This is a copy of our general supply of services agreement which is subject to changes made between the parties at the point of agreeing terms.... please read on:
THIS AGREEMENT is made on the date of last signature below between:
RSBS Trading Limited (T/A Pocket London Guides) a company incorporated in England and Wales with registered number 08566566 whose registered office is at The Office, Locks Meadow, Hurstbourne Tarrant, Hampshire., SP11 0AH (Supplier);
Customer name whose trading address is Customer address (Customer).
1. In this Agreement, the following words are defined:
this agreement for the provision of the Services (as defined below) including any schedules;
in relation to either party, any information (whether or not stated to be confidential or marked as such) which that party discloses to the other, or which the other party obtains from any information disclosed to it by that party, either orally or in writing or by any other means, under or in connection with this Agreement;
all documents, items, plans, products, goods and materials supplied by the Supplier, including any methodologies, ideas, designs, computer programs, data, disks, tapes, and reports, in whatever form, which are developed, created, written, prepared, devised or discovered by the Supplier or its agents, sub-contractors, consultants and employees in relation to the Services;
the date on which the Agreement is signed by all parties;
any equipment, systems, tools, cabling, items, materials or facilities requested or used directly or indirectly in the supply of the Services, by the Supplier or its sub-contractors;
Intellectual Property Rights
any invention, patent, utility model right, copyright and related right, registered design, unregistered design right, trade mark, trade name, internet domain name, design right, design, service mark, database rights, topography rights, rights in get-up, rights in goodwill or to sue for passing off and any other rights of a similar nature or other industrial or intellectual property rights owned or used by the Supplier in any part of the world whether or not any of the same is registered (or capable of registration), including applications and the right to apply for and be granted, extensions or renewals of, and rights to claim priority from, such rights and all equivalent or similar rights or protections which subsist now or will subsist in the future;
the services which are set out and described in Schedule 1 of this Agreement, together with any other services which the Supplier provides or agrees to provide to the Customer through the change control procedure set out below (Change Control);
the charges for the Services, which are set out in Schedule 2 of this Agreement;
the service levels, standards or performance targets applicable to the Services, which are set out in Schedule 3 of this Agreement;
the description or specification for the Services as set out in Schedule 1 of this Agreement or as otherwise agreed between the parties through Change Control;
any day other than a Saturday, Sunday or public holiday in England and Wales.
In this Agreement, unless the context requires a different interpretation:
a. the singular includes the plural and vice versa;
b. references to sub-clauses, clauses, schedules or appendices are to sub-clauses, clauses, schedules or appendices of this Agreement;
c. a reference to a person includes firms, companies, government entities, trusts and partnerships;
d. "including" is understood to mean "including without limitation";
e. reference to any statutory provision includes any modification or amendment of it;
f. the headings and sub-headings do not form part of this Agreement; and
g. "writing" or "written" will include fax and e-mail unless otherwise stated.
Provision of Services
2. The Supplier shall provide the Services to the Customer on the terms and conditions of this Agreement from the Effective Date and as set out in Schedule 1.
3. The Services will be provided by the Supplier either:
a. on an on-going basis; or
b. in response to each request from the Customer from time to time
as specified in Schedule 1.
4. The Agreement begins on the Effective Date and will continue for 3 years (Initial Period) unless terminated earlier by either party under the clause below (Termination). The agreement will automatically be renewed for successive one-year periods until notice to cancel the agreement is given by one party to the other at least 120 days from the anniversary of the Effective Date.
5. The Supplier shall provide the Services (including any Deliverables) in accordance with the Specification and the Service Levels in all material respects. Time is of the essence for any dates for delivery of the Services under this Agreement, unless specifically stated otherwise in any schedule.
6. The Supplier shall perform the Services with reasonable care and skill, in accordance with:
a. generally recognised commercial practices and standards in the applicable industry; and
b. all laws and regulations applicable to the Services, including all laws and regulations related to (i) anti-bribery and corruption, and (ii) data protection.
7. No amendment shall be made to Schedule 1 except on terms agreed in writing by the Parties in accordance with the clause below Change Control.
8. The Customer must:
a. co-operate with the Supplier in all matters relating to the Services;
b. provide, in a timely manner, any Equipment, materials and any information as the Supplier may reasonably require; in the case of Equipment, the Customer shall ensure that it is in good working order and suitable for the purposes for which it is used, and in the case of information, the Customer shall ensure that it is accurate in all material respects;
c. obtain and maintain all necessary licences and consents and comply with all relevant legislation in relation to the Services before the date on which the Services are to start;
9. The Supplier shall promptly notify the Customer of:
a. any delays or problems from time to time in the provision of the Services of which the Supplier becomes aware;
b. any circumstances from time to time which may prevent the Supplier from providing the Services in accordance with this Agreement together with (where practicable) recommendations as to how such circumstances can be avoided; and
c. any complaint (whether written or not) or other matter which comes to its attention and which it reasonably believes may give rise to any loss by or claim against the Customer or which may result in any adverse publicity for the Customer.
10. The Customer shall, without limiting any right or remedy of the Customer, promptly report to the Supplier any defects in the Supplier's performance of the Services as soon as reasonably practicable after any such defect comes to the attention of the Customer.
11. Where any defect in the provision of the Services is reported to the Supplier by the Customer or otherwise comes to the attention of the Supplier, the Supplier shall, without limiting any other right or remedy of the Customer, use its reasonable endeavours to provide such further services as are necessary in order to rectify the default as soon as is reasonably practicable.
Charges, Payment and Time Records
12. In consideration of the provision of the Services by the Supplier, the Customer shall pay the Service Charges as set out in Schedule 2 which specifies whether the charges are on a time and materials basis, a fixed price basis or a combination of both. Time is of the essence for the payment of the Service Charges.
13. All charges quoted to the Customer are exclusive of VAT, which the Supplier shall add to its invoices at the appropriate rate.
14. Where Services are provided on a time and materials basis:
a. the charges payable for the Services shall be calculated in accordance with the Supplier's standard daily fee rates for each individual person and are calculated on the basis of an eight-hour day, worked between 9 am and 5 pm on Working Days and otherwise by arrangement between the parties;
b. the Supplier will ensure that every individual whom it engages in relation to the Services completes time sheets recording time spent on the Services or Deliverables; and
c. the Supplier will invoice the Customer monthly in arrears for its charges for time, expenses and materials (together with VAT where appropriate) for the month concerned, accompanied by any relevant receipts for any Equipment, materials and expenses as incurred in accordance with the clause below.
15. Where Services are provided for a fixed price, the total price for the Services is set out in Schedule 2. Upon completion of the Services or when an agreed instalment is due, the Supplier shall invoice the Customer for the charges that are then payable, together with any Equipment, materials and expenses, which have not been expressly included in the fixed price and VAT.
16. Expenses incurred by the Supplier may include: the cost of hotel, subsistence, travelling and any other expenses reasonably incurred by the individuals whom the Supplier engages in connection with the Services, the cost of any materials and the cost of services reasonably and properly provided by third parties and required by the Supplier for the supply of the Services. Any expenses in excess of £100 must be pre-approved by the Customer in writing. Such expenses, materials and third-party services must be invoiced by the Supplier at cost, together with VAT, which the Supplier will add to its invoices at the appropriate rate.
17. The Customer is required to pay a deposit of as agreed (Deposit) within 7 days of placing an order for the Services. If the Customer does not pay the Deposit, the Supplier shall have the right to withhold provision of the Services until the Deposit is received or may terminate in accordance with the clause below (Termination). The Deposit shall be non-refundable unless the Supplier fails to provide the Services and is at fault for such failure (where the failure is not the fault of the Supplier, no refund will be made).
18. The Customer shall pay each invoice submitted to it by the Supplier, in full and in cleared funds, within 7 days of receipt (which shall be determined in accordance with the section below (Notices)) to a bank account nominated in writing by the Sub-contractor (the Due Date).
19. Without prejudice to any other right or remedy that it may have, if the Customer fails to pay the Supplier on the Due Date:
a. the Customer shall pay interest on the overdue amount at the rate of 4% per annum above the Bank of England base rate at the relevant time. Such interest will accrue on a daily basis from the due date until actual payment of the overdue amount, whether before or after judgment. The Supplier may choose to charge statutory interest due. The Customer shall pay the interest together with the overdue amount; and
b. the Supplier may suspend all Services until payment has been made in full.
20. All sums payable to the Supplier under this Agreement shall become due immediately on its termination, despite any other provision.
21. The Supplier and the Customer shall pay all amounts due under this Agreement in full without any deduction except as required by law and neither party shall be entitled to assert any credit, set-off or counterclaim against the other in order to justify withholding payment of any amount due, in whole or in part.
22. The Customer may at any time during the term of this Agreement request an increase or decrease in the volume of the Services, subject to no reduction in the agreed fees payable, a change in the Specification, or the addition of new Services (Change Request) by notifying the Supplier in writing of its requirements.
23. The Supplier shall give due consideration to any Change Request from Customer and shall, within 5 Working Days of receiving a Change Request from the Customer:
a. confirm its acceptance of the Change Request, without any further variation to the terms of the Agreement, in which case the parties shall execute a variation to the Agreement as soon as reasonably practicable and the Supplier shall implement the Change Request accordingly; or
b. provide a written proposal for accepting the Change Request, subject to any variation that it reasonably considers necessary to the Services, the Specification or the Service Charges, including any new Services (Change Proposal)agreement date; or
c. if the Supplier believes it is not reasonably practicable to accept the Change Request, with or without any such variation, provide the Customer with a written statement of its reasons for doing so.
24. Any Change Proposal provided by the Supplier under the above clause shall be based on the Service Charges or, if this is not appropriate, shall be a fair and reasonable quotation for the Change Request.
25. The Customer shall give due consideration to the Supplier's Change Proposal under the clause above and shall within 5 Working Days after receipt of the Change Proposal either give the Supplier a written notice accepting the Change Proposal (subject to or without further negotiation) or rejecting the Change Proposal. If the Customer accepts the Change Proposal, the parties shall as soon as reasonably practicable execute a variation to the Agreement and the Supplier shall implement the agreed variation.
26. The Supplier shall have the right to make any changes to the Services which are necessary to comply with any applicable law or safety requirement, provided that the Supplier gives the Customer reasonable notice of such changes and that such changes do not materially affect the nature/scope of the Services or the Service Charges.
27. The Supplier shall indemnify the Customer against any claim by any other person that the provision of the Services to the Customer in accordance with this Agreement infringes any Intellectual Property Rights of that other person.
Liability and Insurance
28. If the Supplier's performance of its obligations under this Agreement is prevented or delayed by any act or omission of the Customer, its agents, sub-contractors, consultants or employees, the Supplier shall not be liable for any costs, charges or losses sustained or incurred by the Customer that arise directly or indirectly from such prevention or delay.
29. Nothing in this Agreement limits or excludes either party's liability for:
a. death or personal injury caused by its negligence;
b. fraud or fraudulent misrepresentation; or
c. breach of the terms implied by section 2 of the Supply of Goods and Services Act 1982 (title and quiet possession); or
d. any other liability which cannot be limited or excluded by applicable law.
30. Subject to the above clause and the clause above (Indemnity), neither party shall have any liability to the other party, whether in contract, tort (including negligence), for breach of statutory duty, or otherwise, arising under or in connection with this Agreement for:
a. loss of profits;
b. loss of sales or business;
c. loss of agreements or contracts;
d. loss of anticipated savings;
e. loss of or damage to goodwill;
f. loss of use or corruption of software, data or information;
g. any indirect or consequential loss.
31. Subject to the two proceeding clauses and the clause above (Indemnity), the total liability of the Supplier for any other loss of the Customer in respect of any one event or series of connected events shall not exceed £500.
32. The terms implied by sections 3 to 5 of the Supply of Goods and Services Act 1982 are, to the fullest extent permitted by law, excluded from this Agreement.
33. During this Agreement, the Supplier and the Customer shall each maintain in force with a reputable insurance company, insurance sufficient to indemnify risks for which they may be responsible, including for their respective sub-contractors, agents and employees, in connection with the Services and shall, on either parties' request, produce both the insurance certificate giving details of cover and the receipt for the current year's premium.
34. Each party will only use Confidential Information to perform its obligations under the Agreement and will not cause or allow the information to be disclosed except:
a. where required by law, court order or any governmental or regulatory body;
b. to any of its employees, officers, sub-contractors, representatives or advisers who need to know the information in order to discharge its obligations under the Agreement and agree only to use the information for that purpose and not to cause or allow disclosure of that information;
c. where the information has become generally available to the public (other than as a result of disclosure in breach of the Agreement by the party or any of its employees, officers, sub-contractors, representatives or advisers);
d. where the information was available or known to it on a non-confidential basis before being disclosed under the Agreement; or
e. where the information was developed by or for it independently of the Agreement and is received by persons who are not the disclosing party.
35. Subject to the clause below, the Supplier reserves all Intellectual Property Rights (if any) which may subsist in any Deliverables, or in connection with, the provision of the Services. The Supplier reserves the right to take such action as may be appropriate to restrain or prevent the infringement of such Intellectual Property Rights.
36. The Supplier licenses all such rights to the Customer free of charge and on a non-exclusive, worldwide basis to such extent as is necessary to enable the Customer to make reasonable use of the Deliverables and the Services.
37. If this Agreement is terminated, this licence will automatically terminate.
38. Each party shall comply with its obligations and may exercise its respective rights and remedies under Schedule 4.
39. The Supplier and its agents, sub-contractors, consultants or employees shall:
a. comply with all applicable laws, regulations, statutes, and codes relating to anti-bribery and anti-corruption including but not limited to the Bribery Act 2010 (Bribery Laws);
b. not commit an offence under sections 1, 2 or 6 of the Bribery Act 2010;
c. comply with any relevant industry code related to Anti-Bribery (Bribery Policies);
d. shall have, maintain, and enforce throughout the term of this Agreement its own policies and procedures, to ensure compliance with the Bribery Laws and the Bribery Policies; and
e. promptly report to the Customer any request or demand for any undue financial or other advantage of any kind received by the Supplier in connection with the performance of this Agreement.
40. The Customer shall not, without the prior written consent of the Supplier, at any time from the date of this Agreement to the expiry of 24 months after the last date of supply of the Services or termination of this Agreement (whichever is the latest), solicit or entice away from the Supplier or employ or attempt to employ any person who is, or has been, engaged as an employee, consultant or sub-contractor of the Supplier in the provision of the Services.
Circumstances beyond the control of either party
41. Neither party shall be liable for any failure or delay in performing their obligations where such failure or delay results from any cause that is beyond the reasonable control of that party.
42. Such causes include, but are not limited to: power failure, Internet Service Provider failure, acts of God, epidemic, pandemic, civil unrest, fire, flood, droughts, storms, earthquakes, collapse of buildings, explosion or accident, acts of terrorism, acts of war, governmental action, any law or any action taken by a government or public authority, including without limitation imposing an export or import restriction, quota or prohibition, or any other event that is beyond the control of the party in question.
43. The party affected by a circumstance beyond its control shall use all reasonable endeavours to mitigate the effect of the force majeure upon the performance of its obligations.
44. The corresponding obligations of the other party will be suspended to the same extent as those of the party affected by a force majeure event.
45. If the delay continues for a period of 90 days, either party may terminate or cancel the Services to be carried out under this Agreement.
46. A party may terminate the Agreement immediately by giving written notice to the other party if that other party:
a. does not pay any sum due to it under the Agreement within 30 days of the due date for payment;
b. commits a material breach of the Agreement which, if capable of remedy, it fails to remedy within 30 days after being given written notice specifying full particulars of the breach and requiring it to be remedied);
c. persistently breaches any term of the Agreement;
d. is dissolved, ceases to conduct substantially all of its business or becomes unable to pay its debts as they fall due;
e. is a company over any of whose assets or property a receiver is appointed;
f. makes any voluntary arrangement with its creditors or (if a company) becomes subject to an administration order (within the meaning of the Insolvency Act 1986);
g. (if an individual or firm) has a bankruptcy order made against it or (if a company) goes into liquidation;
h. undergoes a change of control (within the meaning of section 1124 of the Corporation Tax Act 2010); or
i. (if an individual) dies or as a result of illness or incapacity becomes incapable of managing his or her own affairs.
Consequences of Termination
47. On termination or expiry of this Agreement:
a. the Customer shall immediately pay to the Supplier all of the Supplier's outstanding unpaid invoices and interest and, in respect of Services supplied but for which no invoice has been submitted, the Supplier may submit an invoice, which shall be payable immediately on receipt;
b. the Customer shall, within a reasonable time, return all of the Supplier's Equipment and any relevant Deliverables remaining the property of the Supplier. Until they have been returned or repossessed, the Customer shall be solely responsible for their safe keeping.
48. Termination or expiry of the Agreement shall not affect any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination or expiry, including the right to claim damages in respect of any breach of the agreement which existed at or before the date of termination or expiry.
49. Other than as set out in the Agreement, neither party shall have any further obligation to the other under the Agreement after its termination.
50. This Agreement contains the whole agreement between the parties relating to its subject matter and supersedes all prior discussions, arrangements or agreements that might have taken place in relation to the Agreement. Nothing in this clause limits or excludes any liability for fraud or fraudulent misrepresentation.
51. No party may assign, transfer or sub-contract to any third party the benefit and/or burden of the Agreement without the prior written consent (not to be unreasonably withheld) of the other party.
52. No variation of the Agreement will be valid or binding unless it is recorded in writing and signed by or on behalf of both parties.
53. The Contracts (Rights of Third Parties) Act 1999 does not apply to the Agreement and no third party has any right to enforce or rely on any provision of the Agreement.
54. Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
55. A provision which by its intent or terms is meant to survive the termination of the Agreement will do so.
56. If any court or competent authority finds that any provision (or part) of the Agreement is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of the Agreement will not be affected.
57. Unless specifically provided by the parties, nothing in the Agreement will establish any employment relationship, partnership or joint venture between the parties, or mean that one party becomes the agent of the other party, nor does the Agreement authorise any party to enter into any commitments for or on behalf of the other party.
58. Any notice (other than in legal proceedings) to be delivered under the Agreement must be in writing and delivered by pre-paid first class post to or left by hand delivery at the other party's registered address or place of business, or sent by email to the other party's main business email address as notified to the sending party. Notices:
a. sent by post will be deemed to have been received, where posted from and to addresses in the United Kingdom, on the second Working Day and, where posted from or to addresses outside the United Kingdom, on the tenth Working Day following the date of posting;
b. delivered by hand will be deemed to have been received at the time the notice is left at the proper address; and
c. sent by email will be deemed to have been received on the next Working Day after sending.
Governing law and jurisdiction
59. This Agreement shall be governed by and interpreted according to the law of England and Wales and all disputes arising under the Agreement (including non-contractual disputes or claims) shall be subject to the exclusive jurisdiction of the English and Welsh courts.
SCHEDULE 1 SPECIFICATION OF SERVICES
Main App – an app published in both the Apple and Android app Stores
Property App – is an individual app made for a single property unit which is viewed through the main app container.
PLG will create and publish 2 Main apps into the Apple App Store and Android Google Play Store. These apps will be called "Client Name”
The Main app will be designed along the same lines as Pocket London Guides app, currently published and actively being used in the app stores.
PLG will provide the customer with property apps using our property app form. These currently consists for three sectors:
Pocket London will be responsible for but not limited to the following:
Managing the Apps and database
Maintaining the service
Share App Button
shopping and attractions
Incorporating customers reasonable requests for additional buttons to be included
The Customer will be responsible for:
Setting up Dropbox
Managing the Dropbox documents
Instructing Pocket London on any new innovative ideas the customer would like added / Implemented that is within the bounds of the app infrastructure (subject to clauses 23-27)
Provide media assets for the production of property apps.
Sending out the property apps to Galliard buyers
The Customer accepts that the Supplier loans the App and Code to the Customer for the period of the agreement. The Customer acknowledges that the Supplier is the sole owner of the App and Code and generic content. The App will be registered in the supplier’s own developer accounts at Apple, Android, Blackberry, Kindle, Windows and any other platform that the supplier agrees to publish the Customers App.
The Customer accepts that the App may be rebranded at the supplier’s sole discretion to any of the supplier’s other customers once the Contract has expired.
The supplier would be prepared to transfer the App container to the Customer for a fee to be agreed between the parties.
SCHEDULE 2 CHARGES
This is a fixed price contract of £ clients agreed rate plus VAT payable in advance.
Additional work beyond the remit of this agreement will be quoted and charges as agreed at the time.
SCHEDULE 3 SERVICE LEVELS
PLG will maintain the Main app for the period of the agreement.
PLG will run all technical aspects of running and delivering the main apps and property apps. We will endeavour to rectify any problems within 48 hours of receiving notice or a problem.
In the first instance please fill out this form:
PLG will offer a technical and development service between 9 am and 5 pm Monday and Friday.
Out of Hours
Out of hours technical support is available between 59 am and 5 pm 7 days a week.
Should the Customer require out of out of hours technical help you should in the first instance call:
Rupert Saunders on 07833 666475
SCHEDULE 4 DATA PROTECTION
60. For the purposes of this Schedule:
a. Data Protection Laws means any applicable law relating to the processing of Personal Data, as applicable to either party or the Services, including:
i. the Directive 95/46/EC (Data Protection Directive) or the GDPR;
ii. any laws which implement such laws;
iii. any laws that replace, extend, re-enact, consolidate or amend any of the laws stated in (i) and (ii) above;
iv. all guidance, codes of practice and codes of conduct issued by any relevant Data Protection Supervisory Authority relating to such Data Protection Laws (whether legally binding or not).
b. GDPR means the General Data Protection Regulation (EU) 2016/679;
c. Protected Data means Personal Data received from or on behalf of the Customer, or obtained in connection with the performance of the Supplier's obligations under the Agreement; and
d. Sub-processor means any agent, subcontractor or any other third party engaged by the Supplier (or by any other Sub-Processor) for carrying out any processing activities in respect of the Protected Data.
The terms "Controller", "Data Subject", "International Organisation" "Member State", "Personal Data", "Personal Data Breach", "Processor", "Processing" and "Supervisory Authority" shall have the same meaning as in the GDPR.
Compliance with data protection laws
61. The parties agree that the Customer is a Controller and the Supplier is a Processor for the processing of Protected Data pursuant to this Agreement.
62. The Supplier shall, and shall ensure its Sub-Processors and each of the Supplier personnel shall comply with all Data Protection Laws in connection with the processing of Protected Data and the provision of the Services.
63. Nothing in this Agreement relieves the Supplier of any responsibilities or liabilities under Data Protection Laws.
64. Each party shall be liable for and shall indemnify (and keep indemnified) the other against all actions, proceedings, liabilities, costs, claims, losses, expenses, compensation paid to Data Subjects and other reasonable professional costs and expenses suffered or incurred by the indemnified party arising out of or in connection with any breach of the the Data Protection Laws by the indemnifying party, its employees or agents.
65. The Supplier shall only process (and shall ensure Supplier personnel only process) the Protected Data in accordance with Section 1 of Part B of this Schedule and the Customer's written instructions. The Supplier will immediately inform the Customer if any instruction relating to the Protected Data infringes or may infringe any Data Protection Law.
66. The Supplier shall implement appropriate technical and organisational measures to protect the Protected Data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. The technical and organisational security measures which the Supplier shall have in place are set out in Part B to this Schedule.
67. The Supplier will not permit any processing of Protected Data by any third party (except Supplier personnel that are subject to an enforceable obligation of confidence with regards to the Protected Data) without the prior specific written permission of the Customer, except (i) as specifically stated in this Schedule, or (ii) where such processing is required by any applicable law, regulation or public authority.
68. The Supplier shall prior to the relevant Sub-Processor carrying out any processing activities in respect of the Protected Data, appoint each Sub-Processor under a written agreement containing data protection obligations that provide at least the same level of protection for Protected Data as those in this Schedule.
69. The Supplier shall remain fully liable to the Customer under this Agreement for all the acts and omissions of each Sub-Processor and each of the Supplier Personnel as if they were its own.
70. Where a Sub-processor is engaged by the Supplier, the Supplier shall:
a. carry out adequate due diligence to ensure that the Sub-processor is capable of providing the level of protection for Protected Data required by this Schedule;
b. remain liable for any breach of this Schedule caused by a Sub-processor; and
c. provide relevant details and a copy of each agreement with a Sub-Processor to the Customer on request.
71. The Supplier shall, taking into account the nature of the processing, provide reasonable assistance to the Customer insofar as this is possible, to enable the Customer to respond to requests from a data subject seeking to exercise their rights under Data Protection Laws. In the event that such request is made directly to the Supplier, the Supplier shall promptly inform the Customer of the same.
72. The Supplier shall to the extent required by Data Protection Laws, taking into account the nature of the processing and the information available to the Supplier, provide the Customer with commercially reasonable assistance with data protection impact assessments (as such term is defined in Data Protection Laws) or prior consultations with data protection authorities that the Customer is required to carry out under Data Protection Laws.
Data subject requests
73. The Supplier will record and refer all requests and communications received from Data Subjects or any Supervisory Authority to the Customer which relate (or which may relate) to any Protected Data promptly (and in any event within three days of receipt) and will not respond to any without the Customer's express written approval and strictly in accordance with the Customer's instructions unless and to the extent required by law.
74. The Supplier will not process and/or transfer, or otherwise directly or indirectly disclose, any Protected Data in or to countries outside the EEA or to any International Organisation without the prior written consent of the Customer.
Audits and records
75. The Supplier will, in accordance with Data Protection Laws, make available to the Customer such information in the Supplier's possession or control as the Customer may reasonably request with a view to demonstrating the Supplier's compliance with the obligations of data processors under Data Protection Laws in relation to its processing of Protected Data.
76. The Customer may exercise its right to audit under Data Protection Laws through the Supplier providing:
a. an audit report not older than 18 months by an independent external auditor demonstrating that the Supplier's technical and organisational measures are in accordance with the Supplier's industry audit standard; and
b. additional information in the Supplier's possession or control to a Supervisory Authority when it requests or requires additional information in relation to the data processing activities carried out by the Supplier under this Schedule.
77. The Supplier shall promptly (and in any event within 24 hours) notify the Customer if it (or any of its Sub-Processors or the Supplier Personnel) suspects or becomes aware of any suspected, actual or threatened occurrence of any Personal Data Breach in respect of any Protected Data.
78. The Supplier shall promptly (and in any event within 24 hours) provide all information as the Customer requires to report the circumstances referred to in paragraph 19 (above) to a Supervisory Authority and to notify affected Data Subjects under Data Protection Laws.
Return/Deletion of Protected Data
79. Upon termination or expiry of the Agreement, the Supplier shall at the Customer's election, promptly (and in any event, within 30 days of the expiry of the Agreement) delete or return to the Customer the Protected Data (including existing copies) in the Supplier's possession by secure file transfer, save to the extent that the Supplier is required by any applicable law to retain some or all of the Protected Data.
80. The Supplier will provide written certification to the Customer that it has fully complied with the section above within 30 days of the expiry of the Agreement.
81. This Schedule shall survive termination or expiry of the Agreement for any reason.
Section 1 - Data processing
Processing of the Protected Data by the Supplier under this Schedule shall be for the subject-matter, duration, nature and purposes and involve the types of Personal Data and categories of Data Subjects set out in this Section 1 of Part B.
Subject-matter of processing:
The Supplier's provision of the Services and any related technical support to Customer.
The term plus the period from expiry of the term until return/deletion of all Protected Data by the Supplier in accordance with this Schedule.
Nature and purpose of the processing:
The Supplier will Process Protected Data for the purpose of providing the Services and any related technical support to the Customer in accordance with this Schedule.
Type of Personal Data:
Title, First Name, Last Name;
Categories of Data Subjects:
Protected Data will concern the following categories of Data Subjects:
Data Subjects about whom the Supplier collects Protected Data in its provision of the Services; and/or
Data Subjects about whom Protected Data is transferred to the Supplier in connection with the Services by, at the direction of, or on behalf of Customer.
Section 2 - Minimum technical and organisational security measures
Without prejudice to its other obligations, the Supplier shall implement and maintain at least the following technical and organisational security measures to protect the Protected Data:
PLG data encryption is SHA-256 Cryptographic Hash Algorithm;
GDPR Agreements in place with all suppliers.