DataCAT Terms of Service

DataCAT Terms of Service

10 April 2018

This page (together with the documents referred to on it (including those set out in the T&C’s, Cookie Policy and GDPR Policy areas of our website, www.gdpr.design (our site)) tells you information about us and the legal terms and conditions (Terms) on which we provide the DataCAT software application and related GDPR compliance support documents (Product).

These Terms will apply to the services to be used in conjunction with the Product you have purchased (Services). It does not matter if you purchased your Product from us or from someone else. Please read these Terms carefully and make sure that you understand them, before you start using the Services. Please note that before completing your registration for the Services you will be asked to agree to these Terms.

If you refuse to accept these Terms, you will not be able to complete your registration and you will not be able to use the Services.

You should print a copy of these Terms or save them to your computer for future reference.

We amend these Terms from time to time and the current Terms are always published on our site. Please check our site from time to time as your continued use of the Services will be governed by them.

 

  1. Information about us
    • We operate the website gdpr.design. We are GDPR Design Ltd, a company registered in England and Wales with company number 10916392 and have our registered office at 13 Thatcham Business Village, Colthrop Way, Thatcham, Berkshire RG19 4LW.
    • To contact us, please see our Contact Us page.
  2. Subscription Fee and Payment
    • You will pay the relevant subscription fees due, details of which can be found at gdpr.design/products-and-services/data-cat/. You must provide valid, up-to-date and complete credit card details when you purchase your Product (and whenever your card details change during the Term) and you authorise us to bill that card:
      • when you purchase your Product; and
      • on each renewal of the Term (see below) annually.
    • If you fail to pay to us when due any amount, we are entitled:
      • to charge interest on the overdue amount at 8% per annum. Interest will accrue daily from the due date until the date of actual payment, whether before or after judgement; and
      • to suspend or terminate the Services.
  1. The Services
    • We have made every effort to test our Product with different technology configurations, however to minimise the chances of compatibility issues please ensure that your systems are up to date before purchasing the Product.
    • Once you have purchased the Product and registered for the Services, we will:
      • provide the Services via an online application which will:
        • enable you to capture certain personal information (including email) and communication preferences;
        • enable you to capture and manage your customers’ consent to communicate with them (consent is time and date stamped);
        • provide secure cloud-based storage of the information captured and consent provided;
        • provide online access to a downloadable suite of template policy documents to support your GDPR compliance;
        • provide online access to downloadable ‘How To’ instruction guides to support your Product; and
        • provide technical support (see further below).
      • ensure that the Services are performed substantially in accordance with all documentation made available to you online from time to time setting out a description of the Product and the user instructions for the Services (Documentation) and with reasonable skill and care.
    • Our Product and Services provide you will tools to help you comply with all applicable requirements of the General Data Protection Regulation ((EU) 2016/679) and national implementing laws, regulations and secondary legislation in the UK (Data Protection Legislation). However, whilst they provide you with an important step to compliance they do not on their own mean that you are fully compliant. How you put the various template policies into practice, and how you use the Services, is crucial and these factors are outside of our control. Compliance with the Data Protection Legislation is not therefore guaranteed simply by purchasing our Product and using the Services.
    • Our Product and the Services offer tools and information as a resource but we do not offer legal advice. You should speak to a solicitor to understand how the Data Protection Legislation affects you.
    • The type of information we collect about you and your customers, how we store and use it and how you might be contacted by us are all governed by our Data Protection Policy and Cookie Policy. Please read our Privacy Notice and Cookie Policy carefully as they contain important information and by using the Services you consent to the way we collect, store and process data under them.
  1. Accessing the Services
    • To use the Services your website will need to maintain a connection to the internet. If the internet connection fails then you will not be able to use the Services but any data captured and uploaded via the Services prior to failure will be maintained in our cloud-based storage facility.
    • Once you have purchased your Product, you will be provided instructions and a password in order to activate your account. Once you have logged in you can change your password.
    • You will need to access the software application online, which will provide javascript to install DataCAT onto your website and enable communication between your website and us (Software). Your use of the Software and Documentation is subject to the terms of the licence below.

 

  1. Licence
    • We grant you a non-exclusive, non-transferable licence to use the Software and Documentation for the sole purpose of enabling the Services for so long as the Services are available to you (Licence). We may issue Software updates incorporating code “patches” and error corrections from time to time and the Licence governs these as well.
    • The License(s) may only be used by a single business or organisation for:
      • a single domain with DataCAT Business;
      • two to five domains with DataCAT Multi-Business; and
      • unlimited domains with DataCAT Enterprise.
    • We will monitor usage and inform you if additional subscription fees are due.
    • The Licence(s) is granted to you on the basis that you undertake not to:
      • copy the Software except where such copying is incidental to normal use of the Software, or where it is necessary for the purpose of back-up;
      • rent, lease, sub-license, loan, translate, merge, adapt, vary or modify the Software;
      • make alterations or modifications to the Software or combine or incorporate it (or any part of it) in any other programs;
      • disassemble, decompile, reverse engineer or create derivative works based on, the whole or any part of the Software; or
      • provide or make available the Software or Documentation to any person without our prior written consent.
    • All intellectual property rights in the Software and Documentation anywhere in the world belong to us. Rights in the Software and Documentation are licensed (not sold) to you, and you have no rights in, or to, the Software or Documentation other than the right to use them in accordance with the terms of the Licence(s).
    • The Software and Documentation has not been developed to meet your individual requirements. The Software may not be free from bugs or errors.

 

  1. Your Data
    • You own all right, title and interest in and to all data collected and supplied by you when using the Services (Customer Data). You have sole responsibility for the legality, reliability, integrity, accuracy and quality of Customer Data and you acknowledge that we have no control over any Customer Data provided to us. We have no obligation to monitor or moderate the content of any Customer Data.
    • We utilise Amazon Web Services (AWS) to securely store personal data. As part of this AWS will retain a backup of this data for 30 days. If there is any loss or damage to your Customer Data, your sole and exclusive remedy is for us to work with AWS to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up maintained by them. Subject to the Data Protection Legislation, we are not be responsible for any loss, destruction, alteration or disclosure of your Customer Data caused by any third party.
    • You will not, and you will ensure that your Customer Data does not:
      • breach any law applicable to you;
      • infringe the intellectual property of any third party;
      • include any material which is obscene, indecent, pornographic, seditious, offensive, defamatory, threatening, liable to incite racial hatred, menacing, blasphemous; or
      • distribute or transmit anything or device which may prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network or access to any programme, data or user experience, including worms, trojan horses, viruses and other similar things or devices.
    • You and we will each provide reasonable assistance to the other to comply with all applicable Data Protection Legislation. This paragraph does not relieve, remove or replace any obligation you or we may have under the Data Protection Legislation.
    • You are the Data Controller and we are a Data Processor for the purposes of the Data Protection Legislation and you are ultimately responsible for the management of all your Customer Data. You must ensure that you have all necessary appropriate consents and notices in place to enable the lawful transfer of all Customer Data to us for the Term and for purposes of providing the Services so that we can lawfully use, process and transfer Customer Data in accordance with the Services on your behalf.
    • We will:
      • process your Customer Data as contemplated by the Services and otherwise only in accordance with your written instructions;
      • not transfer any Customer Data outside of the European Economic Area unless the following conditions are fulfilled:
        • you and we have each provided appropriate safeguards in relation to the transfer;
        • the data subject has enforceable rights and effective legal remedies;
        • we comply with our obligations under the Data Protection Legislation by providing an adequate level of protection to any of your Customer Data that is transferred; and
        • we comply with reasonable instructions notified to us in advance by you with respect to the processing of your Customer Data;
        • assist you, at your cost, in responding to any request from any of your data subjects and in ensuring compliance with your obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
        • notify you without undue delay if we become aware of a data breach;
        • delete or at your written direction provide a back-up copy of your Customer Data to you on termination of the Services unless we are required by any law applicable to us to retain and store your Customer Data;
        • maintain records and information sufficient to demonstrate our compliance with this paragraph; and
        • obtain your prior written consent before transferring any of your Customer Data to any sub-contractor or third party.
    • You and we will each ensure that appropriate technical and organisational measures are in place to protect against unauthorised or unlawful processing of your Customer Data and against accidental loss or destruction of, or damage to, your Customer Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures.
    • You will defend, indemnify and hold us harmless against claims, actions, proceedings, losses, damages, expenses and costs (including without limitation court costs and reasonable legal fees) arising out of or in connection with your use of the Services and/or Documentation, provided that:
      • you are given prompt notice of any such claim;
      • we provide you with reasonable co-operation in the defence and settlement of such claim, at your expense; and
      • you are given sole authority to defend or settle the claim.

 

  1. Availability of Services
    • We have worked very hard to ensure that our Services are available to you all of the time. However, this is not always going to be possible given the complexity of the systems our Services rely on. Our servers will be in constant contact with your website via third party communication links and your ISP, your router and your computer all have a part to play. You may also access the Services through your mobile communications device which relies on a connection from your mobile communications provider.
    • We operate a policy of continuous improvement. This means that we will regularly update our systems, the Documentation and Software that make up the Services. Some software updates will be done by us remotely and normally without any involvement on your part. We will not normally contact you before making these changes but will ensure that wherever possible it is done without affecting the Services. Other updates will require manual installation. These will be less frequent, but you must install all updates when they become available. If you do not install our updates, performance of the Services may become limited or unreliable. We will always try and improve the Services with the minimum of disruption to you, but there may be occasions where the Services are temporarily suspended for maintenance or repair. We may not always be able to notify you in advance of a suspension of Services. Please bear with us if there is some downtime in availability; you can be sure that we will be trying to fix it as quickly as possible.
    • There is a lot of work we do behind the scenes and a lot of third party equipment involved. As a result, we cannot guarantee that the Services will be always live, uninterrupted or error-free and we will not be liable to you if the Services are temporarily unavailable, or if there are variances in performance from time to time, for whatever reason.

 

  1. Information Security
    • We will take reasonable and prudent measures to safeguard the security of your data which is under our control. We use Amazon Web Services as our hosting provider, complete with industry leading security arrangements. We will notify you as soon as possible if we become aware of a security incident affecting your Customer Data.
    • The Services are provided using a secure (SSL/TLS) connection. Whilst this provides good protection for your data you acknowledge that data transmitted between you and us may be intercepted and we can accept no liability for this. In particular you should be aware that the security afforded by email, text messages and push notification messages, during transmission, is often limited.
    • You are responsible for keeping the username and password that you use to access the Services confidential, safe and secure. We recommend that you chose a password that uses lowercase, uppercase and a combination of alpha-numeric characters. But do please make sure that whatever combination you use, it is memorable. You should limit the number of people within your organisation who can access your account and you must not allow anyone outside your organisation to access your account.
    • You should always log out from your account when you are not using it, whether or not you use a shared computer to access your account. You must notify us immediately if you have any reason to believe that your account security has been compromised.
    • We have worked hard to ensure that the Services are safe and secure, but you alone are responsible for protecting your computer hardware, software and data from unauthorised access and free and clear of viruses and malware. We will have no liability to you if you fail to keep your account secure.

 

  1. Confidential Information
    • You and we will each maintain the confidentiality of the other’s proprietary and, if it is clearly labelled as confidential, other information (Confidential Information) and will not without the other’s prior written consent use, disclose, copy or modify it (or permit others to do so) other than as necessary for and as contemplated by the Services.
    • You or we may disclose Confidential Information to the extent required by law, by any governmental or other regulatory authority or by a court or other authority of competent jurisdiction.
    • Details of the Services, the Software and the Documentation are our Confidential Information. Your Customer Data is your Confidential Information.
    • The obligations under this paragraph will survive termination of the Services.

 

  1. Support
    • We aim to provide the highest standards of customer service and support.
      • You will find comprehensive online help and support in the ‘How To’ instruction guides.
      • If they do not answer your question, please get in touch either by emailing us at info@gdpr.design or use the Contact Us page of our site. We will do our best to get back to you as soon as we can.
      • Email support is available during normal business hours in the UK.

 

  1. Termination of Services
    • We don’t want to lose your custom but if you decide that the Services are no longer for you, you can cancel them at any time. Just contact us at info@gdpr.design or via the Contact Us page on our site and we will take care of everything for you.
    • The minimum term for the Licence(s) is 12 months and your subscription to the Services (and your Licence(s)) will renew automatically for subsequent periods of twelve months each (Term) unless you terminate the Services by not less [90] days’ notice in writing before the end of the then current Term.
    • If in our opinion you abuse the Services or use them for any illegal or immoral purpose, we may cancel the Services immediately, without notice. You agree to indemnify us against any loss, cost, expense, damage, fine or claim we suffer as a result of your use of the Services.
    • You will not be entitled to a refund for any unexpired period of the Term if you or we cancel.
    • We reserve the right to suspend or withdraw the Services at any time without notice (although we will always try and give you as much notice as possible) and we will not be liable to you if the Services are suspended or withdrawn. If the Services are suspended or withdrawn, you may experience reduced functionality of your Product and may no longer be able to access your Customer Data. You should maintain records and back-up your Customer Data regularly.
    • If you or we cancel, suspend or withdraw the Services:
      • the Licence(s) will terminate immediately;
      • we may destroy your Customer Data unless we receive, no later than ten days after the date of termination, a written request from you for a copy of the then most recent back-up of your Customer Data. If you ask us for a back-up copy we’ll do our best to get that to you within 30 days provided you have paid all amounts due to us in full; and
      • the ownership of the Documentation is not affected. It will remain yours to keep but you may not re-sell or otherwise distribute or make it available for others to use.
  1. Liability
    • Our Services and the Documentation are designed for use as a tool to aid compliance with the Data Protection Legislation, but they do not on their own ensure compliance. It is crucial that you take legal advice about how the Data Protection Legislation affects you. In particular, but without limitation:
      • you assume sole responsibility for results obtained from the use of the Services and the Documentation, and for any conclusions you drawn from such use. We have no liability for any damage caused by errors or omissions in any information, instructions or scripts provided to us by you in connection with the Services, or any actions taken by us at your direction; and
      • the Services and the Documentation are provided to you on an “as is” basis and have not been prepared to meet your individual requirements.
    • If we fail to comply with these Terms, we are responsible for loss or damage you suffer that is a foreseeable result of our breach of these Terms or our negligence, but we are not responsible for any loss or damage that is not foreseeable. Loss or damage is foreseeable if they were an obvious consequence of our breach or if they were contemplated by you and us at the time you first activated your account. We have no liability to you for any loss of profit, loss of business, business interruption, or loss of business opportunity. Save as set out below, in no event will our liability exceed:
      • £500,000 in respect of any single claim or series of related claims; and
      • £1,000,000 or one-and-a-quarter times the total amount you have paid to us for the Services (whichever is the greater) in respect of any and all claims (however arising).
    • We do not in any way exclude or limit our liability for:
      • death or personal injury caused by our negligence; or
      • fraud or fraudulent misrepresentation.
    • Save as set out in this paragraph no other representation, warranty or condition, express or implied, statutory or otherwise (including as to condition, satisfactory quality, performance or fitness for purpose), is given or assumed by us in respect of the Services, Software and/or Documentation and any such representation, warranty or condition is excluded.

 

  1. Other important terms
    • These Terms are between you and us. No other person has any rights to enforce any of the Terms, whether under the Contracts (Rights of Third Parties Act) 1999 or otherwise.
    • Each of the paragraphs of these Terms operates separately. If any court or relevant authority decides that any of them are unlawful or unenforceable, the remaining paragraphs will remain in full force and effect.
    • If we fail to insist that you perform any of your obligations under these Terms, or if we do not enforce our rights against you, or if we delay in doing so, that will not mean that we have waived our rights against you and will not mean that you do not have to comply with those obligations. If we do waive a default by you, we will only do so in writing, and that will not mean that we will automatically waive any later default by you.
    • These Terms are governed by English law. This means a contract for the purchase of our Product and any dispute or claim arising out of or in connection with it will be governed by English law. You and we both agree to that the courts of England and Wales will have non-exclusive jurisdiction.

 

Version: [v1.1, 20th April 2018]