Data Utilisation Terms

These data protection provisions govern how PrecogRecog Ltd processes personal data in connection with the supply of its products and services.

Data Protection Provisions

1. Definitions

In these data protection provisions the following definitions shall apply:

  • "Applicable Law" means the law of the United Kingdom.
  • "Controller", "Processor" and "Data Subject" shall have the meaning given to those terms in the applicable Data Protection Laws.
  • "Data Protection Impact Assessment" means an assessment of the impact of the envisaged Processing operations on the protection of Personal Data.
  • "Data Protection Laws" means (a) any law, statute, declaration, directive, regulation, or other legislative enactment (as amended, consolidated or re-enacted from time to time) which relates to the protection of individuals with regards to the Processing of Personal Data to which a Party is subject, including the GDPR and all legislation enacted in the UK in respect of the protection of personal data; including the UK GDPR as well as the Privacy and Electronic Communications (EC Directive) Regulations 2003; and (b) any code of practice or guidance published by the ICO (or equivalent regulatory body) from time to time.
  • "Data Processing Particulars" means, in relation to any Processing under this Agreement: (a) the subject matter and duration of the Processing; (b) the nature and purpose of the Processing; (c) the type of Personal Data being Processed; and (d) the categories of Data Subjects.
  • "Data Subject Request" means an actual or purported request from a Data Subject exercising his rights under the Data Protection Laws in relation to Personal Data including without limitation: the right of access by the Data Subject, the right to rectification, the right to erasure, the right to restriction of processing, the right to data portability and the right to object.
  • "GDPR" means the General Data Protection Regulation (EU) 2016/679.
  • "ICO" means the UK Information Commissioner's Office, or any successor or replacement body from time to time.
  • "Losses" means all losses, fines, penalties, liabilities, damages, costs, charges, claims, amounts paid in settlement and expenses (including legal fees, disbursements, costs of investigation, litigation, settlement, judgment, interest and penalties), other professional charges and expenses, cost of breach notification including notifications to the data subject, cost of complaints handling, all whether arising in contract, tort (including negligence), breach of statutory duty or otherwise.
  • "Permitted Purpose" means the purpose of the Processing as specified in the Data Processing Particulars.
  • "Personal Data" means any personal data (as defined in the Data Protection Laws) Processed by either Party in connection with this Agreement.
  • "Personal Data Breach" has the meaning set out in the Data Protection Laws.
  • "Processing" has the meaning set out in the Data Protection Laws (and "Process" and "Processed" shall be construed accordingly).
  • "Security Requirements" means the requirements regarding the security of Personal Data, as set out in the Data Protection Laws (including, in particular, the measures set out in Article 32(1) of the GDPR) as applicable.
  • "Sensitive Personal Data" means Personal Data that reveals such special categories of data as are listed in Article 9(1) of the GDPR.
  • "Third Party Request" means a written request from any third party for disclosure of Personal Data where compliance with such a request is required or purported to be required by law or regulation.
  • "UK GDPR" Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act of 2018.

2. Data Protection

2.1 Arrangement Between the Parties

The Parties shall each Process the Personal Data. The Parties acknowledge that the factual arrangements between them dictate the classification of each Party in respect of the Data Protection Laws. Notwithstanding this, the Parties anticipate that, in respect of the Personal Data, as between the Customer and PrecogRecog Ltd (the Supplier), the Customer shall act as the Controller and PrecogRecog Ltd shall act as the Processor.

Nothing within this Agreement relieves PrecogRecog Ltd of its own direct responsibilities and liabilities under the Data Protection Laws.

Each Party shall make due notification to any relevant regulator.

PrecogRecog Ltd undertakes to the Customer that it will take all necessary steps to ensure that it operates at all times in accordance with the requirements of the Data Protection Laws and will, at its own expense, assist the Customer in discharging its obligations under the Data Protection Laws.

2.2 Data Processor Obligations

To the extent that PrecogRecog Ltd Processes any Personal Data as a Processor for and on behalf of the Customer (as the Controller) it shall:

  • Only Process the Personal Data for and on behalf of the Customer for the purposes of performing its obligations under this Agreement, and only in accordance with the terms of this Agreement and any documented instructions from the Customer.
  • Keep a record of any Processing of the Personal Data it carries out on behalf of the Customer.
  • Unless prohibited by law, notify the Customer immediately (and in any event within twenty-four (24) hours of becoming aware of the same) if it considers that it is required by Applicable Law to act other than in accordance with the instructions of the Customer.
  • Take, implement and maintain appropriate technical and organisational security measures which are sufficient to comply with at least the obligations imposed on the Customer by the Security Requirements.
  • Within thirty (30) calendar days of a request from the Customer, allow its data processing facilities, procedures and documentation to be submitted for scrutiny, inspection or audit by the Customer.
  • Not disclose Personal Data to a third party in any circumstances without the Customer's prior written consent.
  • Promptly comply with any request from the Customer to amend, transfer or delete any Personal Data.
  • Notify the Customer promptly (and in any event within forty-eight (48) hours) following its receipt of any Data Subject Request or ICO Correspondence.
  • Notify the Customer promptly (and in any event within twenty-four (24) hours) upon becoming aware of any actual or suspected Personal Data Breach.
  • Comply with the obligations imposed upon a Processor under the Data Protection Laws.
  • Upon termination or expiry of this Agreement, cease Processing all Personal Data and return and/or permanently and securely destroy all Personal Data.
  • Not transfer or otherwise process Personal Data to a country outside of the UK without obtaining the Customer's prior written consent.
2.3 Personnel

PrecogRecog Ltd shall take all reasonable steps to ensure the reliability and integrity of any Personnel who shall have access to Personal Data (including ensuring such Personnel shall have undergone reasonable levels of training in Data Protection Laws), and ensure that each member of Personnel shall have entered into appropriate contractually-binding confidentiality undertakings.

2.4 Appointing Sub-contractors

If the Customer has provided written consent permitting PrecogRecog Ltd to appoint a sub-contractor, PrecogRecog Ltd shall be permitted to disclose Personal Data to such sub-contractor for Processing in accordance with its obligations under this Agreement, provided always that thorough due diligence is undertaken, and the sub-contractor contract is on terms which are substantially the same as these data protection provisions.

Notwithstanding any consent or approval given by the Customer, PrecogRecog Ltd shall remain primarily liable to the Customer for the acts, errors and omissions of any sub-contractor to whom it discloses Personal Data.

3. Recoverable Loss

Notwithstanding anything in this Agreement to the contrary, the Customer shall not be prevented from recovering any Losses it incurs.

4. Indemnity

PrecogRecog Ltd shall indemnify on demand and keep indemnified the Customer from and against:

  • Any monetary penalties or fines levied by the ICO on the Customer;
  • The costs of an investigative, corrective or compensatory action required by the ICO;
  • Any Losses suffered or incurred by the Customer pursuant to a claim by a third party (including by a Data Subject); and
  • Any other Losses suffered or incurred by the Customer,

in each case to the extent arising as a result of a breach by PrecogRecog Ltd (or its sub-contractors) of this Agreement and/or their respective obligations under the Data Protection Laws.

5. Limitation of Liability

5.1. Subject to Clause 5.2, the Supplier’s total aggregate liability to the Customer in respect of all losses arising under or in connection with this Agreement, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, including the indemnity at Clause 4 (Indemnity), shall not exceed £500, or the cost of the license provided to the customer, which ever is higher.

5.2. Data Protection "Super Cap": Notwithstanding Clause 5.1, the Supplier’s total aggregate liability specifically relating to a breach of the Data Protection Laws or the Data Protection Provisions of this Agreement shall be limited to £1000 or twice the cost ofthe licence provided to the customer, which ever is higher.

6. Exclusion of Indirect Losses

6.1. In no event shall the Supplier be liable to the Customer for any: Loss of profits, sales, business, or revenue; Loss of anticipated savings; Loss of or damage to goodwill; or Any indirect or consequential loss or damage. 3. Mitigation 3.1. The Customer shall take all reasonable steps to mitigate any loss or damage it may suffer as a result of any event which may give rise to a claim under the indemnity in Clause 4.

Schedule 1 — Data Processing Particulars

Subject matter of Processing The supply of Isophore software products and related services.
Nature of Processing Obtaining details relating to licensees, trial users, and their representatives for account management and service delivery.
Duration of Processing For the length of the supply of the relevant goods and/or services.
Purpose of Processing To provide the goods and/or services and to comply with the terms and conditions governing the supply of goods and/or services.
Type of Personal Data Name, contact details, email address, company/organisation name, payment data where applicable.
Categories of Data Subjects Licensees, trial users, employees, consultants, contractors and permitted agents.

PrecogRecog Ltd

Email: contact@precogrecog.com