Terms

Updated: December 2020

This Agreement is made between Worx Software Limited (“Worx”) and the individual or entity named in the applicable Order (“Customer” or “You”). By placing an Order and installing or starting to use all or any portion of the Services You are deemed to accept all of these terms and conditions which governs Your access to and use of the Services. If You are entering into this Agreement on behalf of a company or other legal entity you represent that you have the authority to bind such entity to this Agreement. If You do not have such authority or if You do not agree to these terms and conditions, You may not access or use the Services.

1. Definitions

1.1       In this Agreement the following terms shall have the following meanings:

“Account“

a designated account within the Platform enabling Customer to access and use the Hosted Services;

“Affiliate“

any entity which directly or indirectly controls, is controlled by, or is under common control of the subject entity. “control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity;

“Agreement“

this agreement including any documents incorporated by reference;

“Annual Fee”

the Reseller’s charge per 12 month period for the right to access the Platform, receive Support and use the Hosted Services up to the number of Devices specified in the Order subject to the restrictions contained or otherwise referred to in the Usage Policy;

“Business Day” or “Business Hours“

9am to 5pm U.K. time Monday to Friday excluding U.K. public holidays.

“Charges“

collectively the Annual Fee and Consultancy Fees plus taxes;

“Confidential Information“

all information disclosed by a Party (“Disclosing Party”) to the other Party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information;

“Consultancy Fees”

the charges and expenses calculated on a time and materials basis at Reseller’s daily rates as published from time to time for provision of Set Up Services and Consultancy Services;

“Consultancy Services“

provision of general consultancy services in relation to the use of the Hosted Services as set out in a Statement of Work;

“Customer Data“

all data, works and materials: uploaded to or stored on the Platform by the Customer; transmitted by the Platform at the instigation of the Customer; supplied by the Customer to Worx for uploading to, transmission by or storage on the Platform; or generated by the Platform as a result of the use of the Hosted Services by the Customer;

“Customer Systems“

hardware and software systems including Devices, Web Browser(s) and Mobile App used by the Customer (but not supplied by Worx) that interact with, or may reasonably be expected to interact with, the Hosted Services;

“Devices”

unique devices such as a smartphone or tablet computer used to access TagworX via the Mobile App or otherwise interact with the Platform;

“Documentation“

the on-line user guide and description of the Hosted Services accessible by Customer via the website www.worx.software as updated by Worx from time to time;

“Effective Date”

the date specified by Worx from which the Services are provided;

“Force Majeure Event“

means an event, or a series of related events, that is outside the reasonable control of the party affected (including failures of the internet or any public telecommunications network, hacker attacks, denial of service attacks, virus or other malicious software attacks or infections, power failures, industrial disputes affecting any third party, changes to the law, disasters, explosions, fires, floods, riots, terrorist attacks and wars);

“Hosted Services“

Worx’s Inventory and Asset Management service (branded Tagworx) as described in the Documentation made available to the Customer via the internet in accordance with this Agreement;

“Hosted Services Defect“

means a defect, error or bug in the Platform which causes the Hosted Services not to perform substantially in accordance with the Documentation, but excluding any defect, error or bug caused by or arising as a result of:

(a)        any act or omission of the Customer;

(b)       any use of the Platform or Hosted Services contrary to the Documentation, whether by the Customer or by any person authorised by the Customer;

(c)        a failure of the Customer to perform or observe any of its obligations in this Agreement; and/or

(d)       a failure of the Customer to use those versions of the Customer System supported by Worx as specified in the Documentation;

(e)        an incompatibility between the Platform or Hosted Services and any other system, network, application, program, hardware or software not specified as compatible in the Documentation;

“Intellectual Property Rights“

means all intellectual property rights wherever in the world, whether registrable or unregistrable, registered or unregistered, including any application or right of application for such rights (and these “intellectual property rights” include copyright and related rights, database rights, confidential information, trade secrets, know-how, business names, trade names, trade marks, service marks, passing off rights, unfair competition rights, patents, petty patents, utility models, semi-conductor topography rights and rights in designs);

“Minimum Term“

the period of 12 months from the Effective Date;

“Mobile App“

the mobile application currently called ‘Tagworx Inventory’ available through the Google Play Store and/or the Apple App Store upon terms specified by the relevant provider which enables Devices to connect to the Platform;

“Order”

Customer’s order for the Services placed with the Reseller which evidences Customer’s purchase of a subscription to the Hosted Services from the date set out in the Order;

“Parties” or “Party”

collectively Worx and Customer or each of them respectively;

“Permitted Purpose“

use of the Hosted Services for the Customer’s internal business purposes or as otherwise specified in the relevant Order;

“Personal Data“

has the meaning given to it in the Data Protection Act 2018;

“Platform“

the computer platform managed and used by Worx to provide the Hosted Services, accessible by Customer via the website www.worx.software;

“Reseller”

The entity upon whom the Customer places the Order and to whom the Charges are paid;

“Statement of Work”

a written description of Set Up Services and Consultancy Services to be implemented by Worx;

“Services”

collectively the Consultancy Services, Hosted Services, Set-Up Services and Support;

“Set Up Services“

means the configuration, implementation and integration of the Hosted Services as specified in a Statement of Work;

“Support “

technical support for the Platform and Hosted Services provided by Reseller as specified at https://support.worx.software  which may be updated by Worx from time to time;

“Term“

duration of this Agreement as defined in Clause 2.1;

“Users”

the number of unique users who can access the TagworX Portal / TagworX apps in a 24 hour period;

“Usage Policy”

the policy regarding limitations and restrictions on Customer when utilising the Hosted Services as specified at www.worx.software/useage-policy as updated by Worx from time to time;

“Web Browser“

the current release from time to time of Microsoft Internet Explorer, Mozilla Firefox, Google Chrome or Apple Safari;

2. Term

2.1       This Agreement shall commence upon the Effective Date, continue in force for at least the Minimum Period and thereafter for rolling 12 monthly periods subject to termination in accordance with Clause 14.

3. Set Up Services

3.1       Worx shall provide the Set Up Services and shall use reasonable endeavours to ensure that the Set Up Services are provided upon or promptly following the Effective Date.

3.2       The Customer must provide Worx, or procure for Worx, such access to and assistance with the Customer’s computer hardware, software, networks and systems as may be reasonably required by Worx to enable Worx to provide the Services. The Customer acknowledges that failure or delay to provide such access and assistance may result in delay or non-performance of the Services and Worx will not be liable to the Customer in respect of delay or non-performance.

3.3       Following completion of the Set-Up Services Worx shall create an Account and provide Customer with login details for that Account.

4. Hosted Services

4.1       Following creation of an Account and Worx’s receipt from the Reseller of its charges, Worx grants Customer a non-exclusive, non-transferable right to access the Platform through the Web Browser and use the Hosted Services via the Devices in accordance with the Documentation for the Term for the Permitted Purpose.

4.2       The licence granted by Worx to the Customer under Clause 4.1 is subject to the following limitations:

(a)        the Hosted Services may only be used by the officers, employees, agents and subcontractors of either the Customer or an Affiliate of the Customer;

(b)       the Hosted Services must not be used at any point in time by more than the maximum number of Devices and Users as specified in the Order, the number of Devices may only be varied during the Term by agreement between the Parties.

4.3       Except to the extent expressly permitted in this Agreement or required by law on a non-excludable basis, the licence granted by Worx to the Customer under Clause 4.1 is subject to the following prohibitions:

(a)        the Customer must not sub-license its right to access and use the Hosted Services;

(b)       the Customer must not permit any unauthorised person to access or use the Hosted Services;

(c)        the Customer must not republish or redistribute any content or material from the Hosted Services; and

(e)        the Customer must not make any alteration to the Platform, except as permitted by the Documentation.

4.4       Worx shall use reasonable endeavours to make the Hosted Services available 24 hours a day, 7 days a week, except for: (a) planned downtime during which Worx shall apply updates to the Platform which Worx will schedule to the extent practicable outside of Business Hours, (b) any unavailability caused by a Force Majeure Event or (c) unavailability caused by the Customer System.

4.5       The Customer shall use appropriate security measures when accessing the Platform via its administrator Account, to ensure that no unauthorised person may gain access to the Hosted Services.

4.6       The Customer must comply with the Usage Policy and ensure that all persons accessing or otherwise using the Hosted Services comply with the Usage Policy.

4.7       Customer acknowledges and agrees that it has no right to access the software code (including object code, intermediate code and source code) of the Platform, either during or after the Term.

5. Consultancy Services and Intellectual Property rights

5.1       Worx shall perform Consultancy Services as specified in a Statement of Work. The Customer agrees that Consultancy Fees for provision of the Consultancy Services are exclusive of any expenses, including but not limited to reasonable travel and living expenses personnel, airfare, mileage, parking, tolls, lodging, auto rental and per diem meal expense; which the Customer agrees to pay.

5.2       All Intellectual Property Rights in the Consultancy Services shall, as between the Parties, be the exclusive property of Worx.

5.3       Worx reserves the right to incorporate into the Platform any deliverable or invention arising from the performance of Consultancy Services.

5.4       Nothing in this Agreement shall operate to assign or transfer any Intellectual Property Rights from Worx to the Customer, or from the Customer to Worx.

6. Support

6.1       Worx agrees to provide Support for the Term. Worx’s obligations under this Clause 6 only apply during the Term and are conditional upon Worx having received payment from Reseller of its charges.

6.2       Support is only available in the English language and is provided solely at the Website https://support.worx.software, via the helpdesk facility described www.worx.software/support.

6.3       Worx will log all Hosted Services Defects reported to it by the Reseller. Upon identification of any Hosted Services Defect, Customer shall provide Worx with enough information to reproduce the Hosted Services Defect. If Worx is unable to replicate the Hosted Services Defect, Worx will request a second sample. If Worx is still unable to replicate the Hosted Services Defect from this second sample then Worx will close the reported Hosted Services Defect. Worx will notify Customer as soon as possible if it determines that no Hosted Services Defect exists or if Worx is unable to reproduce the reported Hosted Services Defect. Any resolutions shall only be implemented during planned downtime which is normally outside of Business Hours.

6.4       Worx does not guarantee that it will be able to resolve all Hosted Services Defects notified to it by Reseller and if the prescribed resolution time expires before the first available planned downtime, the resolution time shall automatically be extended to the next available planned downtime.

6.5       Support does not include any training services and the offering of any such services shall be at the sole option of Worx and subject to additional fees and charges to be agreed separately for each such situation.

6.6       Support is contingent on Customer’s compliance with the following additional obligations: (i) Customer’s personnel shall be trained in use of the Hosted Services; (ii) Customer shall provide Worx with sufficient documentation, data, details and assistance with respect to any reported Hosted Services Defect so as to enable Worx to reproduce and verify the same as an Hosted Services Defect; (iii) Customer shall assist Worx to diagnose and correct reported Hosted Services Defect by providing: (a) all relevant documentation and records, including sample output and other diagnostic information; (b) interaction with personnel who have authority to implement remedial actions as instructed by Worx; and (c) access to Customer’s live production environment in which the Customer Data is displayed. Customer acknowledges that failure to provide such assistance will affect Worx’s ability to resolve a Hosted Services Defect.

7. Customer Data

7.1       The Customer hereby grants to Worx a non-exclusive licence to copy, reproduce, store, distribute, publish, export, adapt, edit and translate the Customer Data to the extent reasonably required for the performance of Worx’s obligations and the exercise of Worx’s rights under this Agreement, together with the right to sub-license these rights to its hosting, connectivity and telecommunications service providers to the extent reasonably required for the performance of Worx’s obligations and the exercise of Worx’s rights under this Agreement.

7.2       The Customer warrants to Worx that the Customer Data will not:

(a)        breach the provisions of any law, statute or regulation;

(b)       infringe the Intellectual Property Rights or other legal rights of any person; or

(c)        give rise to any cause of action against Worx,

            in each case.

7.3       Worx shall create a back-up copy of the Customer Data at least daily, sufficient to enable Worx to restore the Hosted Services to the state they were in at the time the back-up was taken.

7.4       Worx shall use all reasonable endeavours to restore to the Platform the Customer Data stored in any back-up copy created and stored by Worx in accordance with Clause 7.3. The Customer acknowledges that this process will overwrite the Customer Data stored on the Platform prior to the restoration.

8. Charges

8.1       Customer acknowledges and agrees that Reseller will issue invoices for the Charges. The Customer further agrees to pay each invoice within 30 days its receipt thereof.

8.2       Customer acknowledges and agrees that Worx may suspend the provision of the Hosted Swervices until full payment has been received by Worx from the Reseller.

8.3       All amounts stated in or in relation to this Agreement are, unless the context requires otherwise stated exclusive of any applicable value added taxes.

9. Confidentiality

9.1       Worx agrees that the Customer Data constitutes Confidential Information belonging to Customer and Customer agrees that the Hosted Services constitute Confidential Information belonging to Worx and the Receiving Party agrees to treat as Confidential Information the business and marketing plans, technology and technical information, product plans and designs, and business processes of the Disclosing Party. However, Confidential Information shall not include any information that is trivial or obvious, in the public domain, already known by the Receiving Party, or is required to be disclosed by law or any securities exchange or regulatory or governmental body.

9.2       Receiving Party agrees on behalf of itself and its Affiliates that it may only disclose the Confidential Information which it receives from the Disclosing Party to such of its officers, employees, contractors and agents as need to know for purposes consistent with the Services. Receiving Party shall ensure that such officers, employees, contractors and agents are bound by equivalent obligations in respect of the Confidential Information to those set out hereunder and shall use its best efforts to ensure that they abide by such obligations.

9.3       If the Receiving Party is compelled by law, regulation or a court of competent jurisdiction to disclose any of the Disclosing Party’s Confidential Information, to the extent permitted by law, the Receiving Party will promptly notify the Disclosing Party so that it may seek a protective order or other appropriate remedy.  The Receiving Party agrees to cooperate at the Disclosing Party’s expense in seeking such order or other remedy.  If disclosure is ultimately required, the Receiving Party will furnish only that portion of the Confidential Information that is legally required, exercise reasonable efforts to obtain assurance that it will receive confidential treatment, and continue to treat such Confidential Information in accordance with its obligations under this Clause.

9.4       Each party acknowledges that the Disclosing Party would be irreparably harmed if Receiving Party’s obligations hereunder are not specifically enforced and that Disclosing Party would not have an adequate remedy at law in the event of an actual or threatened violation hereof.  Therefore, the Receiving Party agrees that Disclosing Party shall be entitled to seek an injunction or any appropriate decree of specific performance for any actual or threatened violations by the Receiving Party or its employees, agents, representatives or customers, without the necessity of Disclosing Party showing actual damages or that monetary damages would not afford an adequate remedy.

10. Data Protection

10.1     The Customer warrants to Worx that it has the legal right to disclose all Personal Data that it does in fact disclose to Worx under or in connection with this Agreement.

10.2     Customer acknowledges and agrees that it is primarily responsible for and will comply with all requirements regarding the collection, use, processing, storage, protection, disclosure, transfer and destruction of Personal Data comprised within the Customer Data. To the extent that Worx accesses or holds Customer’s Personal Data in connection with the Hosted Services, Customer acknowledges that Worx does not incur any liability or obligations with respect to Personal Data comprised within the Customer Data or have any responsibility to Customer beyond that stated in this Clause 10.

10.3     Worx warrants to the Customer that:

(a)        it will act only on instructions from the Customer in relation to the processing of Customer’s Personal Data;

(b)       it has in place appropriate security measures (both technical and organisational) against unlawful or unauthorised processing of Customer’s Personal Data and against loss or corruption of Customer’s Personal Data;

(c)        it will only process the Customer’s Personal Data for the purposes of performing its obligations and exercising its rights under this Agreement;

10.4     Worx shall notify the Customer as soon as practicable if:

(a)        it becomes aware if any of the Customer Personal Data is lost or destroyed, or becomes damaged, corrupted or unusable;

(b)       Worx receives any complaint or regulatory notice which relates to the processing of any of the Customer Personal Data; or

(c)        Worx receives a request from a data subject for access to any of the Customer Personal Data.

10.5     Worx shall co-operate with the Customer in relation to:

(a)        any request from the Customer to amend or delete any of the Customer’s Personal Data;

(b)       any complaint or regulatory notification relating to the processing of any of the Customer’s Personal Data; and

(c)        any request from a data subject for access to any of the Customer’s Personal Data,

            at the cost and expense of the Customer.

10.6     Worx shall ensure that access to the Customer Personal Data is limited to those Worx personnel who have a reasonable need to access the Customer Personal Data to enable Worx to perform its duties under this Agreement; any access to the Customer Personal Data must be limited to such part or parts of the Customer Personal Data as are strictly necessary.

11. Warranties

11.1     Worx warrants to the Customer that:

(a)        it has the legal right and authority to enter into this Agreement and to perform its obligations under this Agreement;

(b)       the Platform and Hosted Services will conform in all material respects with the Documentation;

(c)        the Platform will be regularly scanned using an up to date proprietary virus checker and all viruses, worms, Trojan horses, ransomware, spyware, adware and other malicious software programs identified by such proprietary virus checker will be removed;

11.2     The Customer warrants to Worx that it has the legal right and authority to enter into this Agreement and to perform its obligations under the Agreement.

11.3     The Customer acknowledges that complex software is never wholly free from security vulnerabilities, defects, Hosted Services Defect and bugs; and subject to the other provisions of this Agreement, Worx gives no warranty or representation that the Hosted Services will be wholly secure or free from defects, Hosted Services Defect and bugs.

11.4     The Customer acknowledges that Worx will not provide any legal, financial, accountancy or taxation advice under this Agreement or in relation to the Hosted Services; and, except to the extent expressly provided otherwise in this Agreement, Worx does not warrant or represent that the Hosted Services or the use of the Hosted Services by the Customer will not give rise to any legal liability on the part of the Customer or any other person.

11.5     All of the Parties’ warranties and representations in respect of the subject matter of this Agreement are expressly set out in this Agreement. To the maximum extent permitted by applicable law, no other warranties or representations concerning the subject matter of this Agreement will be implied into the Agreement or any related contract.

12. Indemnities

12.1     Worx shall indemnify and shall keep indemnified the Customer against any and all liabilities, damages, losses, costs and expenses (including legal expenses and amounts reasonably paid in settlement of legal claims) suffered or incurred by the Customer and arising directly or indirectly as a result of the Hosted Services infringing the United Kingdom Intellectual Property Rights of any person (an “Worx Indemnity Event“) Provided that:

12.2     The Customer must:

(a)        upon becoming aware of an actual or potential Worx Indemnity Event, notify Worx;

(b)       provide Worx all such assistance as may be reasonably requested by Worx in relation to Worx Indemnity Event;

(c)        allow Worx the exclusive conduct of all disputes, proceedings, negotiations and settlements with third parties relating to Worx Indemnity Event; and

(d)       not admit liability to any third party in connection with Worx Indemnity Event or settle any disputes or proceedings involving a third party and relating to Worx Indemnity Event without the prior written consent of Worx,

            Worx’s obligation to indemnify the Customer under Clause 12.1 shall not apply unless the Customer complies with the requirements of this Clause 12.2.

12.3     The Customer shall indemnify and shall keep indemnified Worx against any and all liabilities, damages, losses, costs and expenses (including legal expenses and amounts reasonably paid in settlement of legal claims) suffered or incurred by Worx and arising directly or indirectly as a result of any breach by the Customer of this Agreement (a “Customer Indemnity Event“) Provided that:

12.4     Worx must:

(a)        upon becoming aware of an actual or potential Customer Indemnity Event, notify the Customer;

(b)       provide to the Customer all such assistance as may be reasonably requested by the Customer in relation to the Customer Indemnity Event;

(c)        allow the Customer the exclusive conduct of all disputes, proceedings, negotiations and settlements with third parties relating to the Customer Indemnity Event; and

(d)       not admit liability to any third party in connection with the Customer Indemnity Event or settle any disputes or proceedings involving a third party and relating to the Customer Indemnity Event without the prior written consent of the Customer,

            Customer’s obligation to indemnify Worx under Clause 12.3 shall not apply unless Worx complies with the requirements of this Clause 12.4.

12.5     The indemnity protection set out in this Clause 12 shall be subject to the limitations and exclusions of liability set out in this Agreement.

13. Limitations and exclusions of liability

13.1     Nothing in this Agreement will limit or exclude any liability:

(a)        for death or personal injury resulting from negligence;

(b)       for fraud or fraudulent misrepresentation;

(c)        for infringement of Intellectual Property Rights; or

(d)       that is not permitted under applicable law;

13.2     The limitations and exclusions of liability set out in this Clause 13 and elsewhere in this Agreement are subject to Clause 13.1 and govern all liabilities arising under the Agreement or relating to the subject matter of the Agreement, including liabilities arising in contract, in tort (including negligence) and for breach of statutory duty, except to the extent expressly provided otherwise in the Agreement.

13.4     Neither Party shall be liable to the other Party in respect of any loss of profits or anticipated savings, loss of revenue or income, loss of use or production, loss of business, contracts or opportunities, loss or corruption of any data, database or software, any special, indirect or consequential loss or damage.

13.5     The aggregate liability of each Party to the other Party under this Agreement in respect of any event or series of related events shall not exceed the total amount paid and payable by the Customer to Worx under the Agreement in the 12 month period preceding the commencement of the event or events.

14. Termination

14.1     Either Party may terminate this Agreement for its convenience by giving to the other Party not less than 90 days’ written notice of termination after the end of the Minimum Term.

14.2     Either Party may terminate this Agreement immediately by giving written notice of termination to the other Party if the other Party commits any material breach of the Agreement fails to remedy the breach within the period of 30 days following the giving of a written notice to the other party requiring the breach to be remedied.

14.3     Either Party may terminate this Agreement immediately by giving written notice of termination to the other Party if:

(a)        the other party:

(i)         is dissolved;

(ii)        ceases to conduct all (or substantially all) of its business;

(iii)       is or becomes unable to pay its debts as they fall due;

(iv)       is or becomes insolvent or is declared insolvent; or

(v)        convenes a meeting or makes or proposes to make any arrangement or composition with its creditors;

(b)       an administrator, administrative receiver, liquidator, receiver, trustee, manager or similar is appointed over any of the assets of the other party;

(c)        an order is made for the winding up of the other party, or the other party passes a resolution for its winding up (other than for the purpose of a solvent company reorganisation where the resulting entity will assume all the obligations of the other party under the Agreement);

15. Effects of termination

15.1     Upon the termination of this Agreement, all of the provisions of this Agreement shall cease to have effect, save that the following provisions of this Agreement shall survive and continue to have effect (in accordance with their express terms or otherwise indefinitely): Clauses 1, 9, 13, 14 and 15.

15.2     The termination of this Agreement shall not affect the accrued rights of either party.

15.3     Within 30 days following the termination of this Agreement for any reason:

(a)        the Customer must pay to Worx any Charges in respect of Services provided to the Customer before the termination of the Agreement; and

(b)       Worx must refund to the Customer on a time spent pro rata basis pre-paid Charges in respect of Services that were to be provided to the Customer after the termination of the Agreement;

            without prejudice to the parties’ other legal rights.

16. Non-solicitation of personnel

16.1     Neither Party shall, without the prior written consent of the other Party, either during the Term or within the period of 6 months following the end of the Term, engage, employ or solicit for engagement or employment any employee or subcontractor of the other Party who has been involved in any way in the negotiation or performance of this Agreement.

17. Notices

17.1     Any notice or other document given by either Party to the other hereunder shall be in writing and sent to the registered office address or principal office address of the recipient (or such other address as that party may advise by notice) and marked for the attention of the Managing Director. Any such notice (except notice of termination issued pursuant to Clause 14 which shall either be delivered personally or by recorded delivery first class pre-paid mail only) may be delivered personally, by electronic mail (sent to the e-mail address supplied on request) or by first class pre-paid mail and shall be deemed to have been served if personally, when delivered, if by first class mail, three Business Days after mailing, if by recorded delivery first class pre-paid mail, when signed for by the recipient and if by electronic mail the first Business Day after transmission.

18. Subcontracting

18.1     Worx may subcontract any of its obligations under this Agreement including hosting of the Platform provided that Worx shall remain responsible to the Customer for the performance of any subcontracted obligations.

19. Assignment

19.1     Neither Party may assign, transfer or otherwise deal with its contractual rights and/or obligations under this Agreement without the prior written consent of the other Party, such consent not to be unreasonably withheld or delayed, providing that Worx may assign the entirety of its rights and obligations under this Agreement to any Affiliate of Worx or to any successor to all or a substantial part of the business of Worx from time to time.

20. General

20.1     No relaxation, forbearance, delay or indulgence by either Party in enforcing any of these terms and conditions or the granting of time by either Party to the other shall prejudice, affect or restrict the rights and powers of that said Party hereunder nor shall any waiver by either Party of any breach hereof operate as a waiver of any subsequent or any continuing breach hereof.

20.2     No amendment or other variation shall be effective unless it is in writing, is dated, and is signed by or on behalf of each of the Parties.

20.3     The provisions of this Agreement constitute the entire agreement between the Parties in relation to the Services and supersedes all prior communications, negotiations, representations and agreements (whether written or oral) of the Parties with respect thereto.

20.4     No person who is not a Party hereto (including any employee, officer, agent, representative or subcontractor of either Party) shall have the right to enforce any term hereof without the express prior agreement in writing of the Parties.

20.5     Any difficulties or uncertainties in interpretation arising shall be solved by reference to the English text and each party shall be responsible for its own costs incurred in making any translations.

20.6     If any provision hereof or any part of any such provision is held to be invalid or unenforceable, such provision or part (as the case may be) shall be ineffective only to the extent of such invalidity or unenforceability, without rendering invalid or unenforceable or otherwise prejudicing or affecting the remainder of such provision or any other provision hereof.

20.7     Each Party agrees that in entering into this Agreement it has not relied on any representation, warranty, collateral contract or other assurance (except those set out in herein) made by or on behalf of the other Party before the signature of this Agreement. Each Party waives all rights and remedies which, but for this Clause 20.7, might otherwise be available to it in respect of any such representation, warranty, collateral contract or other assurance.

20.8     This Agreement shall be governed by and construed in accordance with English law and any disputes relating to this Agreement shall be subject to the non-exclusive jurisdiction of the courts of England.

worX Software Limited (“worX.”) is committed to preserving the confidentiality and integrity of all information it holds and processes. We are also committed to operating our business in compliance with the requirements of the appropriate data protection legislation being the UK Data Protection Act 1998 and the General Data Protection Regulations (“GDPR”) (together the “Legislation”).

We recognise the importance of Personal Data and of respecting the privacy rights of individuals. This Data Protection & Security Policy (“Policy”) sets out the principles which we apply to our Processing of Personal Data and use of Confidential Information so that we not only safeguard one of our most valuable assets, but also that which belongs to our customers and employees. For the most part we process this information in one of two capacities, either: (i) as a Data Controller for our own internal business operations, such as human resources, administration, marketing, sales etc. or (ii) as a Data Processor when carrying out our software-as-a-service (or “SaaS”) operations for our customers.

The Legislation places obligations upon the Data Controller and Data Processors, it is therefore the responsibility of all worX employees to apply the provisions of this Policy in relation to all processing of Personal Data and handling of Confidential Information, whether worX is acting as Data Controller or Data Processor (or both). worX provides employees with instructions in respect of such matters.

2. DEFINITIONS

The following key words and phrases are used within this Policy:

“Confidential Information”

means all information (however recorded, preserved or disclosed) disclosed to worX or its representatives, whether or not marked as “confidential”, including but not limited to:

(a) Personal Data, any information designated as confidential or commercially sensitive or that which is, by its nature, clearly confidential,
(b) the business, affairs, customers, clients, suppliers, plans, developments, intentions, or market opportunities of the disclosing party or of the disclosing party’s group;
(c) the operations, processes, product information, know-how, designs, trade secrets or software of the disclosing party or of the disclosing party’s group; and
(d) any information or analysis derived from Confidential Information;
but not including any information that:
(a) is or becomes generally available to the public other than as a result of its disclosure by worX in breach of this Policy;
(b) was available to worX on a non-confidential basis prior to disclosure by the disclosing party;
(c) is received by worX from a third party who lawfully acquired or developed it and who is under no obligation of confidentiality in relation to its disclosure;
(d) the parties agree in writing is not confidential or may be disclosed; or
(e) is independently developed by worX without the use of the disclosing party’s Confidential Information.

“Data”

means information that is processed electronically (e.g. by computer); is recorded manually (e.g. on paper) with the intention of being processed electronically; or is recorded as part of any filing system structured by reference to individuals or criteria relating to them in such a way that specific information relating to a particular individual is readily accessible;

“Data Controller”

means the organisation that determines the purposes for which and the manner in which Personal Data are processed;

“Data Processor”

means the organisation that processes Personal Data on behalf of the Data Controller;

“Data Subject”

means a living, identifiable individual about whom Personal Data is processed;

“Personal Data”

means Data which relate to a living individual who can be identified from those Data or from those Data and other information which is in the possession of or is likely to come into our possession as Data Controller or Data Processor, as the case may be. Personal Data include opinions and any indications of our intentions towards an individual;

“Processing”

includes obtaining, recording, holding, altering, retrieving, consulting, using, disclosing, blocking, erasing or destroying Personal Data;

“Sensitive Personal Data”

means information about the Data Subject relating to the (a) racial or ethnic origin, (b) political opinions, (c) religious beliefs or other beliefs of a similar nature, (d) trade union membership, (e) physical or mental health or condition, (f) sexual life, (g) commission or alleged commission by any offence, and (h) any proceedings for any offence committed or alleged to have been committed, the disposal of such proceedings or the sentence of any court in such proceedings.

3. DATA PROTECTION PRINCIPLES

worX is committed to complying with the data protection principles set out in the Legislation. Under the UK Data Protection Act, these are set out as eight data protection principles, under which Personal Data must:

1. be processed fairly and lawfully;
2. be obtained and processed only for one or more specified and lawful purposes;
3. be adequate, relevant and not excessive in relation to the purpose;
4. be accurate and, where necessary, kept up to date;
5. be kept for no longer than is necessary for the purpose;
6. be processed in accordance with the rights of Data Subjects under the Legislation;
7. be held securely and appropriate technical and organisational measures must be taken against unauthorised or unlawful Processing and against accidental loss, destruction or damage;
8. not be transferred to a country or territory outside the European Economic Area unless adequate protection is in place.

worX has notified the Information Commissioner’s Office of the types of personal information it processes and the purposes for which it does so.

Further details of how worX complies with these principles are set out below.

PRINCIPLE 1 – FAIR & LAWFUL PROCESSING

Fair Processing

The Legislation requires that Personal Data must be processed fairly. This means the Data Controller must ensure transparency of Processing so that Data Subjects are aware of who is Processing their Personal Data and why. This is primarily an obligation on the Data Controller who determines what is being processed and is much less relevant to a Data Processor who does not determine what is processed.

This obligation affects worX primarily when acting as a Data Controller in relation to the operation of our own internal business. For example, all employees’ terms of employment contain a data protection notice which includes the following information:

• the identity of the Data Controller (i.e. worX);
• the purposes for the Processing;
• any other information that is necessary to make the Processing fair (such as any recipients of the Data and their purposes, a reminder of the Data Subject’s right of access (see below) and correction and whether any of the information we are asking for is mandatory or voluntary);

In the case of worX marketing activities e.g. advertisement of worX products and services on our website, we include a description of the communication channels that we intend to use. If any of those channels involve marketing by email, SMS, fax or automated calling systems, we will obtain the Data Subject’s consent by means of a suitable (reversible) opt in provision. Where we obtain Personal Data directly from the Data Subject (e.g. as a result of a telephone call, or online capture) we give the notice to the Data Subject at the time we obtain their Data. Where we obtain Personal Data about a Data Subject from a third-party source (e.g. an agent) we provide the data protection notice as soon as reasonably practicable after we have started Processing their Data (unless it would be a disproportionate effort to do so).

Accordingly, where we act as a Data Processor for our SaaS customers, the obligation to issue any necessary data protection notices rests with our customer.

Lawful Processing

This is primarily an obligation for Data Controllers and for the most part only affects worX in the operation of our own internal business. worX will only process Personal Data where it is justified under one of the following conditions:

• the Data Subject has given his consent to the Processing; or
• the Processing is necessary:
  • in order to enter into or perform a contract with the Data Subject;
  • for compliance with a legal obligation to that applies to worX (other than an obligation under a contract);
  • in order to protect the vital interests of the Data Subject (i.e. a life or death situation);
  • for the purposes of legitimate interests pursued by the Data Controller or by the third party to whom the information is disclosed, except where the Processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the Data Subject.

Processing Sensitive Personal Data

In addition, where worX processes Sensitive Personal Data, due to the sensitive and sometimes confidential nature of this category of Personal Data we will only process Sensitive Personal Data where it is justified under one of the following additional conditions:

• the Data Subject has given explicit consent to the Processing; or
• the Processing is necessary for:
  • worX to comply with employment law;
  • the protection of the vital interests of the Data Subject or another person, where the Data Subject’s consent cannot be given or has been unreasonably withheld, or where the Data Controller cannot reasonably be expected to obtain consent;
  • the purposes of legal proceedings or for obtaining legal advice, or otherwise for establishing, exercising or defending legal rights;
  • medical purposes and is undertaken by a health professional or someone subject to an equivalent duty of confidentiality;
  • monitoring equality of opportunity and is carried out with appropriate safeguards for the rights of Data Subjects.
  • the prevention or detection of any unlawful act, and must necessarily be carried out without the explicit consent of the Data Subject being sought so as not to prejudice those purposes;
  • research purposes in the substantial public interest and it does not support measures or decisions with respect to any particular Data Subject and does not cause, nor is likely to cause, substantial damage or distress to the Data Subject or any other person.

PRINCIPLE 2 – COLLECTION & PROCESSING FOR SPECIFIED & LAWFUL PURPOSES

The Legislation requires that Personal Data must be obtained by Data Controllers only for one or more specified and lawful purposes and must not be further processed in any manner incompatible with those purposes.
Accordingly, the purposes for which worX will process Personal Data as a Data Controller are set out below:

• Staff Administration
• Advertising, Marketing and Public Relations
• Advertising, Marketing and Public Relations on behalf of customers
• Accounts and Records
• Consultancy and Advisory Services
• Information and databank administration.

worX will not process Personal Data for any other purpose unless the Data Subject gives consent. Where worX acts as a Data Processor for a SaaS customer the responsibility for obtaining any such consent rests with the relevant SaaS customer.

PRINCIPLE 3 – ADEQUATE, RELEVANT AND NOT EXCESSIVE

The Legislation requires that Personal Data must be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed and that it must be kept up to date.

To fulfil the requirement for Personal Data to be adequate, relevant and not excessive, worX ensures that when acting as Data Controller:

• we identify the Personal Data needed for a particular purpose and we collect the minimum amount required to properly fulfil that purpose;
• we do not hold Personal Data on a ‘just-in-case’ basis or because we think it might be useful in the future except where a Data Subject consents, e.g. a prospective employee agrees to us retaining Personal Data should a suitable vacancy arise;
• we keep Data up to date; and
• we do not keep Data for too long.

PRINCIPLE 4 – ACCURATE & UP TO DATE

When inputting Data onto our system in our capacity as a Data Controller, worX takes reasonable steps to ensure the Data is accurate and may contact Data Subjects for clarification if we are unsure as to the accuracy of certain information. worX will not be in breach of this principle, even if we are holding inaccurate Data if:

• we accurately recorded those Data when we received them from the Data Subject or a third party;
• we took reasonable steps to ensure the accuracy of those Data; and
• if the Data Subject has notified us that the Data are inaccurate, we have taken steps to indicate this fact.

worX takes reasonable steps to keep Data up to date to the extent necessary.

PRINCIPLE 5 – KEPT FOR NO LONGER THAN IS NECESSARY

The Legislation requires that Personal Data processed for any purpose must not be kept for longer than is necessary for that purpose.

worX reviews the Personal Data it holds on a regular basis and, where relevant, securely removes any Data which is no longer required in connection with the purpose for which it was originally obtained. Securely removes means that any printed material is appropriately shredded or electronic media has the record removed from it relating to the subject, in a manner that the material is not normally retrievable.

Where worX acts as Data Processor and holds Data on its servers on behalf of its customers that the customer has input directly into worX’s system, the customer will be responsible for maintaining such Data and deleting any Data that is no longer required. worX will return or destroy all Data held on behalf of a SaaS customer in accordance with the terms of the relevant contract with that customer.

PRINCIPLE 6 – PROCESSED IN ACCORDANCE WITH THE RIGHTS OF DATA SUBJECTS

Data Subjects have certain rights under the Legislation to access their Data and to prevent processing in certain circumstances. Most requests will come from our employees where worX is a Data Controller, although worX will also have to respond to subject access requests from the customers of our SaaS customers.

Right of Subject Access

If worX receives a written request from a Data Subject for access to his/her Personal Data, we will respond within 40 days of receipt of the request and provide a description of:

• the Personal Data relating to that Data Subject;
• the purposes for which the Data are being processed;
• the recipients of the Data;
• the information constituting the Personal Data; and
• the source of those Data (if available).

worX reserves the right to charge the Data Subject a fee for the provision of this information as defined by the Legislation. Where the Data is held on behalf of a SaaS customer, worX will notify that customer of such request for access and give the SaaS customer the option to deal with the request itself.

Right to Prevent Processing Likely to Cause Damage or Distress

Data Subjects have the right to ask us not to process their Personal Data if the Processing of the Data in a particular way or for a particular purpose is causing, or is likely to cause, damage or distress to that Data Subject or another person; and that damage or distress is, or would be, unwarranted.

If we receive a written request from any person exercising this right, we will respond within 21 days of receipt of the request and confirm that we have either complied or intend to comply with the request or stating our reasons for non-compliance. Where this occurs in the case of worX acting as a Data Processor for a SaaS customer, the request must be forwarded to the relevant SaaS customer and the Data Subject advised whether worX has the authority to cease processing the Personal Data.

Right to Prevent Processing for the Purposes of Direct Marketing

If we receive a request from a Data Subject that we stop Processing their Personal Data for direct marketing purposes, we will take the appropriate action to ensure that the individual’s details are suppressed on our marketing database and the individual is no longer contacted by us for marketing purposes.

Right to Object to Automated Decision Taking

Data Subjects have the right to object to automated decisions being taken about them in relation to important matters that significantly affect them (such as evaluating performance at work, creditworthiness, reliability or conduct).

If we receive a written request from any person exercising this right, we will respond within 21 days of receipt of the request and inform the individual of the steps that we intend to take to comply with the request. Where this affects the services being provided to a SaaS customer, worX will notify the relevant SaaS customer before responding to the Data Subject.

PRINCIPLE 7 – SECURITY, TECHNICAL AND ORGANISATIONAL MEASURES

The Legislation requires worX to take appropriate technical and organisational measures to safeguard Personal Data against unauthorised or unlawful processing, accidental loss, destruction, or damage.

worX has put in place a number of technical and organisational measures and procedures which we apply not only to Personal Data, but also to all information we hold, including Confidential Information and information of any other kind that is used within the business.

Details of our technical and organisational measures are available upon request.

Where worX uses third parties to process Personal Data on our behalf, they will be acting as our Data Processors and we will ensure that we:

• put in place a contract in writing with each of our Data Processors under which they agree to act only on instructions from us;
• have terms with our Data Processors which refer to compliance with the data protection requirements in their contract; and
• ensure that the Data Processor agrees to comply with obligations equivalent to those set out in this Policy.

PRINCIPLE 8 – OVERSEAS TRANSFERS

The Legislation requires that Personal Data must not be transferred to a country or territory outside the European Economic Area (i.e. the member states of the EU plus Iceland, Liechtenstein and Norway), unless that country or territory ensures an adequate level of protection for the rights and freedoms of Data Subjects in relation to the Processing of Personal Data.

worX will ensure that any Personal Data transferred outside the EEA is adequately protected and that local privacy laws are observed.

4. CONFIDENTIAL INFORMATION

worX will keep Confidential Information (which of course extends beyond Personal Data) it receives confidential and, except with the prior written consent of the disclosing party, will:

• not use or exploit the Confidential Information in any way except for the purposes for which it has been disclosed;
• not disclose or make available the Confidential Information in whole or in part to any third party, except as expressly permitted by the disclosing party;
• not copy, confirm in writing or otherwise record the Confidential Information except as strictly necessary for the purposes for which it has been disclosed and any such copies, confirmations or records shall remain the property of the disclosing party; and
• apply the technical and organisational measures as Annexed to this Policy to Confidential Information.

worX may only disclose the Confidential Information to those of our employees who need to know this Confidential Information for the purposes for which it has been disclosed, provided that:

• we inform those employees of the confidential nature of the Confidential Information before disclosure;
• at all times, we are responsible for compliance of those employees with the obligations set out in this Policy and the technical and organisational measures; and
• the employees receive the training required under the technical and organisational measures prior to such disclosure.

worX may disclose Confidential Information to the extent such Confidential Information is required to be disclosed by law, by any governmental or other regulatory authority, or by a court or other authority of competent jurisdiction provided that, to the extent we are legally permitted to do so, we give the other party as much notice of this disclosure as possible.

worX may, provided that we have reasonable grounds to believe that the disclosing party is involved in activity that may constitute a criminal offence under the Bribery Act 2010, disclose Confidential Information to the Serious Fraud Office without first notifying the disclosing party of such disclosure.

At the request of the disclosing party, worX shall:

• destroy or at worX discretion, return to the disclosing party all documents and materials (and any copies) containing, reflecting, incorporating, or based on the disclosing party’s Confidential Information;
• erase all the disclosing party’s Confidential Information from its computer systems or which is stored in electronic form (to the extent possible); and certify in writing to the disclosing party that it has complied with the requirements of this clause, provided that worX may retain documents and materials containing, reflecting, incorporating, or based on the Confidential Information to the extent required by law or any applicable governmental or regulatory authority and to the extent reasonable to permit worX to keep evidence that it has performed its obligations under any agreement with the disclosing party.