The parties to the Agreement are: (i) Bright Interactive Ltd, a company incorporated in England and Wales (registration number 03865036) having its registered office at Ninth Floor, Tower Point, 44 North Road, Brighton, East Sussex BN1 1YR, UK ("we", and "us" and "our" shall be construed accordingly); and (ii) the person (natural or legal) who is specified as the customer in the Proposal ("you", and "your" and "yours" shall be construed accordingly).
1. Definitions
1.1 In the Agreement:
"Admin Account" means an administrator account on the Platform enabling you to create user accounts and configure aspects of the Hosted Services;
"Agreement" means the agreement between the parties for the provision of the Hosted Services and/or On-premises Software incorporating:
including any variations from time to time;
"Business Day" means any weekday other than a bank or public holiday in England;
"Business Hours" means between 09:00 and 17:00 London time on a Business Day;
"Charges" means the amounts payable by you to us under or in relation to the Agreement, as specified in the Proposal or elsewhere in the Agreement;
"Client Data" means all digital assets, files, works and materials uploaded to, stored on, processed using or transmitted via the Platform by you or on your behalf;
"Client Personal Data" means any Personal Data that we process on your behalf under the Agreement, as detailed in Clause 15;
"Cloud Services" means the Hosted Services plus the Support Services provided in relation to those Hosted Services;
"Confidential Information" means, in respect of a party, any information disclosed by that party to the other party during the Term that at the time of disclosure is marked as confidential, is described as confidential by the disclosing party, or should have been understood as confidential by the recipient party (acting reasonably); and providing that the Client Data shall be your Confidential Information and any third party service provider contracts that we supply to you shall be our Confidential Information;
"Customisations" means any new software developments, updates, upgrades, modules, libraries and APIs that are:
"Data Protection Laws" means all applicable laws relating to the processing of Personal Data including the UK GDPR and the EU GDPR;
"Defect" means a critical issue or major issue (as defined in the SLA) in the Hosted Services and/or On-premises Software, or a failure of the Hosted Services and/or On-premises Software to conform with the specification set out in the Proposal in some material way;
"Effective Date" means the date of execution of the Agreement, being the date upon which a paper copy or electronic copy of the signature page is signed by the second of the parties to sign;
"EU GDPR" means the EU General Data Protection Regulation 2016/679, as amended, superseded or replaced from time to time;
"EU Standard Contractual Clauses" means the Standard Contractual Clauses in the annex to Commission Implementing Decision (EU) 2021/914 of 4 June 2021, as set out in Schedule 1 to the Agreement;
"Force Majeure Event" means an event, or a series of related events, that is outside the reasonable control of the party affected (including failures of the internet, hacker attacks, virus or other malicious software attacks or infections, power failures, industrial disputes affecting any third party, changes to the law, disasters, explosions, fires, floods, riots, terrorist attacks and wars);
"Hosted Services" means:
"Minimum Term" means the period of 12 months beginning on the Effective Date;
"On-premises Software" means the software known as Asset Bank that we own and license;
"Permitted Purposes" means the purposes of uploading, tagging, organising, storing, searching, manipulating, accessing, sharing and downloading digital files;
"Personal Data" means data that constitutes personal data under any of the Data Protection Laws;
"Platform" means the hardware, system software, server software, database software and application software that we use to provide the Hosted Services, whether shared or dedicated;
"Proposal" means the proposal we issue to you setting out the particulars of the Agreement;
"Restricted Transfer" means an international transfer of Personal Data that is:
"Services" means all the services provided or to be provided by us to you under the Agreement, including any Hosted Services, Set-up Services and Support Services;
"Set-up Services" means the installation, integration and configuration of the Hosted Services and/or On-premises Software, and the provision of any associated training and consultancy services specified in the Proposal;
"SLA" means the service level agreement;
"Support Services" means:
"Support Services Limit" has the meaning given to it in the SLA;
"Term" means the term of the Agreement;
"Third Party Services" means any hosted or cloud service owned and operated by a third party that may transmit data to and/or from the Hosted Services and/or On-premises Software under a contract or arrangement between you and the relevant third party;
"UK Addendum" means the UK addendum to the EU Standard Contractual Clauses issued or proposed by the UK Information Commissioner under section 119A(1) of the Data Protection Act 2018, as set out in Schedule 2 to the Agreement;
"UK GDPR" means the EU GDPR as incorporated into UK law by the Data Protection Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019, as amended, superseded or replaced from time to time; and
"Upgrades" means new versions of, and updates to, the Hosted Services and/or On-premises Software, whether for the purpose of fixing an error, bug or other issue or enhancing the functionality of the Hosted Services and/or On-premises Software.
2. Term
2.1 The Agreement will come into force on the Effective Date.
2.2 The Agreement will continue in force indefinitely, unless and until terminated in accordance with its express provisions.
3. Set-up Services
3.1 We shall provide the Set-up Services to you promptly following the Effective Date.
3.2 The Cloud Services or On-premises Software shall be configured in accordance with your licence tier (Essential, Professional or Enterprise Unlimited), and shall be subject to the resource limitations applicable to your licence tier, as specified in the Proposal.
4. Cloud Services
4.1 This Clause 4 applies if the Proposal specifies that we have agreed to supply Cloud Services to you.
4.2 We shall complete the installation of your Asset Bank and create one or more Admin Accounts for you after the Effective
4.3 Date, enabling you to access the Hosted Services.
Subject to Clauses 4.5 to 4.7, we hereby grant to you a non-exclusive licence to use the Hosted Services on the Platform for the Permitted Purposes via:
in each case during the Term.
4.4 You may permit your own customers to use the Hosted Services on the Platform for the Permitted Purposes via any supported web browser, whether on a free or paid basis, providing that you shall be responsible for your customers' use of the Hosted Services and that all the other limitations and prohibitions relating to your use of the Hosted Services shall apply to your customers' use.
4.5 Your use of the Hosted Services must not exceed the user limitations and storage resources limitations referred to in the Agreement. We may use technical measures to enforce those limitations. From time to time during the Term we may agree with you changes to those limitations. Increases may be subject to additional Charges.
4.6 Your use of the non-storage resources for the Hosted Services (bandwidth, processing power and API calls) must not be excessive. For the purposes of this Clause 4.6, usage will be excessive if:
and if your use is excessive, we may give you written notice of this. From time to time during the Term we may agree with you changes to the resources available to you. Increases may be subject to additional Charges. Notwithstanding the preceding provisions of this Clause 4.6, we may use technical measures to ensure that the usage of non-storage resources is not excessive.
4.7 Except to the extent mandated by applicable law or expressly permitted in the Agreement or in any reseller agreement between us and you, the licence granted under Clause 4.3 is subject to the following prohibitions:
4.9 You must ensure that no unauthorised person accesses the Platform or Hosted Services using any Admin Account or your API access credentials (if we supply these to you).
4.10 We shall use reasonable endeavours to ensure that the Hosted Services are available 99.9% of the time during each calendar month, subject to downtime for scheduled maintenance under Clause 6. Hosted Services uptime shall be measured and calculated by us using any reasonable methodology, and reported to you promptly following our receipt of a written request from you.
4.11 For the avoidance of doubt, you have no right to access the object code or source code of the Platform or Hosted Services, either during or after the Term.
5. On-premises Software
5.1 This Clause 5 applies if the Proposal specifies that we have agreed to supply On-premises Software to you.
5.2 Subject to Clauses 5.3 and 5.4, we grant to you a worldwide, non-transferable, non-exclusive, non-expiring (subject to Clause 20.6) licence from the Effective Date to:
5.3 Your use of the On-premises Software must not exceed the user limitations referred to in the Agreement. We may use technical measures to enforce those limitations. From time to time during the Term we may agree with you changes to those limitations. Increases may be subject to additional Charges.
5.4 Except as required by applicable law on a mandatory basis, you must not:
5.5 You must use reasonable technical and organisational security measures to prevent the disclosure of the On-premises Software code to any unauthorised person.
5.6 For the avoidance of doubt, you have no right to access the source code of the On-premises Software, either during or after the Term.
5.7 You will be responsible for enabling us to apply Upgrades to the On-premises Software. We may from time to time by written notice grant to you the right to apply Upgrades to the On-premises Software, but we shall have no obligation to do so.
5.8 If a critical security Upgrade is not applied to the On-premises Software within 7 days following release as a result of any act or omission by you, then, subject to Clause 18.1, we will not be liable to you in respect of any loss or damage that may arise out of the failure to apply the Upgrade.
6. Support Services
6.1 If you are entitled to Cloud Services, then we will provide Support Services to you in respect of the Hosted Services in accordance with the SLA; and if the Proposal specifies that you are entitled to Support Services in respect of On-premises Software, then we will provide the Support Services to you in respect of the On-premises Software in accordance with the SLA.
6.2 You acknowledge that from time to time we may apply Upgrades to the Hosted Services.
6.3 We may suspend access to the Hosted Services at any time in order to carry out scheduled maintenance to the Hosted Services and/or Platform. Our scheduled maintenance windows are published on the Asset Bank Help Centre and updated from time to time. Scheduled maintenance will usually be completed outside working hours in your jurisdiction.
6.4 Hosted Services downtime during any scheduled maintenance shall not be counted as downtime for the purposes of Clause 4.10.
6.5 Upgrades may result in changes to the appearance and/or functionality of the Hosted Services and/or On-premises Software. We will give you advanced written notice of the deprecation or removal of any major functionality by an Upgrade.
7. Other services
7.1 We may from time to time agree with you that we will provide:
7.2 Unless we agree otherwise in writing, all such additional Services will be provided under and subject to the Agreement, and will be subject to additional Charges at our then current time and materials rates.
8. Your obligations
8.1 Save to the extent that we have agreed otherwise in writing, you must provide to us, or procure for us, such:
as are reasonably necessary to enable us to perform our obligations under the Agreement.
8.2 If we agree to supply On-premises Software to you, you must provide to us, or procure for us, such access to your computer hardware, software, networks and systems as may be reasonably required by us to enable us to perform our obligations under the Agreement.
9. Client Data
9.1 We will perform a back-up of Client Data once per day. At your request, we will promptly restore the Client Data in the Hosted Services database using the latest available back-up.
9.2 All the Intellectual Property Rights in Client Data will remain your property and the property of your licensors, subject to Clause 9.3.
9.3 You grant to us a non-exclusive licence to store, copy and otherwise use Client Data on and in relation to the Platform for the purposes of operating the Platform, providing the Services, fulfilling our obligations under the Agreement and exercising our rights under the Agreement. The exercise of our rights under this licence is subject to our obligations under and referred to in Clause 15 in respect of Personal Data.
9.4 You warrant to us that Client Data, and its use by us in accordance with the terms of the Agreement, will not:
9.5 If we reasonably suspect that there has been a breach by you of the provisions of Clause 9.4, we may:
providing that we will give you advance notification of any such action if that notification does not prejudice our legal position.
9.6 Any breach by you of Clause 9.4 will be deemed to be a material breach of the Agreement for the purposes of Clause 19.
10. Integrations with Third Party Services
10.1 You will have the opportunity to activate integrations with Third Party Services; such integrations will not be active by default.
10.2 The supply of Third Party Services shall be under a separate contract or arrangement between you and the relevant third party. We do not contract to supply the Third Party Services and are not a party to any contract for, or otherwise responsible in respect of, the provision of any Third Party Services.
10.3 The use of some features of the Hosted Services and/or On-premises Software may depend upon you enabling and agreeing to integrations with Third Party Services.
10.4 We may remove, suspend or limit any Third Party Services integration at any time in our sole discretion.
10.5 You acknowledge that:
10.6 You warrant to us that the transfer of Client Data to a provider of Third Party Services in accordance with this Clause 10 will not infringe any person's legal or contractual rights and will not put us in breach of any applicable laws (including the Data Protection Laws).
10.7 Save to the extent that the parties expressly agree otherwise in writing and subject to Clause 18.1:
11. Customisations
11.1 This Clause 11 applies if we agree with you in writing, whether in the Proposal or otherwise, that we shall design and develop a Customisation or Customisations on your behalf.
11.2 Each Customisation will conform in all material respects with the specification for the Customisation agreed by us in writing.
11.3 We will use reasonable endeavours to ensure that each Customisation is made available or (if it forms part of the On-premises Software) delivered to you in accordance with any timetable or project plan agreed by the parties in writing.
11.4 All Intellectual Property Rights in the Customisations shall, as between the parties, be our exclusive property. However, this shall not affect the ownership of Intellectual Property Rights in your brands and/or logos, which shall belong to you.
11.5 From the time and date when a Customisation is first delivered or made available to you, the Customisation shall form part of the Hosted Services and/or On-premises Software, as the case may be, and accordingly from that time and date your rights to use the Customisation shall be governed by Clauses 4 and/or 5.
11.6 You acknowledge that we may make any Customisation available to any of our other customers or any other third party at any time.
12. Charges
12.1 You must pay the Charges to us in accordance with Clause 13.
12.2 All Charges and other amounts stated in or in relation to the Agreement are, unless the context requires otherwise, stated exclusive of any applicable value added taxes, which will be added to those amounts and payable by you to us.
12.3 We may elect to vary any element of the Charges (including any time-based charging rate) by giving to you not less than 90 days' written notice of the variation, providing that:
12.4 You acknowledge that we may charge for new functionality added to Hosted Services or On-premises Software. Customers who do not wish to upgrade will be able to continue with their legacy package at the original charge.
13. Payments
13.1 We will issue invoices for the Charges in accordance with the Proposal; and, save to the extent specified otherwise in the Proposal, you must pay the Charges to us within 30 days following the date of issue of the relevant invoice.
13.2 Charges must be paid by bank transfer or by such other means as we may authorise from time to time.
13.3 If more than one payment due under the Agreement is not received by us by the due date and you are signed-up for quarterly or 6-monthly invoicing, we may by written notice to you move your invoicing frequency to annual and issue your next invoice on this basis.
13.4 If you do not pay any amount properly due to us under or in connection with the Agreement, we may claim interest and statutory compensation from you pursuant to the Late Payment of Commercial Debts (Interest) Act 1998.
13.5 We may suspend the provision of any Services if any amounts due to be paid by you to us under the Agreement are overdue, and we have given you at least 5 Business Days' written notice of our intention to suspend Services on this basis. For the avoidance of doubt, you will not be entitled to any refund of the Charges with respect to any period of suspension under this Clause 13.5, nor will you be released from any liability to pay Charges with respect to any such period of suspension.
14. Confidentiality
14.1 Each party must:
14.2 Notwithstanding Clauses 14.1, a party's Confidential Information may be disclosed by the other party to that other party's officers, employees, professional advisers, insurers, agents and subcontractors who have a need to access the Confidential Information that is disclosed for the performance of their work and who are bound by a written agreement or professional obligation to protect the confidentiality of the Confidential Information that is disclosed.
14.3 No obligations are imposed by this Clause 14 with respect to:
a. a party's Confidential Information that is known to the other party before disclosure under the Agreement and is not subject to any other obligation of confidentiality;
b. a party's Confidential Information that is or becomes publicly known through no act or default of the other party;
c. a party's Confidential Information that is obtained by the other party from a third party in circumstances where the other party has no reason to believe that there has been a breach of an obligation of confidentiality; or
d. any information independently developed by a party without reference to or use of the other party’s Confidential Information.
14.4 The restrictions in this Clause 14 do not apply to the extent that any Confidential Information is required to be disclosed by any law or regulation, by any judicial or governmental order or request, or pursuant to disclosure requirements relating to the listing of the stock of either party on any recognised stock exchange.
14.5 The provisions of this Clause 14 shall continue in force indefinitely following the termination of the Agreement.
15. Client Personal Data and the General Data Protection Regulation
15.1 The parties agree that:
15.2 You warrant to us that:
15.3 We warrant to you that:
15.4 You hereby give to us a general authorisation to appoint sub-processors of Client Personal Data in the following categories:
Details of appointed processors are set out in the Asset Bank Help Centre. You acknowledge that some of our appointed sub-processors are multi-national corporations with facilities in jurisdictions around the world, and hereby consent to the transfer of Client Personal Data outside the UK and EEA to or by sub-processors, providing that: (i) the principal database for the Hosted Services shall be located within the UK or EEA, unless you expressly agree otherwise in writing; (ii) all such transfers shall be made only for the purpose of providing services to you; and (iii) all such transfers shall be protected by appropriate safeguards in accordance with the Data Protection Laws.
15.5 We shall notify you in accordance with the Data Protection Laws, using the contact details set out in this Agreement or any alternative breach notification contact details supplied by you, promptly and in any case within 24 hours of becoming aware of the issue, if:
15.6 We shall co-operate with you in relation to:
in each case at your cost and expense.
15.7 We shall ensure that access to the Client Personal Data is limited to those of our personnel who have a reasonable need to access the Client Personal Data to enable us to perform our duties under the Agreement; any access to the Client Personal Data shall be limited to such part or parts of the Client Personal Data as are strictly necessary.
15.8 We shall take reasonable steps to ensure the reliability of any of our personnel who have access to the Client Personal Data. Without prejudice to this general obligation, we shall ensure that all relevant personnel are informed of the confidential nature of the Client Personal Data, are subject to confidentiality obligations in relation to the Client Personal Data, have undertaken training in the laws relating to handling Client Personal Data, and are aware of our duties in respect of that Client Personal Data.
15.9 Each party shall upon request make available to the other party all such information as may be necessary to demonstrate its compliance with the Data Protection Laws and the provisions of this Clause 15.
15.10 We shall upon request make available to you all such information as may be necessary to facilitate the carrying out of an audit of our compliance with the Data Protection Laws and the provisions of this Clause 15. For this purpose, we will provide to you a completed security questionnaire, in a form to be determined by us (acting reasonably). We shall ensure that the completed security questionnaire includes all the information that is necessary to enable you to assess our compliance. We will also provide, upon request, evidence of the most recent independent audit(s) carried out to verify GDPR compliance and ISO 27001 compliance. Other than the provision of this security questionnaire, and audit evidence, we may charge you at our standard time and materials rates for any work performed at your request when fulfilling our obligations under this Clause 15.10.
15.11 In the event of changes to the Data Protection Laws that affect the terms of the Agreement, the parties shall act reasonably to agree any necessary changes to the Agreement.
15.12 We shall, if requested by you, provide to you a copy of the Client Personal Data in accordance with Clause 20.3; and, unless applicable law requires otherwise, we shall delete all the Client Personal Data from our systems and storage media at the end of the period of 4 months following termination.
15.13 The EU Standard Contractual Clauses and UK Addendum shall apply to Personal Data in the following circumstances:
15.14 Where the EU Standard Contractual Clauses (with or without the UK Addendum) apply in addition to this Clause 15, and there is any conflict between the EU Standard Contractual Clauses (or the UK Addendum) and this Clause 15, then the contractual provisions providing the highest degree of protection for the Personal Data shall take precedence.
16. Warranties
16.1 Each party warrants to the other party that:
16.2 We warrant to you that:
16.3 We warrant to you that we will use reasonable endeavours to ensure that the Hosted Services and the On-premises Software will be supplied free from Defects, and we will endeavour to resolve any Defects and other issues in accordance with the SLA. Without prejudice to this warranty, you acknowledge that complex software is never wholly free from defects, errors and bugs, and we give no warranty or representation that the Hosted Services or On-premises Software will be wholly free from such defects, errors and bugs.
16.4 We warrant to you that we will ensure that the Hosted Services and the On-premises Software will incorporate security measures reflecting the requirements of good industry practice. Without prejudice to this warranty, you acknowledge that complex software is never wholly free from security vulnerabilities, and we give no warranty or representation that the Hosted Services or On-premises Software will be wholly free from such vulnerabilities.
16.5 All of the parties' warranties and representations in respect of the subject matter of the Agreement are expressly set out in the terms of the Agreement. To the maximum extent permitted by applicable law, no other warranties or representations concerning the subject matter of the Agreement will be implied into the Agreement.
17. Additional acknowledgements
17.1 You acknowledge that, subject to the express warranties set out in the Agreement:
18. Limitations and exclusions of liability
18.1 Nothing in the Agreement will:
18.2 The limitations and exclusions of liability set out in this Clause 18 and elsewhere in the Agreement:
18.3 Neither party will be liable to the other for any indirect or consequential loss.
18.4 Neither party will be liable to the other party for any loss of business, contracts or commercial opportunities.
18.5 Neither party will be liable to the other party for any loss of or damage to goodwill or reputation.
18.6 Subject to our compliance with Clause 9.1 and excluding any loss of the most recent back-up copy of the Client Data we make in accordance with Clause 9.1, we will not be liable to you in respect of any loss or corruption of any Client Data.
18.7 Neither party will be liable to the other party for any losses arising out of a Force Majeure Event. Where a Force Majeure Event gives rise to a failure or delay in either party performing its obligations under the Agreement (other than the obligation to make payment), those obligations will be suspended for the duration of the Force Majeure Event.
18.8 Neither party's liability to the other party in relation to any event or series of related events will exceed the greater of:
18.9 Neither party's aggregate liability to the other party will exceed GBP 2,000,000.
19. Termination
19.1 The Agreement may only be terminated for convenience after the end of the Minimum Term in accordance with this Clause 19.1. You may terminate the Agreement by giving to us at least 30 days' written notice of termination expiring after the end of the Minimum Term; and we may terminate the Agreement by giving to you at least 120 days' written notice of termination expiring after the end of the Minimum Term.
19.2 Either party may terminate the Agreement immediately by giving written notice of termination to the other party if:
19.3 Either party may terminate the Agreement immediately by giving written notice of termination to the other party if:
19.4 We may terminate the Agreement immediately by giving written notice to you if:
20. Effects of termination
20.1 Upon termination of the Agreement, all the provisions of the Agreement will cease to have effect, save that the following provisions of the Agreement will survive and continue to have effect (in accordance with their terms or otherwise indefinitely): Clauses 1, 4.11, 5 (if applicable and subject to Clause 20.6), 10.7(b), 13.4, 14, 15, 18, 20, 23 and 24.
20.2 Termination of the Agreement will not affect either party's accrued liabilities and rights as at the date of termination.
20.3 You may download a copy of the Client Data from the Platform at any time before the date of termination. We will retain a copy of the Client Data for a period of at least 30 days following the date of termination. During this period, if you request that we provide you with a copy of the Client Data, we will do so, subject to payment of charges (calculated using our standard time-based charging rates). At any time following the end of that 30 day period, we may delete from our computer systems all Client Data. You acknowledge that, if you have not retrieved Client Data from the Platform before termination or requested it before deletion, you will lose that Client Data.
20.4 You acknowledge that we may retain Client Data in our systems for a period of up to 4 months after the date of termination; and the licence set out in Clause 9.3 shall continue after termination to the extent necessary for us to exercise our rights under this Clause 20.4.
20.5 If the Agreement is terminated under Clause 15.3(f) or 19.1, then you will be entitled to a refund of any Charges paid to us with respect to Services that were to be provided to you after the date of effective termination, and you will be released from any liability to pay such Charges. The amount of the refund or release shall be calculated by us using any reasonable methodology. Subject to this, you will not be entitled to any refund of the Charges upon the termination of the Agreement, nor will you be released from any liability to pay Charges that have accrued before the date of effective termination.
20.6 If the Agreement is terminated under Clause 15.3(f) or 19.1, then any licence of On-premises Software under the Agreement shall continue notwithstanding such termination; if the Agreement is terminated in any other circumstances, then any licence of On-premises Software under the Agreement shall automatically and simultaneously terminate. If any licence of On-premises Software continues following termination of the Agreement, and it comes to our attention that you have breached any term of that licence, whether before or after termination of the Agreement, then we may by written notice to you terminate that licence.
21. Notices
21.1 Any notice under the Agreement must be in writing (whether or not described as "written notice" in the Agreement) and must be sent in accordance with this Clause 21.
21.2 Any notice that a party gives to the other party under the Agreement must be sent by email, courier or recorded signed-for post:
21.3 A party receiving from the other party a notice by email must acknowledge receipt by email promptly, and in any event within 2 Business Days following receipt of the notice.
21.4 A notice will be deemed to have been received:
21.5 You acknowledge that we may treat all instructions received by us in relation to this Agreement from any user with an Admin Account as fully authorised by you.
22. Subcontractors
22.1 We may subcontract the provision of hosting services and any other of our obligations under the Agreement, subject to our obligations in relation to the appointment of sub-processors of Client Personal Data.
22.2 We shall remain responsible to you for the performance of any subcontracted obligations.
23. General
23.1 No breach of any provision of the Agreement will be waived except with the express written consent of the party not in breach.
23.2 If a Clause of the Agreement is determined by any court or other competent authority to be unlawful and/or unenforceable, the other Clauses of the Agreement will continue in effect. If any unlawful and/or unenforceable Clause would be lawful or enforceable if part of it were deleted, that part will be deemed to be deleted, and the rest of the Clause will continue in effect (unless that would contradict the clear intention of the parties, in which case the entirety of the relevant Clause will be deemed to be deleted).
23.3 The Agreement may be varied as follows:
23.4 Either party may freely assign the entirety of its contractual rights and obligations under the Agreement to any group company of the assigning party or to any successor to all or a substantial part of the business of the assigning party. The assigning party must give to the other party written notice of any assignment upon or before the date of the assignment. Save as provided in this Clause 23.4, neither party may without the other party's prior written consent assign, transfer, charge, license or otherwise dispose of or deal in the Agreement or any contractual rights or obligations under the Agreement.
23.5 The Agreement is made for the benefit of the parties, and is not intended to benefit any third party or be enforceable by any third party. The rights of the parties to terminate or rescind, or agree any amendment, waiver, variation or settlement under or relating to, the Agreement are not subject to the consent of any third party.
23.6 Subject to Clause 18.1:
23.7 The Agreement will be governed by and construed in accordance with English law; and the courts of England and Wales will have exclusive jurisdiction to adjudicate any dispute arising under or in connection with the Agreement.
24. Interpretation
24.1 In the Agreement, a reference to a statute or statutory provision includes a reference to:
24.2 The Clause headings do not affect the interpretation of the Agreement.
24.3 In the Agreement, general words shall not be given a restrictive interpretation by reason of being preceded or followed by words indicating a particular class of acts, matters or things.
Schedule 1 – EU Standard Contractual Clauses
You can see the text of the main body of EU Standard Contractual Clauses that applies Restricted Transfers of Personal Data between us and our customers at:
https://www.assetbank.co.uk/sccs
The Appendices and Annexures to the EU Standard Contractual Clauses are set out below.
APPENDIX A TO SCHEDULE 1
This Appendix A to the EU Standard Contractual Clauses sets out information relating to restricted transfers of personal data from the customer for Asset Bank (the data exporter, acting as controller) to Bright Interactive Ltd (the data importer, acting as controller or processor). Capitalised terms used in this Appendix A that are not defined here or in the main body of the EU Standard Contractual Clauses are defined in the Asset Bank Terms & Conditions.
ANNEX I
A. LIST OF PARTIES
Data exporter(s):
1.
|
|
Name:
|
The customer for the Services, as specified in the Proposal |
Address:
|
As specified in the Proposal |
Contact person’s name, position and contact details:
|
As specified in the Proposal |
Activities relevant to the data transferred under these Clauses:
|
The use and receipt of digital asset management software solutions and associated services
|
Signature and date:
|
By agreeing to the Proposal and the Asset Bank Terms and Conditions, the data exporter also agrees to the EU Standard Contractual Clauses including this Appendix
|
Role (controller/processor):
|
Controller |
Data importer(s):
1.
|
|
Name:
|
Bright Interactive Ltd, a company incorporated in England and Wales (registration number 03865036)
|
Address:
|
Ninth Floor, Tower Point, 44 North Road, Brighton, East Sussex BN1 1YR, UK
|
Contact person’s name, position and contact details:
|
Privacy Officer Postal address: Bright Interactive Ltd, Ninth Floor, Tower Point, 44 North Road, Brighton, East Sussex BN1 1YR, UK Email address: privacy@builtbybright.com
|
Activities relevant to the data transferred under these Clauses:
|
The provision of digital asset management software solutions and associated services |
Signature and date:
|
By agreeing to the Proposal and the Asset Bank Terms and Conditions, the data importer also agrees to the EU Standard Contractual Clauses including this Appendix
|
Role (controller/processor):
|
Processor with respect to data categories (1) and (2); controller with respect to data category (3).
|
B. DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred
|
(1) user account data: individuals holding accounts in the Hosted Services or On-premises Software (2) digital asset data: persons whose data is comprised in the digital assets and metadata processed by the Hosted Services or the On-premises Software (3) customer relationship data: personnel of the data exporter
|
Categories of personal data transferred
|
(1) user account data: names, email addresses and other account-related data (2) digital asset data: any information comprised in digital assets and metadata that are processed by the Hosted Services or the On-premises Software (3) customer relationship data: names; contact details; job details; marketing preferences; communication content and metadata
|
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
|
(1) None (2) Customer may submit special categories of data to the data importer at the sole discretion of the data exporter (special categories include information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life) (3) None
|
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
|
(1) data transferred whenever the relevant person uses the Hosted Services or On-premises Software (2) data transferred when digital assets are uploaded to or otherwise stored on the Hosted Services or On-premises Software (3) data transferred periodically in communications between the parties
|
Nature of the processing
|
(1) & (2) This processing includes transfer and secure storage of data, and consultancy and support services, including: (a) transfer of data to Bright's cloud hosting solution for secure storage; (b) backup of the data; (c) access and transfer for the data for the provision of ongoing support services, and specific consultancy activities; (d) deletion of the data; (and e) other activities as requested by the customer or as required for the provision of the services. (3) This processing includes storage of data, access to and use of data by personnel of the data importer, subcontractors and services providers, transfer of data between the parties
|
Purpose(s) of the data transfer and further processing
|
(1) & (2) to deliver services, and to meet contractual obligations. (3) Marketing, promotion, accounting and general business administration.
|
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
|
(1) & (2) In accordance with clause 15 of the Asset Bank Terms and Conditions (3) In accordance with the data importer's privacy policy
|
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
|
As specified at:
|
C. COMPETENT SUPERVISORY AUTHORITY
Identify the competent supervisory authority/ies in accordance with Clause 13
|
As specified in the Proposal, or if the Proposal does not specify the competent supervisory authority/ies: The Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
|
ANNEX II
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons.
Measure |
Description |
Physical Access |
Data importer shall take reasonable measures to ensure the security of all physical locations and equipment required to perform its duties. This includes controls such as door security, CCTV, alarms, lockable storage and safes, encryption policies for storage media and leaver processes.
|
System Access |
Data importer shall take reasonable measures to prevent Personal Data from being accessed without authorisation. This includes the use of industry standard password-management techniques, device handling procedures, network access procedures, user authentication controls and other documented procedures as well as logging protocols to capture all relevant activities.
|
Network Access |
Data importer shall take reasonable measures to ensure the appropriate security techniques are utilised for all system access, including but not limited to controls governing secure protocols, port access restrictions , encryption and file transfer technologies and procedures.
|
Application Browser Access |
Data importer shall take reasonable measures to ensure the service utilises sufficiently secure techniques when being delivered via a client browser. This includes utilisation of encryption protocols and support for SSL certificates.
|
Application Level Access |
Data importer shall take reasonable measures to protect Personal Data that is handled by any applications that operate as part of any delivered services. This includes the use of encryption, data segregation and access and deployment restrictions and segregations.
|
Infrastructure penetration testing |
Data importer shall take reasonable measures to test the security and vulnerability of the infrastructure delivered as part of the services via the use of regular risk assessments, information security reviews and formal penetration tests.
|
Patch management |
Data importer shall take reasonable measures to ensure the security and reliability of the services through proper patch management techniques. This includes maintaining active awareness of all applicable latest software versions and following a documented process to incorporate these versions into the service as appropriate.
|
Data Backups |
Data importer shall take reasonable measures to protect against accidental destruction or loss of personal data by taking regular backups of this data and applying suitable security measures to the process.
|
Other |
Those security measures specified in Bright's security policy as published in the Asset Bank Help Centre from time to time.
|
ANNEX III
LIST OF SUB-PROCESSORS
Not applicable: insofar as the data importer is acting as processor on behalf of the data exporter, it benefits from a general authorisation to appoint sub-processors.
APPENDIX B TO SCHEDULE 1
This Appendix B to the EU Standard Contractual Clauses sets out information relating to restricted transfers of personal data from Bright Interactive Ltd (the data exporter, acting as controller or processor) to the customer for Asset Bank (the data importer, acting as controller). Capitalised terms used in this Appendix B that are not defined here or in the main body of the EU Standard Contractual Clauses are defined in the Asset Bank Terms & Conditions.
ANNEX I
A. LIST OF PARTIES
Data exporter(s):
1.
|
|
Name:
|
Bright Interactive Ltd, a company incorporated in England and Wales (registration number 03865036)
|
Address:
|
Ninth Floor, Tower Point, 44 North Road, Brighton, East Sussex BN1 1YR, UK
|
Contact person’s name, position and contact details:
|
Privacy Officer Postal address: Bright Interactive Ltd, Ninth Floor, Tower Point, 44 North Road, Brighton, East Sussex BN1 1YR, UK Email address: privacy@builtbybright.com
|
Activities relevant to the data transferred under these Clauses:
|
The provision of digital asset management software solutions and associated services |
Signature and date:
|
By agreeing to the Proposal and the Asset Bank Terms and Conditions, the data exporter also agrees to the EU Standard Contractual Clauses including this Appendix
|
Role (controller/processor):
|
Processor with respect to data categories (1) and (2); controller with respect to data category (3).
|
Data importer(s):
1.
|
|
Name:
|
The customer for the Services, as specified in the Proposal |
Address:
|
As specified in the Proposal |
Contact person’s name, position and contact details:
|
As specified in the Proposal |
Activities relevant to the data transferred under these Clauses:
|
The use and receipt of digital asset management software solutions and associated services
|
Signature and date:
|
By agreeing to the Proposal and the Asset Bank Terms and Conditions, the data importer also agrees to the EU Standard Contractual Clauses including this Appendix
|
Role (controller/processor):
|
Controller |
B. DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred
|
(1) user account data: individuals holding accounts in the Hosted Services or On-premises Software (2) digital asset data: persons whose data is comprised in the digital assets and metadata processed by the Hosted Services or the On-premises Software (3) customer relationship data: personnel of the data exporter
|
Categories of personal data transferred
|
(1) user account data: names, email addresses and other account-related data (2) digital asset data: any information comprised in digital assets and metadata that are processed by the Hosted Services or the On-premises Software (3) customer relationship data: names; contact details; job details; marketing preferences; communication content and metadata
|
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
|
(1) None (2) Customer may submit special categories of data to the data importer at the sole discretion of the data exporter (special categories include information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life) (3) None
|
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
|
(1) data transferred whenever the relevant person uses the Hosted Services or On-premises Software (2) data transferred when digital assets are accessed or downloaded from the Hosted Services or On-premises Software (3) data transferred periodically in communications between the parties
|
Nature of the processing
|
(1) & (2) This processing includes transfer and secure storage of data, and consultancy and support services, including: (a) transfer of data from Bright's cloud hosting solution for secure storage; (b) access and transfer for the data for the provision of ongoing support services, and specific consultancy activities; (and c) other activities as requested by the customer or as required for the provision of the services (3) This processing includes storage of data, access to and use of data by personnel of the data importer, subcontractors and services providers, transfer of data between the parties
|
Purpose(s) of the data transfer and further processing
|
(1) & (2) to deliver services, and to meet contractual obligations. (3) Marketing, promotion, accounting and general business administration.
|
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
|
In accordance with the data importer's privacy policy. |
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
|
As specified at:
|
C. COMPETENT SUPERVISORY AUTHORITY
Identify the competent supervisory authority/ies in accordance with Clause 13
|
As specified in the Proposal, or if the Proposal does not specify the competent supervisory authority/ies: The Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
|
ANNEX II
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons.
Measure
|
Description |
As specified in the customer's information security policy
|
As specified in the customer's information security policy |
ANNEX III
LIST OF SUB-PROCESSORS
Not applicable, as all transfers under this Appendix are to the customer acting as controller.
Schedule 2 – UK Addendum
You can see the text of the main body of UK Addendum that applies to certain Restricted Transfers of Personal Data between us and our customers at:
https://www.assetbank.co.uk/ukaddendum
Version 14. Revision date 18th June 2024