LAST UPDATED JANUARY 4, 2021
Reputation.com (UK) LTD Standard Terms of Service (Data Hosted in EU)
These Standard Terms of Service (the “Terms”) govern the provision by Reputation.com UK Ltd. (the “Company”) of subscription licenses to access and use the SaaS services and any other services provided by Company, including Professional Services (“Pro Services”), (collectively, the “Services”) described in each Order Form or other ordering document (the “Order Form”) to its customer (the “Customer”). These Terms and the related Order Form shall collectively be referred to herein as the “Agreement”.
1. LICENSE GRANT AND RESTRICTIONS
1.1 Service Term. The Agreement is a subscription license to access and use, and not a contract of sale for, the Services. The duration of the Services (“Service Term” or “Subscription Term”) is set forth in the Order Form.
1.2 Proprietary Rights. All intellectual property rights in and to the Services and any user documentation related thereto are owned exclusively by Company, including, but not limited to, all patents, copyrights, trade secrets, and trademarks.
1.3 License Grant. Upon Company’s acceptance of Customer’s Order Form and for the duration of the Services Term defined in the Order Form, Customer shall have a nonexclusive, non-assignable (except as set forth in Section 9.7 below), royalty free, worldwide limited right to access and use the Services solely for its internal business operations and subject to the terms of the Agreement. Customer may allow its employees to use the Services for this purpose and Customer shall be responsible for its employees’ compliance with the Agreement.
1.4 License Restrictions. The licenses granted to Customer in this Agreement do not include any right to: (a) damage, disable, or impair the Services or the network(s) connected thereto; (b) copy a Service or any part, feature, function or user interface thereof; (c) modify, reroute, create derivative works of, derive the source code of, reverse engineer, disassemble or tamper with Services, or attempt to do any of the foregoing; (d) permit direct or indirect access to or use of any Services by a third party, (e) take any action that imposes an unreasonably or disproportionately large burden on Company’s infrastructure; (f) violate applicable consumer privacy regulations or applicable law or violate the rights of any third party (including, without limitation, rights of privacy or proprietary rights); (g) disable or circumvent any security features of the Company’s products or Services; or (h) cause or permit any third party to do any of the foregoing.
1.5 Reservation of Rights. All rights not expressly granted to Customer in this Agreement are reserved to Company. No additional rights whatsoever (including, without limitation, any implied licenses) are granted to Customer by implication, estoppel or otherwise. Customer shall not, by virtue of this Agreement or otherwise, acquire any ownership interest or any rights in the Services, any Company trademarks or service marks, or any other Company technology, software (including third party technology and software) or intellectual property, except for the limited use and access rights described herein.
2. FEES AND PAYMENT FOR SERVICES.
2.1 Fees. Customer agrees to pay all fees specified in the Order Form, which unless otherwise stated are exclusive of VAT. Unless otherwise stated in the Order Form, the full annual fee for the Services shall be invoiced upon execution of the Agreement. Payment of all invoices shall be due not later than thirty (30) days after the date of the invoice.
2.2 Taxes, Late Fees and Penalties. Customer shall be responsible for paying any applicable sales or service taxes (including VAT) related to this Agreement. If any payment is not received by its due date, Customer shall be assessed interest on the overdue amount at the rate of 1.0% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid.
2.3 Suspension of Service and Acceleration. If any amount owed by Customer under this Agreement is thirty (30) or more days overdue, the Company may, without limiting other rights and remedies, accelerate Customer’s unpaid fee obligations under this Agreement so that all such obligations become immediately due and payable, and may suspend Services until all such amounts are paid in full. Company will provide at least ten (10) days’ prior notice that Customer’s account is overdue before suspending Services.
2.4 Future Functionality. Customer agrees that its purchases are not contingent on the delivery of any future functionality or features, or dependent on any oral or written public comments made by Company regarding future functionality or features unless this is expressly stated in the Order Form and the future functionality is described.
3. WARRANTIES AND DISCLAIMER.
3.1 Company. The Company represents and warrants that: (a) the Services will be provided in a professional and workmanlike manner consistent with generally accepted industry standards; (b) the Services as delivered to Customer will materially conform to the product descriptions and any specifications set forth in the applicable Order Form; and (c) the Services do not infringe upon the intellectual property rights of any third party.
3.2 Customer. Customer represents and warrants that: (a) all information it provides to Company to perform the Services is accurate; (b) Customer is authorized to provide Company with the customer, patient or end-user information and/or other personal data that it provides in connection with the Services; (c) the Company’s possession and/or use of such customer, patient or end-user personal data will not violate any contract, statute, or regulation; and (d) Customer and persons acting on its behalf, including Company, are authorized and have consent to make or send communications (including emails, SMS and MMS messages) to customers, patients or other end-users at any telephone number, email address, physical address, or other contact source provided by Customer.
3.3 Google Seller Ratings Disclaimer. If Customer is purchasing any Google Seller Rating Service, then this disclaimer applies. Customer understands that the achievement of Seller Ratings on Google is entirely dependent upon the receipt by Google of a required number of brand and/or location level reviews during a twelve month period that meet a minimum star rating threshold (subject to change at any time by at discretion of Google, but currently 100 reviews received within the prior 12 months with a composite rating of at least 3.5 stars). Company cannot warrant or promise that such thresholds can be met and/or that Seller Ratings will be achieved for any specific domain.
3.4 Disclaimers. To the maximum extent permitted by law and except for the express warranties in this section, the Services are provided “as is” and the Company specifically disclaims any and all warranties of any kind with respect to the subject matter of this agreement, whether express, implied, or statutory, including without limitation warranties of quality, performance, merchantability, or fitness for a particular purpose. Company does not warrant that the Services will meet Customer’s needs or be free from errors.
4. LIMITATION OF LIABILITY.
4.1 Limitation on Types of Damages. SUBJECT TO CLAUSE 4.3 AND WITHOUT PREJUDICE TO CLAUSE 4.2, IN NO EVENT SHALL EITHER PARTY EVER BE LIABLE TO THE OTHER UNDER OR IN CONNECTION WITH THIS AGREEMENT, WHETHER BASED ON A CLAIM OR ACTION OF CONTRACT, WARRANTY, NEGLIGENCE, STRICT LIABILITY, OR OTHER TORT, BREACH OF ANY STATUTORY DUTY, OR CLAIM FOR CONTRIBUTION, OR OTHERWISE, FOR ANY: (I) INDIRECT, SPECIAL, PUNITIVE, CONSEQUENTIAL, OR INCIDENTAL LOSS OR DAMAGES, OR (II) ANY LOST PROFITS, LOSS OF GOODWILL, LOSS OF OR CORRUPTION OF DATA, LOSS OF REVENUE, LOSS OF ANTICIPATED SAVINGS, OR LOSS OF BUSINESS (IN EACH CASE, WHETHER DIRECT OR INDIRECT), EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LIABILITY OR DAMAGE.
4.2 Limitation on Amount of Damages. Subject to clause 4.3, the Company’s maximum liability arising out of or in any way connected to this Agreement shall not exceed the fees paid by Customer to Company pursuant to the Agreement that is the subject of the claim during the twelve (12) months immediately preceding the claim.
4.3 Liability not Excluded or Limited. Nothing in this Agreement will in any way exclude or limit a party’s liability to the other party for losses or damages arising from: (i) death or personal injury caused by that party’s negligence; (ii) fraud or fraudulent misrepresentation; or (iii) any other matter for which it would be illegal to exclude or attempt to exclude or limit its liability.
5.1 Term of Engagement, Renewals and Price Adjustments. The Term of the Agreement shall be stated in the Order Form (the “Initial Term”). Unless otherwise stated in the Order Form, at the end of each term, the Agreement shall automatically renew for successive terms equal in duration to the Initial Term (each a “Renewal Term”) unless either party provides written notice to the other party of its election to terminate the Agreement at least thirty (30) days prior to the end of the then-current term. After the Initial Term, the fee for Services purchased shall be subject to an annual increase at a rate of seven (7%) percent per annum to be calculated at the time of renewal.
5.2 Termination for Breach. Either party may terminate this Agreement at any time upon written notice to the other if the other: (a) is in material or persistent breach of this Agreement and the breaching party fails to remedy the breach within thirty (30) days after receiving written notice identifying the material breach to be cured; or (b) is subject to an order or a resolution for its liquidation, administration, winding-up or dissolution (otherwise than for the purposes of a reconstruction), or has an administrative or other receiver, trustee, liquidator, administrator or similar officer appointed over all or any substantial part of its assets.
5.3 Effect of Termination. Upon termination: (a) all rights granted to Customer under this Agreement, including Customer’s license to use the Services, shall immediately cease; (b) the Company shall stop performing all Services; (c) Customer shall immediately pay any fees due through the date of termination and (d) each party, shall immediately, upon receipt of a written request from the other party, destroy or return all Confidential Information. Sections 4 through 9 shall survive any termination or expiration of this Agreement.
6. CONFIDENTIALITY, PRIVACY, DATA OWNERSHIP, and PUBLICITY
6.1 Definition of Confidential Information. As used herein, Confidential Information (“CI”) means all confidential information disclosed by a party (“Disclosing Party“) to the other party (“Receiving Party“), whether orally or in writing, that is designated as confidential or that reasonably should be understood as confidential given the nature of the information and the circumstances of disclosure. CI shall include, without limitation, technical product information, product designs, techniques, methods, or strategies used in connection with the Services, user names, passwords and other log-in information, Company pricing information, the specific terms of this Agreement, and all Customer Data. “Customer Data” means any personal data that is provided by Customer in the normal course of the Services. As between Company and Customer, all Customer Data is Customer’s property. Customer grants Company a non-exclusive, license to process, reproduce, display, copy, communicate, and otherwise use Customer Data solely to the extent necessary to perform its obligations under the Agreement. CI shall not include any information that: (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party; (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party; (iii) is received from a third party without breach of any obligation owed to the Disclosing Party; or (iv) was independently developed by the Receiving Party.
6.2 Protection of Confidential Information. The parties each agree to collect, store, and use all CI provided to it or obtained by it as a result of this Agreement, in a manner that: (i) protects the security, confidentiality and integrity of the CI; (ii) ensures against reasonably anticipated threats or hazards to the security or integrity of the CI; and (iii) protects against unauthorized access to or use of the CI that could result in harm or inconvenience to the other party. Each party shall use at least the same degree of care in protecting the CI as the party uses to protect its own CI of like kind (but in no event less than reasonable care). The parties agree that CI shall not be used for any purpose outside the scope of this Agreement and that neither party shall disclose any CI to any third party without the other party’s prior written consent other than to: (i) its legal counsel and accountants; (ii) to potential investors, lenders, purchasers of either party’s business, or underwriters in connection with their due diligence in future financings, acquisitions mergers or public offerings of either party; or (iii) as required by law.
6.4 Data Processing. To the extent the Company collects, processes, transfers or uses personal data of Customer`s employees and/or Customer’s customers in the context of performance of the Services to Customer, such collection, processing, transfer or use of personal data takes place on behalf of Customer and on the basis of the terms of the Data Processing Addendum attached as Annex 1 shall apply to such processing, and are hereby incorporated by reference.
6.5 Data Protection. Where either Party receives any personal data (as defined by General Data Protection Regulation – “GDPR”- or the UK Data Protection Act 2018, if applicable) from an end customer or from the other Party, it shall ensure that it fully complies with the GDPR in connection with its handling of such personal data.
6.6 Data Hosting. The parties agree that the Reputation.com reputation management SaaS platform used to perform the services under this Agreement (the “Platform”) shall be physically hosted within the European Union and that all personal data provided by the Customer (“Customer Personal Data”), shall be physically stored on servers within the European Union, currently in Germany. Company will not move or replicate the Customer Personal Data, or access it from, outside the European Union or the United Kingdom.
6.7 Publicity. Customer hereby acknowledges and agrees that Company may use Customer’s name and logo for the purposes of identifying Customer as a Company customer.
7. SUPPORT AND SERVICE LEVEL AGREEMENTS
7.1 Provisioning. Tenant provisioning is included as part of your subscription, provisioning includes enabling all licensed products purchased in the order form.
7.2 Basic Training. The Company will provide basic product training to the Customer to enable them to use the purchased Services. The training will be provided via Reputation Help Center (help.reputation.com), a cloud-based resource for training videos and frequently asked questions. an in-application video training program. All training material will be available in English.
7.3 Maintenance. The Company shall maintain the SaaS reputation management platform and related modules (the “Platform”) as necessary to ensure the proper delivery of the Services. All licenses include bug fixes, patches and new version releases.
7.4 Platform Uptime. The Platform will be available to customer at least 99.9% of the time calculated on a monthly basis, excluding Scheduled Downtime. “Scheduled Downtime” means the downtime required by Reputation.com for upgrading or maintaining the Platform, provided that such scheduled downtime shall be performed after business hours (after 6:00 p.m. weekdays PST), in a manner designed to minimize service interruption and shall not take longer than four (4) hours per month. In most cases, scheduled maintenance and upgrades are seamless and will not disrupt service. For major releases and upgrades, there may be short periods of downtime. The Company will provide at least 24 hours’ notice of Schedule Downtime via in-platform notifications.
7.5 Customer Support. Technical Support is available by email via firstname.lastname@example.org. Customer Support hours are from 9:00 a.m. and 5:30 p.m. GMT, Monday through Friday, except for Bank Holidays. All emails to customer support will be responded to within eight (8) business hours during support hours.
8. PROFESSIONAL SERVICES
8.1 Professional Services and Work for Hire. The Company does not provide any custom deliverables or services under this Agreement or any Pro Services agreement that would qualify as a work for hire.
8.2 Performance. The Company represents and warrants that the Pro Services will be provided in a professional and workmanlike manner consistent with the standards in the industry for similar services. All Pro Services will be performed remotely from the Company offices unless otherwise specified in writing.
9. ARBITRATION, FORUM AND GOVERNING LAW. Any dispute arising out of or in connection with this contract, including any question regarding its existence, validity or termination, shall be referred to and finally resolved by arbitration before the London Court of International Arbitration (“LCIA”) under the LCIA Rules, which Rules are deemed to be incorporated by reference into this clause. The arbitration shall be conducted by and submitted to a single arbitrator (“Arbitrator”). The final arbitration hearing shall take place in London, England, but the parties agree that all proceedings and hearings prior to the final hearing may be handled via telephone or video conference. This Agreement and any dispute arising out of or in connection with it or its subject matter, whether of a contractual or non-contractual nature shall be governed by and construed under the laws of England. Each party shall bear its own attorneys’ fees, cost and disbursements arising out of the arbitration, and shall pay an equal share of the fees and costs of the Arbitrator. Nothing in this clause will prevent either party from instigating legal proceedings to seek any interim or emergency measures, including the remedies of injunction, specific performance or other equitable relief in any court of competent jurisdiction.
10. GENERAL PROVISIONS
10.1 Notices. Except as otherwise specified in this Agreement, all notices, permissions and approvals hereunder shall be in writing and shall be deemed to have been given upon: (i) personal delivery; (ii) the second business day after mailing by overnight carrier; (iii) the first business day after sending by confirmed facsimile or email (provided email shall not be sufficient for notices of termination). All notices shall be sent to the addresses set forth in the applicable Order Form, which may be updated by written notice to the other party.
10.2 Product Modifications. The Company continues to innovate and develop its Services and reserves the right from time-to-time to make modifications to the Services and/or to particular components of the Services to improve the Services and/or to address market changes, including, but not limited to, making changes to the particular third party review, social media and/or business listing sites that the Services monitor and/or manage and are included within the Services. The Company does not warrant or promise that any specific third-party review, social media and/or business-listing site will be included within the scope of the Services. Company will use commercially reasonable efforts to notify Customer of any material modifications to its Services.
10.3 Force Majeure. The Company shall be excused from performance hereunder to the extent that its performance is prevented, delayed or obstructed by causes beyond its reasonable control such as Internet outages, strikes, riots, insurrection, fires, floods, explosions, war, governmental action, labor conditions, earthquakes, and natural disasters.
10.4 Anti-bribery. Each party must: (a) comply with all applicable laws, statutes, regulations and codes relating to anti-bribery and anti-corruption including the UK’s Bribery Act 2010, the OECD Convention on Combating Bribery in International Business Transactions, and the Foreign Corrupt Practices Act of the United States (“Bribery Requirements”); (b) have in place and maintain an anti-bribery policy (“Bribery Policy”), or if none is in place as at the date of this Agreement, implement a Bribery Policy promptly following entry into this Agreement; (c) enforce compliance with the Bribery Requirements and the Bribery Policy where appropriate; and (d) promptly report to the other party any request or demand for any undue financial or other advantage of any kind received by it in connection with the performance of this Agreement to the extent permitted by applicable law. Each party must, if requested, provide the other party with any reasonable assistance, at the other party’s cost, to enable the other party to perform any activity required by any relevant government or agency in any relevant jurisdiction for the purpose of compliance with the Bribery Requirements.
10.5 Relationship of the Parties. The parties are independent contractors. The relationship between the parties shall not constitute a partnership, joint venture or agency. Neither party shall have the authority to make any statements, representations or commitments of any kind, or to take any action, which shall be binding on the other party, without the prior consent of such other party.
10.6 Third Parties. Nothing in this Agreement confers any right on any person (other than the parties) pursuant to the Contracts (Rights of Third Parties) Act 1999.
10.7 Amendment and Assignment. Any amendment, waiver or variation of this Agreement shall not be binding on the parties unless set out in writing and signed by or on behalf of each of the parties. Neither party shall assign this Agreement or any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party; provided that either party may, without consent, assign this to any purchaser of all or substantially all of its assets or equity or to any successor by way of merger, consolidation or similar transaction.
10.8 Entire Agreement. This Agreement, including all exhibits and addenda hereto, constitutes the entire agreement between the parties and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. To the extent of any conflict or inconsistency between the provisions in the body of this Agreement and any exhibit or addendum executed by both parties, the terms of such exhibit or addendum shall prevail. Notwithstanding any language to the contrary therein, no terms or conditions stated in any document not executed by both parties (including any Customer purchase order) shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void. This Agreement may be executed in counterparts. Facsimile, .pdf. and electronic signatures shall all be binding.
REPUTATION.COM DATA PROCESSING ADDENDUM
(updated August 25, 2020)
This Data Processing Addendum (the “Addendum”) is incorporated into the Order Form and Terms of Service (the “Agreement”) and applies in respect of the provision of the Services to the Customer if the Customer is subject to the European Data Protection Laws and only to the extent the Customer is a Controller of Customer Personal Data (as defined below) that Company Processes on behalf of the Customer. This Addendum shall be effective for the term of the Agreement.
- For the purposes of the Addendum:
- “Customer Personal Data” means Personal Data submitted, stored, uploaded or otherwise provided by Customer through its use of the Services, in respect of which the Customer is the Controller, as further described under Section 3 of this Addendum;
- “EEA” means the European Economic Area;
- “European Data Protection Laws” means the GDPR together with any national implementing laws in any Member State of the EEA and, to the extent applicable, the UK Data Protection Act 2018, as amended, repealed, consolidated or replaced from time to time;
- “GDPR” means the General Data Protection Regulation (EU) 2016/679; and
- “Personal Data”, “Data Subject”, “Data Protection Authority”, “Data Protection Impact Assessment”, “Process”, “Processor” and “Controller” will each have the meaning given to them in the European Data Protection Laws.
- Capitalized terms not otherwise defined herein shall have the meaning given to them in the Agreement.
- Details Of The Processing
- Categories of Data Subjects. This Addendum applies to the Processing of Customer Personal Data relating to Customer’s customers or patients or prospects and other end users, the extent of which is determined and controlled by Customer in its sole discretion.
- Types of Personal Data. Customer Personal Data includes the following types of Personal Data: names, title, position, contact information (including email addresses and phone numbers), purchase or services information, and other data, the extent of which is determined and controlled by Customer in its sole discretion.
- Subject-Matter and Nature of the Processing. The subject-matter of Processing of Customer Personal Data by Company is the provision of the Services to the Customer. Customer Personal Data will be subject to those Processing activities which Company needs to perform in order to provide the Services pursuant to the Agreement.
- Purpose of the Processing. Customer Personal Data will be Processed by Company for purposes of providing the Services set out into the Agreement.
- Duration of the Processing. Customer Personal Data will be Processed for the duration of the Agreement, subject to Section 11 of this Addendum.
- Processing Of Customer Personal Data
- Each of the Customer and the Company will comply with their respective obligations under the European Data Protection Laws, to the extent applicable to the Processing of any Customer Personal Data in the context of the provision of the Services.
- Company will only Process Customer Personal Data as a Processor on behalf of and in accordance with the Customer’s prior written instructions and for no other purpose. Company is hereby instructed to Process Customer Personal Data to the extent necessary to enable Company to provide the Services in accordance with the Agreement.
- If for any reason (including a change in applicable law) Company becomes unable to comply with any instructions of the Customer regarding the Processing of Customer Personal Data, Company will promptly:
- notify the Customer of such inability, providing a reasonable level of detail as to the instructions with which it cannot comply and the reasons why it cannot comply, to the greatest extent permitted by applicable law; and
- cease all Processing of the affected Customer Personal Data (other than merely storing and maintaining the security of the affected Customer Personal Data) until such time as the Customer issues new instructions with which Company is able to comply (and if this provision applies, Company will not be liable to the Customer under the Agreement in respect of any inability to perform the Services until such time as the Customer issues new instructions).
- The parties agree that the Company’s reputation management SaaS platform used to perform the services under this Agreement (the “Platform”) shall be physically hosted within the EEA and that all Customer Personal Data shall be physically stored on servers within the EEA, currently in Germany. Company will not move or replicate the Customer Personal Data, or access it from, outside the EEA or the United Kingdom.
- Company will ensure that any person whom Company authorises to Process Customer Personal Data on its behalf is subject to confidentiality obligations in respect of that Customer Personal Data.
- Security Measures
- Company will implement appropriate technical and organisational measures to protect against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Customer Personal Data.
- Appointment of Subprocessors
- Customer authorises Company to appoint Subprocessors to perform specific services on Company’s behalf which may require such Subprocessors to process Customer Personal Data. A current list of the Company Subprocessors may be found at https://www.reputation.com/legal/subprocessors (“Subprocessor Page”). Customer acknowledges and agrees to the engagement of the third parties listed on the Subprocessor Page as Subprocessors in connection with the provision of the Services under this Agreement.
Where Company engages a Subprocessor, Company will enter into a Data Processing Agreement with the Subprocessor that imposes on the Subprocessor at least the same level of protections that apply to Company under this DPA. Where a Subprocessor fails to fulfill its data protection obligations, Company will remain liable to the Customer for the performance of such Subprocessor’s obligations.
If the Company engages a Subprocessor in a country outside the European Economic Area (“EEA”) that is not recognized by the European Commission as providing an adequate level of protection for personal data, then Company shall, in advance of any transfer of personal data to Subprocessor, take steps to ensure that a legal mechanism to achieve adequacy in respect of that processing is in place.
- Notification of New Subprocessors. If the Company retains new Subprocessors other than the companies listed on the Subprocessor Page, the Company will notify the Customer by updating the Subprocessor Page and will give the Customer the opportunity to object to the engagement of the new Subrocessors within 30 days after being notified. The objection must be based on reasonable legal grounds. If the Company and Customer are unable to resolve such objection, then either party may terminate the Agreement by providing written notice to the other party. If a Customer terminates, then Customer shall receive a refund of any prepaid but unused fees for the period following the effective date of termination.
- Data Subject Rights
- Company will, at the Customer’s request and subject to the Customer paying all of Company’s fees at prevailing rates, and all expenses, provide the Customer with assistance necessary for the fulfilment of the Customer’s obligation to respond to requests for the exercise of Data Subjects’ rights. Customer shall be solely responsible for responding to such requests.
- Security Breaches
- Company will:
- notify the Customer as soon as practicable after it becomes aware of any loss, compromise or any unauthorised access to, or breach of the security of, any Customer Personal Data; and
- at the Customer’s request and promptly provide the Customer with all reasonable assistance necessary to enable the Customer to notify relevant security breaches to the relevant Data Protection Authorities and/or affected Data Subjects.
- Data Protection Impact Assessment; Prior Consultation
- Company will, at the Customer’s request provide the Customer with reasonable assistance to facilitate:
- conducting of Data Protection Impact Assessments if the Customer is required to do so under the European Data Protection Laws; and
- consultation with Data Protection Authorities, if the Customer is required to engage in consultation under the European Data Protection Laws,
in each case solely to the extent that such assistance is necessary and relates to the Processing by the Company of the Customer Personal Data, taking into account the nature of the Processing and the information available to the Processor.
- Return or Deletion of Customer Personal Data
- Company will permanently and securely delete (or, at the election of the Customer, return, in such format as Company may reasonably elect and subject to the Customer paying all of Company’s fees at prevailing rates, and all expenses, for transferring the Customer Personal Data to such format) all Customer Personal Data in the possession or control of Company or any of its sub-Processors, within ninety (90) days after Company ceases to provide the Services, unless the applicable law of the EEA or EEA Member State or the UK requires otherwise. Company will procure that its sub-Processors do likewise.
- The Company will, at Customer’s request provide the Customer with all information necessary to enable the Customer to demonstrate compliance with its obligations under the European Data Protection Laws, and allow for and contribute to audits, including inspections, conducted by the Customer or an auditor mandated by the Customer, to the extent that such information is within Company’s control and Company is not precluded from disclosing it by applicable law, a duty of confidentiality, or any other obligation owed to a third party. Company shall immediately inform the Customer if, in its opinion, an instruction infringes the European Data Protection Laws.