SaaS Agreement

Version 1.1

This Saas agreement represents your agreement with Hallwizard Limited.  By registering for a MyHallWizard account, you indicate your acceptance of this agreement.

If you do not accept this SaaS agreement, you must not register for a MyHallWizard account, or if you have completed registration you should cancel your account.

Parties

1.     HallWizard Limited, a company incorporated in England and Wales (registration number 12763234) having its registered office at 2nd Floor, 2 Woodberry Grove, London N12 0DR(the “Provider“); and

2.     The person or legal entity who registered for a MyHallWizard account (the “Customer“).

Agreement

1.       Definitions

1.1    In this Agreement, except to the extent expressly provided otherwise:

Account” means an account enabling a person to access and use the Hosted Services on behalf of the Customer, whether as an Account Owner or Account User;

Agreement” means this agreement including any Schedules, and any amendments to this Agreement from time to time;

Beta Services” means the Hosted Services indicated as Beta Services within the Hosted Services Specification or marked “BETA” in the user interface of the Hosted Services;

Business Day” means any weekday other than a bank or public holiday in England;

Business Hours” means the hours of 09:00 to 17:00 GMT/BST on a Business Day;

Charges” means the subscriptions and any other amounts payable for any services provided under this Agreement, as detailed on the MyHallWizard website or as otherwise agreed between the Provider and the Customer;

Confidential Information” means :

(a)    any information disclosed by or on behalf the Customer to the Provider, and any information disclosed by the Provider to the Customer, at any time before the termination of this Agreement (whether disclosed in writing, orally or otherwise) that at the time of disclosure:

(i)     was marked or described as “confidential”; or

(ii)    should have been reasonably understood by the receiving party to be confidential;

(b)       the Customer Data; and

(c)       the Beta Services;

Customer Data” means all data, works and materials: uploaded to or stored on the Platform by the Customer; transmitted by the Platform at the instigation of the Customer; supplied by the Customer to the Provider for uploading to, transmission by or storage on the Platform; or generated by the Platform as a result of the use of the Hosted Services by the Customer (but excluding analytics data relating to the use of the Platform and server log files);

Customer Personal Data” means any Personal Data that is processed by the Provider on behalf of the Customer in relation to this Agreement, but excluding data with respect to which the Provider is a data controller;

Data Protection Laws” means all applicable laws relating to the processing of Personal Data including, while it is in force and applicable to Customer Personal Data, the General Data Protection Regulation (Regulation (EU) 2016/679);

Documentation” means the documentation for the Hosted Services produced by the Provider and made available by the Provider to the Customer;

Effective Date” means the date of execution of this Agreement;

Force Majeure Event” means an event, or a series of related events, that is outside the reasonable control of the party affected (including failures of the internet or any public telecommunications network, hacker attacks, denial of service attacks, virus or other malicious software attacks or infections, power failures, industrial disputes affecting any third party, changes to the law, disasters, explosions, fires, floods, pandemics, riots, terrorist attacks and wars);

Hosted Services” means the MyHallWizard application, which will be made available by the Provider to the Customer as a service via the internet in accordance with this Agreement;

Hosted Services Defect” means a defect, error or bug in the Platform having a material adverse effect on the Hosted Services, but excluding any defect, error or bug caused by or arising as a result of:

(a)    any act or omission of the Customer or any person authorised by the Customer to use the Platform or Hosted Services;

(b)    any use of the Platform or Hosted Services contrary to the Documentation, whether by the Customer or by any person authorised by the Customer;

(c)    a failure of the Customer to perform or observe any of its obligations in this Agreement; and/or

(d)    an incompatibility between the Platform or Hosted Services and any other system, network, application, program, hardware or software not specified as compatible in the Hosted Services Specification;

Hosted Services Specification” means the specification for the Platform and Hosted Services set out in Part 1 of Schedule 1 (Hosted Services particulars);

Intellectual Property Rights” means all intellectual property rights wherever in the world, whether registrable or unregistrable, registered or unregistered, including any application or right of application for such rights (and these “intellectual property rights” include copyright and related rights, database rights, confidential information, trade secrets, know-how, business names, trade names, trade marks, service marks, passing off rights, unfair competition rights, patents, petty patents, utility models, and rights in designs);

Maintenance Services” means the general maintenance of the Platform and Hosted Services, and the application of Updates and Upgrades;

Personal Data” has the meaning given to it in the Data Protection Laws applicable in the United Kingdom from time to time;

Platform” means the platform managed by the Provider and used by the Provider to provide the Hosted Services, including the application and database software for the Hosted Services, the system and server software used to provide the Hosted Services, and the computer hardware on which that application, database, system and server software is installed;

Schedule” means any schedule attached to the main body of this Agreement;

Services” means any services that the Provider provides to the Customer, or has an obligation to provide to the Customer, under this Agreement;

Support Services” means support in relation to the use of, and the identification and resolution of errors in, the Hosted Services, but shall not include the provision of training services;

Supported Web Browser” means the current release from time to time of Microsoft Edge, Mozilla Firefox, Google Chrome or Apple Safari;

Term” means the term of this Agreement, commencing in accordance with Clause 2.1 and ending in accordance with Clause 3.2;

Upgrade” means a major version upgrade of any Platform software.

2.       Credit

2.1    This document was created using a template from SEQ Legal (https://seqlegal.com).

3.       Term

3.1    This Agreement shall come into force upon the Effective Date.

3.2    This Agreement shall continue in force indefinitely, subject to termination in accordance with Clause 18 or any other provision of this Agreement.

4.       Hosted Services

4.1    Upon registration and agreement of this Agreement, the Provider shall ensure that the Platform will generate an Account for the Customer and provide to the Customer login details for that Account.  The Customer is required to activate their account by clicking on a link sent to them via email.

4.2    The Provider hereby grants to the Customer a worldwide, non-exclusive licence to use the Hosted Services by means of a Supported Web Browser for the internal business purposes of the Customer in accordance with the Documentation during the Term.

4.3    The Hosted Services may only be used by users who have registered with the Provider and who have been invited to access the Account by the Account Owner via the Send Invitation function in the Venue Settings and who have accepted that invitation.

4.4    Except to the extent expressly permitted in this Agreement or required by law on a non-excludable basis, the licence granted by the Provider to the Customer under Clause 5.2 is subject to the following prohibitions:

(a)    the Customer must not sub-license its right to access and use the Hosted Services;

(b)    the Customer must not permit any unauthorised person to access or use the Hosted Services;

(c)    the Customer must not use the Hosted Services to provide services to third parties;

(d)    the Customer must not republish or redistribute any content or material from the Hosted Services;

(e)    the Customer must not make any alteration to the Platform;

(f)    the Customer must not conduct or request that any other person conduct any load testing or penetration testing on the Platform or Hosted Services; and

(g)    the Customer must not build a competitive product or service or copy any features or functions of the Hosted Service.

4.5    The Customer shall use reasonable endeavours, including reasonable security measures relating to Account access details, to ensure that no unauthorised person may gain access to the Hosted Services using an Account.

4.6    The Provider shall use reasonable endeavours to maintain the availability of the Hosted Services to the Customer, but does not guarantee 100% availability.

4.7    For the avoidance of doubt, downtime caused directly or indirectly by any of the following shall not be considered a breach of this Agreement:

(a)    a Force Majeure Event;

(b)    a fault or failure of the internet or any public telecommunications network;

(c)    a fault or failure of the Customer’s computer systems or networks;

(d)    any breach by the Customer of this Agreement; or

(e)    scheduled maintenance carried out in accordance with this Agreement.

4.8    The Customer must comply with Schedule 2 (Acceptable Use Policy), and must ensure that all persons using the Hosted Services with the authority of the Customer or by means of an Account comply with Schedule 2 (Acceptable Use Policy).

4.9    The Customer must not use the Hosted Services in any way that causes, or may cause, damage to the Hosted Services or Platform or impairment of the availability or accessibility of the Hosted Services.

4.10  The Customer must not use the Hosted Services:

(a)    in any way that is unlawful, illegal, fraudulent or harmful; or

(b)    in connection with any unlawful, illegal, fraudulent or harmful purpose or activity.

4.11  For the avoidance of doubt, the Customer has no right to access the software code (including object code, intermediate code and source code) of the Platform, either during or after the Term.

4.12  The Provider may suspend the provision of the Hosted Services if any amount due to be paid by the Customer to the Provider under this Agreement is overdue.

5.       Beta Services

5.1    The Provider shall provide the Beta Services subject to the conditions in this Clause 5.

5.2    Customers may only access the Beta Services by invitation of the Provider.

5.3    By using the Beta Services, the Customer understands and acknowledges that the Beta Services are being provided as a “Beta” version and made available on an “As Is” or “As Available” basis.

5.4    The Beta Services may contain bugs, errors, and other problems.

5.5    The Customer assumes all risks and all costs associated with their use of the Beta Services, including, without limitation, any internet access fees, back-up expenses, costs incurred for the use of their device and peripherals, and any damage to any equipment, software, information or data.

5.6    Provider is not obligated to provide Maintenance Services or Support Services in respect of the Beta Services.

5.7    The Beta Services are made available to the Customer for the purposes of evaluation and feedback without any compensation or reimbursement of any kind from the Provider. The Customer acknowledges the importance of communication between the Customer and the Provider during their use of the Beta Services and agree to receive related correspondence and updates from the Provider.  In the event the Customer requests to opt out from such communications, their use of the applicable Beta Services will be discontinued.

5.8    The Customer will be asked to provide feedback regarding their use of the Beta Services. The Provider will own any feedback provided, and the Customer grants to the Provider a perpetual, non-revocable, royalty-free worldwide license to use and/or incorporate such feedback into any of the Provider’s products or services at any time at the Provider’s sole discretion. The Provider will not identify the Customer with any feedback except with the Customer’s prior consent.

5.9    The Provider may monitor how the Customer uses the Beta Services and use that information to improve the Hosted Services.

5.10  The Provider reserves the right to modify or terminate the Beta Services, or the Customer’s use of the Beta Services, to limit or deny access to the Beta Services, at any time, in their sole discretion, for any reason, with or without notice and without liability to the Customer.

5.11  The Customer may discontinue their use of the Beta Services at any time.

5.11  The Beta Services constitute Confidential Information as defined in this Agreement.  The Customer shall not share any information about the Beta Services with anyone other than other authorized users of the Beta Services, except with the prior written consent of the Provider.  In particular, the Customer:

(a)    shall not share any information about the Beta Services with any competitor or potential competitor of the Provider; and

(b)    shall not write or publish any review of the Beta Services.

6.       Maintenance Services

6.1    The Provider shall provide the Maintenance Services to the Customer during the Term.

6.2    The Provider shall where practicable give to the Customer prior notice via email and/or via a notification within the Hosted Service of scheduled Maintenance Services that are likely to affect the availability of the Hosted Services or are likely to have a material negative impact upon the Hosted Services, without prejudice to the Provider’s other notice obligations under this main body of this Agreement.

6.3    The Provider shall give to the Customer prior notice via email and/or via a notification within the Hosted Service of the application of an Upgrade to the Platform.

6.4    The Provider shall provide the Maintenance Services with reasonable skill and care.

7.       Support Services

7.1    The Provider shall provide the Support Services to the Customer during the Term.

7.2    The Provider shall make available to the Customer a helpdesk in accordance with the provisions of this main body of this Agreement.

7.3    The Provider shall provide the Support Services with reasonable skill and care.

7.4    The Customer may use the helpdesk for the purposes of requesting and, where applicable, receiving the Support Services; and the Customer must not use the helpdesk for any other purpose.

7.5    The Provider shall respond promptly to all requests for Support Services made by the Customer through the helpdesk.

7.6    The Provider may suspend the provision of the Support Services if any amount due to be paid by the Customer to the Provider under this Agreement is overdue.

8.       Customer Data

8.1    The Customer hereby grants to the Provider a non-exclusive licence to copy, reproduce, store, distribute, publish, export, adapt, edit and translate the Customer Data to the extent reasonably required for the performance of the Provider’s obligations and the exercise of the Provider’s rights under this Agreement. The Customer also grants to the Provider the right to sub-license these rights to its hosting, connectivity and telecommunications service providers, subject to any express restrictions elsewhere in this Agreement.

8.2    The Customer warrants to the Provider that the Customer Data will not infringe the Intellectual Property Rights or other legal rights of any person, and will not breach the provisions of any law, statute or regulation in any jurisdiction and under any applicable law.

8.3    The Provider shall create a back-up copy of the Customer Data at least daily, shall ensure that each such copy is sufficient to enable the Provider to restore the Hosted Services to the state they were in at the time the back-up was taken, and shall retain and securely store each such copy for a minimum period of 30 days.

8.4    Within the period of 3 Business Days following receipt of a written request from the Customer, the Provider shall use all reasonable endeavours to restore to the Platform the Customer Data stored in any back-up copy created and stored by the Provider in accordance with Clause 8.3. The Customer acknowledges that this process will overwrite the Customer Data stored on the Platform prior to the restoration.

9.       No assignment of Intellectual Property Rights

9.1    Nothing in this Agreement shall operate to assign or transfer any Intellectual Property Rights from the Provider to the Customer, or from the Customer to the Provider.

10.       Charges

10.1    The Customer shall pay the Charges to the Provider in accordance with this Agreement.

10.2    If the Charges are based in whole or part upon the time spent by the Provider performing the Services, the Provider must obtain the Customer’s written consent before performing Services that result in any estimate of time-based Charges given to the Customer being exceeded or any budget for time-based Charges agreed by the parties being exceeded; and unless the Customer agrees otherwise in writing, the Customer shall not be liable to pay to the Provider any Charges in respect of Services performed in breach of this Clause 10.2.

10.3    All amounts stated in or in relation to this Agreement are, unless the context requires otherwise, stated exclusive of any applicable value added taxes, which will be added to those amounts and payable by the Customer to the Provider.

10.4    The Provider may elect to vary any element of the Charges by giving to the Customer not less than 30 days’ written notice of the variation.

11.    Payments

11.1  The Provider shall issue invoices for the Charges to the Customer.

11.2  The Customer must pay the Charges to the Provider within the period of 30 days following the issue of an invoice in accordance with this Clause 11.

11.3  The Customer must pay the Charges by debit card or credit card, or by other means agreed between the Provider and Customer from time to time.

11.4  If the Customer does not pay any amount properly due to the Provider under this Agreement, the Provider may:

(a)    charge the Customer interest on the overdue amount at the rate of 8% per annum above the Bank of England base rate from time to time (which interest will accrue daily until the date of actual payment and be compounded at the end of each calendar month); or

(b)    claim interest and statutory compensation from the Customer pursuant to the Late Payment of Commercial Debts (Interest) Act 1998.

12.    Confidentiality obligations

12.1  Both parties must:

(a)    keep the Confidential Information of the other party strictly confidential;

(b)    not disclose the Confidential Information of the other party to any person without the other party’s prior written consent;

(c)    use the same degree of care to protect the confidentiality of the Confidential Information as they use to protect their own confidential information of a similar nature, being at least a reasonable degree of care;

(d)    act in good faith at all times in relation to the Confidential Information; and

(e)    not use any of the Confidential Information for any purpose other than that for which it was provided.

12.2  Notwithstanding Clause 12.1, a party may disclose the Confidential Information to their officers, employees, professional advisers, insurers, agents and subcontractors who have a need to access the Confidential Information for the performance of their work with respect to this Agreement and who are bound by a written agreement or professional obligation to protect the confidentiality of the Confidential Information.

12.3  This Clause 12 imposes no obligations upon either party with respect to Confidential Information that:

(a)    is known to the party before disclosure under this Agreement and is not subject to any other obligation of confidentiality;

(b)    is or becomes publicly known through no act or default of the party; or

(c)    is obtained from a third party in circumstances where the recipient has no reason to believe that there has been a breach of an obligation of confidentiality.

12.4  The restrictions in this Clause 12 do not apply to the extent that any Confidential Information is required to be disclosed by any law or regulation, by any judicial or governmental order or request, or pursuant to disclosure requirements relating to the listing of the stock of the Provider on any recognised stock exchange.

12.5  The provisions of this Clause 12 shall continue in force indefinitely following the termination of this Agreement.

13.    Data protection

13.1  Each party shall comply with the Data Protection Laws with respect to the processing of the Customer Personal Data.

13.2  The Customer warrants to the Provider that it has the legal right to disclose all Personal Data that it does in fact disclose to the Provider under or in connection with this Agreement.

13.3  The Customer shall only supply to the Provider, and the Provider shall only process, in each case under or in relation to this Agreement, the Personal Data of data subjects falling within the categories specified in Part 1 of Schedule 3 (Data processing information) and of the types specified in Part 2 of Schedule 3 (Data processing information); and the Provider shall only process the Customer Personal Data for the purposes specified in Part 3 of Schedule 3 (Data processing information).

13.4  The Provider shall only process the Customer Personal Data during the Term and for not more than 30 days following the end of the Term, subject to the other provisions of this Clause 13.

13.5  The Provider shall only process the Customer Personal Data on the documented instructions of the Customer (including with regard to transfers of the Customer Personal Data to any place outside the European Economic Area).  For Customers located within the European Economic Area, the Standard Contractual Clauses adopted by the European Commission and set out in Schedule 4 (Standard Contractual Clauses for controllers to processors) shall apply.

13.6  The Provider shall promptly inform the Customer if, in the opinion of the Provider, an instruction of the Customer relating to the processing of the Customer Personal Data infringes the Data Protection Laws.

13.7  Notwithstanding any other provision of this Agreement, the Provider may process the Customer Personal Data if and to the extent that the Provider is required to do so by applicable law. In such a case, the Provider shall inform the Customer of the legal requirement before processing, unless that law prohibits such information.

13.8  The Provider shall ensure that persons authorised to process the Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

32.9  The Provider and the Customer shall each implement appropriate technical and organisational measures to ensure an appropriate level of security for the Customer Personal Data, including those measures specified in Part 4 of Schedule 3 (Data processing information).

13.10 The Provider must not engage any third party to process the Customer Personal Data without the prior specific or general written authorisation of the Customer. In the case of a general written authorisation, the Provider shall inform the Customer at least 14 days in advance of any intended changes concerning the addition or replacement of any third party processor, and if the Customer objects to any such changes before their implementation, then the Customer may terminate this Agreement on 7 days’ written notice to the Provider, providing that such notice must be given within the period of 7 days following the date that the Provider informed the Customer of the intended changes. The Provider shall ensure that each third party processor is subject to equivalent legal obligations as those imposed on the Provider by this Clause 13.

13.11 As at the Effective Date, the Provider is hereby authorised by the Customer to engage, as sub-processors with respect to Customer Personal Data, the third parties identified in Part 5 of Schedule 3 (Data processing information).

13.12 The Provider shall, insofar as possible and taking into account the nature of the processing, take appropriate technical and organisational measures to assist the Customer with the fulfilment of the Customer’s obligation to respond to requests exercising a data subject’s rights under the Data Protection Laws.

13.13 The Provider shall assist the Customer in ensuring compliance with the obligations relating to the security of processing of personal data, the notification of personal data breaches to the supervisory authority, the communication of personal data breaches to the data subject, data protection impact assessments and prior consultation in relation to high-risk processing under the Data Protection Laws. The Provider shall report any Personal Data breach relating to the Customer Personal Data to the Customer within 24 hours following the Provider becoming aware of the breach. The Provider may charge the Customer at its standard time-based charging rates for any work performed by the Provider at the request of the Customer pursuant to this Clause 13.13.

13.14 The Provider shall make available to the Customer all information necessary to demonstrate the compliance of the Provider with its obligations under this Clause 12 and the Data Protection Laws.

13.15 The Provider shall, at the choice of the Customer, delete or return all of the Customer Personal Data to the Customer after the provision of services relating to the processing, and shall delete existing copies save to the extent that applicable law requires storage of the relevant Personal Data.

13.16 The Provider shall allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer in respect of the compliance of the Provider’s processing of Customer Personal Data with the Data Protection Laws and this Clause 13. The Provider may charge the Customer at its standard time-based charging rates for any work performed by the Provider at the request of the Customer pursuant to this Clause 13.16.

13.17 If any changes or prospective changes to the Data Protection Laws result or will result in one or both parties not complying with the Data Protection Laws in relation to processing of Personal Data carried out under this Agreement, then the parties shall use their best endeavours promptly to agree such variations to this Agreement as may be necessary to remedy such non-compliance.

14.    Warranties

14.1  The Provider warrants to the Customer that:

(a)    the Provider has the legal right and authority to enter into this Agreement and to perform its obligations under this Agreement;

(b)    the Provider will comply with all applicable legal and regulatory requirements applying to the exercise of the Provider’s rights and the fulfilment of the Provider’s obligations under this Agreement; and

(c)    the Provider has or has access to all necessary know-how, expertise and experience to perform its obligations under this Agreement.

14.2  Except in respect of Beta Services, the Provider warrants to the Customer that:

(a)    the Platform and Hosted Services will conform in all material respects with the Hosted Services Specification;

(b)    the Hosted Services will be free from Hosted Services Defects;

(c)    the application of Updates and Upgrades to the Platform by the Provider will not introduce any Hosted Services Defects into the Hosted Services;

(d)    the Platform will be free from viruses, worms, Trojan horses, ransomware, spyware, adware and other malicious software programs; and

(e)    the Platform will incorporate security features reflecting the requirements of good industry practice.

14.3  The Provider warrants to the Customer that the Hosted Services, when used by the Customer in accordance with this Agreement, will not breach any laws, statutes or regulations applicable under English law.

14.4  The Provider warrants to the Customer that the Hosted Services, when used by the Customer in accordance with this Agreement, will not infringe the Intellectual Property Rights of any person in any jurisdiction and under any applicable law.

14.5  If the Provider reasonably determines, or any third party alleges, that the use of the Hosted Services by the Customer in accordance with this Agreement infringes any person’s Intellectual Property Rights, the Provider may at its own cost and expense:

(a)    modify the Hosted Services in such a way that they no longer infringe the relevant Intellectual Property Rights; or

(b)    procure for the Customer the right to use the Hosted Services in accordance with this Agreement.

14.6  The Customer warrants to the Provider that it has the legal right and authority to enter into this Agreement and to perform its obligations under this Agreement.

14.7  All of the parties’ warranties and representations in respect of the subject matter of this Agreement are expressly set out in this Agreement. To the maximum extent permitted by applicable law, no other warranties or representations concerning the subject matter of this Agreement will be implied into this Agreement or any related contract.

15.    Acknowledgements and warranty limitations

15.1  The Customer acknowledges that complex software is never wholly free from defects, errors and bugs; and subject to the other provisions of this Agreement, the Provider gives no warranty or representation that the Hosted Services will be wholly free from defects, errors and bugs.

15.2  The Customer acknowledges that complex software is never entirely free from security vulnerabilities; and subject to the other provisions of this Agreement, the Provider gives no warranty or representation that the Hosted Services will be entirely secure.

15.3  The Customer acknowledges that the Hosted Services are designed to be compatible only with that software and those systems specified as compatible in the Hosted Services Specification; and the Provider does not warrant or represent that the Hosted Services will be compatible with any other software or systems.

15.4  The Customer acknowledges that the Provider will not provide any legal, financial, accountancy or taxation advice under this Agreement or in relation to the Hosted Services; and, except to the extent expressly provided otherwise in this Agreement, the Provider does not warrant or represent that the Hosted Services or the use of the Hosted Services by the Customer will not give rise to any legal liability on the part of the Customer or any other person.

16.    Limitations and exclusions of liability

16.1  Nothing in this Agreement will:

(a)    limit or exclude any liability for death or personal injury resulting from negligence;

(b)    limit or exclude any liability for fraud or fraudulent misrepresentation;

(c)    limit any liabilities in any way that is not permitted under applicable law; or

(d)    exclude any liabilities that may not be excluded under applicable law.

16.2  The limitations and exclusions of liability set out in this Clause 15 and elsewhere in this Agreement:

(a)    are subject to Clause 16.1; and

(b)    govern all liabilities arising under this Agreement or relating to the subject matter of this Agreement, including liabilities arising in contract, in tort (including negligence) and for breach of statutory duty, except to the extent expressly provided otherwise in this Agreement.

16.3  The Provider shall not be liable to the Customer in respect of any losses arising out of a Force Majeure Event, loss of profits or anticipated savings, loss of revenue or income, loss of use or production, loss of business, contracts or opportunities, any loss or corruption of any data, database or software, or special, indirect or consequential loss or damage.

16.4  The liability of  the Provider to the Customer under this Agreement in respect of any event or series of related events shall not exceed the total amount paid and payable by the Customer to the Provider under this Agreement in the 12 month period preceding the commencement of the event or events.

16.5  The aggregate liability of the Provider to the Customer under this Agreement shall not exceed the total amount paid and payable by the Customer to the Provider under this Agreement.

17.    Force Majeure Event

17.1  If a Force Majeure Event gives rise to a failure or delay in either party performing any obligation under this Agreement (other than any obligation to make a payment), that obligation will be suspended for the duration of the Force Majeure Event.

17.2  A party that becomes aware of a Force Majeure Event which gives rise to, or which is likely to give rise to, any failure or delay in that party performing any obligation under this Agreement, must:

(a)    promptly notify the other; and

(b)    inform the other of the period for which it is estimated that such failure or delay will continue.

17.3  A party whose performance of its obligations under this Agreement is affected by a Force Majeure Event must take reasonable steps to mitigate the effects of the Force Majeure Event.

18.    Termination

18.1  Either party may terminate this Agreement by giving to the other party at least 30 days’ written notice of termination.

18.2  Either party may terminate this Agreement immediately by giving written notice of termination to the other party if the other party commits a material breach of this Agreement.

18.3  Either party may terminate this Agreement immediately by giving written notice of termination to the other party if:

(a)    the other party:

(i)     is dissolved;

(ii)    ceases to conduct all (or substantially all) of its business;

(iii)    is or becomes unable to pay its debts as they fall due;

(iv)   is or becomes insolvent or is declared insolvent; or

(v)    convenes a meeting or makes or proposes to make any arrangement or composition with its creditors;

(b)    an administrator, administrative receiver, liquidator, receiver, trustee, manager or similar is appointed over any of the assets of the other party;

(c)    an order is made for the winding up of the other party, or the other party passes a resolution for its winding up[ (other than for the purpose of a solvent company reorganisation where the resulting entity will assume all the obligations of the other party under this Agreement)]; or

(d)    if that other party is an individual:

(i)     that other party dies;

(ii)    as a result of illness or incapacity, that other party becomes incapable of managing his or her own affairs; or

(iii)    that other party is the subject of a bankruptcy petition or order.

19.    Effects of termination

19.1  Upon the termination of this Agreement, all of the provisions of this Agreement shall cease to have effect, save that the following provisions of this Agreement shall survive and continue to have effect (in accordance with their express terms or otherwise indefinitely): Clauses 1, 4.11, 5, 11.2, 11.4, 12, 13.1, 13.3, 13.4, 13.5, 13.6, 13.7, 13.8, 13.9, 13.10, 13.11, 13.12, 13.13, 13.14, 13.15, 13.16, 13.17, 16, 19, 22 and 23.

19.2  Except to the extent that this Agreement expressly provides otherwise, the termination of this Agreement shall not affect the accrued rights of either party.

19.3  Within 30 days following the termination of this Agreement for any reason:

(a)    the Customer must pay to the Provider any Charges in respect of Services provided to the Customer before the termination of this Agreement; and

(b)    the Provider must refund to the Customer any Charges paid by the Customer to the Provider in respect of Services that were to be provided to the Customer after the termination of this Agreement,

        without prejudice to the parties’ other legal rights.

20.    Notices

20.1  Any notice from one party to the other party under this Agreement must be given by one of the following methods (using the relevant contact details set out in Clauses 20.2 and 20.3):

(a)    sent by recorded signed-for post, in which case the notice shall be deemed to be received 3 Business Days following posting providing that, if the stated time of deemed receipt is not within Business Hours, then the time of deemed receipt shall be when Business Hours next begin after the stated time; or

(b)    sent by email, in which case the notice shall be deemed to be received on the day the email was sent providing that, if the time sent is after Business Hours, then the time of deemed receipt shall be when Business Hours next begin after the stated time.

19.2  The Provider’s contact details for notices under this Clause 20 are as follows:

        Hallwizard Limited,
2nd Floor,
2 Woodberry Grove,
London N12 0DR,
United Kingdom.

        Email address:  support@hallwizard.com

20.3  The Customer’s contact details for notices shall be the address and email address provided by the Account Owner at registration or updated in the Venue Settings and Account Settings.

20.4  The addressee and contact details set out in Clauses 20.2 and 20.3 may be updated from time to time by a party giving written notice of the update to the other party in accordance with this Clause 20.

21.    Subcontracting

21.1  Subject to any express restrictions elsewhere in this Agreement, the Provider may subcontract any of its obligations under this Agreement, providing that the Provider must give to the Customer, promptly following the appointment of a subcontractor, a written notice specifying the subcontracted obligations and identifying the subcontractor in question.

21.2  The Provider shall remain responsible to the Customer for the performance of any subcontracted obligations.

21.3  Notwithstanding the provisions of this Clause 21 but subject to any other provision of this Agreement, the Customer acknowledges and agrees that the Provider may subcontract to any reputable third party hosting business the hosting of the Platform and the provision of services in relation to the support and maintenance of elements of the Platform.

22.    General

22.1  No breach of any provision of this Agreement shall be waived except with the express written consent of the party not in breach.

22.2  If any provision of this Agreement is determined by any court or other competent authority to be unlawful and/or unenforceable, the other provisions of this Agreement will continue in effect. If any unlawful and/or unenforceable provision would be lawful or enforceable if part of it were deleted, that part will be deemed to be deleted, and the rest of the provision will continue in effect (unless that would contradict the clear intention of the parties, in which case the entirety of the relevant provision will be deemed to be deleted).

22.3  This Agreement may not be varied except by a written document signed by or on behalf of each of the parties.

22.4  Neither party may without the prior written consent of the other party assign, transfer, charge, license or otherwise deal in or dispose of any contractual rights or obligations under this Agreement.

22.5  This Agreement is made for the benefit of the parties, and is not intended to benefit any third party or be enforceable by any third party. The rights of the parties to terminate, rescind, or agree any amendment, waiver, variation or settlement under or relating to this Agreement are not subject to the consent of any third party.

22.6  Subject to Clause 16.1, this Agreement shall constitute the entire agreement between the parties in relation to the subject matter of this Agreement, and shall supersede all previous agreements, arrangements and understandings between the parties in respect of that subject matter.

22.7  This Agreement shall be governed by and construed in accordance with English law.

22.8  The courts of England shall have exclusive jurisdiction to adjudicate any dispute arising under or in connection with this Agreement.

23.    Interpretation

23.1  In this Agreement, a reference to a statute or statutory provision includes a reference to:

(a)    that statute or statutory provision as modified, consolidated and/or re-enacted from time to time; and

(b)    any subordinate legislation made under that statute or statutory provision.

23.2  The Clause headings do not affect the interpretation of this Agreement.

23.3  References in this Agreement to “calendar months” are to the 12 named periods (January, February and so on) into which a year is divided.

23.4  In this Agreement, general words shall not be given a restrictive interpretation by reason of being preceded or followed by words indicating a particular class of acts, matters or things.

Schedule 1 (Hosted Services particulars)

1.       Specification of Hosted Services

The Hosted Services comprise the MyHallWizard application, hosted at https://app.myhallwizard.com, and which provide the following software modules:

  • Customers – to maintain a database of customers within the Account,
  • Bookings – to maintain a calendar of hall bookings by customers,
  • Invoices – to create and issue invoices to customers
  • Payments – to record payments received from customers, allocating each payment against an invoice
  • Reports – to provide reporting capabilities against the data stored within the database, including the ability to print reports and to export data in machine-readable formats.
  • Venue Settings – to allow the Customer to configure aspects of the system and the user experience, including, but not limited to Rooms, Price Lists, Users, Venue Settings, Invoice Settings.
  • Account Settings – to maintain personal settings on the Account, and change the Account’s password.

The purpose of the Hosted Services is to allow Customer to manage hall bookings on behalf of their venue.  Although the application can manage the issue of invoices and tracking payments, please note that this is not accounting software.

Hosted Services will be compatible with Supported Web Browsers.  The best user experience is when accessed via Windows 10 or MacOS Catalina on a screen of width 1200 pixels or greater and for venues of up to 6 rooms, though this is not a requirement of the software.

All Hosted Services are currently Beta Services, and subject to Clause 4 of the Agreement.

2.       Financial provisions

The Provider will not make any Charges for the Hosted Services until June 2021 at the earliest.

3.       Helpdesk

The Helpdesk can be accessed by

  • using the Support widget in the bottom right corner of the application;
  • via the Support page on the application;
  • by emailing support@hallwizard.com;
  • by phoning 0333 050 1145.

The Customer is requested to review the Documentation prior to contacting the Helpdesk.

Schedule 2 (Acceptable Use Policy)

1.       Introduction

1.1    This acceptable use policy (the “Policy“) sets out the rules governing:

(a)    the use of the website at https://myhallwizard.com, https://hallwizard.com and https://hallwizard.co.uk, including any sub-domains, any successor website, and the services available on that website or any successor website (the “Services“); and

(b)    the transmission, storage and processing of content by you, or by any person on your behalf, using the Services (“Content“).

1.2    References in this Policy to “you” are to any customer for the Services and any individual user of the Services (and “your” should be construed accordingly); and references in this Policy to “us” are to Hallwizard Limited (and “we” and “our” should be construed accordingly).

1.3    By using the Services, you agree to the rules set out in this Policy.

2.       General usage rules

2.1    You must not use the Services in any way that causes, or may cause, damage to the Services or impairment of the availability or accessibility of the Services.

2.2    You must not use the Services:

(a)    in any way that is unlawful, illegal, fraudulent, deceptive or harmful; or

(b)    in connection with any unlawful, illegal, fraudulent, deceptive or harmful purpose or activity.

2.3    You must ensure that all Content complies with the provisions of this Policy.

3.       Unlawful Content

3.1    Content must not be illegal or unlawful, must not infringe any person’s legal rights, and must not be capable of giving rise to legal action against any person (in each case in any jurisdiction and under any applicable law).

3.2    Content, and the use of Content by us in any manner licensed or otherwise authorised by you, must not:

(a)    be libellous or maliciously false;

(b)    be obscene or indecent;

(c)    infringe any copyright, moral right, database right, trade mark right, design right, right in passing off, or other intellectual property right;

(d)    infringe any right of confidence, right of privacy or right under data protection legislation;

(e)    constitute negligent advice or contain any negligent statement;

(f)    constitute an incitement to commit a crime, instructions for the commission of a crime or the promotion of criminal activity;

(g)    be in contempt of any court, or in breach of any court order;

(h)    constitute a breach of racial or religious hatred or discrimination legislation;

(i)     be blasphemous;

(j)     constitute a breach of official secrets legislation; or

(k)    constitute a breach of any contractual obligation owed to any person.

3.3    You must ensure that Content is not and has never been the subject of any threatened or actual legal proceedings or other similar complaint.

4.       Graphic material

4.1    Content must be appropriate for all persons who have access to or are likely to access the Content in question.

4.2    Content must not depict violence.

4.3    Content must not be pornographic or sexually explicit.

5.       Factual accuracy

5.1    Content must not be untrue, false, inaccurate or misleading.

5.2    Statements of fact contained in Content and relating to persons (legal or natural) must be true.

6.       Negligent advice

6.1    Content must not consist of or contain any legal, financial, investment, taxation, accountancy, medical or other professional advice, and you must not use the Services to provide any legal, financial, investment, taxation, accountancy, medical or other professional advisory services.

6.2    Content must not consist of or contain any advice, instructions or other information that may be acted upon and could, if acted upon, cause death, illness or personal injury, damage to property, or any other loss or damage.

7.       Etiquette

7.1    Content must be appropriate, civil and tasteful, and accord with generally accepted standards of etiquette and behaviour on the internet.

7.2    Content must not be offensive, deceptive, threatening, abusive, harassing, menacing, hateful, discriminatory or inflammatory.

7.3    Content must not be liable to cause annoyance, inconvenience or needless anxiety.

7.4    You must not use the Services to send any hostile communication or any communication intended to insult, including such communications directed at a particular person or group of people.

7.5    You must not use the Services for the purpose of deliberately upsetting or offending others.

7.6    You must not unnecessarily flood the Services with material relating to a particular subject or subject area, whether alone or in conjunction with others.

7.7    You must ensure that Content does not duplicate other content available through the Services.

7.8    You must ensure that Content is appropriately categorised.

7.9    You should use appropriate and informative titles for all Content.

7.10  You must at all times be courteous and polite to other users of the Services.

8.       Marketing and spam

8.1    Content must not constitute or contain spam, and you must not use the Services to store or transmit spam – which for these purposes shall include all unlawful marketing communications and unsolicited commercial communications.

8.2    You must not send any spam to any person using any email address or other contact details made available through the Services or that you find using the Services.

8.3    You must not use the Services to promote, host or operate any chain letters, Ponzi schemes, pyramid schemes, matrix programs, multi-level marketing schemes, “get rich quick” schemes or similar letters, schemes or programs.

8.4    You must not use the Services in any way which is liable to result in the blacklisting of any of our IP addresses.

9.       Regulated businesses

9.1    You must not use the Services for any purpose relating to gambling, gaming, betting, lotteries, sweepstakes, prize competitions or any gambling-related activity, except in order to book halls at your own premises for these purposes.

9.2    You must not use the Services for any purpose relating to the offering for sale, sale or distribution of drugs or pharmaceuticals, except in order to book halls at your own premises for these purposes.

9.3    You must not use the Services for any purpose relating to the offering for sale, sale or distribution of knives, guns or other weapons, except in order to book halls at your own premises for these purposes.

10.    Monitoring

10.1  You acknowledge that we do not actively monitor the Content or the use of the Services.

11.    Data mining

11.1  You must not conduct any systematic or automated data scraping, data mining, data extraction or data harvesting, or other systematic or automated data collection activity, by means of or in relation to the Services.

12.    Hyperlinks

12.1  You must not link to any material using or by means of the Services that would, if it were made available through the Services, breach the provisions of this Policy.

13.    Harmful software

13.1  The Content must not contain or consist of, and you must not promote, distribute or execute by means of the Services, any viruses, worms, spyware, adware or other harmful or malicious software, programs, routines, applications or technologies.

13.2  The Content must not contain or consist of, and you must not promote, distribute or execute by means of the Services, any software, programs, routines, applications or technologies that will or may have a material negative effect upon the performance of a computer or introduce material security risks to a computer.

Schedule 3 (Data processing information)

1.       Categories of data subject

The personal data transferred concern the following categories of data subjects.

Each category includes current, past and prospective data subjects. Where any of the following is itself a business or organisation, it includes their staff.

  • Customers and clients (including their staff)

2.       Types of Personal Data

The personal data transferred concern the following categories of data:

  • Personal details, including any information that identifies the data subject and their personal characteristics, including: name, address, contact details, age, date of birth, sex, and physical description

The personal data transferred concern the following special categories of data:

  • None

3.       Purposes of processing

The personal data transferred will be subject to the following basic processing activities:

  • Receive data, including collection, accessing, retrieval, recording, and data entry
  • Hold data, including storage, organisation and structuring
  • Update data, including correcting, adaptation, alteration, alignment and combination
  • Protect data, including restricting, encrypting, and security testing
  • Return data to the data exporter or data subject
  • Erase data, including destruction and deletion

4.       Security measures for Personal Data

Data shall be stored in a secure database located within the EU (the current location of the data centre is in the Republic of Ireland).  Access to the data is possible only for users of the Account, and by employees and officers of the Provider for the purposes of providing the Hosted Service, the Maintenance Services and the Support Services.

Backups of the data are maintained for all points in time within the last 3 days.  Snapshots of the database are created on a daily basis, and retained for 30 days.

Firewalls and other appropriate security settings are used to protect and control access to the database and the data centre.

All computers used by staff and developers at MyHallWizard sit behind firewalls, are protected from viruses and other malware, and software and devices are kept up-to-date.

5.       Sub-processors of Personal Data

Customer Personal Data is not currently processed by any sub-processors.

MyHallWizard uses the following sub-processors for the purposes of processing Account Data:

  • HubSpot (CRM and Support)
  • Paddle.com (invoice and payment management)
  • Google Analytics (web analytics)

Schedule 4 (Controller to processor standard contractual clauses)

Clause 1. Definitions

For the purposes of the Clauses:

(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data; 1

(b) ‘the data exporter’ means the controller who transfers the personal data;

(c) ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

(d) ‘the sub-processor’ means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

(e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

(f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2. Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3. Third-party beneficiary clause

(1) The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.

(2) The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

(3) The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

(4) The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4. Obligations of the data exporter

The data exporter agrees and warrants:

(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

(b) that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;

(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;

(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

(e) that it will ensure compliance with the security measures;

(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

(g) to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;

(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

(i) that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses;

(j) that it will ensure compliance with Clause 4(a) to (i).

Clause 5. Obligations of the data importer 2

The data importer agrees and warrants:

(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;

(d) that it will promptly notify the data exporter about:

(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;

(ii) any accidental or unauthorised access; and

(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;

(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

(f) at the request of the data exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;

(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

(h) that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;

(i) that the processing services by the sub-processor will be carried out in accordance with Clause 11;

(j) to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.

Clause 6. Liability

(1) The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.

(2) If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity. The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.

(3) If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.

Clause 7. Mediation and jurisdiction

(1) The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

(b) to refer the dispute to the courts in the Member State in which the data exporter is established.

(2) The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8. Cooperation with supervisory authorities

(1) The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

(2) The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.

(3) The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).

Clause 9. Governing law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10. Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clauses.

Clause 11. Sub-processing

(1) The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses3. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor’s obligations under such agreement.

(2) The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

(3) The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.

(4) The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.

Clause 12. Obligation after termination

(1) The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

(2) The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.


Additional commercial clauses

Indemnification
Liability

The parties agree that if one party is held liable for a violation of the clauses committed by the other party, the latter will, to the extent to which it is liable, indemnify the first party for any cost, charge, damages, expenses or loss it has incurred.

Indemnification is contingent upon:

(a) the data exporter promptly notifying the data importer of a claim; and

(b) the data importer being given the possibility to cooperate with the data exporter in the defence and settlement of the claim.

Priority of standard contractual clauses

The Standard Contractual Clauses take priority over any other agreement between the parties, whether entered into before or after the date these Clauses are entered into.

Unless the Clauses are expressly referred to and expressly amended, the parties do not intend that any other agreement entered into by the parties, before or after the date the Clauses are entered into, will amend the terms or the effects of the Clauses, or limit any liability under the Clauses, and no term of any such other agreement should be read or interpreted as having that effect.


Appendix 1

Data exporter

The data exporter is the Customer who registered with MyHallWizard.

The data exporter’s business or organisation type is:

  • General business

The data exporter is using the personal data which is being transferred for the following purposes or activities:

  • Accounts and records, including:
    • keeping accounts relating to the data exporter’s business or activity;
    • deciding whether to accept any person or organisation as a customer;
    • keeping records of purchases, sales or other transactions, including payments, deliveries or services provided by the data exporter or to the data exporter;
    • keeping customer records
    • records for making financial or management forecasts; and
    • other general record keeping and information management.
Data importer

The data importer is Hallwizard Limited.

The data importer’s business or organisation type is:

Refer to Part 1 of Schedule 3 (Data Processing Information) of the SaaS Agreement between the controller and processor.

  • IT, digital, technology and telecoms

The data importer’s activities for the data exporter, which are relevant to the transfer are:

  • IT, digital, technology or telecom services, including provision of technology products or services, telecoms and network services, digital services, hosting, cloud and support services or software licensing
 
Data subjects

Refer to Part 2 of Schedule 3 (Data Processing Information) of the SaaS Agreement between the controller and processor.

Categories of data
Processing operations

Refer to Part 3 of Schedule 3 (Data Processing Information) of the SaaS Agreement between the controller and processor.

Appendix 2

This Appendix forms part of the Clauses.

Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(a) and 5(c) (or document / legislation attached).

Refer to the description of the importer’s security measures set out in Part 4 of Schedule 3 (Data Processing Information) the SaaS Agreement between the controller and processor.