HubSolv Limited is a company incorporated in Scotland (registration number SC470544) having its registered office at Suite 5.1, 14 Mitchell Lane, Glasgow G1 3NU (the “Provider”).
The Provider operates the Platform and provides the Support Services, and the Customer wishes to be granted access to the Platform and to receive the Support Services, on the terms of this Agreement.
The parties agree that the Customer is a Controller (as defined in the Data Protection Legislation) and that the Provider is a Processor (as defined in the Data Protection Legislation) for the purposes of processing Protected Data pursuant to this Agreement. The Customer shall at all times comply with all Data Protection Legislation in connection with the processing of Protected Data. The Customer shall ensure all instructions given by it to the Provider in respect of Protected Data (including the terms of this Agreement) shall at all times be in accordance with Data Protection Legislation. Nothing in this Agreement relieves the Customer of any responsibilities or liabilities under any Data Protection Legislation.
The Provider shall process Protected Data in compliance with the obligations placed on it under Data Protection Legislation and the terms of this Agreement.
In the event that the Provider processes any Protected Data on behalf of the Customer under this Agreement the Provider undertakes:
(a) except as required by law, to act only on reasonable and lawful instructions from the Customer in relation to the processing of Protected Data, to inform the Customer if the Provider believes that any instruction received from the Customer is likely to infringe Data Protection Legislation, in which case the Provider may cease to provide the relevant Service, and not to process Protected Data for any purpose other than as required by this Agreement;
(b) taking account of the state of technical development and the nature of the processing, to put in place appropriate security measures (both technical and organisational) against unlawful or unauthorised processing of, and against accidental loss or destruction of, or damage to, Protected Data;
(c) that any of its employees who will have access to Protected Data are under appropriate confidentiality obligations in respect of the Protected Data, have undergone data protection training and are aware of their obligations under the Data Protection Legislation;
(d) at the Customer’s cost, to provide reasonable assistance on request to the Customer in complying with the rights of data subjects and with the Customer’s statutory obligations under the Data Protection Legislation insofar as the foregoing relate to Protected Data;;
(e) at the Customer’s cost to provide the Customer with such information as the Customer may reasonably require to satisfy itself that the Provider is complying with its obligations under the Data Protection Legislation;
(f) to notify the Customer immediately if it receives a complaint, notice or any other communication concerning the Provider’s processing of Protected Data;
(g) at the Customer’s cost, allow the Customer to appoint an independent auditor to audit and inspect the Provider’s compliance with this Clause 14.3 and Clause 14.4. Such audit may occur once per calendar year, unless the Customer can demonstrate that it has genuine suspicion that the Provider has breached its obligations in this Clause 14. Such an audit shall be carried out during business hours and the Customer shall provide at least 30 Business Days’ notice of any such audit, unless the Customer can demonstrate that it has genuine suspicion that the Provider has breached its obligations in this Clause 14 in which case the Customer shall provide at least 2 Business Days’ notice of any such audit;
(h) to notify the Customer without undue delay and in writing of any personal data breach in respect of Protected Data;
(i) not to transfer the Personal Data to a country outside the European Union without the authorisation of the Customer unless the relevant territory ensures an adequate level of protection or appropriate standard contractual clauses approved by the EU have been put in place or other appropriate safeguards have been implemented;
(j) except as required by law, after termination of this Contract return to the Customer or destroy, at the request of the Customer at the Customer’s cost, all Customer Personal Data in the possession of the Provider; and
(k) to restrict any processing immediately as directed by the Customer.
The Customer authorises the appointment of sub-processors. The Provider shall:
– inform the Customer of changes to the identity of its sub-processors;
– appoint the relevant sub-processor under a written contract containing materially the same obligations as under Clause 14.3 or Article 28 of the General Data Protection Regulation (including those relating to sufficient guarantees to implement appropriate technical and organisational measures); and
– remain fully liable to the Customer under this Agreement for all the acts and omissions of each such sub-processor as if they were its own.
Confidentiality and publicity
The Provider will:
(a) keep confidential and not disclose the Customer Confidential Information to any person save as expressly permitted by this Clause 15;
(b) protect the Customer Confidential Information against unauthorised disclosure by using the same degree of care as it takes to preserve and safeguard its own confidential information of a similar nature, being at least a reasonable degree of care; and
The Customer will:
(a) keep confidential and not disclose the Provider Confidential Information to any person save as expressly permitted by this Clause 15;
(b) protect the Provider Confidential Information against unauthorised disclosure by using the same degree of care as it takes to preserve and safeguard its own confidential information of a similar nature, being at least a reasonable degree of care.
Confidential Information of a party may be disclosed by the other party to that other party’s officers, employees, agents, insurers and professional advisers, provided that the recipient is bound in writing to maintain the confidentiality of the Confidential Information disclosed.
The obligations set out in this Clause 15 shall not apply to:
(a) Confidential Information that is publicly known (other than through a breach of an obligation of confidence);
(b) Customer Confidential Information that is in possession of the Provider prior to disclosure by the Customer, and Provider Confidential Information that is in possession of the Customer prior to disclosure by the Provider;
(c) Customer Confidential Information that is received by the Provider, and Provider Confidential Information that is received by the Customer, from an independent third party who has a right to disclose the relevant Confidential Information; or
(d) Confidential Information that is required to be disclosed by law, or by a governmental authority, stock exchange or regulatory body, provided that the party subject to such disclosure requirement must where permitted by law give to the other party prompt written notice of the disclosure requirement.
Neither party will make any public disclosure relating to this Agreement (including press releases, public announcements and marketing materials) without the prior written consent of the other party.