- Introduction
1.1 These Terms and Conditions (“Contract”) govern the provision of Cyber Security services (“Service”, “Servcies”) by e2e-assure Limited (“e2e-assure”, “we”, “us”) to the customer (“Customer”, “you”), each a Party and together the Parties.
2. Data Governance and Privacy
2.1 The Parties acknowledge and agree that in respect of any processing of personal data in connection with the Service, Customer is a Data Controller and e2e-assure is a Data Processor
2.2 The types of data that e2e-assure might process may include, but not be limited to, data such as usernames, IP addresses, email addresses and locations (“Customer Personal Data”).
2.3 e2e-assure shall process Customer Personal Data only to the extent necessary for the provision of Services and undertakes to duly observe all obligations under applicable Data Protection Legislation.
2.4 The Parties acknowledge and agree that in respect of delivery of the Services, it may be necessary for e2e-assure to engage Sub-Processors. Customer provides their consent to engaging Sub-Processors, subject always to the provisions of clause 2.9.2
2.5 The provisions of this clause 2 shall apply whilst e2e-assure is providing Services and for such time as e2e-assure holds Customer Personal Data.
2.6 e2e-assure shall and shall procure that e2e-assure’s Staff comply with any notification requirements under the Applicable Data Protection Legislation and both Parties undertake to duly observe all their obligations under the Applicable Data Protection Legislation which arise in connection with this Contract.
2.7 To the extent that e2e-assure is Processing the Customer Personal Data e2e-assure shall:
2.7.1 ensure that it has in place appropriate technical and organisational measures to ensure the security of the Customer Personal Data and to guard against unauthorised or unlawful Processing of the Customer Personal Data and against accidental loss or destruction of, alteration or damage to, the Customer Personal Data;
2.7.2 provide the Customer with such information as the Customer may reasonably request to satisfy itself that e2e-assure is complying with its obligations under the Applicable Data Protection Legislation;
2.7.3 promptly notify the Customer of any breach of the security measures to be put in place pursuant to this Clause (“Disclosure Incident”). The Parties shall cooperate to remedy such Disclosure Incident as well as to communicate to public and to competent public authorities as may be required; and
2.7.4 ensure that it does not knowingly or negligently do or omit to do anything which places the Customer in breach of its obligations under the Applicable Data Protection Legislation.
2.7.5 act as a data processor when processing Customer Personal Data and shall process Customer Personal Data only in accordance with written instructions from the Customer;
2.7.6 Process the Customer Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or as is required by law or any regulatory body;
2.7.7 take reasonable steps to ensure the reliability of any e2e-assure Staff who have access to Customer Personal Data;
2.7.8 ensure that all e2e-assure staff, or any staff required to access Customer Personal Data are informed of the confidential nature of the service data and comply with the obligations set out in this Clause;
2.7.9 ensure that none of e2e-assure Staff transfer, publish, disclose or divulge Customer Personal Data to any third party unless necessary for the provision of the Services under this Contract and/or directed in writing to do so by the Customer; and
2.7.10 assist the data controller in actual or potential breaches of customer data or relevant impact assessments.
2.8 To the extent that e2e-assure is Processing the Customer Personal Data, e2e-assure shall:
2.8.1 respond to a complaint or request relating to the Customer’s obligations under the Applicable Data Protection Legislation;
2.8.2 provide the Customer with full cooperation and assistance in relation to any complaint or request made relating to Customer Personal Data, including any complaint or request relating to the Customer’s obligations under the Applicable Data Protection Legislation by:
2.8.3 comply with a data access request within the relevant timescales set out in the Applicable Data Protection Legislation and in accordance with the Customer’s instructions;
2.8.4 provide the Customer with any Customer Personal Data it holds in relation to a Data Subject request.
2.9 e2e-assure shall:
2.9.1 permit the Customer or the Customer’s representative (subject to the reasonable and appropriate confidentiality undertakings), to inspect and audit e2e-assure’s data Processing activities (and/or those of its sub-processors) or provide to the Customer an independent third party inspection and audit certificate in lieu of the same (unless otherwise agreed between the Parties), and shall comply with all reasonable requests or directions by the Customer to enable the Customer to verify and/or procure that e2e-assure is in full compliance with its obligations under this Contract;
2.9.2 ensure that any Sub-Processor shall be subject to all of the Data Protection and Confidentiality terms in this contract;
2.9.3 not cause or permit to be processed, stored, accessed or otherwise transferred outside the UK or the European Economic Area any Customer Personal Data supplied to it by the Customer without the prior written consent of the Customer.
2.10 The Customer shall implement and maintain appropriate security measures to protect data accessed or processed as part of the Service.
2.11 e2e-assure shall process the data for the term of this Contract and, unless requested otherwise by the Customer, upon termination of the Contract shall securely delete the data.
3. Confidentiality
3.1 Except to the extent set out in this Clause or where disclosure is expressly permitted elsewhere in this Agreement, each Party shall:
3.1.1 treat the other Party’s Confidential Information as confidential and safeguard it accordingly; and
3.1.2 not disclose any Confidential Information belonging to the other Party to any other person without the prior written consent of the other Party, except to such persons and to such extent as may be necessary for the performance of this Agreement.
3.2 e2e-assure may only disclose the Customer’s Confidential Information to the E2e-assure Staff who are directly involved in the provision of the Services and who need to know the information, and shall ensure that such e2e-assure Staff are aware of and shall comply with these obligations as to confidentiality.
3.3 e2e-assure shall not, and shall procure that e2e-assure Staff do not, use any of the Customer’s Confidential Information received otherwise than for the purposes of this Agreement.
3.4 The provisions of Clauses 3.1 shall not apply to the extent that:
3.4.1 such disclosure is a requirement of Law placed upon the Party;
3.4.2 such information was in the possession of the Party making the disclosure without obligation of confidentiality prior to its disclosure by the information owner;
3.4.3 such information was obtained from a third party without obligation of confidentiality;
3.4.4 such information was already in the public domain at the time of disclosure otherwise than by a breach of this Agreement; or
3.4.5 it is independently developed without access to the other Party’s Confidential Information.
3.5 In the event that e2e-assure fails to comply with Clauses 3.1 to Clause 3.4, the Customer reserves the right to terminate this Agreement with immediate effect by notice in writing.
3.6 In order to ensure that no unauthorised person gains access to any Confidential Information or any data obtained in performance of this Agreement, e2e-assure undertakes to maintain adequate security arrangements that meet the requirements of good industry practice.
3.7 e2e-assure will immediately notify the Customer of any breach of security in relation to Customer Confidential Information obtained in the performance of this Agreement and will keep a record of such breaches. e2e-assure will use its best endeavours to recover such Customer Confidential Information however it may be recorded. This obligation is in addition to e2e-assure’s obligations under Clauses 3.1 to Clause 3.4. e2e-assure will operate with the Customer in any investigation that the Customer considers necessary to undertake as a result of any breach of security in relation to Customer Confidential Information.
3.8 e2e-assure shall, at all times during and after the Agreement Period, indemnify the Customer and keep the Customer fully indemnified against all losses, damages, costs or expenses and other liabilities (including legal fees) incurred by, awarded against the Customer arising from any breach of e2e-assure’s obligations under the Applicable Data Protection Legislation or this Clause 3 (Confidentiality) except and to the extent that such liabilities have resulted directly from the Customer’s instructions.
3.9 Each Party hereunder understands that a receiving Party may currently or in the future be developing information internally or receiving information from others that may be similar to the disclosing Party’s Proprietary Information. Nothing in this Agreement shall be construed as a representation that a receiving Party will not develop products or systems for itself or for others that may compete with or be similar to the products or systems contemplated by the disclosing Party’s Proprietary Information so long as the disclosing Party’s Proprietary Information is not improperly used.
3.10 The obligations of a receiving Party with respect to the Proprietary Information of the disclosing Party shall cease three (3) years from the date of the disclosure of the Proprietary Information, and shall survive termination or cancellation of this Agreement.
4. Limitation of Liability
4.1 e2e-assure’s liability under this Contract shall be limited to the amount paid by the Customer for the Service. In no event shall e2e-assure be liable for any indirect, special, or consequential damages arising out of or in connection with the use of the Service.
5. Jurisdiction
5.1 This Contract and/or any non-contractual obligations or matters arising out of or in connection with it, shall be governed by and construed in accordance with the laws of England and Wales and each Party agrees to submit to the exclusive jurisdiction of the courts of England and Wales.
