Master services agreement.

1. Definitions and interpretations

1.1 Defined words and expressions used in this Contract shall have the following meanings:

Available Services: means digital marketing services;

Business Day: means a day other than a Saturday, Sunday or public holiday in England on which banks in London are open for business;

Client: means the party defined as such in the Statement of Work;

Client Materials: means all documents, information, items and materials in any form, whether owned by the Client or a third party, which are provided by the Client to Croud in connection with the Works;

Client Personal Data: means any personal data provided by or on behalf of the Client (or any user of the Works or Deliverables);

Confidential Information: means all confidential information (however recorded or preserved) disclosed by a party or its Representatives (as defined below) to the other party and that party’s Representatives and shall include, without limitation, (a) the existence and terms of this MSA and the Statements of Work; (b) any information that would be regarded as confidential by a reasonable business person relating to: (i) the business, affairs, customers, clients, suppliers, or plans, intentions, or market opportunities of the disclosing party (or of any member of the Group to which the disclosing party belongs); and (ii) the operations, processes, product information, know-how, designs, trade secrets or software of the disclosing party (or of any member of the Group to which the disclosing party belongs); and (c) any information developed by the parties in the course of carrying out its obligations under this MSA;

Consultancy Deliverables: means (a) any output of the Consultancy Works (if any) to be provided by Croud to the Client; and/or (b) any output of the Works (but excluding the Consultancy Works) which is incidental to the provision of the same and which is solely a product of Croud’s digital advisory function;  

Consultancy Works: means the services, if any, specifically named and described in a Statement of Work as such, and which form part of the Works;

Content Standards: means the mandatory content standards set by Croud and made available at https://croud.com/en-gb/content-standards/, as updated from time to time;

Creative Deliverables: means any output of the Works to be provided by Croud to the Client, including the analytics available in connection with the provision of the Works, but excluding the Consultancy Deliverables;

Croud: means Croud Inc Ltd, registered in England and Wales under company number 07542498 with its registered office at Cannon Place, 78, Cannon Street, London, EC4N 6AF;

Data Protection Legislation: means the UK Data Protection Legislation and any other European Union legislation relating to personal data and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including, without limitation, the privacy of electronic communications).  The terms data controller, data processor, data subject, personal data, personal data breach and processing shall all bear the respective meanings given to them in the Data Protection Legislation;

Defect: means (a) a failure of the Works or the Deliverables (or any part thereof) to comply with the requirements set out in clause 4.1 of this MSA; or (b) any claim that the Works and/or the Deliverables breach a third party’s Intellectual Property Rights;

Deliverables: means the Consultancy Deliverables (if any) and the Creative Deliverables;

Digital Third Party: means any search engine, third party provider of technology, networks and/or advertising platforms used in the provision of the Works;

Digital Third Party Claim: means any claim made against Croud by a Digital Third Party pursuant to the terms of, in respect of a breach of, the Digital Third Party Terms, to the extent that the same is caused by any act or omission of the Client, Client Representatives or the Representatives of any affiliate of the Client; 

Digital Third Party Terms: means any terms and conditions and/or policies of a Digital Third Party; 

Force Majeure Event: means any circumstance not within a party’s reasonable control including, without limitation, acts of God, flood, drought, earthquake or other natural disaster, epidemic or pandemic, terrorist attack, civil war, civil commotion or riots, war, threat of or preparation for war, armed conflict, imposition of sanctions, embargo, or breaking off of diplomatic relations, nuclear, chemical or biological contamination or sonic boom, any law or any action taken by a government or public authority, collapse of buildings, fire, explosion or accident, any labour or trade dispute, strikes, industrial action or lockouts (other than in each case by the party seeking to rely on this clause, or companies in the same group as that party) and interruption or failure of utility service; 

Group: means to a company (wherever incorporated), that company, any company of which it is a Subsidiary from time to time (its holding company) and any other Subsidiaries from time to time of that company or its holding company. Each company in a Group is a member of the Group; 

Intellectual Property Rights: means patents, rights to inventions, copyright and related rights, trade marks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world, including the right to sue for and recover damages for past infringements;

Quotation: means a written quotation issued by Croud to the Client in relation to Available Services; 

Representatives: means, in relation to a party, its officers, employees, sub-contractors, representatives and advisers;

SOW Fees: means the sums payable by the Client to Croud for the Works as set out in the Statement of Work;

Statement of Work: means the detailed plan, agreed and signed in accordance with clause 3, describing the Available Services to be provided by Croud, the timetable for their performance and any related matters; 

Subsidiary: means in relation to a company wherever incorporated (a holding company), any company in which the holding company (or persons acting on its behalf) for the time being directly or indirectly holds or controls either: (a) a majority of the voting rights exercisable at shareholder meetings of that company; or (b) the right to appoint or remove a majority of its board of directors; and any company which is a Subsidiary of another company is also a Subsidiary of that company’s holding company. Unless the context otherwise requires, the application of the definition of Subsidiary to any company at any time shall apply to the company as it is at that time; 

System: means the Client’s website and/or software in respect of which the Client is receiving the Works;

UK Data Protection Legislation: means all applicable data protection and privacy legislation in force from time to time in the UK including the General Data Protection Regulation ((EU) 2016/679); the Data Protection Act 2018; the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended;

Virus: means any thing or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by rearranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices; 

Works: means the Available Services which are to be provided by Croud under a Statement of Work. 

1.2 Unless the context otherwise requires, a reference to: 

(a) clauses, Schedules and paragraphs are to the relevant clauses, Schedules or paragraphs of this MSA;

(b) the headings to the clauses, Schedules and paragraphs of this MSA will not affect the interpretation of the same; 

(c) an enactment includes reference to that enactment as amended, supplemented, replaced or succeeded from time to time and to any subordinate legislation or byelaw made under that enactment; 

(d) “writing” or “written” includes email; 

(e) a “person” includes a natural person, corporate or unincorporated body (whether or not having separate legal personality); and 

(f) European Union law that is directly applicable or directly effective in the UK at any time is a reference to it as it applies in England and Wales from time to time including as retained, amended, extended, re-enacted or otherwise given effect on or after 11pm on 31 January 2020;

1.3 Any words following the terms “including”, “include”, “in particular”, “for example” or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms;

2. Commencement and duration

2.1 This MSA shall commence on the date that it has been agreed to by both parties and shall continue, unless terminated earlier in accordance with its terms and subject to clause 2.2, until either party gives written notice to terminate to the other party.

2.2 If there are uncompleted Statements of Works as at the date written notice to terminate is served under clause 2.1, such notice                shall expire on the completion of all Statements of Work entered into before the date on which it is served.

2.3 If there are no uncompleted Statements of Work as at the date written notice to terminate is served under clause 2.1, such notice shall terminate this MSA with immediate effect.

2.4 The parties shall not enter into any further Statements of Work after the date on which notice to terminate the MSA is served under clause 2.1.

3. Statement of work

3.1 The Client may procure any of the Available Services by agreeing a Statement of Work with Croud pursuant to clause 3.  

3.2 Croud reserves the right in its absolute discretion to accept or reject a request for Available Services. Where Croud accepts such request, it shall, within a reasonable period, issue a draft Statement of Work for discussion. 

3.3 The Client shall provide Croud with as much information as Croud reasonably requests in order to prepare a draft Statement of Work for the Available Services requested.

3.4 The Client shall ensure that the terms of any draft Statements of Work are satisfactory for its purpose before agreeing to their terms and shall ensure that any details, information or specifications provided to Croud pursuant to clause 3.3 are complete and accurate.  

3.5 Each Statement of Work shall be agreed by the parties in writing and both parties shall sign the draft Statement of Work when it is agreed.  

3.6 Once a Statement of Work has been agreed and signed in accordance with this clause 3, no amendment shall be made to it except in accordance with clause 17.8 (Variation).

3.7 Croud may use the information given to it by the Client or information it may hold about the Client, or which it receives from any enquiry made with various agencies (including but not limited to credit reference agencies) in reaching any determination as to the basis on which it deals with the Client and with a view to protecting the parties from fraudulent transactions.

3.8 Subject to clause 13.4, the duration of each Statement of Work and the grounds upon which it may be terminated shall be set out therein. Expiry or termination of a Statement of Work shall not effect the validity or enforceability of this MSA.

4. Croud’s obligations

4.1 Croud shall provide the Client with the Works as set out in a Statement of Work from the services start date specified therein. In the event of a conflict or inconsistency between the terms of this MSA and those of a Statement of Work, the terms of the relevant Statement of Work shall prevail.

4.2 In supplying the Works, Croud shall:

(a) perform the Works with reasonable care and skill and, in all material respects, in accordance with the applicable Statement of   Work;

(b) devote such time as it deems reasonably necessary for the proper performance of the Works; and

(c) comply with all applicable laws, statutes and regulations from time to time in force, provided that Croud shall not be liable under this MSA and/or a Statement of Work if, as a result of such compliance, it is in breach of any of its obligations thereunder.

4.3 Croud may, on prior written notice to the Client, make changes to the Works, provided that such changes do not have a materially adverse effect on the Client’s business operations.  

4.4 To the extent that the Works include Consultancy Works, in the course of the provision of the Consultancy Works, Croud shall:

(a) recommend and (as and when directed) execute strategies and techniques for the collection, processing, reporting, distribution, analysis and interpretation of data generated by the System; and

(b) not knowingly recommend or execute any strategy or technique that would present a risk or danger to the Client’s cyber, data and/or information security, or which would otherwise place it in contravention of any agreement with a third party which it has been made aware of in advance in writing by the Client.

4.5 Nothing in this MSA and/or a Statement of Work shall prevent Croud from being engaged, concerned or having any financial interest in any other business, trade or profession or occupation during the provision of the Works.

5. The client’s obligations

5.1 The Client shall:

(a) co-operate with Croud in all matters relating to the Works;

(b) provide, for Croud and its Representatives, in a timely manner and at no charge, access to the Client’s premises, office accommodation, data, systems and other facilities as reasonably required by Croud in order to perform the Works;

(c) provide, in a timely manner, such information (and in such format) as Croud may reasonably require for the performance of the Works, and shall ensure that it is accurate and complete in all material respects; 

(d) in respect of its receipt of the Works, comply with all applicable laws, statutes and regulations from time to time in force; 

(e) obtain and maintain all necessary licences, consents, and permissions necessary for Croud and its Representatives to perform the Works, including the use of all Client Materials, in all cases before the date on which the Works are to start;

(f) ensure that its network and Systems comply with the relevant specifications provided by Croud from time to time;

(g) procure and maintain its network connections and telecommunications links from its Systems to Croud’s data centres, and shall be responsible for all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Client’s network connections or telecommunications links or caused by the internet; 

(h) comply with any additional responsibilities of the Client as set out in the relevant Statement of Work;

(i) use its best endeavours to prevent any unauthorised access to, or use of, the Consultancy Deliverables and, in the event of any such unauthorised access or use, promptly notify Croud; 

(j) procure that, dependent on where the Deliverables are used, the statement “Written by Croud Inc Limited” accompanies its use; and

(k) not access, store, distribute or transmit any Viruses during the course of its receipt of the Works.

5.2   If Croud’s performance of its obligations under this MSA and/or a Statement of Work is prevented or delayed by any act or                      omission of the Client and/or its Representatives, Croud shall:

(a) not be liable for any costs, charges or losses sustained or incurred by the Client that arise directly or indirectly from such prevention or delay; and

(b) be permitted to adjust any agreed timetable or delivery schedule to account for such act or omission.

5.3 The Client warrants that:

(a) the Client Materials comply with the Content Standards and that it shall always provide Client Materials which comply with the Content Standards;

(b) the receipt and use of the Client Materials in accordance with the licence granted in clause 10.1(b) shall not infringe the rights (including any Intellectual Property Rights) of, or cause any harm to, any third party;  

(c) it shall not require the Works to be provided in conjunction with anything which is or may reasonably be deemed by Croud as being contrary to the Content Standards; and 

(d) its business, goods and/or services may not in any way be classified as being contrary to the terms (or the spirit) of the Content Standards, 

and it shall notify Croud immediately in the event that any circumstances arise such that the warranties included herein are, or might reasonably be considered to be, untrue, inaccurate or misleading.

5.4 The Client shall:

(a) comply with all and any Digital Third Party Terms, as made known or provided to the Client from time to time; and

(b) indemnify, keep indemnified and hold Croud harmless for and against all liability, loss, damage, charges, expenses and fees (including any reasonable professional costs and expenses) suffered or incurred by Croud and/or its Representatives arising out of or in connection with a Digital Third Party Claim.

5.5 Not withstanding Croud’s acceptance of a Statement of Work, Croud shall retain the right to refuse to publish any advertising content or to remove advertising content from any advertising inventory if it, in its sole discretion, considers that such content, or any material to which the content links, either breaches (or might reasonably be considered as likely to breach) clause 5.3 and/or clause 5.4 of this MSA.

5.6 The Client shall not, without the prior written consent of Croud, at any point during the term of this MSA or the twelve (12) months following its termination (howsoever arising) solicit the services of any Croud personnel (whether an employee, subcontractor, freelancer or agent) whom has been engaged in the provision of the Works. A breach of this clause will render the Client liable to pay Croud an amount equal to twelve (12) months’ of the total earnings that would otherwise be payable to the employee, sub-contractor, freelancer or agent in question.  The cap on liability set out in clause 12.7 of this MSA shall not apply to liability incurred under this clause 5.6.

6. Proofing

6.1 The Client shall be required to proof all draft Creative Deliverables prior to their finalisation and shall ensure that they are accurate, true and not misleading and that they comply with the Content Standards.  

6.2 Within a reasonable timeframe from receipt of the draft Creative Deliverables, the Client shall notify Croud as to whether it accepts or rejects the drafts for use.  In the event that the drafts are rejected, the Client shall specify what changes it would like made to the drafts prior to their use (the “Revisions”).

6.3 Where Croud:

(a) agrees with the Revisions, it shall implement the same and the draft Creative Deliverables shall be finalised and may then be used; or

(b) disagrees with the Revisions, it shall notify the Client of its reasoning and afford the Client the opportunity to either agree with it or maintain the Revisions.  Where the Revisions are maintained by the Client, Croud shall implement the same and the draft Creative Deliverables shall be finalised and may then be used.

7. Fees and payment

7.1 In consideration of the Works, the Client shall pay Croud the SOW Fees.  Time for payment shall be of the essence of this MSA.

7.2 Croud shall invoice the Client for the SOW Fees at the intervals specified in the Statement of Work. If no such intervals are specified, Croud shall invoice the Client at the end of each month for Works performed during that month.

7.3 Unless stated otherwise in the Statement of Work, the Client shall pay each invoice submitted to it by Croud in Pound Sterling within thirty (30) days of the date of the invoice to a bank account nominated in writing by Croud from time to time. 

7.4 No payment shall be deemed to have been received until Croud has received cleared funds.

7.5 Croud may raise and issue the Client with interim invoices from time to time and the Client shall pay the SOW Fees applicable to such invoices within thirty (30) days of the date of the relevant invoice. 

7.6 All amounts payable by the Client shall be made without set off, counterclaim or deduction. 

7.7 Without prejudice to any other rights or remedies available to Croud, if Croud has not received payment of any SOW Fees by the due date:

(a) it may suspend or otherwise disable the provision of, or cease to provide any or all of the Works whilst the relevant SOW Fees remain unpaid; and

(b) interest shall accrue on a daily basis on such due amounts at an annual rate equal to 4% over the then current base lending rate of National Westminster Bank plc from time to time, commencing on the due date and continuing until fully paid, whether before or after judgment.

7.8 The SOW Fees exclude value added tax and any applicable additional or substitute taxes, levies, imposts, duties, fees or charges whatsoever and whenever, all of which shall be paid additionally by the Client at the prevailing rate.

7.9 In the event of a change in applicable law or regulation that materially changes the cost of delivery of the applicable Works, Croud may give the Client written notice thereof and the Client shall have 30 (30) days to accept such increased costs or else the applicable portion of the Statement of Work shall be deemed terminated with immediate effect. 

7.10 If the Client disputes any portion of an invoice, the Client must notify Croud of such dispute within 20 (20) days of receipt and shall pay the undisputed portion of the invoice in full notwithstanding such dispute.

8. Confidentiality

8.1 Each party undertakes that it shall not at any time during the term of this MSA, and for a period of five (5) years thereafter, disclose to any person any Confidential Information pertaining to the other party, except as permitted by clause 8.2.

8.2 Each party may disclose the other party’s Confidential Information:

(a) as specifically agreed in any Statement of Work;

(b) to its Representatives and/or third parties who need to know such information for the purposes of exercising the party’s rights or carrying out its obligations under or in connection with this MSA and/or a Statement of Work. Each party shall ensure that its Representatives and/or third parties to whom it discloses the other party’s confidential information comply with this clause 8; and

(c) as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority.

8.3 No party shall use any other party’s confidential information for any purpose other than to exercise its rights and perform its obligations under or in connection with this MSA and/or a Statement of Work.

9. Data protection

9.1   Each party shall, in performing its obligations under this MSA and/or a Statement of Work, comply with all applicable requirements of the Data Protection Legislation.

9.2   The parties acknowledge that for the purposes of the Data Protection Legislation, if Croud processes any Client Personal Data when performing its obligations under this MSA and/or a Statement of Work, the Client shall be the data controller and Croud shall be a data processor.  To the extent that processing is required, the parties shall agree a Data Processing Addendum to the relevant Statement of Work which shall set out the scope, nature and purpose of the processing by Croud, the duration of the processing and the types of personal data and categories of data subject.

9.3 Without prejudice to the generality of clause 9.1:

(a) the Client warrants that any Client Personal Data has been collected in accordance with Data Protection Legislation, including where necessary, that it has obtained all required authorisations, consents or other permissions to process and use the Client Personal Data in accordance with the Data Protection Legislation and all applicable regulatory requirements. As between the parties, the Client shall have sole responsibility for the accuracy, quality, and legality of the Client Personal Data and the means by which the Client acquired the Client Personal Data;

(b) the Client warrants that it has a legal basis under the Data Protection Legislation to enable the lawful transfer of the Client Personal Data to Croud for the term, and the purposes, of this MSA and the relevant Statement of Work and, where required under the Data Protection Legislation, it has obtained the prior and express consent (including for direct marketing where necessary or where recommended or required by Data Protection Legislation) of each data subject to transfer the Client Personal Data to Croud in accordance with Data Protection Legislation and that the Client is accordingly entitled to transfer the Client Personal Data to Croud so that it may lawfully use, process and transfer the Client Personal Data in accordance with this MSA, any relevant Statement of Work and Data Protection Legislation;

(c) the Client acknowledges and agrees that the Client Personal Data may be transferred or stored outside the EEA in order to carry out the Works and Croud’s other obligations under this MSA and/or a Statement of Work;

(d) the Client acknowledges that the provision of the Works under this MSA and/or a Statement of Work may require the processing of Client Personal Data by Croud and Croud’s sub-processors in countries and organisations outside the EEA from time to time;

(e) the Client shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as recommended or required by Data Protection Legislation; and

(f) the Client shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the Client Personal Data or its accidental loss, destruction or damage to protect and secure Client Personal Data including when providing or making such data available to Croud.

9.4 Croud shall:

(a) only carry out processing of any of the Client Personal Data only on the Client’s documented and lawful instructions given from time to time or as otherwise agreed in writing by the parties; 

(b) only transfer the Client Personal Data to countries or organisations located outside the EEA that ensure an adequate level of protection (as set out by the EU Commission) for the rights of the data subject. Where such country or organisation does not provide an adequate level of protection, Croud shall ensure it will transfer Client Personal Data in accordance with Data Protection Legislation, including via agreement to the execution of the standard contractual clauses (the SCCs) approved by the EU Commission under Data Protection Legislation and as set out in Schedule 1. The SCCs shall be incorporated into this MSA in the event of such transfer unless Croud relies upon another data transfer mechanism), and accordingly such SCCs shall be considered binding upon agreement to this MSA (via the execution of a Statement of Work by the parties). Where a Statement of Work includes language in a Data Processing Addendum to complete the empty fields in Appendix 1 and Appendix 2 of the SCCs, then such language shall serve to complete the SCCs and shall be read in conjunction with the SCCs in order to clarify the requirements of the Data Importer and Data Exporter;

(c) inform the Client if, in Croud’s opinion, any instructions provided by the Client infringe Data Protection Legislation;

(d) implement appropriate technical and organisational measures to protect the Client Personal Data;

(e) take reasonable steps to ensure that individuals who have access to Client Personal Data for the purposes of this MSA and/or a Statement of Work are bound by an obligation of confidentiality; 

(f) notify Client without undue delay on becoming aware of a personal data breach;

(g) notify the Client if it receives a subject access request. Client shall be responsible to handle such requests of data subjects. If a data subject brings a claim directly against Croud for a violation of their data subject rights, Client will reimburse Croud for any cost, charge, damages, expenses or loss arising from such a claim; 

(h) provide the Client assistance in respect of a personal data breach as notified under clause 9.4(f) and in relation to the Client’s obligations under sections 64 – 68 of the UK Data Protection Legislation (at the Client’s sole cost); and

(i) maintain complete and up to date records of processing activities carried out on the Client’s behalf as required by the Data Protection Legislation.

9.5 The Client is entitled to monitor and audit Croud’s data processing under this MSA and a Statement of Work once a year and during normal business hours.  If the Client believes that an on-site audit is necessary, Croud agrees to give the Client reasonable access to its premises (subject to any reasonable confidentiality and security measures), and to any stored personal data and data processing programs it has on-site.

9.6 Croud shall allow for, and contribute to, audits conducted by the Client as required under and in accordance with Data Protection Legislation. Such audits shall be at the Client’s sole cost and shall be conducted during business hours. In this clause, business hours means 9.00am to 5.00pm on a Business Day.

9.7 The Client consents to Croud appointing the following third parties as third-party processors of Client Personal Data under this MSA, as well as the appointment of any additional third-party processors as listed in the Data Processing Addendum in a Statement of Work (the “Sub-Processors”):

Authorised Sub-Processors AWS
Microsoft Azure AD
Any service provided by Google LLC, Google Ireland Ltd, or any affiliate of these companies
Datorama
Types of Personal Data Personal Data may include: Name, work email, work telephone number, place of work of
Client’s employees


For the avoidance of doubt, Sensitive Personal Data as defined in the Data Protection Legislation will
not be processed.
Categories of Data Subjects Client’s employees and freelancers
Subject Matter and Duration of Processing Until the earliest of (i) expiry or termination of the Master Services Agreement or (ii) the date upon which
processing is no longer necessary for the purposes of either party performing its obligations
under clause 9.
Nature of Processing Shall include collection, storage, duplication, deletion, and disclosure and other processing
activities, where necessary.
Purpose of Processing Necessary for the provision of the Services under or in connection with the Master Services Agreement or applicable Statement of Work(s).

Croud will notify the Client in advance of any addition to or replacement of the Sub-Processors. Within thirty (30) days after Croud’s notification of the intended change, the Client can object to the addition of a Sub-Processor on the basis that such addition would cause the Client to violate Data Protection Legislation. The Client’s objection shall be in writing and shall include the Client’s specific reasons for its objection and options to mitigate, if any. If the Client does not object within such period, the respective Sub-Processor may be commissioned to process Client Personal Data. Croud confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement incorporating terms which are substantially similar to those set out in this clause. As between the Client and Croud, Croud shall remain fully liable for all acts or omissions of any third-party processor appointed by it.

9.8 Upon completion of the Works, Croud will at the Client’s reasonable request delete or return to the Client all Client Personal Data processed under this MSA and/or a Statement of Work except to the extent that Croud is required by law to retain any copies of the personal data.

9.9 In the event of any loss or damage to Client Personal Data, the Client’s sole and exclusive remedy shall be for Croud to use reasonable commercial endeavours to restore the Client Personal Data which has been lost or damaged from the latest back-up maintained by the Client (to the extent it is technically possible to do so).

10. Intellectual property rights

10.1 The parties agree that, except as expressly provided to the contrary, this MSA and/or a Statement of Work shall not transfer ownership of, or create any licences (implied or otherwise), in any Intellectual Property Rights:

(a) owned by, licensed to, or otherwise vested in Croud prior to this MSA or any Statement of Work being executed; or

(b) in the Client Materials, save to the extent that Croud needs to make use of the same in connection with the provision of the Works, in which case, the Client grants to Croud and its Representatives a fully paid-up, non-exclusive, royalty-free, non-transferable licence to use, copy and modify the Client Materials for the term of this MSA for the purpose of performing the Works.

10.2 In relation to the Creative Deliverables, and subject always to full and proper payment by the Client in accordance with the terms of this MSA and/or a Statement of Work;

(a) Croud assigns to the Client all Intellectual Property Rights in the Creative Deliverables, provided that the Client grants to Croud and its Representatives a fully paid-up, non-exclusive, royalty-free, non-transferable licence to use, copy and modify the Creative Deliverables for the term of this MSA for the purpose of performing the Works;

(b) Croud shall obtain waivers of all moral rights in the Creative Deliverables to which any individual is now or may be at any future time entitled under Chapter IV of Part I of the Copyright Designs and Patents Act 1988 or any similar provisions of law in any jurisdiction, except that Croud shall retain the right to be acknowledged as the author of the Creative Deliverables where expressly permitted under the terms of this MSA and/or a Statement of Work; and

(c) Croud shall, promptly at the Client’s request, do (or procure to be done) all such further acts and things and the execution of all such other documents as the Client may from time to time reasonably require for the purpose of securing all right, title and interest in and to the Intellectual Property Rights assigned to it in accordance with this clause 10.2.

10.3 In relation to the Consultancy Deliverables:

(a) Croud and its licensors shall retain ownership of all Intellectual Property Rights in the Consultancy Deliverables, excluding the Client Materials;

(b) subject to full and proper payment by the Client in accordance with the terms of this MSA and/or a Statement of Work, Croud grants to the Client, or shall procure the direct grant to the Client of, a fully paid-up, worldwide, non-exclusive, royalty-free licence to copy and use the Consultancy Deliverables (excluding the Client Materials) for the purpose of receiving and benefitting from the Consultancy Works and the Consultancy Deliverables in its business; 

(c) the Client may sub-license the rights granted in clause 10.3(b) to the members of its Group; and

(d) Croud reserves and retains all moral rights in the Consultancy Deliverables including but not limited to the right to:

(i) object to and prevent the Consultancy Deliverables from being modified or treated in a derogatory manner (as determined at Croud’s absolute discretion); and

(ii) be acknowledged as the author of the Consultancy Deliverables.

10.4 Except as expressly provided otherwise, this MSA and/or a Statement of Work does not transfer ownership of, or create any licences (implied or otherwise), in any Intellectual Property Rights in any data.

11. Indemnity

11.1 Subject to the limitations set out in clause 12, the Client shall indemnify, keep indemnified and hold Croud harmless for and against all liability, loss, damage, charges, expenses and fees (including any reasonable professional costs and expenses) suffered or incurred by Croud and/or its Representatives arising out of or in connection with:

(a) the Client’s breach of clause 8 or 9 of this MSA;

(b) use of the Works and/or the Deliverables other than in accordance with the terms of this MSA or each relevant Statement of Work.

11.2 Subject to the limitations set out in clause 12, Croud shall indemnify and keep the Client indemnified for and against all liability, loss, damage, charges, expenses and fees (including any reasonable professional costs and expenses) suffered or incurred by the Client arising out of or in connection with:

(a) Croud’s breach of clause 8 of this MSA; and/or

(b) Croud’s breach of clause 9 of this MSA.

12. Limitations of liability

12.1 Except as expressly and specifically provided in this MSA:

(a) the Client agrees and acknowledges that Croud makes no warranties, undertakings or guarantees with regards to the results or sales as a result of the performance of the Works;

(b) the Client assumes sole responsibility for the results obtained from the use of the Deliverables and the Works, and for the conclusions drawn from such use. Croud shall have no liability for any damage caused by errors or omissions in any information provided to Croud by the Client in connection with the Works, or any actions taken by Croud at the Client’s direction; and

(c) all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this MSA and/or a Statement of Work.

12.2 The Client agrees and acknowledges that Croud’s provision of the Works is subject to and contingent upon the Digital Third Parties and that Croud shall not be liable to the Client for any liability, loss, damage or expense suffered or incurred by the Client as a result of:

(a) the actions or omissions of, or events affecting, the Digital Third Parties; or 

(b) the treatment of the Client by the Digital Third Parties.

12.3 In no event shall Croud or its Representatives be liable to the Client for any Defect to the extent that the same is based on:

(a) a modification of the Works or Deliverables by anyone other than Croud after such Works or Deliverables have been delivered to the Client (or such other third party as nominated by the Client for receipt of the same); or

(b) the Client’s use of the Works or Deliverables in a manner contrary to the instructions given to the Client by Croud; or

(c) the Client’s use of the Works or Deliverables after notice of the alleged or actual infringement from Croud or any appropriate authority; or

(d) the fraudulent or unauthorised use of any Works or Deliverables by the Client; or

(e) the Client’s installation of any applications, utilities or other software programs or re-configuration of the Deliverables or Works (including, but not limited to, hardware, firmware, software, programming, configuration and service) or otherwise modification or alteration of any of the foregoing.

12.4 To the extent that there is a Defect based on the use of the Works or Deliverables, Croud may:

(a) procure the right for the Client to continue using the Works and/or any Deliverables;

(b) replace or modify the Works and/or any Deliverables so that they become non-infringing or no longer contain Defects; or 

(c) if such remedies are not reasonably available, terminate the relevant Statement of Work or this MSA on two (2) Business Days’ notice to the Client.

12.5 Nothing in this MSA or any Statement of Work shall exclude the liability of a party:

(a) for death or personal injury caused by negligence; or

(b) for fraud or fraudulent misrepresentation; or 

(c) in the case of the Client’s liability, in respect of its obligations pursuant to clause 5.3, clause 5.4 and/or clause 9.4(g).

12.6 Neither party shall ever be liable to the other, whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise, for:

(a) any loss of an indirect, special or consequential nature howsoever arising under this MSA and/or a Statement of Work; or

(b) any loss of profits; loss of business; loss of contracts; loss of opportunity; loss of or damage to goodwill and reputation; or loss or corruption of data or information.

12.7 Each party’s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of this MSA and/or a Statement of Work shall be limited to the total amount of all SOW Fees paid to Croud by the Client in cleared funds during the 12 months immediately preceding the date on which the circumstances giving rise to the claim arose.

12.8 Exercise by Croud of its right to suspend performance of its obligations under this MSA shall:

(a) be without liability to the Client; and

(b) not function as a waiver of any right of termination that Croud may have under this MSA and/or a Statement of Work.

13. Termination

13.1 A party may terminate this MSA immediately by written notice to the other party in the event that:

(a) such other party commits any breach of a material provision of this MSA and/or a Statement of Work that is irremediable or, if remediable, is not remedied by such other party within fourteen (14) days’ of receipt of written notice specifying the breach and requiring its remedy; or

(b) such other party takes any step or action in connection with its entering administration, provisional liquidation or any composition or arrangement with its creditors (other than in relation to a solvent restructuring), applying to court for or obtaining a moratorium under Part A1 of the Insolvency Act 1986, being wound up (whether voluntarily or by order of the court, unless for the purpose of a solvent restructuring), having a receiver appointed to any of its assets or ceasing to carry on business or, if the step or action is taken in another jurisdiction, in connection with any analogous procedure in the relevant jurisdiction; or

(c) such other party suspends, or threatens to suspend, or ceases or threatens to cease to carry on all or a substantial part of its business.

13.2 Croud may terminate this MSA immediately by written notice to the Client in the event that:

(a) it receives any regulatory decision or governmental order requiring it to suspend the provision of the Works or the Deliverables; or

(b) the Client fails to pay any undisputed amounts due to Croud in accordance with the terms of this MSA and/or a Statement of Work.

13.3 In any circumstance in which Croud may terminate all or any portion of this MSA and/or a Statement of Work, it may exercise its right to suspend performance of any of the Works.

13.4 Subject to clause 2.2, upon termination or expiry of this MSA for whatever reason, all Statements of Work shall automatically terminate.

13.5 Upon termination or expiry of this MSA or a Statement of Work for whatever reason:

(a) all licences granted by Croud under it or a Statement of Work (as applicable) shall terminate immediately;

(b) the Client shall immediately pay to Croud all of its’s outstanding unpaid invoices and interest thereon and, in respect of Works supplied but for which no invoice has been submitted, Croud may submit an invoice, which shall be payable immediately on receipt; 

(c) any provision of this MSA and/or a Statement of Work that expressly or by implication is intended to come into or continue in force on or after termination or expiry shall remain in full force and effect; and

(d) the rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination or expiry, including the right to claim damages in respect of any breach of contract which existed at or before the date of termination or expiry, shall not be affected. 

14. Notices

14.1 All notices under this MSA and/or a Statement of Work shall be in writing and shall be:

(a) delivered by hand or by pre-paid first-class post or other next working day delivery service at its registered office (if a company) or its principal place of business (in any other case); or

(b) sent by email to: 

(i) Croud at [email protected] and 

(ii) the Client: to an email address provided for this purpose in any Statement of Work.

14.2 Any notice shall be deemed to have been received:

(a) if delivered by hand, at the time the notice is left at the proper address;

(b) if sent by pre-paid first-class post or other next working day delivery service, at 9.00 am on the second Business Day after posting; or

(c) if sent by email, at the time of transmission, or, if this time falls outside business hours in the place of receipt, when business hours resume. In this clause 14.2(c), business hours means 9.00am to 5.00pm Monday to Friday on a day that is not a public holiday in the place of receipt.

14.3 This clause does not apply to the service of any proceedings or any documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.

15. Dispute resolution

15.1 Unless otherwise provided for in this MSA, if a dispute arises out of or in connection with this MSA or a Statement of Work or the performance, validity or enforceability of the same (“Dispute”), the parties shall first attempt to resolve a Dispute informally by either party referring the matter in dispute to the Client Contact and Croud’s Account Director within ten (10) Business Days of the Dispute occurring.

15.2 In the event that the parties’ representatives are unable to resolve the Dispute within five (5) Business Days of reference to them, then within one (1) Business Day thereafter, the Client and Croud shall refer the Dispute to Client’s Head of Department and Head of Client Strategy for Croud. 

15.3 In the event that the Dispute cannot be resolved under clause 15.2 above within five (5) Business Days of reference to it, then, within one (1) Business Day thereafter, the Client and Croud shall refer the Dispute to the Client’s CFO or CEO and Croud’s Head of Finance or CFO. 

15.4 If the Client’s CFO or CEO and Croud’s Head of Finance or CFO are unable to resolve the Dispute within five (5) Business Days of reference to them, then either party may refer the matter for mediation or in respect of a Dispute under clause 7.7 for resolution to an independent accountant in accordance with the procedure in clauses 15.6 to 15.9 (inclusive).

15.5 Subject to clause 15.6, the parties shall seek to agree in good faith a mediator, but in default of agreement, the mediator shall be nominated by the Centre for Effective Dispute Resolution (CEDR).  Any such mediation shall be conducted in accordance with the CEDR’s model mediation.

15.6 Where the Dispute relates to a disputed invoice under clause 7.7, and if the parties fail to reach agreement in respect of such invoice, either party may request that the Dispute is referred for resolution to an independent accountant (the “Independent Accountant”). If the Parties fail to agree who to appoint as the Independent Accountant within three (3) Business Days, either party may apply to the President for the time being of the Institute of Chartered Accountants in England and Wales to nominate the Independent Accountant.  

15.7 Following such nomination, the parties shall use their reasonable endeavours to agree terms with the Independent Accountant as soon as reasonably possible (and in any event within ten (10) Business Days of its nomination) and neither party shall unreasonably withhold consent to the terms of appointment offered by the Independent Accountant. If notwithstanding the foregoing, the parties are unable to agree terms with the nominated Independent Accountant within such time frame, then either party may apply to the President for the time being of the institute of Chartered Accountants in England and Wales to nominate another Independent Accountant and the process shall be repeated until terms are agreed.

15.8 The Independent Accountant shall act as an expert not as an arbitrator. The Independent Accountant’s findings shall, in the absence of fraud or manifest error, be binding on the parties.

15.9 The reasonable fees of the Independent Accountant shall be borne by the parties in such proportions as the Independent Accountant may determine. Each party shall provide the Independent Accountant with such assistance and documents as the Independent Accountant requires in connection with its work to resolve the Dispute.

15.10 The parties may mutually agree to extend the timescales or vary the process to attempt to resolve the Dispute.

15.11 Neither party may commence court action or any other form of formal dispute resolution unless or until it has attempted to resolve the Dispute in accordance with this clause 15 except that either party may at any time may seek interim or interlocutory remedies relief in the courts.

15.12 Neither party may raise or rely upon any procedural failure made by the other party in good faith in the application of this clause 15 as a defence in any subsequent court action or any other form of formal dispute resolution pursuant to clause 15.11.

16. Entire agreement

16.1 This MSA and the Statements of Work shall constitute the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter.

16.2 Each party acknowledges that in entering into this MSA and any Statements of Work it does not rely on and shall have no remedies in respect of any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in this MSA or a Statement of Work. Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in this MSA and/or a Statement of Work.

17. General

17.1 Neither party shall have any liability under or be deemed to be in breach of this MSA and/or any Statement of Work for any delays or failures in performance of the same which result from a Force Majeure Event. If such circumstances continue for a continuous period of more than three (3) months, the non-affected party may terminate the Statement of Work affected by written notice of no less than fourteen (14) days’ to the other party.

17.2 Where Croud has incurred liability to the Client, whether under this MSA or otherwise, it may set off the amount of such liability against any sum that would otherwise be due to it by the Client.

17.3 The Client agrees that Croud may refer to the Client and may briefly describe the Client’s business in Croud’s marketing materials and on its website (the “Purpose”). The Client hereby grants Croud a limited licence to use the Client’s trade names and trade marks solely in connection with the Purpose.

17.4 If any provision of this MSA is or becomes prohibited by law or is judged by a court to be unlawful, void or unenforceable, the provision shall, to the extent required, be modified to the minimum extent required in order to give its intended effect, else to the extent that this is not possible, be severed from this MSA and rendered ineffective as far as possible without modifying the remaining provisions of this MSA without affecting any other circumstances of or the validity or enforcement of the remainder of this MSA.

17.5 A waiver of any right or remedy under the MSA or a Statement of Work or by law is only effective if given in writing and shall not be deemed a waiver of any subsequent right or remedy.

17.6 Except as expressly provided otherwise, this MSA and its related Statements of Work shall not be enforceable by any third party in accordance with the Contracts (Rights of Third Parties) Act 1999. 

17.7 This MSA shall not constitute or imply any partnership, joint venture, agency, fiduciary or other relationship between the parties.

17.8 No variation of this MSA or Statement of Work shall be effective unless it is in writing and signed by the parties (or their authorised representatives). For the avoidance of doubt, no employee or representative of Croud, other than a duly authorised officer, has any authority to bind it.

17.9 This MSA and the Statements of Work are personal to the Client and the rights and obligations thereunder may not be assigned or transferred to a third party without the prior written approval of Croud. Croud may assign and/or transfer its rights and obligations without the Client’s prior written consent.

17.10 This MSA and the Statements of Work shall be binding upon, and ensure to the benefit of, the parties and their respective successors and permitted assignees, and references to a party shall include its successors and permitted assignees.

17.11 This MSA and the Statements of Work and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with them or their subject matter or formation shall be governed by and construed in accordance with the law of England and Wales.

17.12 Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with this MSA and the Statements of Work of their subject matter or formation.

Schedule 1 – Standard

Contractual Clauses

2010 EU Model clauses extracted from 2010/87/EU Annex EU Standard Contractual Clauses for the transfer of personal data to data processors established in third countries which do not ensure an adequate level of data protection.

Introduction

Both parties have agreed on the following Contractual Clauses (the “Clauses“) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

Agreed terms

1. Definitions

For the purposes of the Clauses:

(a) “personal data”, “special categories of data”, “process/processing”, “controller”, “processor”, “data subject” and “supervisory authority” shall have the same meaning as in EU Data Protection Laws 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

(b) the “data exporter” means the entity who transfers the personal data;

(c) the “data importer” means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of EU Data Protection Laws 95/46/EC;

(d) the “sub-processor” means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

(e) the “applicable data protection law” means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established; and

(f) “technical and organisational security measures” means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

2. Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

3. Third-party beneficiary clause

3.1 The data subject can enforce against the data exporter this Clause, Clause 4.1(b) to 4.1(i), Clause 5.1(a) to 5.1(e), and 5.1(g) to 5.1(j), Clause 6.1 and 6.2, Clause 7, Clause 8.2, and Clauses 9 to 12 as third-party beneficiary.

3.2 The data subject can enforce against the data importer this Clause, Clause 5.1(a) to 5.1(e) and 5.1(g), Clause 6, Clause 7, Clause 8.2, and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

3.3 The data subject can enforce against the sub-processor this Clause, Clause 5.1(a) to 5.1(e) and 5.1(g), Clause 6, Clause 7, Clause 8.2, and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.  Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

3.4 The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

4. Obligations of the data explorer

4.1 The data exporter agrees and warrants:

(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

(b) that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;

(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;

(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

(e) that it will ensure compliance with the security measures;

(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of EU Data Protection Laws 95/46/EC;

(g) to forward any notification received from the data importer or any sub-processor pursuant to Clause 5.1(b) and Clause 8.3 to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;

(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

(i) that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and

(j) that it will ensure compliance with Clause 4.1(a) to 4.1(i).

5. Obligations of the data importer

5.1 The data importer agrees and warrants:

(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;

(d) that it will promptly notify the data exporter about:

(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;

(ii) any accidental or unauthorised access; and

(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;

(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

(f) at the request of the data exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;

(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

(h) that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;

(i) that the processing services by the sub-processor will be carried out in accordance with Clause 11; and

(j) to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.

6. Liability

6.1 The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.

6.2 If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, in which case the data subject can enforce its rights against such entity.

The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.

6.3 If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.

7. Meditation and jurisdiction

7.1 The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

(b) to refer the dispute to the courts in the Member State in which the data exporter is established.

7.2 The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

8. Co-operation with supervisory authorities

8.1 The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

8.2 The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.

8.3 The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2.  In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5.1(b).

9. Governing law

The Clauses shall be governed by the laws of the country of establishment of the data exporter.

10. Variation of the contract

The parties undertake not to vary or modify the Clauses.  This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clauses.

11. Sub-processing

11.1 The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter.  Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses.  Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor’s obligations under such agreement

11.2 The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law.  Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

11.3 The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of England.

11.4 The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5.1(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.

12. Obligation after the termination of personal data-processing services

12.1 The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred.  In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

12.2 The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.

This agreement has been entered into on the date shown at the beginning of the first page of this agreement.

On behalf of the data exporter:

Name (written out in full):  ……………………………………………………………………………….

Position:  …………………………………………………………………………………………………..

Address:  ………………………………………………………………………………………………….

Other information necessary in order for the contract to be binding (if any):

Signature  ………………………………………………………

 

On behalf of the data importer:

Name (written out in full):  ……………………………………………………………………………….

Position:  …………………………………………………………………………………………………..

Address:  ………………………………………………………………………………………………….

Other information necessary in order for the contract to be binding (if any):

Signature  ………………………………………………………

Appendix 1 to the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties. The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix

Data exporter 

The data exporter is (please specify briefly your activities relevant to the transfer): …………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………

Data importer 

The data importer is (please specify briefly activities relevant to the transfer): …………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………

Data subjects 

The personal data transferred concern the following categories of data subjects (please specify): …………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………

Categories of data 

The personal data transferred concern the following categories of data (please specify): …………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………

Special categories of data (if appropriate) 

The personal data transferred concern the following special categories of data (please specify): …………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………. 

Processing operations 

The personal data transferred will be subject to the following basic processing activities (please specify): …………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………

DATA EXPORTER

Name: ………………………………………………………………………………………………………..

Authorised Signature ……………………………………………………………………………….

DATA IMPORTER

Name: ……………………………………………………………………………………………………….

Authorised Signature ………………………………………………………………………………

Appendix 2 to the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties. Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4.1(d) and 5.1(c) (or document/legislation attached): …………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………

DATA EXPORTER

Name: ………………………………………………………………………………………………………..

Authorised Signature ……………………………………………………………………………….

DATA IMPORTER

Name: ……………………………………………………………………………………………………….

Authorised Signature ………………………………………………………………………………

Questions? Get in touch below.