Standard Terms of Business – Metamo DAC
AGREED TERMS FOR WORKS AND SERVICES
Available at metamo.ie
The following definitions and rules of interpretation apply in these Terms.
Agreed Purpose: shall have the meaning given to it in Clause 2 of the Data Processing Agreement.
Applicable Laws: means any applicable statutes, statutory instruments, regulations, orders and other legislative provisions in any jurisdiction, including any delegated or subordinate legislation, any enforceable community rights within the European Union and any applicable judgement of a relevant court of law or decision of a tribunal or competent authority which creates binding precedent.
Business Day: a day other than a Saturday, Sunday or public holiday in Ireland, when clearing banks in Dublin are open for business.
Charges: the charges payable by the Customer for the supply of the Services and/or the Works by the Supplier, as set out in the Letter of Engagement and/or a Statement of Work (as the case may be) as may be varied from time to time by agreement in writing between the Supplier and the Customer.
Contract: the contract between the Customer and the Supplier for the supply of any Services and/or the Works in accordance with the Letter of Engagement, any Statement of Work and these Terms.
Customer: means the customer for the purposes of the Contract as specified in the Letter of Engagement.
Customer Materials: all materials, equipment, drawings, specifications and data supplied by the Customer to the Supplier.
Data Protection Law: shall mean all applicable laws relating to data protection and privacy including (without limitation) the EU Data Protection Directive (95/46/EC), the EU General Data Protection Regulation (2016/679), the EU Privacy and Electronic Communications Directive 2002/58/EC as implemented in each Ireland and any other relevant jurisdiction, and any amending or replacement legislation from time to time;
Deliverables: all documents, products and materials developed by the Supplier or its agents, subcontractors and personnel as part of or in relation to the Services and/or the Works in any form, including without limitation computer programs, data, reports, policies and specifications (including drafts) and any other deliverables set out as part of the Services and/or the Works.
Intellectual Property Rights: patents, rights to inventions, copyright and related rights, moral rights, trade marks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, rights in computer software, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.
Letter of Engagement: a letter of engagement issued by the Supplier to the Customer.
Order: any order provided by the Customer to the Supplier in respect of Works and/or Services after the Start Date.
“Personal Data”, “Personal Data Breach”, “Process”, “Controller”, “Processor”, “Data Subject” and “Supervisory Authority”: shall have the meanings set out in the Data Protection Law.
Services: any services, including without limitation any Deliverables, to be provided by the Supplier pursuant to the Contract, as described in the Letter of Engagement and including such other services which the Customer may request from the Supplier and which the Supplier may provide from time to time.
Shared Data: means any Personal Data which is shared between the parties for the Agreed Purpose (in relation to which each Party acts as an independent Controller).
Start Date: the day on which the Supplier is to start provision of the Services and/or the Works (as the case may be), as set out in the Letter of Engagement and/or any Statement of Work (as the case may be).
Statement of Work: any statement of work, the form of which shall be based on Schedule 2 of these Terms, agreed between the Supplier and the Customer in respect of Works and/or Services not provided for in the Letter of Engagement.
Supplier or Metamo: means Metamo Designated Activity Company (company number 636280) or any assignee of Metamo Designated Company from time to time.
Supplier IPRs: all Intellectual Property Rights subsisting in the Deliverables excluding any Customer Materials incorporated in them.
Terms: these standard terms and conditions of business set out in Clause 1 (Interpretation) to Clause 10 (General) (inclusive) hereof as may be amended from time to time in accordance with Clause 10.5.
Works: means the works (including, but not limited to, research and development) to be provided by the Supplier pursuant to the Contract, as described in the Letter of Engagement and including such other works which the Customer may request from the Supplier and which the Supplier may provide from time to time (whether agreed as part of a Statement of Work or otherwise).
A reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time. A reference to a statute or statutory provision includes any subordinate legislation made from time to time under that statute or statutory provision. Any words following the terms: including, include, in particular, for example or any similar expression, shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms. A reference to writing or written includes fax and email. A reference to group means, in relation to a party, that party, any subsidiary or holding company from time to time of that party, any subsidiary from time to time of a holding company of that party and any holding company of any such subsidiary. A reference to “subsidiary” or “holding company” is to be construed in accordance with the Companies Act 2014. A reference to “parties”, unless the context otherwise requires, is a reference to the Supplier and the Customer and a reference to “party” shall be construed accordingly.
2. COMMENCEMENT AND TERM
2.1 The Contract shall commence on the Start Date and shall continue for the term specified in respect of those particular Services or Works in the Letter of Engagement or the Statement of Work (as the case may be).
2.2 Any Order submitted by the Customer from time to time constitutes an offer by the Customer to purchase Services and/or Works in accordance with these Terms. For the avoidance of doubt, the Customer shall be under no obligation to submit an Order to the Supplier during the term of the Contract.
2.3 The Order shall only be deemed to be accepted when the Supplier issues written acceptance of the Order in the form or a Statement of Work or otherwise. Save where agreed otherwise between the Supplier and the Customer in writing, each Order for Services shall be deemed to be a separate Contract which shall be subject to these Terms. Any Order shall be incorporated into the Contract with effect from the time of the Supplier’s written acceptance of the Order.
2.4 Any samples, drawings, descriptive matter or advertising issued by the Supplier, and any descriptions, illustrations or timelines contained in the Supplier’s presentations and marketing materials, are issued or published for the sole purpose of giving an approximate idea of the Services and/or the Works described in them. They shall not form part of the Contract or have any contractual force but shall be confidential information of the Supplier for the purposes of these Terms.
2.5 These Terms apply to the Contract to the exclusion of any other terms that the Customer seeks to impose or incorporate, or which are implied by trade, custom, practice or course of dealing.
2.6 Any quotation given by the Supplier shall not constitute an offer, and is only valid either: (i) for the period specified therein; or (ii) in the event that a period is not specified therein, for a period of 20 Business Days from its date of issue.
3. SUPPLY OF SERVICES AND WORKS
3.1 The Supplier shall use all reasonable endeavours to meet any performance dates specified in any Letter of Engagement and/or Statement of Work, but any such dates shall be estimates only and time shall not be of the essence for performance of the Services and/or the Works (as the case may be).
3.2 The Supplier reserves the right to vary the Services and/or the Works if necessary to comply with any applicable law or regulatory requirement or guidance, or if the amendment will not materially affect the nature or quality of the Services and/or the Works, and the Supplier shall notify the Customer in any such event.
3.3 The Supplier shall supply the Services and/or perform the Works to the Customer from the Start Date in accordance with the Contract. In supplying the Services and/or the Works, the Supplier shall: (a) perform the same with reasonable care and skill; (b) use reasonable endeavours to perform the same in accordance with the service description set out in the Contract; (c) comply with all applicable laws, statutes, regulations and codes from time to time in force (provided that the Supplier shall not be liable under the Contract if, as a result of such compliance, it is in breach of any of its obligations under the Contract); (d) observe all reasonable health and safety rules and regulations and security requirements that apply at any of the Customer’s premises and have been communicated to the Supplier in writing, provided that the Supplier shall not be liable under the Contract if, as a result of such observation, it is in breach of any of its obligations under the Contract; and (e) take reasonable care of all Customer Materials in its possession and make them available for collection by the Customer on reasonable notice and request, always provided that the Supplier may destroy the Customer Materials if the Customer fails to collect the Customer Materials within a reasonable period after termination of the Contract.
3.4 Outsourcing: The parties shall discuss and agree in advance if any Services and/or Works to be provided by the Supplier pursuant to this Contract come within the scope of the Customer’s regulatory requirements in respect of outsourcing and/or any associated outsourcing policies of the Customer notified to the Supplier (“Customer Outsourcing Requirements”). Where any Services and/or Works are required to comply with the Customer Outsourcing Requirements then the parties shall, where appropriate, agree supplementary terms to the Contract to ensure compliance in all material respects with the Customer Outsourcing Requirements.
4. CUSTOMER’S OBLIGATIONS
4.1 The Customer shall: (a) co-operate with the Supplier in all matters relating to the Services; (b) provide, for the Supplier, its agents, subcontractors, consultants and employees, in a timely manner and at no charge, access to the Customer’s premises and other facilities as required by the Supplier or any of them; (c) provide, in a timely manner, such information as the Supplier may require, and ensure that it is accurate and complete in all material respects; (d) subject to clause 9 (Data Protection), provide access to such data and information as may be reasonably required by the Supplier from time to time for the provision of the Services and/or the Works; and (e) ensure that it is complying in all material respects with all Applicable Laws in meeting its foregoing obligations.
4.2 If the Supplier’s performance of its obligations under the Contract is prevented or delayed by any act or omission of the Customer, its agents, subcontractors, consultants or employees, the Supplier shall: (a) not be liable for any costs, charges or losses sustained or incurred by the Customer that arise directly or indirectly from such prevention or delay; and (b) be entitled to payment of the Charges despite any such prevention or delay.
5. INTELLECTUAL PROPERTY
5.1 The Supplier and its licensors shall retain ownership of all Supplier IPRs. The Customer and its licensors shall retain ownership of all Intellectual Property Rights in the Customer Materials. The Supplier grants the Customer, or shall procure the direct grant to the Customer of, a fully paid-up, worldwide, non-exclusive, royalty-free, licence to copy and modify the Supplier IPRs for the purpose of receiving and using the Services, Works and the Deliverables in the Customer’s business during the term of the Contract and in accordance with the terms of the Contract.
5.2 The Customer grants the Supplier a fully paid-up, worldwide, non-exclusive, royalty-free, non-transferable licence to copy and modify the Customer Materials for the term of the Contract for the purpose of providing the Services and the Works to the Customer in accordance with the Contract.
5.3 The Supplier grants to the Customer, or shall procure the direct grant to the Customer of, a fully paid-up, worldwide, non-exclusive, royalty-free licence during the term of the Contract to copy the Deliverables (excluding materials provided by the Customer) for the purpose of receiving and using the Services, Works and the Deliverables in its business.
5.4 The Customer shall not sub-license, assign or otherwise transfer the rights granted in Clause 5.1 and/or Clause 5.3.
5.5 The Customer grants the Supplier a fully paid-up, non-exclusive, royalty-free, non-transferable licence to copy and modify any materials provided by the Customer to the Supplier for the term of the Contract for the purpose of providing the Services to the Customer.
5.6 Neither party may use or reference the other’s name, logos or trademarks without its prior written consent.
6. CHARGES AND PAYMENT
6.1 In consideration for the provision of the Services and/or the Works, the Customer shall pay the Supplier the Charges in accordance with this Clause 6.
6.2 All amounts payable by the Customer exclude amounts in respect of any applicable value added tax (VAT), which the Customer shall additionally be liable to pay to the Supplier at the prevailing rate (if applicable), subject to receipt of a valid VAT invoice.
6.3 The Supplier shall submit invoices for the Charges plus VAT if applicable to the Customer at the intervals specified in the relevant Letter of Engagement and/or Statement of Work. Each invoice shall include all reasonable supporting information required by the Customer. Save where agreed otherwise between the Customer and the Supplier, any Charges payable on a extension of the term of the Contract shall, unless agreed otherwise between the Customer and the Supplier, be payable at the same interval and manner as applied to the corresponding Charges for any initial term of the Contract.
6.4 The Customer shall pay each invoice due and submitted to it by the Supplier, within thirty (30) days of receipt, to a bank account nominated in writing by the Supplier.
6.5 If the Customer fails to make any payment due to the Supplier under the Contract by the due date for payment, then, without limiting the Supplier’s remedies under Clause 8 (Termination): (a) the Customer shall pay interest on the overdue sum from the due date until payment of the overdue sum, whether before or after judgment (interest under this clause will accrue each day at 4% a year above the demand deposit interest rate offered by AIB plc from time to time, but at 4% a year for any period when that base rate is below 0%); and (b) the Supplier may suspend all Services and/or the Works (as the case may be) until payment has been made in full.
6.6 All amounts due under the Contract from the Customer to the Supplier shall be paid by in full without any set-off, counterclaim, deduction or withholding (other than any deduction or withholding of tax as required by law).
7. LIMITATION OF LIABILITY
7.1 The Supplier has obtained insurance cover in respect of its own legal liability for individual claims not exceeding the amount per claim specified in the Supplier’s insurances (the “Supplier Insurances”). The Customer may from time to time submit a request to the Supplier for written evidence that the Supplier is maintaining the Supplier Insurances. The limits and exclusions in the Supplier Insurances reflect the insurance cover the Supplier has been able to arrange. So as to have insurance in place in respect of liability the Supplier may have arising from the Contract, the Supplier shall maintain in force the Supplier Insurances with a reputable insurer and such Supplier Insurances shall include coverage of not less than the following amounts for any claim or series of claims arising out of any one occurrence: €13,000,000 in respect of employer’s liability; €6,500,000 in respect of public liability; and, from the date of commencement of any Services, €3,500,000 in respect of professional indemnity.
7.2 Nothing in the Contract limits any liability which cannot legally be limited, including liability for: (i) death or personal injury caused by negligence; and (ii) fraud or fraudulent misrepresentation.
7.3 Subject to Clause 7.2, a party’s Total Liability to the other party in respect of all breaches of duty occurring within any Relevant Year shall not exceed the amount of the Total Charges for such Relevant Year.
7.4 In Clause 7.3 the following terms have the following meanings: (a) Relevant Year. A relevant year means a 12-month period commencing with the Start Date or any anniversary of it; (b) Total Charges. The total charges means all sums paid by the Customer and all sums payable under the Contract in respect of Works and Services actually supplied by the Supplier, whether or not invoiced to the Customer; and (c) Total Liability. A party’s total liability includes liability in contract, tort (including negligence), breach of statutory duty, or otherwise, arising under or in connection with the Contract.
7.5 The following are the specific heads of loss for which the Supplier shall not be liable and are wholly excluded: (i) Loss of profits; (ii) Loss of sales or business; (iii) Loss of agreements or contracts; (iv) Loss of anticipated savings; (v) Loss of use or corruption of software, data or information; (vi) Loss of or damage to goodwill; (vii) Indirect or consequential loss.
7.6 The Supplier has given commitments as to compliance of the Services and/or the Works with the relevant standards and specifications as set out in Clause 3. In view of these commitments, any terms implied by Applicable Laws are, to the fullest extent permitted by law, excluded from the Contract.
8.1 Without affecting any other right or remedy available to it, either party to the Contract may terminate it with immediate effect by giving written notice to the other party if: (a) the other party commits a material breach of any term of the Contract which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 30 Business Days after being notified in writing to do so; (b) the other party takes any step or action in connection with its entering provisional liquidation, examinership or any composition or arrangement with its creditors (other than in relation to a solvent restructuring), being wound up (whether voluntarily or by order of the court, unless for the purpose of a solvent restructuring), having a receiver appointed to any of its assets or ceasing to carry on business or, if the step or action is taken in another jurisdiction, in connection with any analogous procedure in the relevant jurisdiction; (c) the other party suspends, or threatens to suspend, or ceases or threatens to cease to carry on all or a substantial part of its business; or (d) the other party’s financial position deteriorates to such an extent that in the terminating party’s opinion the other party’s capability to adequately fulfil its obligations under the Contract has been placed in jeopardy.
8.2 Without affecting any other right or remedy available to it, the Supplier shall be entitled to terminate the Contract with immediate effect by giving written notice to the Customer if the Customer fails to pay any amount due under the Contract within twenty (20) Business Days of the due date for payment. Any written notice to terminate the Contract pursuant to this Clause 8.2 shall be provided by the Supplier to the Customer at least five (5) Business Days in advance of the proposed termination date.
8.3 On termination of the Contract for whatever reason: (a) the Customer shall, subject to Clause 6.4, pay to the Supplier all of the Supplier’s outstanding unpaid invoices and interest (if any) thereon; (b) in respect of Services supplied but for which no invoice has been submitted, the Supplier may submit an invoice, which shall be payable in accordance with Clause 6.4; (c) the Supplier shall reimburse to the Customer the amounts (if any) received in advance in respect of Services which, as a result of the termination of the Contract, shall not be supplied to the Customer; (d) any provision of the Contract that expressly or by implication is intended to come into or continue in force on or after termination of the Contract shall remain in full force and effect; and (e) termination of the Contract shall not affect any of the rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the Contract which existed at or before the date of termination.
9. DATA PROTECTION
9.1 The Supplier will Process Personal Data relating to this Contract in accordance with the requirements of Data Protection Law and the data processing agreement contained in Schedule 1 to these Terms (the “Data Processing Agreement”).
9.2 For Services and Works where the Supplier acts as processor processing Personal Data, the Data Processing Agreement will apply. In such cases; (i) the Supplier shall perform its obligations under these Terms in relation to Personal Data and comply with the provisions of the Data Processing Agreement for the duration of this Contract; and (ii) the obligations and rights of the Customer with respect to the Processing shall be as set out in these Terms and the Data Processing Agreement. Additional provisions in respect of Personal Data shall be agreed between the Supplier and the Customer from time to time where required pursuant to Data Protection Law.
9.3 The Customer warrants that it has the authority to provide Personal Data to the Supplier in connection with the performance of the Services and/or the Works and that any Personal Data provided to the Supplier is provided and has been Processed in accordance with Data Protection Law. The Supplier warrants that it will Process Personal Data provided by the Customer in accordance with Data Protection Law.
10.1 Force majeure. Neither party shall be in breach of the Contract nor liable for delay in performing, or failure to perform, any of its obligations under the Contract if such delay or failure result from events, circumstances or causes beyond its reasonable control.
10.2 Assignment and other dealings.
(a) The Customer shall not assign, transfer, charge, subcontract, declare a trust over or deal in any other manner with any or all of its rights and obligations under the Contract without the Supplier’s prior written consent (not to be unreasonably withheld or delayed).
(b) The Supplier may at any time by prior notice in writing to the Customer assign, transfer, charge, declare a trust over or deal in any other manner with any or all of its rights under the Contract where such action involves any other member of the Supplier’s group (“Intra-group Dealing”). Save in respect of any Intra-group Dealing, the Supplier shall not assign, transfer, charge, subcontract, declare a trust over or deal in any other manner with any or all of its rights and obligations under the Contract without the Customer’s prior written consent (not to be unreasonably withheld or delayed).
(a) Each party undertakes that it shall not at any time during the Contract, and for a period of five (5) years after termination of the Contract (“Relevant Period”), disclose to any person any confidential information concerning the business, affairs, customers, clients or suppliers of the other party or of any member of the group to which the other party belongs, except as permitted by Clause 10.3(b).
(b) Each party may disclose the other party’s confidential information: (i) to its employees, officers, representatives, subcontractors or advisers who need to know such information for the purposes of carrying out the party’s obligations under the Contract and shall ensure that its employees, officers, representatives, subcontractors or advisers to whom it discloses the other party’s confidential information comply with this Clause 10.3; and (ii) as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority.
(c) Neither party shall use any other party’s confidential information for any purpose other than to perform its obligations under the Contract. The Customer confirms to the Supplier that it is duly authorised to provide the confidential information provided to the Supplier in connection with this Contract.
(d) Following the expiration of the Relevant Period, each party shall use all reasonable endeavours to ensure that any confidential information held by it pursuant to this Contract shall not be retained and/or disclosed in a reckless manner.
10.4 Entire agreement & Conflicts. The Contract constitutes the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter. Each party acknowledges that in entering into the Contract it does not rely on and shall have no remedies in respect of any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in the Contract. Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in the Contract. If there is any conflict or inconsistency between provisions in different parts of the Contract, those parts shall have precedence as follows (unless expressly agreed otherwise): (a) the Letter of Engagement, (b) any applicable Statement of Work and any annexes thereto (including, but not limited to, any Order), (c) these Terms, and (d) other annexes to this these Terms.
10.5 Variation. No variation of a Statement of Work or the Letter of Engagement shall be effective unless it is in writing and signed by the parties (or their authorised representatives). These Terms may be amended by Supplier by notice in writing to the Customer and/or by posting an amended version of these Terms at the following link: https://metamo.ie/ PROVIDED ALWAYS that: (i) at least 30 days’ advance notice of any amendment to these Terms shall be provided to the Customer; and (ii) any amendment to these Terms which is, in the opinion of the Supplier (acting reasonably), materially detrimental to the Customer shall require the Customer’s consent in writing in order to take effect.
10.6 Waiver. A waiver of any right or remedy under the Contract or by law is only effective if given in writing and shall not be deemed a waiver of any subsequent right or remedy. A failure or delay by a party to exercise any right or remedy provided under the Contract or by law shall not constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict any further exercise of that or any other right or remedy. No single or partial exercise of any right or remedy provided under the Contract or by law shall prevent or restrict the further exercise of that or any other right or remedy.
10.7 Severance. If any provision or part-provision of the Contract is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of the Contract.
(a) Any notice given to a party under or in connection with the Contract shall be in writing and shall be: (i) delivered by hand or by pre-paid first-class post or other next working day delivery service at its registered office (if a company) or its principal place of business (in any other case); or (ii) sent by fax to its main fax number or sent by email to the address specified in any Letter of Engagement (or such other email address as may be notified to a party in writing from time to time).
(b) Any notice shall be deemed to have been received: (i) if delivered by hand, on signature of a delivery receipt or at the time the notice is left at the proper address; and (ii) if sent by pre-paid first-class post or other next working day delivery service, at 9.00 am on the second Business Day after posting or at the time recorded by the delivery service; and (iii) if sent by fax or email, at the time of transmission, or, if this time falls outside business hours in the place of receipt, when business hours resume provided that a copy of any notice sent by fax or email shall also be sent by pre-paid post within two (2) Business Days following the day on which the time of transmission occurs. In this Clause 10.8(b)(iii) business hours means 9.00am to 5.00pm Monday to Friday on a day that is not a public holiday in the place of receipt.
(c) This clause does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.
10.9 Governing law. The Contract, and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation, shall be governed by, and construed in accordance with the laws of Ireland.
10.10 Jurisdiction. Each party irrevocably agrees that the courts of Ireland shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with the Contract or its subject matter or formation.
Schedule 1 to Standard Terms of Business
Data Processing Agreement
Part 1: Data Processing Terms
1. In the course of the provision of services, METAMO will Process Personal Data on the instructions of and for the benefit of Customer and only in accordance with this Agreement and Data Protection Law. In the context of that Processing of Personal Data, in accordance with this Agreement and the Data Protection Annex: (i) Customer shall be deemed to be either a Controller or a Processor of the Personal Data and, where it is acting as a Processor, Customer will obtain the prior specific or general written authorisation of the relevant Controller in accordance with Data Protection Law to engage METAMO as a sub-processor; (ii) METAMO shall be deemed to be either a Processor or a sub-processor for and on behalf of the Customer; and (iii) each party is subject to, and agrees to comply fully with their respective obligations under Data Protection Law.
2. For the avoidance of doubt, parties have agreed that METAMO may, if necessary, also Process Personal Data for certain internal processes, such as safeguarding compliance with regulatory and legal obligations to which METAMO is subject, conflict checking, risk management and quality reviews and METAMO’s internal financial accounting, information technology and other administrative support services (the “Agreed Purpose”). METAMO acts as an independent Controller in its own right in relation to the Agreed Purpose. Where either Party acts as an independent Controller under GDPR, Part 2 of this Data Processing Agreement (Parties acting as independent Controllers) shall apply.
3. Before providing Personal Data to METAMO or giving METAMO instructions to access and further Process the Personal Data, Customer as the Controller or, where applicable, the relevant Controller, shall ascertain that such Processing is legitimate pursuant to, inter alia, Article 6 of GDPR.
4. For the purposes of this Agreement, details of the subject-matter, nature and purpose of the data processing activities in respect of agreed Services provided pursuant to a Statement of Work are included in the Annex to the relevant Statement of Work (the “Data Protection Annex”). The Data Protection Annex also contains an overview of the types of personal data and the categories of Data Subjects. METAMO and Customer confirm that, save where it is agreed otherwise in writing, no Personal Data shall be provided to METAMO in connection with the Works detailed in the Letter of Engagement dated [•].
5. METAMO shall keep confidential the Personal Data that it processes on behalf of Customer and shall ensure that anyone acting under its authority keeps Personal Data confidential, unless it is required by Applicable Law or professional regulations to disclose such data in which case, where legally permitted, METAMO shall inform Customer, of such legal requirement or professional regulation before such disclosure. It shall Process those Personal Data only on the documented instructions of Customer, including with regard to transfers of personal data outside of the European Economic Area (“EEA”), unless required to do otherwise under Applicable Law. In that case, METAMO shall inform the Controller of that legal requirement before Processing the Personal Data, unless Applicable Law prohibits the provision of such information.
6. METAMO shall inform Customer if it believes an instruction constitutes an infringement of Applicable Law and professional regulations, including Data Protection Law.
7. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, METAMO shall implement appropriate technical and organizational measures, including those described in its IT Security Policy, to ensure a level of security appropriate to the risk. The measures must also be aimed at preventing the unnecessary collection and further Processing of Personal Data.
8. METAMO shall periodically evaluate and strengthen, supplement or improve the measures it has implemented insofar as requirements or (technological) developments prompt it to do so.
9. METAMO shall give Customer the opportunity periodically to check compliance with this Agreement and the statutory provisions applicable to the Processing of Personal Data. The checks may be carried out on behalf of Customer by an (external) independent auditor unless that auditor is a direct competitor of METAMO. That periodic check shall be limited to METAMO’s answering questions put by Customer (a maximum of once a year) about METAMO’s compliance with applicable Data Protection Law and, where necessary, Customer’s being allowed to interview an METAMO IT employee or METAMO IT employees at an METAMO premises. Notwithstanding the foregoing, if the Customer reasonably believes that a Personal Data Breach has occurred or is occurring, then an audit under this Clause 9 may be carried out without undue delay.
10. Once a year, METAMO may arrange for an independent auditor to conduct an audit in respect of the security measures implemented by METAMO. At the written request of Customer, METAMO shall make available its most recent audit reports.
11. Having regard to METAMO’s duty of confidentiality towards other Customers, Customer accepts and acknowledges that METAMO shall not allow Customer or an auditor mandated by Customer to access its IT systems and/or its IT infrastructure.
12. METAMO shall inform Customer
i) as of 25 May 2018 of any Personal Data Breach that must be notified pursuant to Articles 33 and 34 of GDPR. METAMO shall inform Controller without undue delay and to the extent reasonably possible, within 36 hours after becoming aware of the Personal Data Breach;
ii) of complaints from Data Subjects whose Personal Data are being Processed by METAMO,
iii) of requests from Data Subjects whose Personal Data are being Processed by METAMO regarding the exercise of their data protection rights under GDPR;
iv) of an audit by a Supervisory Authority or other competent authority where such is permitted pursuant to Applicable Law and professional regulations;
and shall provide to Customer such further information and such assistance as Customer may reasonably require, and within the timescales reasonably specified by Customer, to allow Customer, or where applicable the relevant Controller to comply with its obligations under Data Protection Law in connection with such matters.
13. METAMO shall provide Customer with reasonable assistance requested by Customer or where applicable, the relevant Controller, in connection with (i) the fulfilment of its obligations under Data Protection Law relating to the security of Personal Data (to the extent required by Data Protection Law and in particular, the obligations pursuant to Articles 32 to 34 of GDPR); (ii) responding to a request from or audit by a Supervisory Authority or other competent authority, or (iii) a request or complaint from Data Subjects whose Personal Data are being processed by METAMO including requests by Data Subjects exercising their rights under Data Protection Law (in particular the rights contained in Articles 12 to 23 of GDPR). METAMO shall also assist Customer in complying with Data Protection Law that may require Customer to conduct data protection impact assessments and to consult with Supervisory Authorities (in particular the obligations pursuant to Articles 35 to 36 of GDPR).
14. METAMO shall not outsource the Processing of Personal Data in whole or in part to a subcontractor without the prior written authorization of Customer. Customer shall be entitled to refuse such authorization without giving a reason or to make its authorization subject to further conditions. METAMO shall also, at a minimum, enter into contractual arrangements with its sub-processors and sub-contractors which impose equivalent obligations on the sub-processors and sub-contractors as are imposed on METAMO under this Agreement and which offer an equivalent level of data protection as set out in this Agreement. METAMO will remain fully liable towards Customer for the acts and omissions of the sub-contractor and for the performance of the subcontractor’s obligations under the outsourcing contract to the same extent METAMO would be liable if performing the services of the sub-contractor directly under the terms of this Agreement. By signing this Agreement, Customer authorizes METAMO to engage other METAMO Firms and METAMO Persons in the Processing of Personal Data.
15. Subject to the prior written approval of Customer, which shall not be unreasonably withheld, METAMO may Process Personal Data in countries outside the EEA. Such processing shall take place only where METAMO complies (and is in a position to demonstrate to the Customer’s reasonable satisfaction that it complies) with Data Protection Law including the provisions of Chapter V of GDPR (“Transfers of personal data to third countries or international organisations”).
16. Customer agrees that it, or where applicable, the relevant Controller is responsible for informing data subjects about the existence of processors or sub-processors based outside of the EEA and, where appropriate, for providing a link to METAMO’s BCRs & this Data Processing Agreement (without any sensitive/confidential information). In the event that a transfer involves special categories of Personal Data, Customer agrees that it or, where applicable, the relevant Controller is responsible for ensuring that data subjects have been informed or will be informed before such transfer takes place.
17. The duration of the Processing will be governed by the applicable Letter of Engagement and/or Statement of Work (as the case may be). After the end of the provision of services relating to Processing, METAMO shall, at the choice of Customer delete or return all Personal Data to Customer and delete all copies unless METAMO has a statutory or professional duty to store the Personal Data beyond termination of the Contract. METAMO shall provide confirmation signed by an authorized representative that this paragraph 16 has been complied with in full. The parties acknowledge that METAMO may keep data retained for back-up purposes which METAMO may keep pursuant to its document retention and business continuity policies, provided that the security and secrecy provisions as included in this Agreement continue to apply to them.
18. METAMO shall at the request of Customer provide reasonable assistance in the transfer or migration of Personal Data to any new service provider.
19. As part of the Services, METAMO agrees that it shall take all reasonably necessary steps and security precautions in accordance with commercially reasonable industry standards to minimize the risk of unauthorized access to, or sabotage of, the Customer Information and Personal Data that is provided to METAMO to perform the Services.
20. METAMO will maintain and keep updated a IT Security Policy that contains procedures designed to protect the security of information and Personal Data in electronic form while under METAMO’s possession, custody or control. Further details are set out in the IT Security Policy which is available for inspection on request.
Part 2: Parties acting as independent Controllers
21. To the extent that parties are independent Controllers under GDPR, to ensure the secure, correct and lawful Processing of Shared Data, the parties have agreed to the terms and conditions as set forth in Clauses 22 to 29 below.
22. The parties shall ensure that they each have a valid legal basis to Process the Shared Data for the Agreed Purpose pursuant to Data Protection Law.
23. Each party shall be individually responsible, as an independent Controller, for its own Processing of the Shared Data, which means that each party determines the purposes and means of its respective Processing of the Shared Data.
24. Each party warrants and undertakes to the other party that it has and will continue to comply with its own obligations as an independent Controller under Data Protection Law in respect of the Shared Data.
25. Neither party shall be construed as a Processor in relation to the other party unless the conditions for Processing of the Shared Data change such that one party Processes Personal Data on behalf of and on the instructions of the other party.
26. The parties shall not be construed as joint Controllers under Article 26 of GDPR unless the conditions for Processing of the Shared Data change such that the Parties, in conjunction with one another jointly, in a collaborative fashion, determine the purposes and means of Processing the Shared Data.
27. Each party will inform the other party as soon as possible of any requests from Data Subjects regarding rectification or erasure of Shared Data, or restriction of or objection to the Processing of Shared Data for the Agreed Purpose. Each party shall, to the extent that such a request affects the Processing of Shared Data, provide reasonable assistance to the other party to enable compliance with Data Protection Law. Notwithstanding the foregoing, each party shall remain responsible itself for dealing with requests from Data Subjects in respect of Shared Data, to the extent that such requests are directed by the Data Subject to that party (or any of its agents, employees or sub-contractors).
28. Each party shall notify the other party immediately if it becomes aware of, or suspects: (i) any breach of this Agreement; or (ii) a Personal Data Breach which is likely to affect or invoke either party’s obligations under Data Protection Law, or (iii) any situation or envisaged development that shall in any way influence, change or limit the Processing of the Shared Data for the Agreed Purpose. Parties shall document all Personal Data Breaches in accordance with Data Protection Law and fully cooperate with each other to ensure compliance with Data Protection Law. Parties shall use reasonable endeavours to mitigate any damage suffered by a Data Subject in these circumstances.
29. A transfer of Personal Data outside of the EEA may only be made by either party where there are appropriate safeguards in place with regard to the rights of Data Subjects under Data Protection Law including the provisions of Chapter V of GDPR (“Transfers of personal data to third countries or international organisations”).
Schedule 2 to Standard Terms of Business
Part 1: Form of Statement of Work
Statement of Work dated [•]. This Statement of Work is between Metamo DAC (“Metamo”) and [CUSTOMER] (the “Customer”). This Statement of Work is being entered into pursuant to the Standard Terms of Business of Metamo dated [•] (the “Terms of Business”).
1. General: This Statement of Work is governed by the terms and forms part of the Terms of Business.
2. Terms Defined in the Terms of Business: Unless provided otherwise, all capitalised terms shall have the meaning set out in the Terms of Business.
3. Term and Termination: The commencement date for this Statement of Work is [•] (the “SOW Commencement Date”). [Insert details of term and termination].
4. The Services: The details of, inter alia, the Services and the Charges relevant to this Statement of Work are as follows: (a) [Insert details of Services]; and (b) [Insert details of applicable Charges]
5. Additional Terms and Conditions: The following additional terms and conditions apply to the Services provided under this Statement of Work: [Insert any additional terms and conditions applicable to the specific Statement of Work (e.g. Scope of Work, Timetable, Payment Terms, Roles and Responsibilities / Organisation and Governance, Outsourcing Terms and Service Levels)]
6. Data Protection: The parties agree that the Annex to this Statement of Work shall be the Data Protection Annex referred to in paragraph 3 of the Data Processing Agreement contained in the Terms of Business and includes, in respect of the Services, details of: (a) the subject-matter, nature and purpose of the data Processing in respect of the Services provided pursuant to this Statement of Work; and (b) the types of personal data and the categories of Data Subjects.
IN WITNESS WHEREOF the parties hereto have executed this Statement of Work on the date first written above.
SIGNED by [•] _______________________
for and on behalf of: Signature
METAMO DAC Date: [•]
SIGNED by [•] _______________________
for and on behalf of: Signature
[CUSTOMER] Date: [•]
Part 2: Data Protection Annex
1. [Metamo shall process the following Personal Data on behalf of the Customer in the context of providing the Services under the Statement of Work, for the duration of the Statement of Work:
[insert detailed description of Personal Data]
(the “Relevant Personal Data”)
2. The respective obligations and rights of the Customer and Metamo in respect of the processing of such Relevant Personal Data shall be as set out in the Terms of Business and the Agreement as supplemented by this Annex.
3. The subject-matter, nature and purpose of the processing of the Relevant Personal Data by [Metamo] is as follows: [•]
4. Details of the types of Personal Data and the categories of Data Subjects are as follows:
Type of Personal Data: [•]
Categories of Data Subjects: [•]
5. [Insert details of any supplementary terms in respect of Relevant Personal Data]