Terms of Business 1.0

Core to Cloud Terms of Business


1. Interpretation Definitions:

1.1 Business Day: a day other than a Saturday, Sunday or public holiday in England, when banks in London are open for business.

Business Contact Data: business contact information relating to employees, professional advisers and any person (including any employee, worker or subcontractor) engaged by any party (as applicable) involved in managing or administering this agreement, including names, business email addresses, business phone numbers and business addresses;

Charges: the charges payable by the Customer for the supply of the Services and/or Third Party Products by Core to Cloud, as set out in the Statement of Work.

Contract: the contract between the Customer and Core to Cloud for the supply of Services and/or Third Party Products in accordance with the Statement of Work and these Terms of Business.

Contract Term: the Initial Period together the Renewal Period(s), if any, unless otherwise specified in the Statement of Work.

Control: has the meaning given in section 1124 of the Corporation Tax Act 2010, and the expression change of control shall be construed accordingly.

Core to Cloud IPRs: all Intellectual Property Rights subsisting in the Deliverables excluding any Customer Materials incorporated in them.

Customer Materials: all documents, information, software, equipment and tools, drawings, specifications, data and materials in any form (whether owned by the Customer or a third party) provided by the Customer to Core to Cloud in connection with the Services.

Data Protection Legislation: all laws relating to the processing of personal data, privacy and security, including to the extent applicable from time to time:

(a) national laws implementing the EU Data Protection Directive (95/46/EC) and the EU Privacy and Electronic Communications Directive (2002/58/EC);

(b) the GDPR; and

(c) all other applicable international, regional, federal or national data protection laws and regulations.

Deliverables: all documents, products and materials developed by Core to Cloud or its agents, subcontractors and personnel as part of or in relation to the Services in any form, including without limitation computer programs, data, reports and specifications (including drafts) including the deliverables set out in the Statement of Work.

EULA: an End User Licence Agreement or similar agreement for a Third Party Product between the Product Owner and the Customer.

Initial Period: shall be as set out in the Statement of Work.

Intellectual Property Rights: patents, rights to inventions, copyright and related rights, moral rights, trade marks, business names and domain names, rights in get-up, goodwill and the right to sue for passing off, rights in designs, rights in computer software, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.

Product Owner: the third party owner of a Third Party Product for which Core to Cloud is an authorised reseller.

Renewal Period: has the meaning given in clause 2.1 of these Terms of Business.

Third Party Product: the proprietary software of a Product Owner that is resold by Core to Cloud to Customer under the Contract and licensed to Customer by such Product Owner under a EULA.

Services: the services, including without limitation any Deliverables, to be provided by Core to Cloud pursuant to the Contract, as described in the Statement of Work.

SLAs: Service Level Agreements, if any, as set out in a Statement of Work.

Statement of Work: the statement of work and/or quotation agreed between the parties setting out the relevant Services and/or Third Party Products, the Contract Term or Initial Period (as applicable), any applicable SLAs and the Charges.

1.2 Interpretation:

(a) A reference to legislation or a legislative provision:
(i) is a reference to it as amended, extended or re-enacted from time to time; and
(ii) shall include all subordinate legislation made from time to time under that legislation or legislative provision.

(b) Any words following the terms including, include, in particular, for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.

(c) A reference to writing or written includes email but not fax.

 

2. Commencement and term

2.1 Unless otherwise set out in a Statement of Work, the Contract shall continue for the Initial Period and thereafter shall be automatically renewed for successive periods of 12 months (each a Renewal Period), unless:

(a) the Customer notifies Core to Cloud in writing that it wishes to terminate the Contract at least 90 days before the end of the Initial Period or the then-current Renewal Period, in which case the Contract shall terminate upon the expiry of the applicable Initial Period or Renewal Period; or

(b) otherwise terminated in accordance with the provisions of the Contract.

 

3. Third Party Products

3.1 The Customer acknowledges and agrees that any Third Party Products supplied to it under the Contract are supplied under licence from the Product Owner and no rights of ownership are transferred to the Customer. The Customer shall, and procure that its end users shall, comply with the terms of any applicable EULAs. Where no EULA is explicitly provided to the Customer by Core to Cloud or the Product Owner, the Customer acknowledges and agrees that any use of the Third Party Product shall nonetheless be subject to the Product Owner’s standard EULA terms as published on their website or otherwise made publicly available. The Customer is responsible for ensuring it has reviewed and understood such terms prior to use. Use of any Third Party Product constitutes deemed acceptance of those terms.

3.2 Core to Cloud makes no warranty, express or implied, statutory or otherwise, as to any matter whatsoever in connection with any Third Party Product, and all warranties of merchantability and fitness for a particular purpose are disclaimed and excluded. Core to Cloud makes no representation or warranty that all errors have been or can be eliminated from the Third Party Product or that the Third Party Product will operate without interruption, and Core to Cloud shall not in any event be responsible for any losses of any kind resulting from the Customer’s use of the Third Party Product.

3.3 Core to Cloud shall use reasonable endeavours to ensure that the Customer receives the benefit of any guarantee or warranty which may have been given to Core to Cloud by a Product Owner. The Customer acknowledges and agrees that it is responsible for informing itself as to the terms of such guarantee or warranty and ensuring that any conditions are fully complied with.

3.4 If no guarantee or warranty is offered by the Product Owner, or if anything Core to Cloud has done has invalidated such guarantee or warranty, then the Customer shall notify Core to Cloud in writing within 90 days (7 days in the case of software) from the date of delivery that the Third Party Products have failed, Core to Cloud shall replace or repair, at its discretion, any Third Party Products proved to be defective. “Defective” means suffering from any defect in physical workmanship of the Third Party Product and, in the case of software, a defect to the recording media upon which the software is supplied.

3.5 The Customer shall ensure that the Third Party Products are serviced, maintained and used properly and in accordance with Core to Cloud’s and/or the Product Owner’s recommendations (and any guarantee or warranty) and are not fitted or used with any parts, accessories or ancillary equipment other than those recommended by Core to Cloud and/or the Product Owner or stated by Core to Cloud and/or the Product Owner to be suitable.

3.6 During the warranty period set out in clause 3.4 above, the Customer shall not make any attempt to remedy any defect or to dismantle or otherwise tamper in any way with the Third Party Product except in accordance with Core to Cloud or the Product Owner’s specific instructions, directions and/or requests.

 

4. Supply of Services

4.1 Core to Cloud shall supply the Services to the Customer for the Contract Term.

4.2 In supplying the Services, Core to Cloud shall:

(a) perform the Services in accordance with any applicable SLAs, or, in the absence of any specific SLAs, with reasonable care and skill;

(b) use reasonably endeavours to perform the Services in accordance with any agreed performance dates (but time is not of the essence);

(c) use reasonable endeavours to perform the Services in accordance with the relevant Statement of Work(s);

(d) ensure that the Deliverables, and all goods, materials, standards and techniques used in providing the Services are of satisfactory quality and are fit for purpose;

(e) observe all reasonable health and safety rules and regulations and security requirements that apply at any of the Customer’s premises and have been communicated to Core to Cloud, provided that Core to Cloud shall not be liable under the Contract if, as a result of such observation, it is in breach of any of its obligations under the Contract; and

(f) take reasonable care of all Customer Materials in its possession and make them available for collection by the Customer on reasonable notice and request, always provided that Core to Cloud may destroy the Customer Materials if the Customer fails to collect the Customer Materials within a reasonable period after termination of the Contract.

 

5. Customer’s obligations

5.1 The Customer shall:

(a) co-operate with Core to Cloud in all matters relating to the Services;

(b) provide, for Core to Cloud, its agents, subcontractors, consultants and employees, in a timely manner and at no charge, access to the Customer’s premises, office accommodation, data, IT facilities and staff, and other facilities as reasonably required by Core to Cloud;

(c) provide, in a timely manner, such information as Core to Cloud may reasonably require, and ensure that it is accurate and complete in all material respects; and

(d) obtain and maintain all licences, consents and permissions that are necessary to enable Core to Cloud to provide the Services, including all licences, consents and permissions that are needed to allow Core to Cloud to use the Customer Materials.

5.2 If Core to Cloud’s performance of its obligations under the Contract is prevented or delayed by any act or omission of the Customer, its agents, subcontractors, consultants or employees, Core to Cloud shall:

(a) not be liable for any costs, charges or losses sustained or incurred by the Customer that arise directly or indirectly from such prevention or delay;

(b) be entitled to payment of the Charges despite any such prevention or delay; and

(c) be entitled to recover any additional costs, charges or losses Core to Cloud sustains or incurs that arise directly or indirectly from such prevention or delay.

5.3 The Customer shall notify Core to Cloud in writing at least 7 days in advance of any planned penetration testing, security audit or vulnerability scan involving infrastructure or services provided by Core to Cloud. Core to Cloud reserves the right to approve the scope and timing of such activity to avoid disruption.

 

6. Data protection

6.1 In connection with the Services, each party shall comply with its obligations under:

(a) the Data Protection Legislation; and

(b) Schedule 1 (Data Processing Agreement) to these Terms of Business.

6.2 The parties shall comply with their respective obligations under applicable Data Protection Legislation when processing Business Contact Data and each party shall process Business Contact Data solely for the purposes of performing their respective obligations under the Agreement, including the Services’ provision, and only for as long as is necessary for such purposes.

 

7. Intellectual property

7.1 Core to Cloud and its licensors shall retain ownership of all Core to Cloud IPRs. The Customer and its licensors shall retain ownership of all Intellectual Property Rights in the Customer Materials.

7.2 Core to Cloud grants the Customer, or shall procure the direct grant to the Customer of, a fully paid-up, worldwide, non-exclusive, royalty-free, licence to copy and modify the Core to Cloud IPRs for the purpose of receiving and using the Services and the Deliverables in the Customer’s business during the term of the Contract.

7.3 The Customer grants Core to Cloud a fully paid-up, worldwide, non-exclusive, royalty-free, non-transferable licence to copy and modify the Customer Materials for the term of the Contract for the purpose of providing the Services to the Customer in accordance with the Contract. Core to Cloud may grant sublicences of the Customer Materials to its subcontractors and other suppliers where necessary for the performance of the Services.

7.4 Core to Cloud shall indemnify the Customer in full against any sums awarded by a court against the Customer arising out of or in connection with any claim brought against the Customer for infringement of a third party’s rights (including any Intellectual Property Rights) arising out of or in connection with the receipt or use of the Services by the Customer. Core to Cloud shall not be liable under the indemnity in this clause to the extent that the actual or alleged infringement arises from:

(a) the use of Customer Materials in the development of, or the inclusion of Customer Materials in, any Deliverables;

(b) any changes made to the Deliverables without Core to Cloud’s prior written consent;

(c) compliance with the Customer’s specifications or instructions for the development of the Deliverables;

(d) the use of the Deliverables in combination with any other materials not supplied or approved in writing by Core to Cloud; or

(e) the use of the Deliverables for a purpose or in a manner not authorised in writing by Core to Cloud or the failure of the Customer to adhere to Core to Cloud’s reasonable instructions for the use of the Deliverables.

7.5 The Customer shall indemnify Core to Cloud in full against any and all liabilities, costs, expenses, damages and losses (including any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal costs (calculated on a full indemnity basis) and all other reasonable professional costs and expenses) suffered or incurred by Core to Cloud arising out of or in connection with any claim brought against Core to Cloud for infringement of a third party’s rights (including any Intellectual Property Rights) arising out of, or in connection with, the receipt or use of the Customer Materials by Core to Cloud.

 

8. Charges and payment

8.1 In consideration for the provision of the Services and/or Third Party Products set out in the Statement of Work, the Customer shall pay Core to Cloud the Charges.

8.2 All amounts payable by the Customer exclude amounts in respect of value added tax (VAT), which the Customer shall additionally be liable to pay to Core to Cloud at the prevailing rate (if applicable), subject to receipt of a valid VAT invoice.

8.3 Core to Cloud shall submit invoices for the Charges plus VAT if applicable to the Customer at the intervals specified in the relevant Statement of Work.

8.4 The Customer shall pay each invoice due and submitted to it by Core to Cloud within 30 days of receipt, unless otherwise specified in the relevant Statement of Work, to a bank account nominated in writing by Core to Cloud.

8.5 If the Customer fails to make any payment due to Core to Cloud under the Contract by the due date for payment, then, without limiting Core to Cloud’s remedies under clause 10:

(a) the Customer shall pay interest on the overdue sum from the due date until payment of the overdue sum, whether before or after judgment. Interest under this clause will accrue each day at 4% a year above the Bank of England’s base rate from time to time, but at 4% a year for any period when that base rate is below 0%.

(b) Core to Cloud may suspend all Services until payment has been made in full.

8.6 All amounts due under the Contract from the Customer to Core to Cloud shall be paid by in full without any set-off, counterclaim, deduction or withholding (other than any deduction or withholding of tax as required by law).

8.7 Core to Cloud reserves the right to review Charges annually and any changes shall take effect at the start of the next Renewal Period. Any increase will not exceed the UK Consumer Price Index (CPI) plus 3%, unless otherwise agreed in writing.

 

9. Limitation of liability

9.1 References to liability in this clause 9 include every kind of liability arising under or in connection with the Contract including but not limited to liability in contract, tort (including negligence), misrepresentation, restitution or otherwise.

9.2 Neither party may benefit from the limitations and exclusions set out in this clause in respect of any liability arising from its deliberate default.

9.3 Nothing in this clause 9 shall limit the Customer’s payment obligations under the Contract.

9.4 Nothing in the Contract limits any liability which cannot legally be limited, including liability for:

(a) death or personal injury caused by negligence;

(b) fraud or fraudulent misrepresentation; and

(c) breach of the terms implied by section 2 of the Supply of Goods and Services Act 1982 (title and quiet possession).

9.5 Subject to clause 9.2-9.4 above:

(a) Core to Cloud’s total liability to the Customer for any loss or damage arising due to a breach by Core to Cloud of Schedule 1 to these Terms of Business shall not exceed £1 million; and

(b) Core to Cloud’s total liability to the Customer for any loss or damage arising due to a breach by Core to Cloud of any other provision of the Contract shall not exceed the lesser of (i) 100% of the Charges paid to the Supplier under this Contract in the preceding 12-month period, or, if the event giving rise to the liability occurs before the first anniversary of the effective date of the Contract, 100% of the Charges paid or payable to the Supplier in the first 12 months of the Contract; and (ii) £500,000.

9.6 The caps on Core to Cloud’s liabilities shall not be reduced by:

(a) payment of an uncapped liability; and

(b) amounts awarded by a court or arbitrator, using their procedural or statutory powers in respect of costs of proceedings or interest for late payment.

9.7 Subject to clause 9.2-9.4 above, the following types of loss are wholly excluded:

(a) loss of profits and/or sales or business;

(b) loss of agreements or contracts;

(c) loss of anticipated savings;

(d) loss of use or corruption of software, data or information;

(e) loss of or damage to goodwill; and

(f) indirect or consequential loss.

9.8 Core to Cloud has given commitments as to compliance of the Services with relevant specifications in clause 4. In view of these commitments, the terms implied by sections 3, 4 and 5 of the Supply of Goods and Services Act 1982 are, to the fullest extent permitted by law, excluded from the Contract.

9.9 Unless the Customer notifies Core to Cloud that it intends to make a claim in respect of an event within the notice period, Core to Cloud shall have no liability for that event. The notice period for an event shall start on the day on which the Customer became, or ought reasonably to have become, aware of the event having occurred and shall expire four months from that date. The notice must be in writing and must identify the event, and the grounds for the claim, in reasonable detail.

9.10 This clause 9 shall survive termination of the Contract.

 

10. Termination

10.1 Without affecting any other right or remedy available to it, either party may terminate the Contract (in whole or in part) with immediate effect by giving written notice to the other party if:

(a) 10.2 10.3 the other party commits a material breach of any term of the Contract which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of ten Business Days after being notified in writing to do so;

(b) the other party takes any step or action in connection with its entering administration, provisional liquidation or any composition or arrangement with its creditors (other than in relation to a solvent restructuring), applying to court for or obtaining a moratorium under Part A1 of the Insolvency Act 1986, being wound up (whether voluntarily or by order of the court, unless for the purpose of a solvent restructuring), having a receiver appointed to any of its assets or ceasing to carry on business or, if the step or action is taken in another jurisdiction, in connection with any analogous procedure in the relevant jurisdiction;

(c) the other party suspends, or threatens to suspend, or ceases or threatens to cease to carry on all or a substantial part of its business; or

(d) the other party’s financial position deteriorates to such an extent that in the terminating party’s reasonable opinion the other party’s capability to adequately fulfil its obligations under the Contract has been placed in jeopardy.

10.2 Without affecting any other right or remedy available to it, Core to Cloud may terminate the Contract (in whole or part) with immediate effect by giving written notice to the Customer:

(a) if, in the opinion of Core to Cloud (acting reasonably), the Customer does not provide reasonable commercial cooperation to Core to Cloud for Core to Cloud to be able to provide the Deliverables in full in timely fashion;

(b) If the Customer fails to pay any amount due under the Contract on the due date for payment; or

(c) for convenience at the end of the Initial Period or a Renewal Period.

10.3 On termination or expiry of the Contract for whatever reason:

(a) the Customer shall immediately pay to Core to Cloud all of Core to Cloud’s outstanding unpaid invoices and interest and, in respect of Third Party Products and/or Services supplied (or in the case of an uncompleted Contract Term, to be supplied) but for which no invoice has been submitted, Core to Cloud may submit an invoice, which shall be payable immediately on receipt;

(b) any provision of the Contract that expressly or by implication is intended to come into or continue in force on or after termination or expiry of the Contract shall remain in full force and effect; and

(c) termination or expiry of the Contract shall not affect any of the rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination or expiry, including the right to claim damages in respect of any breach of the Contract which existed at or before the date of termination or expiry.

 

11 General

11.1 Force majeure Neither party shall be in breach of the Contract nor liable for delay in performing, or failure to perform, any of its obligations under the Contract if such delay or failure result from events, circumstances or causes beyond its reasonable control.

11.2 TUPE Each party agrees that neither the start nor the termination of the Services (or any part of them) is expected to constitute a relevant transfer for the purposes of the Transfer of Undertakings (Protection of Employment) Regulations 2006 (SI 2006/246) (TUPE) and all other applicable laws in any relevant jurisdiction regulating the automatic transfer of employment on a service provision change.

11.3 Assignment and other dealings

(a) The Customer shall not assign, transfer, charge, subcontract, declare a trust over or deal in any other manner with any or all of its rights and obligations under the Contract without Core to Cloud’s prior written consent, such consent not to be unreasonably withheld or delayed.

(b) Core to Cloud may at any time assign, transfer, charge, subcontract, declare a trust over or deal in any other manner with any or all of its rights under the Contract.

11.4 Confidentiality

(a) Each party undertakes that it shall not at any time disclose to any person any confidential information concerning the business, affairs, customers, clients or suppliers of the other party or of any member of the group to which the other party belongs, except as permitted by clause 11.4(b). For the purposes of this clause 11.4, group means, in relation to a party, that party, any subsidiary or holding company from time to time of that party, and any subsidiary from time to time of a holding company of that party.

(b) Each party may disclose the other party’s confidential information:

(i) to its employees, officers, representatives, contractors, subcontractors or advisers who need to know such information for the purposes of carrying out the party’s obligations under the Contract. Each party shall ensure that its employees, officers, representatives, contractors, subcontractors or advisers to whom it discloses the other party’s confidential informationcomply with this clause 11.4; and

(ii) as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority.

(c) Neither party shall use any other party’s confidential information for any purpose other than to perform its obligations under the Contract.

11.5 Entire agreement

(a) The Contract constitutes the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter.

(b) Each party acknowledges that in entering into the Contract it does not rely on and shall have no remedies in respect of any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in the Contract. Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in the Contract.

(c) In the event of any conflict or inconsistency between these Terms of Business and a Statement of Work the Statement of Work shall take precedence.

11.6 Variation

Core to Cloud may amend these Terms of Business at any time by posting the amended Terms of Business to its website. All amendments shall be effective upon posting.

11.7 Waiver

(a) 11.8 A waiver of any right or remedy under the Contract or by law is only effective if given in writing and shall not be deemed a waiver of any subsequent right or remedy.

(b) A failure or delay by a party to exercise any right or remedy provided under the Contract or by law shall not constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict any further exercise of that or any other right or remedy. No single or partial exercise of any right or remedy provided under the Contract or by law shall prevent or restrict the further exercise of that or any other right or remedy.

11.8 Severance

If any provision or part-provision of the Contract is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause 11.8 shall not affect the validity and enforceability of the rest of the Contract.

11.9 Notices

(a) Any notice or other communication given to a party under or in connection with the Contract shall be in writing and shall be:

(i) delivered by hand or by pre-paid first-class post or other next working day delivery service at its registered office (if a company) or its principal place of business (in any other case); or

(ii) sent by email to the address specified in the Statement of Work.

(b) Any notice or communication shall be deemed to have been received:

(i) if delivered by hand, at the time the notice is left at the proper address;

(ii) if sent by pre-paid first-class post or other next working day delivery service, at 9.00 am on the second Business Day after posting; or

(iii) if sent by email, at the time of transmission, or, if this time falls outside business hours in the place of receipt, when business hours resume. In this clause 11.9(b) (iii), business hours means 9.00am to 5.00pm Monday to Friday on a day that is not a public holiday in the place of receipt.

(c) This clause 11.9 does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.

11.10 Third party rights

Unless expressly stated otherwise, the Contract does not give rise to any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of the Contract.

11.11 Governing law

The Contract, and any dispute or claim (including non-contractual disputes or claims) arising out of or in connexion with it or its subject matter or formation, shall be governed by, and construed in accordance with the law of England and Wales.

11.12 Jurisdiction

Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim (including non contractual disputes or claims) arising out of or in connexion with the Contract or its subject matter or formation.

 

On behalf of Customer:

Name:_ ___________________________________________

Signed by: ____________________________________________

Date: __________________________________________________

SCHEDULE 1 – DATA PROCESSING AGREEMENT (DPA)

This Data Processing Agreement (“DPA”) forms part of the Terms of Business between the parties and applies where Core to Cloud processes Personal Data on behalf of the Customer in connection with the Services.

1. DEFINITIONS

1.1 For the purposes of this DPA:

(a) “Controller”, “Processor”, “Data Subject”, “Personal Data”, “Personal Data Breach” and “Processing” shall have the meanings given in the Data Protection Legislation.

(b) “Relevant Personal Data” means the Personal Data Processed by Core to Cloud under the Contract, as further described in the Appendix to this DPA.

(c) “Sub-Processor” means a third party subcontractor engaged by a Processor to Process Personal Data.

2. PROCESSING OF PERSONAL DATA

2.1 Each party shall comply with all Data Protection Legislation in its Processing of Relevant Personal Data under or in connection with the Agreement. This DPA is in addition to, and does not relieve, remove or replace, a Party’s obligations or rights under Data Protection Legislation.

2.2 The parties have determined that for the purposes of the Data Protection Legislation, Core to Cloud shall Process the Relevant Personal Data as a
Processor on behalf of the Customer acting as a Controller, or, in circumstances where the Customer is acting as a Processor on behalf of an
end customer Controller (a “Customer Controller”), Core to Cloud shall act as a Sub-Processor. In relation to the Relevant Personal Data, the Appendix to this DPA sets out the scope, nature and purpose of Processing by Core to Cloud, the duration of the Processing and the types of Personal Data and categories of Data Subject.

2.3 The Customer shall ensure that it has, or, where applicable, shall procure that its Customer Controller has, all necessary consents and notices in place to enable the Relevant Personal Data to be lawfully transferred to or collected by Core to Cloud and Processed by Core to Cloud in accordance with the Appendix to this DPA.

2.4 In relation to the Processing of Relevant Personal Data, Core to Cloud shall:

(a) act only on documented instructions from the Customer, including as set out in the Appendix to this DPA;

(b) ensure that persons authorised to process the Personal Data are under appropriate confidentiality obligations;

(c) implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk;

(d) reasonably assist the Customer in fulfilling its obligations to respond to Data Subject rights requests and, where relevant, in ensuring compliance with the Customer’s obligations as a Controller under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;

(e) notify the Customer without undue delay upon becoming aware of a Personal Data Breach;

(f) make available to the Customer all information necessary to demonstrate compliance with this DPA and allow for audits and inspections. Such audits and inspections shall be carried out at Customer’s cost no more than once per year; and

(g) not transfer Personal Data outside the UK or European Economic Area without ensuring appropriate safeguards are in place as required by Data Protection Legislation.

 

3. SUB-PROCESSORS

3.1 Core to Cloud may engage Sub-Processors to assist with the provision of the Services, provided that Core to Cloud shall:

(a) provide the Customer with at least thirty (30) days’ prior written notice of any intended changes concerning the addition or replacement of Sub-Processors. The Customer may object to the change on reasonable grounds related to data protection;

(b) ensure that Sub-Processors are bound by obligations no less protective than those in this DPA; and

(c) remain fully liable to the Customer for the performance of the Sub-Processor’s obligations.

 

4. RETURN OR DELETION OF DATA

4.1 Upon termination of the Agreement, Core to Cloud shall, at the choice of the Customer, delete or return all Personal Data to the Customer and delete all copies unless retention is required by applicable law.

 

APPENDIX TO SCHEDULE 1 – DATA PROCESSING PARTICULARS

1. Nature and scope of Processing

1.1 The collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure and destruction of Relevant Personal Data, as required for the provision of the Services under the Agreement.

2. Purpose of Processing

The provision of Services under the Agreement.

3. Duration of the Processing The duration of the Agreement.

4. Types of Personal Data

Personal identifiers such as name and email address; IT usage data such as User IDs and IP addresses; any other Personal Data that Customer makes available to Core to Cloud in the course of the provision of the Services.

5. Categories of Data Subject

As determined by Customer. Data Subjects may include company representatives and (end) users, such as employees/other personnel, partners, suppliers and customers of the Customer.