Terms & Conditions
Service License Agreement
By using or purchasing Flow Networks’ Purple WiFi services, either through signing a hard copy Social WiFi Subscriber Form or accepting terms online, the Customer agrees to the provisions outlined in this Service License Agreement (SLA). These terms and conditions form a material part of the agreement between the Customer and Flow Networks, governing the use of Purple WiFi and related services. Please review the full SLA below to understand the Customer’s rights and responsibilities.
Background:
​
A. Flow Networks is an approved partner of Purple and has been granted a royalty free license by Purple which permits Flow Networks, its employees, contractors and, agents to access the Purple Portal in order to administer usage of the Purple Portal for and on behalf of its Customers.
Flow Networks uses 3rd Party Integrations with the Purple Portal to enhance the Service it supplies to the Customer.
Flow Networks provides software solutions which provides a business with: (i) a WiFi hotspot platform for use by individuals on the business' WiFi hardware; (ii) customer analytics services and marketing opportunities; and (iii) ancillary support services.
B. The Customer would like to use the Purple Portal and integrated 3rd Party Applications under license from Flow Networks at its Venue or Venues.
AGREED TERMS:
1. Interpretation
1.1. The definitions and rules of interpretation in this clause apply in these terms and conditions.
​
3rd Party Integrations means any hardware or software supplied by Flow Networks which is integrated with the Purple Portal in order to enhance or improve its functionality.
​
Access Point means any item of access hardware (including signal boosters and repeaters) of a Customer at a Venue through which a User may access the internet.
​
Agreement means the agreement made between Flow Networks and a Customer as constituted by the Customer’s acceptance of these terms and conditions by the signing of the WiFi Subscriber Agreement.
​
Commencement Date the date of commencement of the Service.
​
Customer means a business customer to which Flow Networks has granted a license to use the Service as identified in the WiFi Subscriber Agreement.
Customer Access Page means the access page (whether or not branded by the Customer) through which Users login in order to access the internet at a Customers Venue.
​
Device means any computer, tablet, mobile telephone, smart phone or other electronic device through which a User accesses the Service.
​
Extended Term means an auto-renewal period of one (1) year added to the end of the Initial Term and/or to any Extended Term where neither Party has terminated the Service License in accordance with either clause 6.1 or 6.2.
​
EULA means the end user license agreement in place between Purple and the User at the relevant time.
​
Flow Networks means Flow Networks (Pty) Ltd (company registration: 2019/572047/07) whose registered office is at 17 Mansel Terrace, Eshowe, 3815, Kwazulu Natal, South Africa.
Initial Term the period of 12 months ending on the first anniversary of the Commencement Date.
​
Intellectual Property Rights means any intellectual property rights arising by virtue of or in relation to patent, copyright, database rights,
rights in trademarks (registered or unregistered), applications for any of the foregoing, trade secret rights and know how, and any other intellectual property or proprietary rights arising under the laws of any jurisdiction.
​
Order means an individual purchase order relating to the licensing and use of the Service placed by the Customer when they sign the WiFi Subscriber Agreement, or any subsequent purchase order supplied by the Customer for additional Service Licenses and/or Professional Services.
​
Professional Services means work carried out by Flow Networks or it’s Upstream Service Providers at the request of Customer to enhance, modify or develop the Service specifically for Customer, including 3rd Party Integrations.
​
Purple means Purple Wifi Limited (company registration number 6444980) whose registered office is at Arbeta, Suite 2.5, 11 Northampton Rd, Manchester, M40 5BP, United Kingdom.
​
Purple Portal means the online portal supplied and managed by Flow Networks under license from Purple WiFi Ltd through which the Customer administers the usage of the Service by Users.
​
Service means Purple’s hosted software solutions and/or any 3rd Party Integrations supplied by Flow Networks, which provides:
(i) a Customer with a WiFi hotspot platform which may be used by Users to access the internet through one or more Access Points at a Venue; and (ii) customer analytic; marketing automation functionality and reports usable by Customer personnel.
​
Service Level Standards means the minimum levels of performance applicable to the Service and the Support Service set out in paragraphs 1.1 and 1.2 of Appendix A
​
Service License means a non-exclusive term license in respect of a specified number of Access Points for use of the Service at the Venue(s) for the Service License Term.
​
Service License Fee means such fee, in whichever currency payable, as shall be payable by the Customer to Flow Networks for the relevant Service License Term in respect of a Service License.
Service License Term means (as relevant) the Initial Term and each Extended Term.
​
Support Request means a written request from the Customer to provide an element of the Support Service.
​
Support Service means the support relating to the Service provided by Flow Networks to the Customer
.
Terms of Use means the terms of use relating to the Service as publicised from time to time at https://purple.ai/wifi-terms-of-use/.
​
Upstream Service Providers means any service provider including Purple which Flow
Networks uses order to deliver the Service and it’s enhancements to the Customer.
​
User means any individual natural person who accesses the internet by means of a Device via a Customer Access Page through an Access Point at a Venue.
​
Venue means the Customer venue at which a User accesses the internet via the Customer Access Page through the Access Point(s).
​
1.2 Clause and schedule headings do not affect the interpretation of these terms and conditions.
1.3 Words in the singular shall include the plural and vice versa.
1.4. A reference to one gender shall include a reference to the other genders.
1.5. A reference to any party shall include that party’s personal representatives,
successors or permitted assigns.
1.6. A reference to a statute, statutory provision or any subordinated legislation made under a statute is a reference to such statute, provision or subordinated legislation as in force at the date of this Agreement.
1.7. References to clauses and the Schedule are to the clauses of and the Schedule to these terms and conditions.
1.8. Any phrase introduced by the terms including, include, in particular or any similar expression shall be construed as illustrative and shall not limit the sense of the words preceding those terms.
WiFi Subscriber Agreement means the subscriber agreement signed by Customer which these terms and conditions pertain to.
2. Commencement and duration of the Agreement
The Agreement shall commence on the Commencement Date. Unless terminated earlier in accordance with clause 6.2, the Agreement shall continue and remain in force for the Initial Term and shall, unless terminated in accordance with clause 6.1 or clause 6.2, automatically extend for consecutive periods of 1 year (each an Extended Term) upon the expiry of the Initial Term and each Extended Term.
3. Access
Flow Networks has the right to disable access to the Service provided to the Customer or any User at any time if, in Flow Networks’ opinion, the Customer fails to comply with any of the provisions of these terms and conditions or any User fails to comply with the provisions of the EULA or the Terms of Use or otherwise acts in a way that is likely to adversely interfere with Flow Networks ability to provide the Service to the Customer or any third party. Where access to the Service is disabled, the Customer shall not be entitled to a refund of the relevant Service License Fee (or any part of it).
4. Service
4.1 Upon receipt of the Service License Fee, Flow Networks shall be deemed to have granted to the Customer the Service License and Flow Networks shall provide the Service and the Support Service to the Customer for the duration of each Service License Term in accordance with the Service Level Standards.
4.2 The Customer acknowledges that title to the Service and to all property and Intellectual Property Rights provided to the Customer or otherwise arising under the Agreement, including but not limited to any software used by Flow Networks and its Upstream Service Providers in connection with the Service, together with all amendments, additions and enhancements to the Service, shall belong exclusively to and shall remain vested in Flow Networks and/or its Upstream Service Providers.
4.3 The Customer accepts the Terms of Use and shall:
4.3.1 comply with and procure that its officers, employees, consultants and agents comply with; and
4.3.2 use reasonable endeavours to procure that each User complies with, the Terms of Use.
4.4 Data and Data Protection are subject to Appendix B, and its Annexes, as maybe amended and/or updated from time to time, of this Agreement.
4.5 The Customer undertakes to Flow Networks:
4.5.1 not to provide or otherwise make available the Service in whole or in part in any form to any person other than Users without prior written consent;
4.5.2 to maintain adequate security measures intended to safeguard the Service from access or use by unauthorised users;
4.5.3 to comply at all times with all applicable laws in the relevant jurisdiction;
4.5.4 to notify Flow Networks as soon as reasonably practicable if it becomes aware of any use of the Service by any unauthorised user; and
4.5.5 not to do (or authorise any third party to do) any act which to the Customer’s knowledge would or might invalidate or be inconsistent with any Intellectual Property Rights of Flow Networks and/or Purple and not knowingly omit (or authorise any third party to omit) to do any act which, by its omission, would have that effect or character.
4.6 The aggregate liability of each party to the other or to any third party (whether in contract, tort or otherwise) shall be limited to an amount equal to that proportion of the Service License Fee paid which is attributable to the calendar year within which such claim arises.
5. Service License Fee and payment
5.1 The Customer shall pay the Service License Fee:
5.1.1 in respect of the Initial Term, 50% to be paid prior to the Commencement Date; and 50% to be paid on the 6 month anniversary of the Commencement date.
5.1.2 and in respect of each Extended Term, not later than 30 days prior to the expiration
of the previous Service License Term.
5.2 If Flow Networks ceases to provide the Service due to non-payment of the Service License Fee or disables access to the Service pursuant to clause 3 and the Customer subsequently requests that the Service is reactivated then Flow Networks shall be entitled to be paid a reactivation fee prior to the reactivation of the Service.
5.3 Flow Networks reserves the right to claim interest on a late payment under the relevant South African laws.
6. Termination
6.1 Either party may terminate the Agreement at any time upon not less than 30 days’ notice in writing to the other, such notice to expire upon the expiry of a Service License Term.
6.2 The Agreement may be terminated:
6.2.1 by Flow Networks or Purple immediately if the Customer, in the reasonable opinion of Flow Networks or Purple, acts in a way that causes or is likely to cause damage to Flow Networks or Purple’s reputation;
6.2.2 by Flow Networks immediately if the Customer shall have failed to pay the Service License Fee in accordance with clause 5.1;
6.2.3 by either parties immediately on giving written notice to the other where such other party has committed a material breach of the Agreement and, in the case of a breach which is capable of being remedied, the recipient of such notice shall have failed to remedy such breach within 14 days after receiving a notice from the other party requesting it to do so; and
6.2.4 by either parties immediately on giving written notice to the other if it becomes apparent that the other party has become insolvent or has had a receiver, administrator or administrative receiver appointed, or has applied for or has called a meeting of its creditors, or has resolved to go into liquidation (except for a bona fide amalgamation or reconstruction while solvent), or an application is made to appoint a provisional liquidator or for an administration order or notice of intention to appoint an administrator is given or a proposal is made for a voluntary arrangement or any other composition, scheme or arrangement with or assignment for the benefit of any of the
other party’s creditors, or any event analogous to any of the foregoing occurs in any
jurisdiction or if the other party ceases or threatens to cease to carry on business.
6.3 Upon termination of the Agreement for any reason:
6.3.1 Flow Networks will cease to provide the Service to the Customer; and
6.3.2 all amounts owed by the Customer to Flow Networks shall become immediately due and payable.
7. Intellectual property
7.1 Where Flow Networks provides to the Customer software under license from its Upstream Service Providers, which enables Users to use the Service, Flow Networks grants to the Customer a non-exclusive, non-transferable licence to allow Users to use such software solely for that purpose. The Customer agrees that it shall not, and shall procure that no User shall, without Flow Networks prior written consent, copy,
decompile or modify such software, nor copy any manuals or documentation (except as permitted by law).
7.2 The Customer shall indemnify Flow Networks for any breach of clause 7.1
8. Confidentiality
8.1 Each of the parties agrees that the commercial terms of any Agreement and any information relating to the business of the other which is passed to it by the other in connection with the Agreement shall, at all times, be kept and shall remain confidential.
8.2 The confidential information referred to in clause 8.1 may be disclosed by a party only to such of its officers, employees, contractors, auditors or other professional advisors to whom and to the extent to which disclosure is necessary for the fulfilment of the Agreement or for the purposes of professional advice, subject to the relevant party ensuring that any such individual is under a duty to maintain the confidentiality of any such information that is disclosed to him. No confidential information may be disclosed to a third party without the prior written consent of both parties unless and to the extent that such disclosure is required by law.
8.3 Information that: (a) is or becomes publicly known other than through any act or omission of the receiving party; (b) was in the other party’s lawful possession before the disclosure; (c) is lawfully disclosed to the receiving party by a third party without restriction on disclosure; or (d) is independently developed by the receiving party, which independent development can be shown by written evidence; shall not be regarded as confidential information for the purposes of clause 8.1.
8.4 The obligations of confidentiality in this clause 8 shall continue to apply after termination of this Agreement.
9. General
9.1 Any Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of South Africa. Each party irrevocably agrees that the South African courts shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with any Agreement or its subject matter or formation (including non-contractual disputes or claims).
9.2 The parties agree to comply with all applicable laws relating to their respective activities and obligations under the Agreement.
9.3 All notices which are required to be given under the Agreement shall be in writing and shall be sent either by email to such email address as the recipient may designate or by first class pre-paid recorded delivery post or airmail to the registered office address of the recipient or such other address as the recipient may designate by notice given to the sender. Any notice sent by email shall be deemed to have been served one hour after it is sent (save where the sender receives notification that such email has not been delivered) and any notice sent by first class pre-paid recorded delivery post or airmail shall be deemed to have been served 48 hours after posting.
9.4 The Customer may not assign any provision of the Agreement without the prior written consent of Flow Networks.
9.5 A failure to exercise or a delay in exercising a right or remedy provided by the Agreement or by law shall not constitute a waiver of such right or remedy. If an effective waiver of any breach of any of the terms of the Agreement is made, then such waiver shall not constitute a waiver in respect of any other breach of such term or any breach of any other term.
9.6 The terms of any Agreement are in lieu of all warranties, conditions, undertakings, terms and obligations concerning the supply, licensing and use of the Service which might but for this clause have effect between Flow Networks and the Customer or would otherwise be implied or incorporated into such Agreement or considered to take effect as a collateral contract, whether by statute, common law, trade usage, course of dealing or otherwise, all of which are agreed to be excluded to the fullest extent permitted by law.
9.7 No variation of any Agreement shall be valid unless it is in writing, it expressly states that it varies such Agreement and it is signed by authorised representatives of each party.
9.8 No delay, failure or default in the performance of any obligation under any Agreement shall constitute a breach of contract to the extent caused by circumstances beyond the reasonable control of the party whose performance is affected but nothing in this clause shall excuse the Customer from any payment obligations under such Agreement.
9.9 If any term of any Agreement is or becomes unenforceable or invalid, such invalidity or unenforceability shall not affect the other terms of such Agreement which shall remain in full force and effect. If any term of any Agreement is or becomes invalid or unenforceable but would be valid or enforceable if some part of it were deleted or modified by the parties, the term in question shall apply with such modification as may be necessary to make it valid and enforceable. The parties shall act reasonably and in good faith to agree any such modification.
​
Appendix A
Service Level Standards
1. Service levels and response times
1.1 Flow Networks shall use its reasonable endeavours to ensure an uptime rate of not less than 99.9%.
1.2 Flow Networks shall use its reasonable endeavours to provide the following response times:
1.2.1. for any issue which results in all Users being unable to access the Service (a Critical Level Issue), within 180 minutes after receiving a Support Request;
1.2.2. for any issue which results in the Service being substantially diminished for Users (a High Level Issue), within 360 minutes after receiving a Support Request; and
1.2.3. for any issue which results in the Service being impaired but not substantially diminished for Users (a Low Level Issue), within 72 hours after receiving a Support Request.
1.3 Flow Networks shall refund such proportion of Service License Fee which is applicable to Downtime which exceeds 0.1%.
1.4 For the purposes of this Schedule, Downtime refers to one or more whole periods of 30 minutes duration commencing upon the submission by the Customer of a Support Request informing Purple that there is a Critical Level Issue (as defined in paragraph 1.2.1).
1.5 The response times set out in paragraph 1.2 refer only to the time within which Flow Networks shall respond to a Support Request. Flow Networks gives no guarantee as to the time it may take to resolve any Critical Level Issue, High Level Issue or Low Level Issue save that it shall use its reasonable endeavours to resolve all such issues as soon as reasonably practicable.
1.6 Paragraph 1.3 shall not apply where and to the extent that Downtime arises from:
1.6.1. Scheduled Service Downtime (as defined in paragraph 2.1); or
1.6.2. failure of the Customer’s own computer systems, network or software; or
1.6.3. failure by the Customer, its employees, subcontractors, agents or other similar third parties to comply with any reasonable instructions issued by Flow Networks or Purple; or
1.6.4. breach by the Customer or a User of any terms or restrictions applicable to the Service including, but not limited to, exceeding data storage or transfer limitations; or
1.6.5. any factor which is beyond the reasonable control of Flow Networks or Purple including, but not limited to, failure of social media platform providers for such platforms used to deliver the Service.
2. Scheduled Service Downtime
2.1 Purple may, from time to time, require Downtime in order to perform maintenance and upgrades on its computer systems, network and infrastructure (Scheduled Service Downtime).
2.2 Purple shall use reasonable endeavours to ensure that any period of Scheduled Service Downtime causes minimal disruption to the Service and is as brief as is reasonably possible.
2.3 Flow Networks shall notify the Customer of Scheduled Service Downtime no later than 20 hours prior to its commencement. Such notice shall include an outline summary of the work to be performed during, and the estimated duration of, the Scheduled Service Downtime.
2.4 Purple shall use reasonable endeavours to perform maintenance and upgrades without incurring any Scheduled Service Downtime.
3. Service and Performance Monitoring
In the event that the Service is not carried out in accordance with the Service Level Standards, the Customer’s remedies shall be limited to those set out in paragraph 1.3.
APPENDIX B
DATA AND DATA PROTECTION
The Parties hereby acknowledge and agree for the purpose of this Agreement, Appendix and/or any relevant Orders pursuant to this Agreement, Flow Networks and Purple are Processors/Operators for the purpose of this Agreement and the Data.
1. Definitions
In this Appendix B, all capitalised terms not otherwise defined herein shall have the meaning given to them above. Except as modified below, the terms of the definitions above shall remain in full force and effect.
In this Appendix B, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:
1.1.1 Affiliate means, in relation to an entity, any entity that directly or indirectly Controls, is Controlled by or is under common Control with such entity (but only for so long as such Control exists);
1.1.2 Control means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise. The word Controlled will be construed accordingly.
1.1.3 Customer Personal Data means any Personal Data received, held, accessed, stored, collected, collated or otherwise processed by the Processor/Operator as part of its provision of the Services to the Customer pursuant to or in connection with this Agreement;
1.1.4 EEA means the European Economic Area;
1.1.5 EU Data Protection Laws means:
1 unless and until the GDPR is no longer directly applicable in the UK, the GDPR, the UK Data Protection Legislation, any European Union legislation relating to personal data and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data including the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended from time to time; and then
2 all applicable data protection and privacy legislation in force from time to time in the UK including the Data Protection Act 2018 and the transitional provisions of the European Union (Withdrawal) Act 2018 and The Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit Regulations 2019), any successor legislation in the UK to the GDPR and/or the Data Protection Act 2018 and any other data protection laws anywhere in the world (such as POPIA in South Africa), regulations, codes of practice, codes of conduct, guidance issued by any relevant Supervisory Authority or applicable law;
1.1.6 GDPR means EU General Data Protection Regulation (regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data);
1.1.7 Personal Data means all data defined as ‘personal data’ under Data Protection Laws and to which Data Protection Laws apply;
1.1.8 Services means the services and other activities to be supplied or carried out by or on behalf of the Processor pursuant to this Agreement; and
1.1.9 Subprocessor means any person (including any third party and any Processor Affiliate,
but excluding an employee of Processor or any of its sub-contractors) appointed by or on behalf of Processor or any Processor Affiliate to Process Personal Data on behalf of Customer or any Customer Affiliate in connection with this Agreement.
The terms Controller, Data Subject, Processor, Member State, Personal Data Breach, Processing and Supervisory Authority shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.
The word include shall be construed to mean include without limitation, and cognate terms shall be construed accordingly.
2. Processing of Processor Personal Data
2.1 This Appendix applies where and only to the extent that the Processor processes Customer Personal Data on behalf of Customer in the course of providing Services to Customer pursuant to this Agreement.
2.2 Processor shall, in the course of or in connection with its Processing of Customer Personal Data or its performance of any obligations involving the Processing of Customer Personal Data under this Agreement and this Appendix, comply with all Data Protection Laws.
2.3 Customer warrants to Processor that it has obtained all legal rights and consents necessary (whether required by Data Protection Laws or by contract) to disclose all Personal Data that it does in fact disclose to the Processor pursuant to this Agreement and this Appendix.
2.4 Processor understands and acknowledges that, to the extent that performance of its obligations under this Agreement and this Appendix involves or necessitates the Processing of Customer Personal Data, it shall process such Customer Personal Data only for such purpose and only in accordance with the express written instructions of Customer including with respect to transfers of Customer Personal Data to a country outside the EEA. Processor shall comply promptly with all such written instructions received from Customer. The parties agree that Customer’s complete and final instructions with regard to the nature and purposes of Processing are set out in this Appendix.
2.5 Notwithstanding section 2.4 above, Customer acknowledges and authorises Processor to process Customer Personal Data to create anonymised data sets. Customer further acknowledges and agrees all anonymised and derived data is the property of the Processor.
2.6 Annex 1 to this Appendix sets out certain information regarding the Processors' Processing of the Customer Personal Data as required by Article 28(3) of the GDPR (and, possibly, equivalent requirements of other Data Protection Laws). Customer may make reasonable amendments to Annex 1 by written notice to Processor from time to time as Customer reasonably considers necessary to meet those requirements. Nothing in Annex 1 (including as amended pursuant to this section 2.6) confers any right or imposes any obligation on any party to this Appendix.
3. Processor Personnel
Processor shall take reasonable steps to ensure the reliability of any officer, employee, agent who may have access to the Customer Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Customer Personal Data, as strictly necessary for the purposes of this Agreement, and to comply with applicable laws in the context of that individual's duties to the Processor, ensuring that all such individuals shall process Customer Personal Data only in accordance with the express written instruction of the Customer and that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
4. Deletion or return of Customer Personal Data
4.1 Subject to section 4.2, upon termination or expiration of any services involving the Processing of Customer Personal Data, Processor shall delete and use all reasonable endeavours to procure the deletion by each Subprocessor of all copies of Customer Personal Data .
4.2 Processor may retain Customer Personal Data to the extent required by applicable laws and only to the extent and for such period as required by applicable laws and always provided that Processor shall ensure the confidentiality of all such Customer Personal Data and shall ensure that such Customer Personal Data is only processed as necessary for the purpose(s) specified in the applicable laws requiring its storage and for no other purpose.
5. Security Measures
5.1 Processor will implement and maintain appropriate technical and organisational security measures to protect Customer Personal Data from Personal Data Breaches and to preserve the security and confidentiality of such Customer Personal Data processed by Processor on behalf of Customer under this Agreement.
5.2 In assessing the appropriate level of security, Processor shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.
6. Subprocessing
6.1 Customer agrees that in order to provide the Services, Processor may engage
Subprocessors’ to process Customer Personal Data. Annex 2 sets out information regarding
Processor’s current Subprocessors.
6.2 With respect to each Subprocessor, Processor shall:
6.2.1 before the Subprocessor first Processes Customer Personal Data, carry out reasonable due diligence to ensure that Subprocessor is capable of providing the level of protection for Customer Personal Data required by this Agreement and this Appendix;
6.2.2 ensure that the arrangement between Processor and Subprocessor, is governed by a written contract which shall include the same data protection obligations as those set out in this Appendix and meet the requirements of Article 28(3) of the GDPR or equivalent provisions of any other Data Protection Law;
6.2.3 remain responsible for its compliance with the obligations set out in this Appendix and for any acts of the Subprocessor that cause Processor to breach any of its obligations under this Appendix.
6.3 Processor shall give Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by such Contracted Subprocessor. Customer may object in writing to the proposed appointment, provided that such objection is based on reasonable grounds relating to data protection. In such event, the parties will discuss such concerns in good faith with a view to achieving resolution.
7. Notification to Customer
7.1 Processor shall promptly notify Customer upon receiving a request from a Data Subject (Data Subject Request) or applicable Supervisory Authority under any Data Protection Law in respect of Customer Personal Data; and Processor will ensure that it does not respond to that request except on the documented instructions of Customer or as required by applicable laws to which Processor is subject, in which case Processor shall to the extent permitted by applicable laws inform Customer of that legal requirement before Processor responds to the request.
7.2 Upon Customer’s written request, Processor shall provide reasonable cooperation to assist Customer to respond to any such request, and in any event within 20 days of receiving such request, as detailed in Section 7.1, relating to the Processing of Customer Personal Data under this Agreement. Customer shall cover all costs incurred by Processor in connection with its provision of such assistance.
7.3 Processor shall notify Customer without undue delay upon it becoming aware of a Personal Data Breach affecting Customer Personal Data, providing Customer with sufficient information to allow it to meet any obligations to report or inform the Controller of such Personal Data Breach under Data Protection Laws.
7.4 Processor shall co-operate with Customer and take such reasonable commercial steps as are directed by Customer to assist in the investigation, mitigation and remediation of each Personal Data Breach.
8. Data Protection Impact Assessment and Prior Consultation
Processor shall provide reasonable assistance to Customer with any data protection impact assessments, and prior consultations with any Supervising Authority or other competent data privacy authorities, which Customer reasonably considers to be required of itself by Article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Customer Personal Data, provided that Customer that shall cover all costs incurred by Processor in connection with its provision of such assistance.
9. Audit rights
9.1 Subject to section 9.2, Processor shall make available to Customer such information in Processor’s possession or control as Customer may reasonably request with a view to demonstrating Processor’s compliance with this Appendix and with its obligations as a Data Processor under Data Protection Laws in relation to Processor’s Processing of Customer Personal Data.
9.2 If Customer reasonably believes that an audit is necessary to meet its obligations under Data Protection Laws, Customer may request that a third party (at Customer’s expense) conduct an audit and Processor will provide all assistance reasonably requested by Customer to accommodate Customer’s request.
9.3 Information and audit rights of the Customer and the Customer Affiliates only arise under this Section 9 to the extent that this Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law (including, where applicable, Article 28(3)(h) of the GDPR or equivalent provisions of any other Data Protection Law).
Annex 1:
Details of Processing of Customer Personal Data
Subject-matter of the Processing of Customer Personal Data
The subject matter of the Processing of Customer Personal Data is set out in this Agreement and this Appendix and/or any relevant Order pursuant this Agreement.
Duration of the Processing of Customer Personal Data
The duration of the Processing under this Appendix will be the term of this Agreement
and/or any relevant Order pursuant this Agreement.
Nature and purpose of the Processing of Customer personal Data
The purpose of the data Processing under this Appendix is the provision of the Services to Customer and the performance of Processor’s obligations under this Agreement and this Appendix and/or any relevant Order pursuant to this Agreement (or as otherwise agreed by the Parties).
Types of Customer Personal Data to be Processed
Personal identification and contact data (name, email address, social media…)
Categories of Data Subjects
Customer’s end users (past, present, potential and future) authorised to use the Services.
The obligations and rights of Customer and Customer Affiliates
The obligations and rights of Customer and Customer Affiliates are set out in this Agreement and this Appendix and/or any relevant Order pursuant to this Agreement.
ANNEX 2 – LIST OF APPROVED SUBPROCESSORS
The following Contracted Subprocessors are hereby approved for the specified areas of work.
Entity Name Corporate Location Area of work
Google Cloud Platform London Cloud hosting platform
Google Cloud Platform Amsterdam Cloud hosting platform