BRIGHTPAY PURCHASER AGREEMENT
IMPORTANT NOTICE: PLEASE READ CAREFULLY BEFORE CONTINUING TO USE THE SOFTWARE
This licence agreement (Agreement) is a legal agreement between you (you) and us.
If you're based in the United Kingdom, then we are Thesaurus Software Ltd of 3 Shortlands, London, England, W6 8DA (BrightPay UK).
If you are based in the Republic of Ireland, we are Thesaurus Software Limited of Unit 35, Duleek Business Park, Co. Meath, A92 N15E (BrightPay Ireland).
This Agreement applies whether you're using our installed desktop software (Desktop), or our software as a service product (Connect, which includes both our cloud service and mobile app), or our BrightPay Cloud software: the product you're using is referred to in this Agreement as the Software.
In certain cases, you may be using the Software with our consent as an intermediary body (Bureau) providing bureau services to your customers (Bureau Arrangement).
BY USING THIS SOFTWARE YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, YOU MUST STOP USING THE SOFTWARE NOW.
a. This Agreement will commence on the date you receive your license key (Desktop) or on the start date of your Connect subscription and will continue for one year in the case of a Connect Subscription or until the end of the tax year in the case of a Desktop Subscription (Initial Term) unless earlier renewed in accordance with clause 5.b.
b. If you are based in the Republic of Ireland, this Agreement will automatically renew in accordance with clause 5 of this Agreement unless and until otherwise earlier terminated in accordance with clause 9 of this Agreement (Duration).
2. GRANT AND SCOPE OF AGREEMENT
a. Provided that you have made all payments due to us, and that you're complying with the terms of this Agreement, we grant to you a personal, non-exclusive, non-assignable, non-transferable and non-sublicensable licence to use the Software on the terms of, and for the duration of this Agreement and for your internal business purposes only.
b. If you're using Desktop, the licence granted at clause 1.a allows you to:
i. Install and use the Software for the number of concurrent users agreed in writing between you and us;
ii. make up to 2 copies of the Software for back-up purposes, provided that this is for your internal business purposes only;
iii. receive and use any free supplementary software code or update of the Software incorporating "patches" and corrections of errors as may be released by us from time to time. Any such code or update becomes included within the term Software as soon it's released.
c. If you're using Connect or BrightPay Cloud, the license granted at clause 1.a allows you to access Connect or BrightPay Cloud, respectively, on a software as a service basis.
d. The license to use BrightPay Cloud includes software support and upgrades, for which charges are incurred on the date that BrightPay account is created, such charges are included in both the monthly subscription fee and the annual subscription fee.
e. If you're using the Software as a Bureau, the licence granted to you at clauses 2.a to 2.c above is extended to allow you to use the Software in the provision of payroll services to your customers, provided that the limitations on user numbers detailed on the Payment Pages apply at all times.
f. The Payment Pages (as may be amended from time to time) are BrightPay (cloud) pricing, BrightPay Ireland Pricing, BrightPay UK pricing, and Thesaurus Payroll Manager pricing, depending on which product you're using and where.
a. You undertake not to:
i. use the Software in activity that is illegal, fraudulent, false, or misleading;
ii. use the Software to build or benchmark a competitive product or service, or copy any features, functions or graphics of the Software;
iii. use the Software in violation of any acceptable use policy or in a manner that violates applicable law, including anti-spam, export control, privacy, and anti-terrorism laws and regulations. You are solely responsible for compliance with all such laws and regulations;
iv. modify, decompile, reverse engineer, disassemble or otherwise determine or attempt to determine source code for the executable code of any software forming part of the Software or to create any derivative works based on the Software or allow any third party to do so (unless expressly permitted by local law);
v. copy any of the look and feel and/or the business logic or functionality of the software; and
vi. not remove any copyright or other notice contained or included in any Software.
b. Where you are using Desktop as the Software, you undertake:
i. to keep all copies of the Software secure and to maintain accurate and up-to-date records of the number and locations of all copies of the Software;
ii. to supervise and control use of the Software, including by any party to whom you provide access to the Software, to ensure that use is at all times in compliance with the obligations placed upon you by this Agreement. You may only provide access to the Software to a person who is not your employee with our prior written permission;
iii. promptly upon receipt to replace the current version of the Software with any updated or upgraded version or new release provided by us;
iv. to include our copyright notice on all entire and partial copies of the Software in any form.
c. Where you are using Connect or BrightPay Cloud as the Software, you undertake not to:
i. use the Software in a way that abuses, interferes with, or disrupts our networks,
ii. transmit through the Software any material that may infringe the intellectual property or other rights of third parties, and/or which is harassing, libellous, threatening, obscene, indecent, or otherwise unlawful;
iii. upload or transmit any software, content or code that does or is intended to harm, disable, destroy or adversely affect performance of the Software in any way or which does or is intended to harm or extract information or data from other hardware, software or networks of us or any other users of our products;
iv. engage in any activity that could damage, disable, overburden, impair or otherwise interfere with or disrupt the Software, or any servers or networks connected to the Software or our security systems;
v. use, nor allow any third party to use any automated software, process, programme, robot, web crawler, spider, data mining, trawling, screen scraping or other similar software to gain unauthorised access to the Software.
d. If you discover a breach of any of clauses 2.b, 2.c or 2.d you undertake to notify us promptly, and to provide such detail as we may reasonably request. You confirm that you understand that the promises you give in clauses 2.b, 2.c and 2.d are of material importance to us and that we are entering into this Agreement in reliance on these undertakings. Finally, you acknowledge that, without affecting any rights or remedies that we have, damages may not be an adequate remedy for us if you breach any of those clauses. We will be entitled to apply for the remedies of injunction, specific performance and other equitable relief for any threatened or actual breach of clauses 2.b, 2.c and/or 2.d, and that no proof of special damages shall be necessary for the enforcement of this clause.
e. You agree that your use of the Software may be audited by us to monitor compliance with this Agreement. You also agree that we may collect telemetric information, including:
i. the specification and capabilities of the hardware and operating system on which the Software is installed (e.g. operation system version, screen dimensions, available computer memory, etc.);
ii. the type of licence in use (i.e. standard or Bureau) and the software version of the Software in use;
iii. anonymous statistical information about employer data files processed in the Software (e.g. data file size, number of employees, number of subcontractors, auto enrolment staging date, etc.);
iv. selected actions that users may take in the Software (e.g. which payment schedules are used, which pension providers are used, which bank file templates are used, etc.); and
v. reports of errors or crashes that may occur during the use of the Software.
f. The data collected in accordance with clause 2.e is sent to us along with a unique token associated with your Software Licence. In no case do we collect any identifiable or personal information about employers, employees or subcontractors processed by the user. The data we obtain in this manner serves exclusively for statistical and/or billing purposes, and/or for guiding the development of our products and services.
g. You acknowledge that all intellectual property rights in the Software, together in our trading name BRIGHTPAY, throughout the world belong either to us or to our third party licensors (each a Third Party, and all intellectual property rights belonging to Third Parties Third Party IPR), and that rights in the Software are licensed (not sold) to you. You have no rights in, or to, the Software other than the right to use it in accordance with the terms of this Agreement. Use of Third Party IPR may be subject to separate licence terms imposed by the relevant third party, and you undertake at all times to comply with such terms. In this Agreement intellectual property rights means copyright, database rights, patents, patent applications, patent rights, rights in designs, trademarks, trademark applications, trademark registrations, trademark rights, trade secrets and all other intellectual property and proprietary information rights as may exist now or hereafter come into existence, all modifications, continuations, renewals and extensions of the foregoing, and all claims, actions, causes of action, damages, costs, expenses, profits, penalties, recoveries and remedies relating to any past, present or future infringement of any of the foregoing, arising under the laws of any country, state or jurisdiction in the world.
h. You grant us a non-exclusive and royalty-free to copy, store, share, record, transmit, display, view, print, and use any content provided by you and/on your behalf to us in the course of this Agreement (Content). You warrant to us that any such use will not infringe the Intellectual Property Rights of a third party. You shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and right to use of the Content. We reserve the right to withhold, remove and/or discard Content without notice to you where we reasonably determine that any Content is obscene, infringes any third party rights or law, or causes you and/or us to be in breach of this Agreement or any law or regulatory requirement.
i. Where you permit any person, whether your employee or contractor, or (in the case of a Bureau Arrangement) an employee or contractor of your customer, to use the Software you undertake to ensure that such person does not put you in breach of this Agreement, and that such person at all times comply with the terms of any user agreement between them and us.
a. The prices payable by you for the Software are as detailed on the Payment Pages detailed in clause 1.f above. If you are using Desktop, prices are charged per tax year per purchaser registered to the service. Prices for Desktop are subject to fair usage (capped at 5000 employees). For Desktop customers with over 5000 employees, prices detailed in clause 1.f above may not apply. If you are using Connect, you will pay monthly in arrears. You agree that we may charge to your credit card or other payment mechanism selected by you all amounts due and owing for the Software, including taxes and service fees, set up fees, subscription fees, or any other fee or charge associated with your use of the Software.
b. If you are using BrightPay Cloud, you will pay either a monthly or annual subscription fee which you will self-select when signing up and creating your BrightPay account.
i. If have selected the annual subscription, you will be entitled to a certain number of employers and employees, as detailed on your BrightPay billing tab in return for one full payment due and payable by you via Direct Debit in the first month after signing up. If you go above your entitlement of employers and/or employees in any month during the term, we will send you an invoice for this overage based on our rates as listed in https://brightsg.com/en-gb/brightpay-in-the-cloud-calculator
ii. If you have selected the monthly subscription, you shall be charged monthly via Direct Debit based on the number of employers and employees in accordance with our rates as detailed on your BrightPay billing table and as listed in https://brightsg.com/en-gb/brightpay-in-the-cloud-calculator
iii. Details for payment for your annual or monthly subscription together with any overage calculations shall be set up through your BrightPay account home page and taken via the payment platform Stripe.
iv. Direct Debit payments shall be made on the fourth day of the month or the next working day.
c. Training is not included. We reserve the right to charge you at any time for any training we give. The amount to be charged for training will depend on the nature of the training required.
d. Unless otherwise stated, all fees are payable in GB Pounds sterling for BrightPay UK and Euro for BrightPay Ireland. All invoices are subject to VAT at the prevailing rate and are payable before the specified due date. You agree that we may issue you with invoices in an electronic format by E-Mail or by placing the invoices in a place where you can print them at any time. As a user, you accept that these electronic invoices are our official invoices, and you will undertake to print out the invoices yourself if you require hard copies.
e. We reserve the right to change prices at any time. However, before we do, we will provide you with prior notice and an opportunity to terminate your continued use of the Software.
f. If we are unable to collect the fees owed by you through your selected payment mechanism, we reserve the right to take any other steps necessary to collect such fees, together with any associated costs (such as costs actually and reasonably incurred by us in such collection activity, including collection fees, court costs and legal fees). Finally, we reserve the right to charge interest at the statutory rate from time to time in force.
This clause 5 applies to you only if you are based in the Republic of Ireland. If you are based in the United Kingdom, this clause 5 does not apply.
a. Unless you terminate the Agreement in accordance with clause 9, and subject to clause 5.b, the Agreement will automatically renew at expiry of the Initial Term and on each year thereafter (Renewal Date).
b. We reserve the right to renew the Agreement prior to the expiry of the Initial Term. In these circumstances, we will contact you advising of the updated Renewal Date and the remainder of this clause 5 should be interpreted accordingly with the updated Renewal Date in mind.
c. You will receive a reminder 6 weeks in advance of the Renewal Date that the Agreement is due to auto-renew. The reminder will contain information on payment and how to terminate the Agreement prior to the Renewal Date.
d. You must terminate this Agreement 4 weeks prior to the Renewal Date to avoid payment being taken for the next year. You should notify us of your intention to terminate the Agreement by sending an email to [email protected]. Failure to so notify within 4 weeks from the Renewal Date shall lead to the Agreement being auto renewed for a further 12-month period and payment will be taken in accordance with clause 5.e. below.
e. Prior to the Renewal Date (and on the yearly anniversary of such date) and other than as set out at clause 5.d above, payment will be taken for the next year [in accordance with the information detailed on our Payment Pages noted in clause 2.f]. The Payment Pages (as may be amended from time to time) are BrightPay (cloud) pricing, BrightPay Ireland Pricing, BrightPay UK pricing, and Thesaurus Payroll Manager pricing, depending on which product you're using and where.
a. We warrant to you for the duration of the Agreement that:
i. we are entitled to grant you the licenses detailed in clause 2; and
ii. your use of the Software will not infringe the rights of any other party.
b. Notwithstanding clause 4.a, you acknowledge and agree that:
i. the Software has not been developed to meet your individual requirements. It is therefore your responsibility to ensure that the facilities and functions of the Software meet your requirements;
ii. the Software may not be free of bugs or errors, and you agree that the existence of any minor errors shall not constitute a breach of this Agreement;
iii. the warranties in this clause 4 shall not apply to any Third Party IPR;
iv. the Software is provided on an "as is," and "as available" basis, and your use of and access to the Software is at your sole risk;
v. we do not warrant the information or services provided in the Software, or your use of the Software generally, either expressly or implied, for any particular purpose. You acknowledge that you will take full responsibility for all the data entered and uploaded into our system as we have no control over the authority, the quality or safety of the data input and the data updates. You are solely responsible for the accuracy and completeness of your records, and you acknowledge that we will have no liability for errors, inaccuracies, omissions, or a lack of clarity in your data records;
vi. we are not involved in any transactions between you, your authorised users, your agents, your clients, your employees and others. Our service also excludes any investigation or payroll audit into your affairs by local tax authorities, and also excludes enquiries;
vii. we don't provide financial advice, pension advice or advice on tax law or the operation of tax systems in any jurisdiction. These are complex areas upon which you should take specialist advice, and you must rely on your own investigations;
viii. we have the right from time to time to monitor what data is being entered or uploaded into our system. Your uploaded data may be placed in a temporary holding bin for checking and screening to ensure that it does not contain virus and non-complying items;
ix. we will not be responsible for any loss or damage that could result from interception by third parties of any information or services made available to you via the Software;
x. we are not a back-up service. You are responsible for taking all necessary steps to back up your data and ensuring that you maintain your primary means of business;
xi. we do not warrant that the Software will work on any particular device or across the network of a particular wireless service provider;
xii. access to and use of the Software from your device may be subject to transmission limitation, delays, or interruption due to, hardware, software or network problems as well as government or regulatory restrictions, exchange rulings, court or tribunal orders or other human intervention;
xiii. internet communications, including E-Mail, SMS and fax go through various internet service providers and various internet hubs before they reach you and therefore cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. You acknowledge that if you send personal data, payslips, time sheets or any other data to us, your employees, your clients, or to anyone else via the Internet you are exposing this data to these security risks. We have no control over and accept no liability for the security of data once it leaves our server;
xiv. neither we nor our subsidiaries and/or affiliates will be responsible for or liable for the capabilities or reliability of your wireless service; and
xv. you understand that there are risks associated with using a device, including mobile applications on a device, and that in the event of theft or loss, your confidential information could be compromised.
c. There are no conditions, warranties, representations or other terms, express or implied, that are binding on us except as specifically stated in this Agreement. Any condition, warranty, representation or other term concerning the supply of the Software which might otherwise be implied into, or incorporated in, this Agreement, or any collateral contract, whether by statute, common law or otherwise, is hereby excluded to the fullest extent permitted by law.
a. Nothing in this Agreement shall exclude or in any way limit our liability to the extent that it cannot be excluded or limited as a matter of law.
b. Subject to clause 5.a we shall not be liable under or in connection with this Agreement for:
i. any action, inaction and/or failure to perform of any third party (including any Third Party);
ii. loss of income;
iii. loss of business profits or contracts;
iv. business interruption;
v. loss of the use of money or anticipated savings;
vi. loss of information;
vii. loss of opportunity, goodwill or reputation;
viii. loss of, damage to or corruption of data; or
ix. any indirect or consequential loss or damage of any kind howsoever arising and whether caused by tort (including negligence), breach of contract or otherwise.
c. Subject to clause 5.a and clause 5.b, our maximum aggregate liability under or in connection with this Agreement, or any collateral contract, whether in contract, tort (including negligence) or otherwise, shall be limited to a sum equal to 100% of an aggregate amount equal to the payment received by us from you under this Agreement in the twelve months preceding the occurrence of your claim.
d. You undertake at all times to mitigate any such damage or loss.
e. You acknowledge that this Agreement allocates risk between you and us as authorised by applicable law, and that the pricing of the Software reflects this allocation of risk and the exclusions and limitations of liability contained in this Agreement. You agree that our responsibilities under this Agreement are reasonable because they reflect that:
i. we cannot control how, and for what purposes, you use the Software;
ii. we have not developed the Software specifically for you; and
iii. although we follow good industry practice, it is not economically possible for us to carry out all the tests necessary to make sure that the Software is problem or error free.
f. The laws of some countries do not allow some or all of the limitations described above. If these laws apply to you, some or all of the above limitations may not apply to you, and you might have additional rights. If any remedy hereunder is determined to have failed of its essential purpose, all other limitations of liability and exclusion of damages set forth in this Agreement shall remain in full force and effect.
8. DATA PROTECTION
a. Each of you and we agree to comply with the terms of the appropriate Data Protection Addendum (DPA) available from our Security page.
a. You agree that we in our sole discretion may terminate this Agreement, and/or your password, your account (or any part thereof), and/or use of the Software and its facilities, and (where the Software is Connect) remove and discard any Content within the Software and its facilities:
i. if you're in material default of any obligation imposed by this Agreement, and in the case of a default capable of remedy, you fail to remedy such default within 30 days of receipt of our notice specifying the default and requiring its remedy;
ii. if you make an arrangement with or assignment in favour of your creditors or go into liquidation (other than a voluntary liquidation for the purposes of amalgamation or reconstruction) or have a receiver or administrator appointed over your property or assets or any part thereof, or cease (or threaten to cease) trading (or if any analogous event occurs in your jurisdiction).
b. You may terminate this Agreement at any time. If you cancel, you will not receive a refund for any service already paid for.
c. Upon termination for any reason:
i. all rights granted to you under this Agreement shall cease;
ii. you must cease all activities authorised by this Agreement;
iii. you must immediately pay to us any sums due under this Agreement;
iv. you will no longer have any access rights to the account. Should you need to gain access to the account and use any of the services in our system after the account is terminated, a fresh agreement and prices must be agreed first; and
v. (where you are using Desktop) you must immediately delete or remove the Software from all computer equipment in your possession and immediately destroy or return to us (at our option) all copies of the Software then in your possession, custody or control and, in the case of destruction, certify to us that you have done so.
a. Any E-Mails you may send to us may be monitored by us for operational or business reasons.
b. You agree not to send us any E-Mail containing attached files or any electronic mail containing linkages which may trigger a virus. You also understand that any electronic mail containing an attached file may be automatically rejected by us.
c. We may from time to time send you important notifications to your registered electronic mail address regarding important data updates or security alerts. You undertake to check your electronic email accounts for these notifications on a regular basis.
d. All notices given by you to us must be given to Thesaurus Software Limited of Unit 35, Duleek Business Park, Co. Meath, A92 N15E (where we are BrightPay Ireland) or Thesaurus Software Ltd of 3 Shortlands, London, England, W6 8DA (where we are BrightPay UK). We may give notice to you at either the e-mail or postal address you provided to us or our representative when purchasing the Software.
e. Notice will be deemed received and properly served 24 hours after an e-mail is sent, or three days after the date of posting of any letter.
f. In proving the service of any notice, it will be sufficient to prove, in the case of a letter, that such letter was properly addressed, stamped and placed in the post and, in the case of an e-mail that such e-mail was sent to the specified e-mail address of the addressee.
a. This Agreement is binding on you and us and on our respective successors and assigns. You may not transfer, assign, charge or otherwise dispose of this Agreement, or any of your rights or obligations arising under it, without our prior written consent.
b. We will not be liable or responsible for any failure to perform, or delay in performance of, any obligations under this Agreement that is caused by an event outside our reasonable control.
c. If we fail, at any time during the term of this Agreement, to insist on strict performance of any of your obligations under this Agreement, or if we fail to exercise any of the rights or remedies to which we are entitled under this Agreement, this shall not constitute a waiver of such rights or remedies and shall not relieve you from compliance with such obligations. A waiver by us of any default shall not constitute a waiver of any subsequent default. No waiver by us of any of these terms and conditions shall be effective unless it is expressly stated to be a waiver and is communicated to you in writing.
d. If any of the terms of this Agreement are determined by any competent authority to be invalid, unlawful or unenforceable to any extent, such term, condition or provision will to that extent be severed from the remaining terms, conditions and provisions which will continue to be valid to the fullest extent permitted by law.
e. This Agreement and any document expressly referred to in it represents the entire agreement between you and us in relation to the licensing of the Software and Documentation and supersedes any prior agreement, understanding or arrangement between you and us, whether oral or in writing. We each acknowledge that, in entering into this Agreement, neither of us has relied on any representation, undertaking or promise given by the other or implied from anything said or written in negotiations between us before entering into this Agreement except as expressly stated in this Agreement.
f. Clause and schedule headings do not affect the interpretation of this Agreement, and references to a clause or the schedule are to clauses and the schedule to this Agreement. Words in the singular include the plural and, in the plural, include the singular, and references to any gender include all genders. A reference to a particular law is a reference to it as it is in force for the time being taking account of any amendment, extension, application or re-enactment and includes any subordinate legislation for the time being in force made under it. References to including and include(s) shall be deemed to mean respectively including without limitation and include(s) without limitation.
12. LAW AND JURISDICTION
a. Where we are BrightPay UK, this Agreement is governed by English law. Any dispute arising from, or related to, any term of this Agreement shall be subject to the non-exclusive jurisdiction of the courts of England.
b. Where we are BrightPay Ireland, this Agreement is governed by the law of the Republic of Ireland. Any dispute arising from, or related to, any term of this Agreement shall be subject to the non-exclusive jurisdiction of the courts of the Republic of Ireland.
DATA PROCESSING ADDENDUM
1. DEFINITIONS AND INTERPRETATIONS
1.1. In this Addendum the following definitions shall apply:
Controller shall have the meaning given in Article 4 of the GDPR.
Data Subject means an identified or identifiable natural person who is the subject of any Personal Data.
Data Protection Laws means the General Data Protection Regulation (EU) 2016/679 (GDPR), the Data Protection Act 2018 (and any respective local implementing laws) as amended, replaced or superseded from time to time.
Personal Data shall have the meaning given in Article 4 of the GDPR, and shall refer to Personal Data provided either by us to you, or you to us, during the course of this Agreement.
Processor shall have the meaning given in Article 4 of the GDPR.
Sub-processor means a natural or legal person, public authority, agency or any other body contracted by us to process Personal Data.
Supervisory Authority shall have the meaning given in Article 4 of the GDPR.
2. WHERE A PARTY IS A CONTROLLER
2.1. Where either you or we acts as controller in relation to any Personal Data in the course of the operation of this Agreement, the provisions of this paragraph 2 apply.
2.2. Each of you and us undertakes that it will:
2.2.1. comply with Data Protection Laws when processing Personal Data;
2.2.2. rely on a valid legal ground under Data Protection Laws for processing, including obtaining Data Subjects' appropriate consent or providing appropriate notification to Data Subjects, in each case if required or appropriate under Data Protection Laws;
2.2.3. take reasonable steps to ensure that Personal Data is (a) accurate, complete and current and limited to what is necessary in relation to the processing; and (b) kept in a form which permits identification of Data Subjects for no longer than is necessary for the processing (unless a longer retention is required or allowed under applicable law);
2.2.4. implement appropriate technical and organizational measures to ensure, and to be able to
demonstrate, that the processing of Personal Data is performed in accordance with Data Protection Laws;
2.2.5. not transfer any Personal Data to any Inadequate Country, unless such party ensures (a) that the transfer is at all times subject to one of the appropriate safeguards permitted by Article 46 of GDPR and (b) that in all other respects the transfer complies with GDPR. Inadequate Country means a country which is (a) outside of the European Economic Area and (b) not a country which has been determined by the European Commission as ensuring an appropriate level of protection for the purposes of Article 45 of the GDPR;
2.2.6. respond to Data Subject requests to exercise their rights of (a) access, (b) rectification, (c) erasure, (d) data portability, (e) restriction of Processing, (f) objection to the Processing, and (g) the rights related to automated decision-making and profiling, if and as required under Data Protection Laws; and
2.2.7. co-operate with the other party to fulfil their respective data protection compliance obligations under Data Protection Laws.
3. WHERE YOU ARE CONTROLLER, AND WE ARE PROCESSOR
3.1. Where, in relation to any Personal Data, you are controller and we are processor under the terms of this Agreement, the provisions of paragraphs 3 to 7 apply. Where you are a Processor acting on the instructions of a separate Controller (for example, where you are a Bureau), these paragraphs also will apply to you and us as Processor and Sub-processor respectively.
3.2. For the purposes of Article 28.3 of GDPR, the subject matter of the processing is as follows: 3.2.1. the personal data used in the processing may include any of the following Personal Data:
22.214.171.124. in relation to each user:[forename(s), surname, email address, IP address, database use activity history, telephone number; and
126.96.36.199. in relation to any person who is the subject of a record held in the Software: source, unique ID, name, forename, surname, date of birth, year of birth, nationality, address, city, state, postcode, country, national insurance number or personal public service number, tax code, telephone number (including mobile), passport number, names and telephone numbers of emergency contacts;
3.2.2. the duration of the processing will be the duration of this Agreement
3.2.3. the nature and purpose of the processing will be limited to the storing and use of the Personal Data to allow you to use the Software's functionality in relation to the Data Subjects.
3.3. We shall:
3.3.1. process the Personal Data only in accordance with your documented instructions, including where relevant for transfers of Personal Data outside the European Economic Area (EEA) (unless required to do so by European Union, Member State and/or UK law to which we are subject, in which case we shall inform you of that legal requirement before processing unless prohibited by that law);
3.3.2. ensure that persons authorised to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
3.3.3. take all measures required pursuant to Article 32 of the GDPR;
3.3.4. appoint Sub-processors only in accordance with paragraph 5 below;
3.3.5. taking into account the nature of the processing, assist you by taking appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of your obligation to respond to requests for exercising a Data Subject's rights laid down in Chapter III of the GDPR;
3.3.6. taking into account the nature of the processing and the information available to us, assist you in ensuring compliance with your obligations to:
188.8.131.52. keep Personal Data secure (Article 32 GDPR);
184.108.40.206. notify Personal Data breaches to the Supervisory Authority (Article 33 GDPR);
220.127.116.11. advise Data Subjects when there has been a Personal Data breach (Article 34 GDPR); 18.104.22.168. carry out data protection impact assessments (Article 35 GDPR); and
22.214.171.124. consult with the Supervisory Authority where a data protection impact assessment indicates that there is an unmitigated high risk to the processing (Article 36 GDPR);
3.3.7. at your choice, delete or return all Personal Data to you upon termination of this Agreement, save to the extent that European Union or EU member state law requires retention of the Personal Data;
3.3.8. make available to you all information necessary to demonstrate compliance with the obligations laid down in this Addendum and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you as set out in paragraph 4 below;
3.3.9. immediately inform you if, in our opinion, an instruction infringes Data Protection Laws; 3.3.10. comply with Article 30 of the GDPR;
3.3.11. co-operate on request, with the Information Commissioner's Office (or any successor body thereto) or other relevant Supervisory Authority in the performance of its tasks; and
3.3.12. notify you without undue delay after becoming aware of a Personal Data breach.
4. AUDIT RIGHTS
4.1. Upon your reasonable request, we agree to provide you with any documentation or records (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) which will enable it to verify and monitor our compliance with this Addendum, within 14 days of receipt of such request.
4.2. Where, in your reasonable opinion, such documentation is not sufficient in order to meet the obligations of Article 28 of the GDPR, you will be entitled, upon reasonable prior written notice to us and upon reasonable grounds, to conduct an on-site audit of our premises used in connection with the Software, solely to confirm compliance with our data protection and security obligations under this Addendum. Any audit carried out by you will be conducted in a manner that does not disrupt, delay or interfere with our performance of our business. You shall ensure that the individuals carrying out the audit are under appropriately strict and binding obligations to keep all of our information confidential.
5. USE OF SUB-PROCESSORS
5.1. You provide your consent for us to use Sub-processors in the provision of the Software. Where we use any other third party we shall:
5.1.1. enter into a legally binding written agreement that places the equivalent data protection obligations as those set out in this Addendum to the extent applicable to the nature of the services provided by such Sub-processor, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR;
5.1.2. remain liable for the performance of the Sub-processor.
5.2. The current list of Sub-processors that we use can be viewed here
5.3. We reserve the right to change any and all Sub-processors at any time, without the consent of or notification to you.
6. TRANSFERS OF PERSONAL DATA TO NON-EEA COUNTRIES
6.1. Any transfers by us to a sub-processor outside the EEA shall be carried out in accordance with Chapter 5 of the GDPR.
6.2. Where we are BrightPay UK, and in the event of the United Kingdom departing the European Union and being deemed by the European Commission to have inadequate levels of protection, in accordance with Article 45 of the GDPR, you and we undertake promptly to enter into the appropriate versions of such model standard data protection clauses as the European Commission may from time to time publish in accordance with Article 46 (2) of the GDPR.
7. YOUR OBLIGATIONS
7.1. You warrant and represent to us that:
7.1.1. all instructions provided to us by you in relation to and/or involving the processing of Personal Data are lawful and are provided in accordance with the Data Protection Laws;
7.1.2. you shall only provide instructions to us that are in accordance with the terms of this Agreement, including this Addendum.
7.2. You acknowledge and agree that we are reliant on you for direction as to the extent to which we are entitled to use and process Personal Data. Consequently, we shall not be liable for any claim brought by a Data Subject