paid to Data Subjects and other reasonable professional costs and expenses suffered or incurred by the indemnified party arising out of or in connection with any breach of the Data Protection Laws by the indemnifying party, its employees or agents.
65. The Supplier shall only process (and shall ensure Supplier personnel only process) the Protected Data in accordance with Section 1 of Part B of this Schedule and the Customer's written instructions. The Supplier will immediately inform the Customer if any instruction relating to the Protected Data infringes or may infringe any Data Protection Law.
66. The Supplier shall implement appropriate technical and organisational measures to protect the Protected Data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. The technical and organisational security measures which the Supplier shall have in place are set out in Part B to this Schedule.
67. The Supplier will not permit any processing of Protected Data by any third party (except Supplier personnel that are subject to an enforceable obligation of confidence with regards to the Protected Data) without the prior specific written permission of the Customer, except (i) as specifically stated in this Schedule, or (ii) where such processing is required by any applicable law, regulation or public authority.
68. The Supplier shall prior to the relevant Sub-Processor carrying out any processing activities in respect of the Protected Data, appoint each Sub- Processor under a written agreement containing data protection obligations that provide at least the same level of protection for Protected Data as those in this Schedule.
69. The Supplier shall remain fully liable to the Customer under this Agreement for all the acts and omissions of each Sub-Processor and each of the Supplier Personnel as if they were its own.
70. Where a Sub-processor is engaged by the Supplier, the Supplier shall:
a. carry out adequate due diligence to ensure that the Sub-processor is capable of providing the level of protection for Protected Data required by this Schedule;
b. remain liable for any breach of this Schedule caused by a Sub-processor; and
c. provide relevant details and a copy of each agreement with a Sub-Processor to the Customer on request.
71. The Supplier shall, taking into account the nature of the processing, provide reasonable assistance to the Customer insofar as this is possible, to enable the Customer to respond to requests from a data subject seeking to exercise their rights under Data Protection Laws. In the event that such request is made directly to the Supplier, the Supplier shall promptly inform the Customer of the same.
72. The Supplier shall to the extent required by Data Protection Laws, taking into account the nature of the processing and the information available to the Supplier, provide the Customer with commercially reasonable assistance with data protection impact assessments (as such term is defined in Data Protection Laws) or prior consultations with data protection authorities that the Customer is required to carry out under Data Protection Laws.
Data subject requests
73. The Supplier will record and refer all requests and communications received from Data Subjects or any Supervisory Authority to the Customer which relate (or which may relate) to any Protected Data promptly (and in any event within three days of receipt) and will not respond to any without the Customer's express written approval and strictly in accordance with the Customer's instructions unless and to the extent required by law.
74. The Supplier will not process and/or transfer, or otherwise directly or indirectly disclose, any Protected Data in or to countries outside the EEA or to any International Organisation without the prior written consent of the Customer.
Audits and records
75. The Supplier will, in accordance with Data Protection Laws, make available to the Customer such information in the Supplier's possession or control as the Customer may reasonably request with a view to demonstrating the Supplier's compliance with the obligations of data processors under Data Protection Laws in relation to its processing of Protected Data.
76. The Customer may exercise its right to audit under Data Protection Laws through the Supplier providing:
a. an audit report not older than 18 months by an independent external auditor demonstrating that the Supplier's technical and organisational measures are in accordance with the Supplier's industry audit standard; and b. additional information in the Supplier's possession or control to a Supervisory Authority when it requests or requires additional information in relation to the data processing activities carried out by the Supplier under this Schedule. Breach
77. The Supplier shall promptly (and in any event within 24 hours) notify the Customer if it (or any of its Sub-Processors or the Supplier Personnel) suspects or becomes aware of any suspected, actual or threatened occurrence of any Personal Data Breach in respect of any Protected Data.
78. The Supplier shall promptly (and in any event within 24 hours) provide all information as the Customer requires to report the circumstances referred to in paragraph 19 (above) to a Supervisory Authority and to notify affected Data Subjects under Data Protection Laws.
Return/Deletion of Protected Data
79. Upon termination or expiry of the Agreement, the Supplier shall at the Customer's election, promptly (and in any event, within 30 days of the expiry of the Agreement) delete or return to the Customer the Protected Data (including existing copies) in the Supplier's possession by secure file transfer, save to the extent that the Supplier is required by any applicable law to retain some or all of the Protected Data.
80. The Supplier will provide written certification to the Customer that it has fully complied with the section above within 30 days of the expiry of the Agreement.
81. This Schedule shall survive termination or expiry of the Agreement for any reason.
Section 1 - Data processing
Processing of the Protected Data by the Supplier under this Schedule shall be for the subject matter, duration, nature and purposes and involve the types of Personal Data and categories of Data Subjects set out in this Section 1 of Part B.
Subject matter of processing:
The Supplier's provision of the Services and any related technical support to Customer.
The term plus the period from expiry of the term until return/deletion of all Protected Data by the Supplier in accordance with this Schedule.
Nature and purpose of the processing:
The Supplier will Process Protected Data for the purpose of providing the Services and any related technical support to the Customer in accordance with this Schedule.
Type of Personal Data:
Categories of Data Subjects:
Protected Data will concern the following categories of Data Subjects:
Section 2 - Minimum technical and organisational security measures
Without prejudice to its other obligations, the Supplier shall implement and maintain at least the following technical and organisational security measures to protect the Protected Data:
Title, First Name, Last Name; Email Address; Mobile Number;
Data Subjects about whom the Supplier collects Protected Data in its provision of the Services; and/or
Data Subjects about whom Protected Data is transferred to the Supplier in connection with the Services by, at the direction of, or on behalf of Customer. The Supplier data encryption is SHA-256 Cryptographic Hash Algorithm; GDPR Agreements in place with all suppliers.