Version Date: 26th November 2020
These terms and conditions (the “Terms”) set forth a legally binding contract between you (the “Customer”; “you” or “your”) and ICT LIMITED, a private limited liability company registered in Malta, with company registration number C 46930 and whose registered office is situated at Lead Business Centre, Triq l-Intarpriza, Zone 4, Central Business Centre, Birkirkara, Malta and who are also known by the brand name ICT Solutions (“ICT”; “we”; “us” or “our”). All Products and Services that may be sold, supplied or licensed to you by ICT shall be subject to, and governed by, these Terms.
In order to purchase or license any Product or Service from ICT, the Customer must submit an Order Form to ICT. Our Terms are incorporated in full, and constitute an integral part, to any such Order Form. Your submission of an Order Form, completed or otherwise, constitutes (i) your full acceptance of these Terms, together with any additional terms that may be set out in the Order Form, and (ii) your agreement to be legally bound by them.
Collectively, the Terms and the applicable Order Form comprise the full binding, legal Agreement between yourself and us (the “Parties”) for your purchase, receipt, license or use of the Products and/or Services which are the subject of that Order Form. This Agreement (that is, these Terms and the applicable Order Form) also supersedes any additional or inconsistent terms, understandings, commitments, agreements, representations or conditions, whether oral or in writing, in any acknowledgement, purchase order or other documents proposed to or provided by you (the Customer). No terms or conditions, other than those set out in these Terms and the applicable Order Form, shall be legally binding on ICT, unless we expressly agree otherwise in writing.
PRIOR TO SUBMITTING AN ORDER FORM TO US, CAREFULLY READ EACH PROVISION OF THESE TERMS AND ANY OF THE ADDITIONAL TERMS THAT MAY BE SET OUT IN THE ORDER FORM!
BY SUBMITTING AN ORDER FORM, YOU HEREBY REPRESENT AND WARRANT THAT:
(a) YOU ARE LEGALLY CAPABLE OF ENTERING INTO THIS AGREEMENT AND ARE 18 YEARS OLD AND OF THE LEGAL AGE REQUIRED IN YOUR STATE, PROVINCE, JURISDICTION, DOMICILE OR RESIDENCE, IF THIS IS HIGHER, TO ENTER INTO THIS AGREEMENT;
(b) IF YOU ARE ENTERING INTO THE AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU HAVE THE RIGHT, AUTHORITY AND CAPACITY TO DO SO AND TO BIND SUCH ENTITY TO THIS AGREEMENT, AND IN WHICH CASE THE TERMS the “Customer”; “you” or “your” SHALL REFER TO SUCH ENTITY; AND
(c) ON BEHALF OF YOURSELF AND/OR AS AN AUTHORISED REPRESENTATION OF THE ENTITY IN WHOSE NAME THE AGREEMENT IS BEING ENTERED INTO, AS APPLICABLE, YOU AGREE TO BE LEGALLY BOUND BY THESE TERMS AND ALL ADDITIONAL TERMS AND CONDITIONS THAT MAY BE SET OUT IN THE ORDER FORM.
IF ANY OF THE FOREGOING REPRESENTATIONS AND WARRANTIES DO NOT APPLY TO YOU (INCLUDING IF YOU DO NOT HAVE SUCH RIGHT, AUTHORITY AND CAPACITY TO ACT ON BEHALF OF YOUR ENTITY), OR IF YOU DO NOT AGREE WITH ALL OF THE TERMS AND CONDITIONS SET OUT IN THESE TERMS OR THE ORDER FORM, YOU MUST NOT SUBMIT AN ORDER FORM OR MAKE USE OF ANY OF OUR PRODUCTS OR SERVICES!
3.1 Capitalized terms used in these Terms are defined in Clause 4 below.
3.2 You (the Customer) should read these Terms, the Order Form and any document referred to in them very carefully. If there is anything which you not understand, you should discuss this matter with ICT and seek the necessary clarification.
3.3 You hereby waive any applicable rights to require an original (non-electronic) signature or delivery or retention of non-electronic forms (including submitted and executed Order Forms), records and agreements, to the extent not prohibited by the applicable laws of your jurisdiction.
3.4 All communications between ICT and Customers will, unless otherwise agreed between ICT and the Customer, be made in the English language. In the event of any discrepancy between the English language version of the Terms and any translated version of the Terms, the English language version of these Terms shall prevail and take precedence at all times.
3.5 There are important legal terms provided below in these Terms, including the Customer’s indemnification and our limitation of liability. To emphasise, please read these Terms carefully!
3.6 The data processing agreements set out in Annex A constitutes an integral part of these Terms.
3.7 To the extent that any of the terms and conditions set out in these Terms conflict with any terms and conditions in the Order Form, these Terms will take precedence and prevail.
4.1 The following definitions shall apply in these Terms:
(i) “Agreement” means these Terms and the Order Form accepted by ICT and executed by the Parties (including all other terms and conditions set out in that Order Form);
(ii) “Confidential Information” means (a) any confidential, proprietary, professional secret or trade secret information (a ‘trade secret’ being as defined by Chapter 589 of the Laws of the Malta) of the disclosing party (the “Discloser”) that if in tangible form is marked as confidential, secret or with a comparable legend or if disclosed orally or visually is identified as confidential at the time of disclosure; and (b) any and all discussions relating to such information. Discloser shall use reasonable efforts to mark its confidential information in tangible form as confidential; however, tangible information that does not bear such a legend and the discussions relating thereto, will be protected hereunder as Confidential Information if the receiving party (the “Recipient”) knew or should have reasonably known under the circumstances that the information is confidential. Customer Data is deemed to be Confidential Information;
(iii) “Customer Data” means any data, information and other materials generated by the Users’ use of the Licensed Software and that is stored by ICT as a part of the Subscription Services or Other Services;
(iv) “Data Protection Legislation” means all legislation and regulations, including regulations issued by relevant supervisory authorities, protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data that from time to time apply to the Parties, including without limitation, data protection laws and regulations implementing the Data Protection Directive 95/46/EC and as of 25 May 2018 the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “GDPR“);
(v) “Deliverables” means any deliverables provided to the Customer pursuant to an accepted Order Form;
(vi) “Documentation” means the then-current, generally available, written instructions, user guides, and user manuals for the Products, if applicable, whether in electronic, paper or other equivalent form, provided by ICT and in connection with any updates, modifications and improvements to the Products, regardless of form or media;
(vii) “Executable Code” means the fully compiled version of a software program that can be executed by a computer and used by an end user without further compilation;
(viii) “Charges” has the meaning set forth in Clause 12 of these Terms;
(ix) “Hardware” means one or more physical Products;
(x) “Heightened Cybersecurity Requirements” means any laws, regulations, codes, guidance (from regulatory and advisory bodies, and whether mandatory or not), international and national standards, industry schemes and sanctions, which are applicable to the Customer (but not ICT) relating to security of network and information systems and security breach and incident reporting requirements, which may include the cybersecurity Directive ((EU) 2016/1148), Commission Implementing Regulation ((EU) 2018/151), the Network and Information systems Regulations 2018 (SI 506/2018), all as amended or updated from time to time;
(xi) “Intellectual Property Rights” means, means patents, utility models, rights to inventions, copyright and related rights, moral rights, trade marks, business names and domain names, rights in get-up, goodwill and the right to sue for passing off, rights in designs, rights in computer software, database rights, rights to use, and protect the confidentiality of, confidential information and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world;
(xii) “Licensed Software” means the machine-readable, object-code version of ICT’s proprietary software, including all related Documentation and any modified, updated or enhanced versions and recovery images of the program provided by ICT to the Customer. Licensed Software does not include any Third-Party Software offered under a third-party license agreement, but it may include Third-Party Software that is sub-licensed to the Customer by ICT subject to the terms of this Agreement;
(xiii) “New Version” means a Licensed Software release containing major new enhancements, features or functionality, in Executable Code form, that is made commercially available by ICT and generally indicated by a change in the digit to the left of the first decimal point (i.e., a change from version x.x.x to y.x.x) and the associated Documentation;
(xiv) “Order Form” means the ordering documents, in a form specified by ICT, which is signed and/or submitted by Customer to ICT (as applicable);
(xv) “Other Services” means those subscription services provided by ICT, other than the Subscription Services;
(xvi) “Products” means any one or more of the following third-party products or services provided, suppled, sold or resold by ICT to the Customer as set forth in an Order Form: Hardware, Third Party Subscription Services, sub-license to use Licensed Software, Third Party Support Services, Third Party Professional Services, and Third Party Software;
(xvii) “Professional Services” means implementation, training, installation and data recovery, migration and restoration services and other professional services provided by ICT to the Customer, but specifically excluding Subscription Services and Support Services;
(xviii) “Services” means any one or more of the following services provided by ICT to the Customer as set forth in an Order Form: Subscription Services, Support Services, Professional Services or Other Services;
(xix) “Service Effective Date” means the date upon which ICT notifies the Customer by e-mail or otherwise that the respective service is operational, and it applies to Subscription Services, Support Services and Other Services;
(xx) “Subscription Services” means the provision of access over the Internet, or via private link, to the functionality of the Licensed Software running on the ICT’s Systems;
(xxi) “Support Fees” means those fees for the purchase, extension or renewal of Support Services, as set forth in the applicable Order Form.
(xxii) “Support Services” means maintenance and technical support services provided by ICT, but specifically excluding Professional Services.
(xxiii) “System” means the computer hardware and software (including, but not limited to, the Licensed Software and other software applications, software interfaces, operating system and databases), data storage and all other resources (including telecommunications equipment) used by ICT to make Licensed Software and Customer’s data available to, and usable by, Customer via the Internet or via private link, which may be located at third party data centres and public cloud infrastructures that are utilized by ICT under contract;
(xxiv) “Third Party Professional Services” means implementation, training, installation and data recovery, migration and restoration services and other professional services provided by third parties that are sub-contracted by ICT or any of its subsidiaries to the Customer, but specifically excluding Third-Party Subscription Services and Third-Party Support Services;
(xxv) “Third-Party Software” means any software, licensed as a stand-alone product or as a part of another software, which is not owned by ICT or its subsidiaries;
(xxvi) “Third Party Subscription Services” the provision of access over the Internet, or via private link, to the functionality of the Licensed Software running on third party systems, as provided, supplied or resold by ICT to the Customer;
(xxvii) “Third Party Support Services” means maintenance and technical support services provided by third parties other than ICT or any of its subsidiaries, specifically excluding Third Party Professional Services, as resold by ICT to its customers;
(xxviii) “Users” means Customer’s employees, contractors and agents;
(xxix) “Virus” means anything or device (including any software, code, file or programme) which may prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise) or adversely affect the user experience, including worms, trojan horses, viruses, robots, spiders, crawlers, virus, malwares, spywares or similar malicious code and other similar things or devices;
(xxx) “Vulnerability” means a weakness in the computational logic (e.g. code) found in software and hardware components that when exploited, results in a negative impact to the confidentiality, integrity, or availability, and the term “Vulnerabilities” shall be construed accordingly.
5.1 In these Terms, unless the context requires otherwise:
- headings are inserted for convenience only and will not affect the construction or interpretation of these Terms;
- words importing the singular include the plural and vice-versa;
- a reference to any party shall include that party’s permitted assignees and successors in title;
- any reference to a statute, statutory instrument, or other regulations includes all provisions, rules and regulations made under them and will be interpreted as reference to such statute, statutory instrument, or regulations as in force at the Version Date of these Terms; and
- the exhibits form an integral part to these Terms.
6.1 No Products or Services shall be sold, licensed, provided, supplied or otherwise furnished by ICT to the Customer by virtue of these Terms alone, but in each case require the submission of a sufficiently completed and signed Order Form to ICT by the Customer.
6.2 As a minimum, any Order Form submitted by the Customer must contain:
(a) an identification of the Products or Services;
(b) the quantity of each Product or Service;
(c) the estimated lead-time for delivery in the case of Products, or the estimated lead-time for commencement in the case of Services; and
each of which must be duly confirmed upon submission by the Customer.
6.3 Where an Order Form does not include the location for delivery, then the location/place of delivery will be deemed to be in Malta and, in the case of physical Products, up to ground-floor level with direct vehicular access. It is the Customer’s sole responsibility to advise ICT of any special delivery requirements that are needed and, for all such cases, ICT reserves the right to revise or adjust any quotation which may have been already provided to the Customer.
6.4 Order Forms which do not satisfy any of the above requirements will not be considered valid and shall be deemed as rejected by ICT.
6.5 ALL ORDER FORMS ARE SUBJECT TO ICT’S WRITTEN ACCEPTANCE. Quotations shall be non-binding on ICT unless and until ICT issues its written acceptance to that Order Form submitted by the Customer.
6.6 The submission of an Order Form by the Customer shall constitute a legal offer made by that Customer to ICT to purchase or license, as applicable, the Products and/or Services that are the subject of that same Order Form.
6.7 ICT is under no obligation to accept or execute any Order Form submitted by the Customer.
6.8 Where ICT does not issue its written acceptance to the Customer within two (2) weeks from the date of its receipt of the submitted Order Form, that same Order Form shall be deemed to have been rejected in full by ICT. For avoidance of doubt, these Terms shall also govern any Order Forms which are rejected by ICT (including deemed rejection) together with all controversies, disputes or claims arising or connected thereto (whether contractual or non-contractual).
6.9 ICT’s written acceptance, where provided, shall either:
(a) confirm the lead-time for delivery (in the case of Products) or the lead-time for commencement (in the case of Services) that has been requested by the Customer; or
(b) otherwise offer an alternative lead-time.
In the latter case (‘b’):
(a) the Customer shall either confirm its acceptance in writing to the alternative lead-time that has been proposed by ICT; and
(b) where the Customer informs ICT that it does not agree to the proposed alternative lead-time, the Parties will discuss in good faith and mutually agree in writing to a lead-time that is suitable for both Parties.
6.10 Further to Clause 9, in the absence of any reply by the Customer within the period of three (3) working days from the date of ICT’s communication, the alternative lead-time proposed by ICT shall be deemed to have been accepted and agreed to by the Customer without reservation.
6.11 In those cases where the terms of the Order Form specify that a deposit must be made upon submission of the Order, then any written acceptance that may be provided by ICT shall (under all circumstances) be subject to its receipt of timely payment of this deposit. The Customer shall, in all cases, pay the deposit to ICT by not later than two (2) weeks from submission of the Order Form and, if the Customer fails to do so within that timeframe, ICT shall have the right to revoke its conditional acceptance, in which case the Order Form will automatically terminate and cease to have any effect between Parties and ICT will be immediately released (without liability) from any obligations which it may have to the Customer in respect of the order.
7. Delivery and Risk
7.1 This Clause 7 regulates the manner in which the delivery of the Products and Services will be made to the Customer.
7.2 This Clause 7.2 applies to Licensed Software and Third-Party Software. Following ICT’s written acceptance of the applicable Order Form submitted by the Customer, in accordance with the above clauses, ICT will provide the Customer with the software key(s) required to enable the Customer to use the Licensed Software, either directly or through its respective supplier. For all effects and purposes at law and these Terms, the Licensed Software is deemed to have been delivered to the Customer upon the Customer’s receipt of the software key(s).
7.3 This Clause 7.3 applies to Hardware.
7.3.1 Following ICT’s written acceptance of the applicable Order Form submitted by the Customer, in accordance with the above clauses, ICT shall deliver the Hardware to the Customer within the delivery lead-time which has been agreed upon by the Parties in accordance with Clause 6 (unless prevented from doing so by a fortuitous event, an irresistible force or due to other circumstances beyond ICT’s reasonable control).
7.3.2 In those cases where the location for delivery is outside of Malta, then:
(a) additional international shipping fees may be applicable, unless the Order Form specifically includes international shipping fees;
(b) delivery will be FCA (Free Carrier), as such term is defined and regulated by INCOTERMS 2010, from the premises of ICT or its supplier (as will be communicated to the Customer); and
(c) risk of loss or damage to the Hardware will pass to the Customer when ICT, or its supplier, hands over the Hardware to the carrier selected by the Customer at the named place (which, as mentioned, will either be the premises of ICT or the premises of ICT’s supplier, as communicated by ICT to the Customer).
7.3.3 The Customer must:
(a) inspect all Products upon delivery (‘delivery’ being as established by the preceding clauses);
(b) confirm and inform ICT in writing upon delivery if:
- there are any shortages, damages or defects to the Product; or
- the Product does not conform to the accepted and executed Order Form; and in the case of ‘(b)’, duly indicate, in sufficient detail, the reported shortages, damages, defects or non-conformity in the delivery document provided by ICT or its supplier.
7.3.4 Failing any such action by the Customer as per Clause 7.3.3(b), the Customer shall be deemed to have accepted the Product in full upon its delivery as described above.
7.4 This Clause 7.4 applies to the Services. Following ICT’s written acceptance of the applicable Order Form submitted by the Customer, in accordance with the above clauses, delivery of the Subscription Services, Support Services or Other Services, as applicable, will be deemed to have been made and completed by ICT upon the Service Effective Date. With regards to the Professional Services, delivery to the Customer will be deemed to have been made and completed by ICT upon the completion of the provision of those Professional Services (and, in the case of a service milestone, upon fulfilment of that milestone).
8. Licensed Software
8.1 This Clause 8 applies to any Licensed Software that is provided to the Customer by ICT.
8.2 Subject to the Terms and any additional terms that may be set out in the applicable Order Form (including, without limitation, your timely payment of the Fees), ICT hereby grants you, the Customer, a limited, non-exclusive, non-transferrable, revocable (in accordance with Clause 8.9 or Clause 19) right and licence (without any rights to sub-license) to:
(a) install and use, in object code only, the Licensed Software strictly for your internal business purposes;
(b) use the Documentation strictly in connection with your permitted use of the Licensed Software; and
(c) in the case of both (a) and (b), strictly for the term specified in the Order Form.
(together, the “Licence”).
8.3 You may also make one (1) copy of the Licensed Software and the Documentation for backup or archival purposes only, provided that the copy fully retains all proprietary notices and/or designations contained in the original.
8.4 Licence Restrictions. Except to the extent expressly permitted by applicable law or these Terms, you shall not, and shall not permit, authorise or encourage any third party (including, without limitation, your officers, staff, agents or contractors) to do any of the following:
(a) copy or reproduce the Licensed Software or Documentation;
(b) sell, assign, lease, lend, rent, distribute, sublicense, or make available the Licensed Software or Documentation to any third party;
(c) use the Licensed Software or Documentation to operate in or to provide business services to other companies;
(d) modify, alter, adapt, arrange, translate, decompile, disassemble, reverse engineer, or otherwise make attempts to discover or derive the source code (or the underlying structure, sequence or organization) of, the Licensed Software;
(e) create, market or distribute add-ons, enhancements, customisations and/or modifications to the Licensed Software;
(f) integrate, incorporate, include, or bundle the Licensed Software into any other software;
(g) provide or allow access (including technical access) to the License except (strictly) to your representatives, officers and staff;
(h) circumvent, disable or otherwise interfere with the security-related features of the Licensed Software, or with features that prevent or restrict use thereof;
(i) make or create a derivative work of the Licensed Software or Documentation, or use the Licensed Software or Documentation to develop any service or product that is the same as, or substantially similar or contains similar functions to, the Licensed Software;
(j) use the Licensed Software or Documentation in any way that is infringing, deceptive, harassing or defamatory, or for any inappropriate purpose (as ICT shall determine at its sole and absolute discretion) or contrary to any applicable law; or
(k) publish, transmit, or link to any robot, spider, crawler, virus, malware, Trojan horse, spyware, or similar malicious code intended (or that has the potential) to damage, disrupt, compromise, or exploit the Licensed Software or any other software or hardware.
8.5 References in Clause 8.4 (Licence Restrictions) above to the Licensed Software and the Documentation, respectively, shall be taken to mean (i) the Licensed Software, in whole or in part, (ii) the Documentation, in whole or in part; and (iii) any New Versions released or otherwise made available to the Customer.
8.6 In addition, you hereby acknowledge and agree that:
(a) your full compliance with the License Restrictions is a condition to the License;
(b) the grant of the Licence is contingent and conditional upon your compliance at all times with the conditions and limitations of use set out in Clause 2 and all the License Restrictions; and
(c) the Licensed Software, including its source code, structures, sequence and organisation, constitutes or otherwise contains or otherwise include valuable commercial information and trade secrets of ICT and is subject to protection against unauthorised disclosure, acquisition or use and misappropriation.
8.7 The Customer expressly acknowledges and accepts that:
(a) the grant of the License is strictly limited to use for internal business purposes only;
(b) the Licensed Software may only be used by the Customer and its employees; and
(c) the Customer has absolutely no rights and is given no rights (whether under these Terms or otherwise) to exploit the Licensed Software or make any form of commercial use of it.
8.8 Performance of any of the License Restriction is absolutely prohibited. If the Customer attempts to request ICT’s written permission to carry out any act which is prohibited by the License Restrictions, ICT fully reserves the right to refuse or withhold its consent at its own discretion, without any obligation to provide reasons to the Customer.
8.9 ICT shall be entitled to revoke and terminate the Customer’s Licence with immediate effect, without an obligation to provide any remedy or cure period, where the Customer:
(a) breaches (in whole or in part) any of the conditions or limitations of use in Clause 2;
(b) breaches (in whole or in part) any of the License Restrictions; or
(c) makes, or attempts to make, any form of commercial use or other exploitation of the Licensed Software (or allows any third party to carry out the same).
9.1 The Customer acknowledges and agrees that title to, and ownership of, the Documentation, the Licensed Software, including all Intellectual Property Rights subsisting thereto, and all New Versions and all adjustments, corrections, customisations, enhancements and other modifications to the Licensed Software (together with their respective Intellectual Property Rights), whether made by ICT or any third party, are the sole and exclusive property of ICT or its licensors or suppliers (as applicable) and will at all times remain vested fully and entirely in ICT and/or its applicable licensor or supplier (as the case may be). All rights not expressly granted to the Customer in this Agreement are reserved in full by ICT and its licensors.
9.2 Nothing in the Agreement shall have the effect, or be construed as having the effect, of assigning, transferring, disposing, or o conferring, onto the Customer any title or ownership to:
(a) the Licensed Software,
(b) the rights, including any Intellectual Property Rights, to the Licensed Software;
(c) any New Versions and any adjustments, corrections, customisations, enhancements and other modifications to the Licensed Software (or their Intellectual Property Rights).
9.3 Leasing and Renting: In those cases where the Customer is either leasing or otherwise renting a Product from or through ICT, title to that Product shall at all times remain vested in ICT or, as applicable, the relevant third-party supplier. The Customer shall acquire no rights, title or interest in and to any leased or rented Products (including any Intellectual Property Rights), save only for those that are expressly set out in the applicable sections of these Terms.
10. Intellectual Property rights
10.1 The Products, any and all New Versions, any and all adjustments, corrections, customizations, enhancements and other modifications to the Licensed Software, and any and all documentation provided through Services, whether made by ICT or any third party, are the proprietary property of ICT and/or its licensors or suppliers (as applicable) and are protected by copyright laws and other laws and treaties on Intellectual Property Rights.
10.2 Nothing in this Agreement shall have the effect, or be construed as having the effect, of assigning, transferring, disposing or conferring onto the Customer any rights, title or interest in and to any Intellectual Property Rights to any (i) Products, (ii) New Versions or (iii) adjustments, corrections, customizations, enhancements or other modifications to Licensed Software, all of which shall remain vested in ICT or its applicable licensor or supplier at all times.
10.3 For avoidance of doubt, this Clause 10 is without prejudice to the limited rights of use granted to the Customer by virtue of this Agreement (including, where applicable, the Licence). For avoidance of doubt, the rights of the Customer to use any such Intellectual Property Rights belonging to ICT or its applicable licensor or supplier shall, all times, be strictly limited to what is expressly contained in these Terms or set out in the terms of the accepted Order Form.
10.4 ICT reserves all rights that are not expressly granted to the Customer under the Agreement, and nothing in this Agreement shall constitute or be construed as a waiver by ICT of any of its Intellectual Property Rights under any law or those of its licensors or suppliers.
10.5 Unless expressly agreed and stated otherwise by ICT, the Intellectual Property Rights (including all title thereto) to any Deliverables provided to the Customer under this Agreement shall remain the property of, and vested in, ICT.
11. Third-Party Software
11.1 Any Third-Party Software included in the Licensed Software, including any open-source software, may be subject to third party terms and conditions (“Third–Party Terms”). For such cases, we will make available a list of any such Third-Party Software and related Third-Party Terms in the Documentation.
11.2 It shall be your duty to request ICT for a copy of any applicable Third-Party Terms, and it is your duty to read and review them carefully.
11.3 To the extent of any conflict between any Third-Party Terms and any terms or conditions in your Agreement with us, the Third-Party Terms shall prevail in connection with the corresponding Third-Party Software (but only, and strictly up to, to the extent of the conflict). Notwithstanding anything contained in this Agreement to the contrary, ICT does not make any representation, warranty, guarantee, condition, and does not undertake any defense or indemnification, with respect to any Third Party Software.
12. Fees and Payment
12.1 In consideration of the sale, supply, provision or license of the Products or Services to the Customer by ICT, the Customer shall pay to ICT the applicable charge and all other fees (including, as applicable, any Support Fees) set forth in the applicable Order Form (collectively, referred to as the “Charges”).
12.2 Payments due under the Agreement shall be made in the currency and amounts set forth in the applicable Order Form, and by the payment dates specified therein or, if not specified therein, within a period of thirty (30) days of the date of issuance of the relative invoice. If it is the Customer’s standard business practice to issue a purchase order prior to its payment of an invoice, the Customer hereby warrants and undertakes to ensure that any such purchase order accompanies each and any Order Form which it may submit to ICT.
12.3 If the Customer fails to pay any amount due to ICT under the Agreement by the due date for payment, the Customer shall, in addition to all other remedies and rights available to ICT under these Terms or at law, pay default interest on the overdue amount at the maximum rate permissible at law (which, under Maltese law, is presently eight percent (8%) per annum). Such interest shall accrue on a daily basis from the due date of payment until the date of actual full and complete payment to ICT of the overdue amount. The Customer shall be obligated to pay to ICT both the overdue amount and all interest that has accrued on the overdue amount.
12.4 Prices quoted by ICT, and as agreed to by the Parties, are exclusive of Value Added Tax (“VAT”) at applicable current rates.
12.5 ICT reserves the right to change or revise prices quoted to the Customer provided that, prior to imposing any such price changes or revisions, ICT shall provide the Customer with appropriate notice and the Customer shall have the right to withdraw from the applicable Order Form.
12.6 The Customer shall be solely responsible for any charges due to any third party resulting from the use of the Subscription Services or Other Services.
13. Information Security and Data Licence
13.1 ICT has adopted a written security policy that includes administrative, technical and physical safeguards which are intended to protect the Customer’s Confidential Information from unauthorised access, disclosure and use. Nonetheless, the Customer shall, and assumes the obligation to, encrypt, using the encryption feature provided in the Products or Services, all data or information which it transmits to ICT, including, without limitation, data transferred over the Internet or via other media. The Customer shall be exclusively responsible and liable for all claims, losses, damages and any other consequences which may arise from any omission or breach on its part of its duties and responsibilities under this provision.
13.2 The Customer understands and agrees that it is solely responsible for all communications which the Customer, or its Users, may make whilst using the Customer’s ‘customer account’ with ICT (including with respect to the content of such communications).
13.3 ICT shall have no responsibility to monitor or screen any communications that are transmitted or received by the Customer, or its Users, through its above-mentioned ‘customer account’.
13.4 The Customer shall not use any of the services offered by ICT, including the Subscription Services or Other Services, to communicate any message or material which:
(a) is known, or reasonably should be known, to be libellous, harmful to minors, obscene or constitutes pornography;
(b) is known, or reasonably should be known, to infringe any Intellectual Property Rights of any person whatsoever;
(c) is known, or reasonably should be known, as potentially giving rise to civil liability under any applicable law or regulation, or
(d) constitutes or encourages conduct that could constitute a criminal offence, under any applicable law or regulation.
13.5 Passwords. Users will access the Subscription Services or Other Services via the Internet or private link by means of a specific account and passwords provided by ICT. ICT will issue to the Customer or, alternatively, will authorise the Customer to issue a password (each, a “Password”) for each User authorised to use the Subscription Services or Other services using Customer’s account. ICT encourages the Customer to change the Passwords issued by ICT and regularly update them. In addition, the Customer will designate its own keys for the encryption of Customer Data. If the Customer loses its encryption key, it may not be able to access its data. The Customer is solely responsible for the confidentiality and use of its Passwords, encryption keys and the Customer account. In no event will ICT, or its suppliers, be liable for any data breach, unauthorised access, unauthorised disclosure, loss of data or any other similar where it arises as a result of, or is otherwise due to, the Customer (or any User) failing to maintain the security or confidentiality of a Password or encryption key.
13.6 The Customer grants to ICT, who accepts, a non-exclusive, world-wide, royalty-free license to use its data and all Customer Data in order: (i) to perform ICT’s obligations under this Agreement; and (ii) as may be required by law. The Customer will be responsible for obtaining all rights, permissions, and authorizations to provide such data to ICT for use as contemplated under this Agreement. Except for the limited license granted herein, nothing contained in this Agreement will be construed as granting ICT any right, title, or interest in or to that data.
13.7 The Customer is solely responsible for all telecommunication or Internet connections and associated fees required to access and use the Products and/or Services. ICT is not responsible for (i) Customer’s access to the Internet, (ii) interception or interruptions of communications through the Internet, or (iii) changes or losses of data through the Internet.
14. Data Protection
14.1 “Customer Data”, as applicable to these Terms, means any personal data which is processed by the Customer, or its Users, in connection with or as a result of using the Licensed Software or other Products or Services.
14.2 For the purposes of all Data Protection Legislation, the Customer acknowledges and agrees that it is the controller of the Customer Data. The Customer:
(a) acknowledges and accepts that it is individually and independently bound to ensure that it complies with all applicable obligations that may be imposed on a controller under all Data Protection Legislation; and
(b) warrants and undertakes to, at all times for the term of the Agreement (which includes the duration of any service provision by ICT), observe and maintain full compliance with Data Protection Legislation, including with regards to all applicable controller obligations.
14.3 The provision of the Services may require ICT to access, use, store, host or otherwise process Customer Data on behalf of the Customer, in which case the Parties acknowledge and agree that ICT would, in such circumstances and in terms of the applicable Data Protection Legislation, amount to a processor acting on behalf of and on the express, written appointment of the Customer (collectively, the “Processing Services”).
14.4 For the above purpose, the data processing agreement (the “Processing Agreement”), which is incorporated into these Terms as “Annex A”, defines the data processing relationship between the Parties limitedly in the context of those Processing Services that are provided to or for the Customer by ICT, and sets out the additional terms, requirements and conditions on which ICT will process Customer Data as a processor for the Customer when providing such Processing Services to the Customer. The Processing Agreement contains the mandatory clauses required by Article 28(3) of the General Data Protection Regulation ((EU) 2016/679) for contracts between controllers and processors.
14.5 By entering into these Terms as per the above clauses, you accept and endorse the Processing Agreement set out in Annex A in full and confirm that ICT is authorised to access and process Customer Data in accordance with, and subject to, the terms of that Processing Agreement.
14.6 The Customer is solely responsible for the collection, accuracy, quality, legality, completeness and use of the Customer Data.
15.1 Each Party acknowledges that, in the course of its performance of the Agreement (including any service provision), it may obtain or otherwise have access to the Confidential Information of the other Party (the “Recipient”).
15.2 The Recipient shall at all times handle and use the other Party’s Confidential Information in the strictest confidence. The Recipient hereby warrants and undertakes to the other Party that it shall take all reasonable steps to:
(a) prevent and protect against any third-party access to the other Party’s Confidential Information (unless otherwise expressly authorised in writing by the other Party);
(b) prevent and protect against any unauthorised disclosure of the other Party’s Confidential Information; and
(c) maintain full confidentiality of the other Party’s Confidential Information at all times.
15.3 The Recipient warrants and undertakes to the other Party that it shall:
(a) not disclose the other Party’s Confidential Information to any third parties other than to its, directors, officers, employees, advisors or consultants (collectively, the “Representatives”) on a strictly “need to know” basis only and provided that such Representatives are bound by written agreements to comply with confidentiality obligations equivalent to those contained herein, and in any event, the Recipient shall remain responsible for the acts or omissions of its Representatives to the same extent as if such acts or omissions were performed by the Recipient;
(b) not use or reproduce the other Party’s Confidential Information for any purpose except as necessary to perform its obligations or exercise its rights under this Agreement; or
(c) keep the other Party’s Confidential Information confidential using at least the same degree of care it uses to protect its own confidential information, which shall in any event not be less than a reasonable degree of care.
15.4 The Recipient shall be liable for any breach, or failure to maintain the confidentiality of, the other Party’s Confidential Information committed by any of its Representatives.
15.5 The Parties however acknowledge and accept that, regardless of the measures taken to prevent unauthorised access or unauthorised disclosure, use of or connection to the Internet provides the opportunity for unauthorised third parties to circumvent such precautions and illegally gain access to Confidential Information. Accordingly, the Parties accept and agree that a Recipient cannot and does not guarantee the privacy, security or authenticity of any information so transmitted over or stored in any system connected to the Internet (and nothing in this Clause 15 or the Agreement is intended to provide any such guarantee).
15.6 This Clause 15 shall not apply to any information which:
(a) is or becomes generally available to the public, or within the industry to which the information relates, other than as a result of a breach of the Agreement;
(b) was known to Recipient prior to receipt from the other Party, provided such prior knowledge can be substantiated by documentary evidence antedating any disclosure by the other Party;
(c) has been disclosed to the Recipient by a third party (other than employees or agents of either Party) who is not subject to obligations of confidentiality to the other Party; or
(d) is independently developed by Recipient, provided such independent development can be substantiated by documentary evidence.
15.7 A disclosure of Confidential Information (i) in response to a valid order by a court or other governmental body, or (ii) otherwise required by law, will not be considered to be a breach of this Agreement or a waiver of confidentiality for other purposes. Provided, however, that the Recipient will provide prompt written notice thereof to the other Party to enable it to seek a protective order or otherwise prevent such disclosure, unless prohibited from doing so by the applicable order or at law.
15.8 The Parties obligations with respect to Confidential Information under this Clause 15 shall remain in force for the Term of the Agreement and, thereafter, for a period of five (5) years following its expiration or termination, unless however a longer period of protection applies under applicable Law, either as trade secret in terms of the Trade Secrets Act (Chapter 589 of the Laws of Malta) or otherwise.
15.9 Upon expiration or termination of the Agreement, or upon the written request of the other Party, the Recipient shall promptly return the other Party’s Confidential Information to the said other Party or, if requested by the other Party, permanently and irretrievably delete or destroy (as instructed) such Confidential Information and certify to the other Party its compliance with the above in writing. Without limiting the generality of the foregoing sentence, upon expiry or termination of the Agreement, you agree to promptly return to ICT, or if instructed by ICT, permanently and irretrievably delete or destroy all copies and partial copies of the Licensed Software and Documentation in your possession, including such that are fixed or resident in the memory or hard disks of your systems or other storage devices, and such that were made for your backup or archival purposes; and, thereafter, you agree to certify in writing to ICT compliance with such instructions, and that the software and Documentation are no longer in use, and will not in the future be used, by you.
16. Limited Warranties and Disclaimers
16.1 ASUMPTION AND RESPONSIBILITY. The Customer assumes all responsibility for the selection of, use of and the results obtained from, the Products or Services. All warranties provided under the Agreement extend solely to the Customer and not to any third parties.
16.2 SUBSCRIPTION SERVICES AND OTHER SERVICES WARRANTY. ICT warrants to the Customer that the Subscription Services and Other Services will, under normal use, perform substantially in accordance with the Documentation. For any breach of this warranty, and to the extent not otherwise covered by the Support Services, the Customer’s sole and exclusive remedy, and ICT’s sole and exclusive liability to the Customer, will be as follows: (i) for ICT to use reasonable efforts to promptly correct any documents, reproducible errors and defects in order to cause the Subscription Services or Other Services to operate as warranted and (ii) only, if after a reasonable number of attempts, ICT is still unable to provide the Subscription Services or Other Services in conformity with the above warranty, the Customer may then at that point terminate the Subscription Service or Other Service.
Any claim under this warranty must be made within six (6) weeks after delivery of the non-conforming services (‘delivery’ being as established by these Terms).
16.3 SUPPORT SERVICES AND PROFESSIONAL SERVICES WARRANTY. ICT warrants to the Customer that the Support Services and Professional Services will be of professional quality conforming to generally accepted industry standards and practices. For any breach of this warranty, Customer’s sole and exclusive remedy and ICT’s sole and exclusive liability to the Customer will be as follows: (i) for ICT to re-perform the Support Services or Professional Services (as applicable) and (ii) only, if after a reasonable number of attempts, ICT is unable to provide the Support Services or Professional Services (as applicable) in compliance with the warranty, the Customer may then at that point terminate the affected services and if applicable, the Subscription Services or Other Services to which the affected Support Services apply. Any claim under this warranty must be made within six (6) weeks after delivery of the non-compliant services (‘delivery’ being as established by these Terms).
16.4 THIRD-PARTY SOFTWARE. With respect to Third-Party Software, ICT shall transfer, pass along and, upon the reasonable request of Customer, assert for the benefit of Customer, at Customer’s cost and expense, any warranties of the manufacturer or other commitments or obligations of or made by the manufacturer.
16.5 HARDWARE. With respect to the hardware, ICT shall transfer, pass along and, upon the reasonable request of Customer, assert for the benefit of Customer, at Customer’s cost and expense, any warranties of the manufacturer or other commitments or obligations of or made by the manufacturer. The Customer should contact ICT for the specific term of any warranties that are given by the manufacturer.
16.6 DISCLAIMER. To the fullest extent permitted by applicable law, the Products or Services are provided on an “AS IS” and “AS AVAILABLE” basis. The Parties each acknowledge and agree that the warranties contained in this Clause 16 are in lieu of and fully exclude all other terms, conditions, guarantees, representations or warranties of any kind that may be implied by statute, law or otherwise as to the merchantability, title, custom, trade non-infringement, non-misappropriation, quiet enjoyment accuracy or informational content or results or system integration, fitness for any particular purpose or satisfactory quality, of the Products and Services to the fullest extent permitted by law. In addition, ICT makes no representation, warranty or guarantee that:
(a) the Licensed Software will run or operate properly on all or any particular hardware or computer systems; or
(b) the Licensed Software, Subscription Services or any other Products or Services provided or supplied by ICT will meet the needs, requirements or expectations of the Customer or its Users, or will operate in the combinations that selected or suggested for use by the Customer or its Users; or
(c) the Customer’s use of the Licensed Software, Subscription Services or any other Service or Product will be uninterrupted or error free or that any errors (in any Product or Service) will be corrected; or
(d) the Licensed Software, Subscription Services or any other Product or Service will be free from Vulnerabilities or will meet or comply with or fulfil any or all Heightened Cybersecurity Requirements
each of which are hereby being fully excluded by and between the Parties to the maximum extent permitted by applicable law.
THIS CLAUSE 16.6 CONSTITUTES AN ESSENTIAL PART OF THE AGREEMENT. NO ORAL OR WRITTEN INFORMATION, MARKETING OR PROMOTIONAL MATERIALS, OR ADVICE GIVEN BY ICT OR ICT’S AUTHORIZED REPRESENTATIVES SHALL IN ANY WAY INCREASE THE SCOPE OF THE EXPRESS WARRANTIES PROVIDED HEREIN.
16.7 The Products and Services may be used to access and transfer information over the internet. The Customer acknowledges and agrees that ICT and its vendors and licensors do not operate or control the internet. ICT shall not be responsible for any delays, delivery failures, or any Viruses or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, or which otherwise arises due to any failure or disruption of any internet services, and the Customer hereby acknowledges and accepts that the Products and Services (may be subject to limitations, delays and other problems inherent in the use of such communications facilities and/or reliance on internet services.
16.8 MODIFICATION AND DISCONTINUANCE. ICT reserves the right to modify or discontinue (temporarily or permanently) any of the Products or Services from time to time, for any reason, providing notice to the Customer where deemed necessary.
16.9 WRRANTY EXCLUSIONS. The warranties given above in this Clause 16 exclude, and ICT shall have no responsibility under the Agreement to support, any and all of the following:
(a) Products that have been altered, reconfigured or modified by the Customer or any third party other than ICT’s authorized personnel;
(b) Software that has been incorporated or bundled with other software, hardware, or other products not provided or approved in writing by ICT;
(c) Products not installed by ICT’s authorized personnel; or
(d) Product issues caused by (i) your negligence, abuse, misapplication or use other than as specified in the Documentation or (ii) by factors beyond the control of ICT.
16.10 SUPPORT OF THIRD-PARTY COMPONENTS. Notwithstanding anything contained herein to the contrary, third-party hardware and software components that do not form part of the relevant Product or Service are supported solely by, and subject to the support terms and conditions of, their respective third-party providers.
16.11 YOUR WARRANTY RESPONSIBILITIES. The warranties set out in this Clause 16 may require ICT or its authorised third-party providers to access hardware or software that is not provided by ICT. Some manufacturers’ warranties may become void if ICT, its authorised third-party provider or anyone else other than the manufacturer, works on such hardware or software. It is your responsibility to ensure that ICT or its authorised third-party providers’ performance of any warranty in these Terms will not affect any such third-party warranties or, if it does, that the effect and possible consequences are acceptable to you. NEITHER ICT NOR ITS THIRD-PARTY PROVIDERS SHALL HAVE ANY RESPONSIBILITY OR LIABILITY FOR THIRD- PARTY WARRANTIES OR FOR ANY EFFECT THAT THEIR PERFORMANCE OF THE WARRANTY UNDER THIS CLAUSE 16 MAY HAVE ON THOSE WARRANTIES.
16.12 ONSITE OBLIGATIONS. If ICT determines that, in order to perform any warranty under this Clause 16, it must do so at the Customer’s premises and/or remotely or by remote access, the Customer must provide free, safe and sufficient access to the Customer’s facilities and any associated computer equipment.
17.1 In the event of any claim, action, suit or proceeding instituted by a third party against the Customer claiming that a Product infringes such third party’s Intellectual Property Rights (an “Infringement Claim”), ICT will defend and hold the Customer harmless against the Infringement Claim, and will cover and make good for:
(a) the amount awarded (and then-currently payable) against the Customer by virtue of the final decision rendered by the competent court or tribunal presiding over the Infringement Claim (to the extent that said decision determines and rules that an infringement of the third party’s Intellectual Property Rights did in fact exist or otherwise arise); or
(b) the amount which has been agreed to with the third party to settle the Infringement Claim, provided that ICT has expressly authorised the settlement or compromise with this third party in writing and in the absence of which the Customer shall forfeit its rights under this Clause 1 and ICT shall be released from its obligations and duties hereto.
17.2 Notwithstanding anything to the contrary that may be contained herein, the Parties acknowledge and accept that ICT’s duty to indemnify the Customer in terms of Clause 1 shall be strictly capped at its limitation of liability under Clause 18.2 and subject to the Customer’s fulfilment of the conditions in Clause 17.3. In no event shall ICT be bound or have any duty to indemnify the Customer in an amount exceeding its limitation of liability set out under Clause 18.2.
17.3 ICT’s obligations under Clause 1 shall only apply if the Customer:
(a) promptly notifies ICT in writing of the Infringement Claim;
(b) fully cooperates with ICT and tenders full control of the defence and/or settlement of the Infringement Claim to ICT; and
(c) refrains from admitting any liability, or otherwise compromising the defence of any part of the Infringement Claim, without ICT’s prior express written consent.
17.4 If the Product or Service (or any part thereof) becomes or, in ICT’s opinion, is likely to become, the subject of an Infringement Claim, the Customer hereby permits and authorises ICT to, at ICT’s option and expense:
(a) procure for the Customer the right to continue using the Product or Service or the affected part thereof (as the case may be); or
(b) replace or modify the Product or Service or the affected part so that it becomes non-infringing, while maintaining substantially the same functionality.
17.5 If neither (a) nor (b) under Clause 4 proves to be commercially practicable, then ICT may, at its sole and absolute discretion, terminate the Customer’s rights under the Agreement (including any Licence) with respect to the Product or Service, and:
(a) refund to the Customer the Fees paid by the Customer to ICT with respect to the Product, subject to a 3-year straight-line depreciation schedule; or
(b) in the case of Subscription Services, Support Services or other Services purchased from ICT, provide a refund of any periodic Fees paid to ICT for any portion of such services not yet received with respect to the affected portion of the Product.
17.6 ICT shall have no obligation or liability with respect to an Infringement Claim that is based upon or otherwise results from:
(a) the use or combination of the Product or Service (as applicable) with any equipment, hardware, firmware, software or other materials not furnished or approved in writing by ICT, if there would have been no infringement but for such use or combination;
(b) any modification to/of the Product or Service (as applicable) not performed by ICT;
(c) unauthorized use of the Product or Service, including any use in excess of the rights actually granted to the Customer in this Agreement;
(d) the Customer’s failure to install or have installed any New Versions provided by ICT, if the installation of such New Version would have avoided the infringement;
(e) ICT’s compliance with the Customer’s specifications, designs and/or instructions; or
(f) any intellectual property rights provided, included or incorporated by the Customer.
17. 7 The Customer hereby warrants, procures and undertakes to ICT that it shall indemnify, defend and hold ICT harmless (including its directors, representatives, officers, employees, affiliates, agents and sub-contractors) against all liabilities, claims, actions costs, expenses, damages and losses (including but not limited to any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal costs (calculated on a full indemnity basis) and all other reasonable professional costs and expenses) which ICT may suffer or incur, or otherwise become liable for, as a result of or in connection with:
(a) any breach, negligence performance, or non-performance by the Customer of any of its obligations and/or warranties under the Agreement, including these Terms;
(b) ICT’s authorised use of the Customer Data or other data of the Customer;
(c) the enforcement by ICT of this Agreement; and/or
(d) any acts or omissions on the part of the Customer or its contractors which (directly or indirectly) amount to any of the items (a) through (f) inclusive of Clause 6.
17.8 This Section 17 (Indemnification) states the entire obligation and liability of ICT, and the Customer’s sole and exclusive remedy, with respect to an Infringement Claim.
18.1 EXCLUSION OF LIABILITY. In no event or circumstances will ICT or its vendors, licensors or suppliers, be liable to the Customer, whether in contract, tort or for negligence or for breach of statutory duty, in respect of:
(a) any third party claims (save for its duty hereto to indemnify the Customer in respect of an Infringement Claim, in accordance with and subject to Clause 17)
(b) any special, indirect, incidental, exemplary, punitive, consequential damages or any other damages of whatever kind or nature, whether in contract, tort (including negligence), breach of statutory duty, including, without limitation, loss or damage to data, inaccuracy of data, loss of anticipated revenue or profits, work stoppage or impairment of other assets or loss or damage of good will (each a “Loss”), whether or not foreseeable and whether or not a Party has been advised of the possibility of the Loss and notwithstanding any failure of the essential purpose of the Agreement or any limited remedy hereunder;
(c) any Loss due to actions taken by ICT according to its rights under the Agreement.
18.2 LIMITATION OF LIABILITY. Without prejudice to the above, and only where and strictly to the extent that ICT’s exclusion of liability as set out above under Clause 18.1 is held to be unenforceable by a court or tribunal of competent jurisdiction, then in no event shall ICT’s liability to the Customer exceed in case of claims relating to:
(a) Licensed Software, the pro rata portion, based on a three-year straight-line depreciation of the actual amount of the license fees paid to ICT for the affected Licensed Software;
(b) Subscription Services, Support Services and Other Services, the fees paid by Customer for the applicable service during the twelve (12) month period immediately preceding the date on which the event giving rise to the claim occurred;
(c) Hardware, the purchase price paid by the Customer for the Hardware giving rise to the claim;
(d) Professional Services, the fees paid by Customer under the applicable Order Form, notwithstanding any failure of the essential purpose of this Agreement or any limited remedy hereunder.
18.3 ICT and the Customer agree that the above limitations are reasonable in all circumstances and no greater than is necessary.
18.4 DISCLAIMER. The foregoing limitations contained in Clause 2 apply to all causes of action in the aggregate, including without limitation, breach of contract, breach of warranty, indemnification, negligence, strict liability, misrepresentation and other torts, and statutory claims. Each of the Parties hereby confirms that it understands and accepts the legal and economic ramifications of the foregoing limitations, and that the foregoing limitations allocate the various risks between the Parties and form an essential part of the agreement of the parties.
18.5 GROSS NEGLIGENCE, FRAUD AND WILFUL MISCONDUCT. Nothing in this Agreement shall limit or exclude a Party’s liability for gross negligence, fraud or willful misconduct or any other liability which cannot be excluded or limited in terms of applicable law.
19. Term and Termination
19.1 TERM. This Agreement, including the term of any Services (including any Subscription Services, Support Services or Other Services), shall continue in force between the Parties for the period set forth in the applicable Order Form as accepted by ICT (the “Initial Term”), unless however terminated earlier by either of the Parties in accordance with the provisions of these Terms. Upon the expiration of the Initial Term, this Agreement shall (with the exception of Products) be automatically renewed and prolonged between the Parties for succeeding terms that are each the same period as that of the Initial Term (each a “Renewed Term”), except and unless either Party notifies the other Party in writing of its intention not to renew by no later than ninety (90) days prior to the expiration of the Initial Term or, as the case may be, the Renewed Term that is applicable at the time (failing which, this Agreement, including these Terms, shall continue to apply to the Parties for the next Renewed Term). Where however a Party issues notice in terms of this Clause 19.1, this Agreement and all obligations created or imposed by it shall terminate upon, but only upon, the lapse of the term during which that notice has been issued. For any and all Products ordered by the Customer under this Agreement, their provision shall, unless agreed otherwise in writing by the Parties, automatically terminate on the lapse of the Initial Term, without renewal (in which case the provisions of Clause 1(d) shall come into effect).
19.2 TERMINATION. Either Party may terminate this Agreement (together with all licenses, Products and Services provided hereunder) at any time with immediate effect by giving written notice to the other Party upon the occurrence of any of the events or circumstances listed below:
(a) the other party commits a material breach of any term of this agreement which breach is irremediable or (if such a breach is remediable) fails to remedy that breach within a period of 30 days after being notified in writing to do so;
(b) if the other Party files a petition for bankruptcy, insolvency or reorganization under any bankruptcy law or is adjudicated bankrupt;
(c) the other Party suspends, or threatens to suspend, payment of its debts or is unable to pay its debts as they fall due or admits inability to pay its debts;
(d) if a petition for the winding up or bankruptcy or an application is made to court for the appointment of an administrator over the other party is filed against the other party and such petition is not dismissed within sixty (60) days of the filing date;
(e) if the other Party becomes insolvent or makes an assignment for the benefit of its creditors pursuant to any bankruptcy or insolvency law;
(f) if an administrative receiver is appointed for the other Party or its business;
(g) the other Party commences negotiations with all or any class of its creditors with a view to rescheduling any of its debts, or makes a proposal for or enters into any compromise or arrangement with any of its creditors;
(h) the other Party suspends or ceases, or threatens to suspend or cease, carrying on all or a substantial part of its business; or
(i) any regulatory change or regulatory order preventing the continuation of this Agreement.
19.3 In addition, ICT may also terminate the Agreement,together with all licences, Products and Services provided or granted to the Customer hereunder, at any time with immediate effect by giving written notice to the Customer for the circumstances set out in Clause 8.9
19.4 In addition, ICT may suspend Customer’s access to Customer Data or access to or receipt of any services (Support Services, Subscription Services or Other Services) or otherwise terminate this Agreement, effective immediately and by giving written notice to the Customer, ifCustomer fails to pay any portion of the Charges when due within ten (10) days after receiving written notice from ICT that payment is past due. Charges will continue to accrue during any such suspension. Additional termination rights are set forth in Clause 2above.
19.5 In the event that ICT, in good faith, believes or otherwise becomes aware of a User’s violation of this Agreement, then ICT may specifically request the Customer to suspend such User’s access to and use of the Products or Services. In the event that the Customer fails to suspend such non-compliant User, the Customer hereby authorizes ICT to suspend that The duration of such suspension is at the sole determination of ICT and shall continue until such time as ICT determines that the applicable User has cured the breach resulting in such suspension. ICT may also suspend access and use of the Products and/or Services with respect to any individual User or the Customer account to: (i) to prevent damages to, or degradation of, the Products or ICT’s systems; (ii) to comply with any law, regulation, court order, or other governmental request; (iii) to otherwise protect ICT from potential legal liability. Any such suspension will be to the minimum extent and of the minimum duration required to prevent or terminate the cause of the suspension.
19.6 TERMINATION FEE. With respect to any Support Service, Subscription Service or Other Service, in addition to those termination rights set forth in Clause 19.2 above (inclusive), the Customer may terminate any such service for convenience upon the provision of thirty (30) days’ notice in writing to ICT, provided that in all such cases the Customer shall be bound to immediately pay to ICT a termination fee equal to (a) the monthly subscription fee in effect for the Term at the time that ICT receives the termination notice, multiplied by (b) the number of months remaining in the current term.
20. Obligations Upon Termination
20.1 Upon non-renewal or termination of this Agreement (for any reason whatsoever):
(a) the Customer shall pay for all work in process and all Products ordered as of the effective date of termination, as applicable. In addition, if an Order Form specifies a term for which ICT shall provide Services to Customer (e.g., 36 months), and that order is terminated by ICT for cause (including non-payment) or, where permitted under these Terms, by the Customer without cause, then all future, recurring Service fees associated with the remaining Term of that order shall become immediately due and payable, and shall be paid by Customer to ICT upon the effective date of such termination;
(b) all rights and licenses granted to the Customer under this Agreement, including the Licence under Clause 8 (if applicable), shall cease and terminate with immediate effect, and the Customer shall immediately cease to use and shall desist with any and all use of Licensed Software, Third-Party Software and any leased or rented Products;
(c) ICT shall have no further obligation to continue providing, maintaining or supporting the Products or Services for the Customer and shall be entitled to disable and terminate all Customer and User access;
(d) any right given to the Customer to access or use the relevant Products shall automatically cease and terminate, and the Customer shall immediately cease and desist with any and all use of those Products (except for Hardware which has been purchased and paid in full for by Customer);
(e) the Customer shall remove all copies, or otherwise permit ICT to remove all copies, of the Licensed Software or Third-Party Software provided by ICT in relation to Services being terminated, from its computer systems and shall return or destroy, at ICT’s option, all such copies (if applicable to the Parties); and
(f) the Customer shall, in full cooperation with ICT, return and arrange for the return to ICT of all Products rented or leased by the Customer from or through ICT under this Agreement.
20.2 With respect to Clause 1(d), the Customer shall certify in writing to ICT within ten (10) days of the termination or expiration of the Agreement that it has made no other copies, and that it has completely destroyed all copies, including backup or archive copies, of the Licensed Software or any portion thereof, and that no copies of any portion of the Licensed Software are in existence on any network, system, or equipment ever owned or used by Customer.
20.3 With respect to Customer Data maintained on the ICT’s servers, on or before termination or completion of the services, upon Customer’s request and payment of the applicable fees (including fees related to the export of Customer Data), ICT will export the Customer Data to a mobile device and return such data to Customer. In the alternative, Customer may request, in writing, that ICT delete all Customer Data maintained on the ICT’s servers. Customer understands and agrees that following termination or expiration of the services, ICT may delete all of the Customer Data from its servers and will have no liability for such action.
20.4 The non-renewal or termination of this Agreement does not relieve either Party of any obligations that have accrued on or before the effective date of the termination or expiration.
20.5 All sales are final, non-refundable and non-returnable, except with respect to Products or Services which do not meet their applicable specifications (in which case, the provisions in Clause 16 of these Terms shall apply).
21.1 The following Clauses will survive the non-renewal or termination Agreement:
(a) Clauses 7 through 20 (inclusive); and
(b) any other provisions of the Agreement that by reasonable interpretation are intended by the Parties to survive the non-renewal or termination of this Agreement.
22.1 The Customer hereby gives its consent and grants full authorisation to ICT to sub-contract the performance of any or all of its obligations under its Agreement with the Customer (including the provision of any Services) to any third parties, including any affiliates (including but not limited to ICT Software Ltd (C 47406).
22.2 Where ICT sub-contracts any or all of the Services, ICT shall also have the right to share any information provided by the Customer or otherwise generated in connection with this Agreement (including any Customer Data) to the extent necessary for the sub-contractor to provide or assist with providing the sub-contracted Services.
22.3 The Customer shall ensure, when necessary, that the sub-contractor is granted access to the use of any software and/or data pertaining to the Customer, to the extent necessary for the sub-contractor to provide the subcontracted Services.
23.1 COMPLIANCE WITH LAWS. Each Party shall be responsible for its own compliance with laws, regulations and other legal requirements applicable to the conduct of its business and this Agreement and agrees to comply with all such laws, regulations and other legal requirements. Furthermore, the Customer warrants and represents that it will use the Products and the Services in full compliance with applicable laws and warrants to avoid any violations of third party rights, including, without limitation, applicable data protection and privacy rights. ICT retains the right to delete or block access to any data if there are concerns regarding potential violations of data protection and/or privacy laws or third party rights by Customer. If Customer uses Products or Services for the storage of personal data and ICT gains access to such data in the context of hosting such data or relating to service requests, ICT shall process such data on behalf of Customer and only in accordance with instructions from Customer (as a data processor). The data processing agreement entered into by the Parties (as set out in Annex A), in accordance with Clause 14, shall regulate such activities.
23.2 FORCE MAJEURE. Except for Customer’s payment obligations to ICT hereto, neither Party will be liable for any failure or delay in performance under this Agreement which might be due in whole or in part, directly or indirectly, to any fortuitous event or due to any contingency, delay, circumstance, failure, or cause of, any nature beyond the reasonable control of such Party, including, without limitation, fire, earthquake, storm, flood, power outage, strike, war, act of terrorism, law, export control regulation, pandemic, epidemic, instructions of government authorities or judgment of a court (not arising out of breach by such Party of this Agreement). The affected Party shall be entitled to a reasonable extension of time in order to perform its affected duties or obligations If, however, the affected Party is prevented from performing its obligations for a period of three (3) months or more, then the other Party shall be entitled to terminate the Agreement with immediate effect on written notice to the affected Party at any time prior to the affected Party resuming the performance of its obligations.
23.3 VARIATION. No variation of the Agreement shall be effective unless it is in writing and signed by the parties (or their authorised representatives).
23.4 NO EMPLOYMENT RELATIONSHIP OR PARTNERSHIP. Nothing in this Agreement shall create, or otherwise be construed to create, an employment or agency relationship, partnership or joint venture between the Parties.
23.5 NO ASSIGNMENT. The Customer may not assign or sub-license,transfer, delegate or deal with any of its rights or obligations under the Agreement.
23.6 WAIVER. No failure or delay by either Party in exercising any rights, power or legal remedy available to it herein shall operate as a waiver thereof.
23.7 SEVERENCE. If any provision of this Agreement (or part of any provision) is found by any court or other authority of competent jurisdiction to be invalid, illegal or unenforceable, that provision or part provision shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision, to the extent required, shall be deemed not to form part of this Agreement, and the validity and enforceability of the other provisions of this Agreement shall not be affected.
23.8 ELECTRONIC SIGNATURE. You and ICT both agree to execute the Agreement by electronic signature (whatever form the electronic signature takes) and that this method of signature is valid and conclusive of the Parties’ intention to be bound by the Agreement as if signed by each Party’s manuscript (handwritten) signature.
23.9 GOVERNING LAW. This Agreement, including these Terms, shall be governed by, and construed in accordance with, the Laws of Malta without regard to conflict of laws principles.
23.10 DISPUTE RESOLUTION AND JURISDICTION. The Parties hereby agree to submit any dispute, controversy or claim, whether contractual or non-contractual, arising out of or relating to this Agreement, or the breach, termination or invalidity thereof to arbitration in accordance with the Malta Arbitration Act, 1996 and the Arbitration Rules of the Malta Arbitration Centre as at present in force, which rules are deemed to be incorporated by reference into this clause. The number of arbitrators shall be determined by the value of the claim, as follows:
(a) where the value of the claim is equal to or less than ten thousand euro (€10,000), the number of arbitrators shall be one (1);
(b) where the value of the claim exceeds ten thousand euro (€10,000) or where the claimant is requesting a liquidation of damages, the number of arbitrators shall be three (3). Each Party to the dispute shall, within fifteen (15) days from being served with a notice of arbitration, be entitled to appoint an arbitrator and the third arbitrator, who will act as Chairman of the panel, shall be selected by the mutual accord of the said two appointed arbitrators. Should a Party fail to appoint an arbitrator within this period of fifteen (15) days, the Malta Centre for Arbitration shall appoint an arbitrator at its own discretion.
In all cases, the place of arbitration shall be Malta. The language to be used in the proceedings shall be English. The applicable substantive law shall be the laws of Malta. The award shall be final and binding upon the Parties, and no appeal shall lie thereto.
23.11 NOTICES. All notices, consents and approvals under this Agreement must be delivered in writing by e-mail, by courier or by certified or registered mail, (postage prepaid and return receipt requested) to the other party at the address for Customer set forth in the Order Form (or if none is specified, that address to which Customer invoices are sent) and for ICT, by email to firstname.lastname@example.org or by post to ICT Ltd., Lead Business Centre, Triq l-Intarpriza, Zone 4, Central Business Centre, Birkirkara, Malta. Where notice is given by sending in a prescribed manner it shall be deemed to have been received when in the ordinary course of the means of transmission it would be received by the addressee. To prove the giving of a notice it shall be sufficient to show it was dispatched and will be effective upon the sooner of its actual or deemed receipt by the addressee. Either Party may change its address by giving written notice of the new address to the other party in writing.
ANNEX A: DATA PROCESSING AGREEMENT
This data processing agreement (the “Processing Agreement”) forms an integral part of these Terms entered into by and between (i) yourself (the “Customer” in this Processing Agreement) and (ii) ICT Limited (C 46930) of Lead Business Centre, Triq l-Intarpriza, Zone 4, Central Business Centre, Birkirkara, Malta (the “Provider” in this Processing Agreement), pursuant to which the Provider provides services to Customer that may include processing of Customer Data (as defined below).
This Processing Agreement defines the data processing relationship between the Parties limitedly in the context of the Processing Services (as defined and described in an indicative manner in Clause 14 of the body of the Terms) that are provided to or for the Customer by the Provider, and sets out the additional terms, requirements and conditions on which the Provider will process Customer Data as a processor for the Customer when providing such Processing Services to the Customer. The Processing Agreement contains the mandatory clauses required by Article 28(3) of the General Data Protection Regulation ((EU) 2016/679) for contracts between controllers and processors
The Customer and the Provider shall be jointly referred to as the “Parties” and each as a “Party”.
1.1 In this Processing Agreement, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:
1.1.1 “Contracted Processor” means the Provider or a Subprocessor;
1.1.2 “Customer Data” means any information relating to an identified or identifiable natural person that is processed by the Provider, or to which the Provider obtains access, as a result of or in connection with its provision of any Processing Services, and which is specified to be such by the Customer. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person and any equivalent definition under the Data Protection Laws. For sake of clarity, any data which is not specified by the Customer as amounting to personal data will be deemed to be dummy data, not linked to an identifiable natural person.
1.1.3 “Customer Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, the Customer Data;
1.1.4 “Data Protection Laws” means the Maltese Data Protection Laws and any EU legislation relating to personal data and all other legislation and regulatory requirements in force from time to time which apply to a Party relating to the use of personal data (including, without limitation, the privacy of electronic communications) and the guidance and codes of practice issued by the relevant data protection or supervisory authority and applicable to a party, in each case as may be amended, supplemented or replaced from time to time;
1.1.5 “EEA” means the European Economic Area;
1.1.6 “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
1.1.7 “Maltese Data Protection Laws” means all applicable data protection and privacy laws in force from time to time in Malta, including (i) the Data Protection Act, Chapter 586 of the laws of Malta; (ii) the GDPR and (iii) all national implementing laws, regulations and secondary legislation applicable in Malta which relate to the processing of personal data, in each case as may be amended, supplemented or replaced from time to time;
1.1.8 “Standard Contractual Clauses” means the European Commission’s Standard Contractual Clauses for the transfer of personal data from the EU to processors established in third countries (controller-to-processor transfers), as currently accessible from the following link: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en and as may be amended or replaced by the European Commission from time to time;
1.1.9 “Subprocessor” means any person (including any third party or affiliate) appointed by or on behalf of the Provider to process Customer Data on behalf of the Customer for or in connection with the provision or performance of any Processing Services;
1.1.10 “Supervisory Authority” means the supervisory authority in Malta for data protection.
1.2 This Processing Agreement is incorporated into these Terms. Interpretations and defined terms set forth in the body of the Terms apply to the interpretation of this Processing Agreement.
1.3 The terms “controller”, “data subject”, “Member State”, “personal data”, “personal data breach”, “process”, “processing”, “processed”, “processor”, “supervisory authority”, “third country transfer” shall have the same meanIngs given to them in the GDPR, and their cognate terms shall be construed accordingly.
1.4 A reference to writing or written includes faxes and email.
1.5 Any words following the terms “including”, “include”, “in particular”, “for example” or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.
1.6 With regard to the subject matter of this Processing Agreement, in the event of any inconsistencies or conflicts between the provisions of this Processing Agreement and any other agreements between the Parties (whether signed before or after the date of entry into the Agreement), the provisions of this Processing Agreement shall take precedence and prevail.
2.1 Subject to the below clauses, the Provider is hereby given the authority by the Customer to process Customer Data for the purpose of performing or providing the Processing Services.
2.2 The Parties hereby acknowledge and agree that:
2.2.1 for the purpose of any and all Data Protection Laws:
(i) the Customer is the controller, and
(ii) the Provider is the processor,
of the Customer Data; and
2.2.2 the Customer, at all times, retains control of the Customer Data and, as the controller, remains solely responsible for ensuring and maintaining compliance with any and all obligations which may be imposed upon controllers of personal data under Data Protection Laws. This includes providing any required notices and mandatory information, and obtaining any required consents from data subjects, and for any and all instructions which it may give from time to time.
3. PROCESSING OF CUSTOMER DATA
3.1 The Provider shall:
3.1.1 comply with all applicable Data Protection Laws in the processing of Customer Data; and
3.1.2 only process the Customer Data for the Processing Services (as hereby instructed by the Customer) or otherwise on any other documented instructions that may from time to time be given by the Customer, unless the processing is required by any applicable law to which the Provider, in which case the Provider shall inform the Customer of that legal requirement before processing, unless however the law in question prohibits this.
3.2 The Customer hereby:
3.2.1 instructs the Provider (and authorises the Provider and each Provider Affiliate to instruct each Subprocessor) to:
(i) process Customer Data; and
(ii) in particular, transfer Customer Data to any country or territory,
as reasonably necessary to perform or provide the relevant Processing Services and consistent with the Terms above.
3.3 The Provider will maintain the confidentiality of all Customer Data and will not disclose the Customer Data to any person, except and unless either (i) the Customer or this Processing Agreement specifically authorises the disclosure or (ii) where the disclosure is required by law or otherwise mandated by a Court or tribunal or by a regulator or other competent authority.
3.4 The Provider will reasonably assist the Customer with meeting the Customer’s obligations under Data Protection Laws, taking into account the nature of the processing and the information available to the Processor or, as applicable, the Provider Affiliate.
3.5 Notwithstanding any assistance provided in terms of Clause 4 above, the Provider shall not be responsible, and does not assume any responsibility whatsoever, for ensuring or procuring that the Customer complies with its obligations as a controller under any Data Protection Law. Nothing in this Agreement or the Parties’ actions shall have the effect of or otherwise be construed as deviating or departing from the provisions of this Clause 3.5, which shall also apply where the Provider has informed the Customer in good faith that the performance of the Customer’s instructions may result in a breach of any Data Protection Law.
4. PROVIDER’S EMPLOYEES
4.1 The Provider shall ensure that all of its employees and other personnel who are given access to the Customer Data:
4.1.1 are informed of the confidential nature of the Customer Data and have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; and
4.1.2 are aware both of the Provider’s duties and their personal duties and obligations under the Data Protection Laws and this Processing Agreement.
5.1 The Customer hereby authorises and grants the Provider a general written authorisation to appoint Subprocessors in accordance with this Clause 5.
5.2 The Provider shall notify the Customer of any intended changes concerning the addition or replacement of Subprocessors, thereby giving the Customer the opportunity to object to such changes. In the event of an objection, the Provider shall not appoint (nor disclose any Customer Data) to the proposed Subprocessor except with the prior written consent of the Customer
6. CUSTOMER’S OBLIGATIONS
6.1 The Customer shall be exclusively responsible for ensuring that it complies at all times with any and all obligations which it may have as the controller of the Customer Data under the Data Protection Laws, and that all Customer Data which it processes (including in respect of any access given to, or shared with, the Provider) is in accordance with all Data Protection Laws.
6.2 The Customer hereby warrants and agrees that it will implement all security measures (technical and organisational) as well as all other technical controls (collectively, “Measures”) which may be necessary or otherwise mandated under Data Protection Laws to safeguard the privacy and security of the Customer Data, and that these Measures will remain in place for the duration of the Processing Agreement. This will include ensuring that there are sufficient technical and organisational measures to ensure data protection by default and by design. The adequacy, integrity and functionality of those security measures and technical controls will be the sole and exclusive responsibility of the Customer. The Provider shall not be responsible, and does not assume any responsibility whatsoever, for advising thereon or for making any recommendations to the Customer.
6.3 In particular, the security of any connection to the Customer’s network infrastructure given to the Provider for or during the Services (including in the form of, and not exclusive to, Virtual Private Networks (VPNs), Remote Desktop Connections or by means of Ethernet and/or Wi-Fi on site or remotely) shall be the sole, exclusive responsibility of the Customer. Controlling access and security measures in relation to any connections to network and physical infrastructures and environments shall also be the sole, exclusive responsibility of the Client.
6.4 The Customer hereby represents and warrants that it has, and shall at all times throughout the term of this Processing Agreement maintain, all necessary policies and processes (including any and all data subject consents, where required) to authorise the access and processing of the Customer Data by the Provider and any Subprocessors in the full manner contemplated by this Processing Agreement and, where relevant, the Terms above.
6.5 The Customer represents and warrants that any and all instructions given by it in terms of this Processing Agreement shall, at all times, be in accordance with all Data Protection Laws, and that the compliance, performance or execution of any and all such instructions will not, at any point in time, cause the Provider to be in breach of any Data Protection Law
7. SECURITY REQUIREMENTS
7.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Provider shall, in respect of the Customer Data, implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Art. 32(1), GDPR.
7.2 In assessing the appropriate level of security, the Provider shall take account in particular of the risks that are presented by processing, in particular from a Customer Data Breach.
7.3 If specific measures are requested by the Customer, the Provider shall have the right to be reimbursed by the Customer for any and all extraordinary expenses which they may need to incur in order to introduce or otherwise implement such requested measures.
7.4 To the extent possible or practicable, the Customer shall anonymise or pseudonymise the Customer Data to which the Provider may obtain, or otherwise require, access in connection with the Processing Services, such that it no longer amounts to personal data at law.
8. CUSTOMER DATA BREACH
8.1 The Provider shall promptly notify the Customer if it becomes aware of a Customer Data Breach. The Provider shall cooperate with the Customer and take all steps (provided they are reasonable) to investigate, mitigate or remedy a breach, as directed by the Customer.
8.2 All expenses required to investigate, mitigate or remedy the Customer Data Breach or remedy or restore the affected Personal Data shall be borne by the Customer, except where the Customer Data Breach is due to the negligence, wilful default or breach of this Processing Agreement by the Provider or a Subprocessor used by the Provider.
8.3 The Provider shall not inform any third party of any Customer Data Breach without first obtaining the prior written consent of the Customer, except when required to do so by law.
9. COMPLAINTS, REQUESTS AND THIRD-PARTY RIGHTS
9.1 Taking into account the nature of the processing and the information available to the Provider, the Provider shall assist the Customer, by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Customer’s obligations pursuant to Articles 32 to 36 of the GDPR.
9.2 The Provider shall:
9.2.1 promptly notify the Customer if any Subprocessor receives a request from a data subject under any Data Protection Law in respect of Customer Data; and
9.2.2 ensure that the Subprocessor does not respond to that request except on the documented instructions of the Customer or as required by any applicable law to which the Subprocessor is subject, in which case the Provider shall to the extent permitted by applicable law inform Customer of that legal requirement before the Subprocessor responds to the request.
9.3 If specific measures are requested by the Customer, the Provider shall have the right to be reimbursed by the Customer for any and all extraordinary expenses which they may need to incur in order to introduce or otherwise implement such requested measures
10. CROSS-BORDER TRANSFERS OF PERSONAL DATA
10.1 The Provider may only process, or permit the processing, of Customer Data outside the EEA under the following conditions:
10.1.1 the Provider is processing Customer Data in a territory which is subject to a current finding by the European Commission under the relevant Data Protection Laws that the territory provides adequate protection for the privacy rights of individuals; or
10.1.2 the Provider participates in a valid cross-border transfer mechanism under the Data Protection Laws, so that the Provider (and, where appropriate, the Customer) can ensure that appropriate safeguards are in place to ensure an adequate level of protection with respect to the privacy rights of individuals as required by Article 46 of the GDPR; or
10.1.3 the transfer otherwise complies with the Data Protection Laws for detailed reasons communicated in advance in writing to the Customer by the Provider.
10.2 Subject to the above, where Customer Data originating in the EEA is processed by the Provider outside the EEA and in a territory that has not been designated by the European Commission as ensuring an adequate level of protection to data subjects (adequacy decision), the Parties hereby agree that the transfer between the Customer and the Provider shall be subject to and governed by the Standard Contractual Clauses (as in force at the relevant point in time), which contractual clauses shall be deemed to apply in respect of any and all such processing carried out by the Provider outside the EEA. The Provider shall ensure and hereby undertakes that it shall not commence any processing of the Customer Data outside the EEA until both the Provider and the Customer have confirmed that they have obtained any mandatory approvals required from relevant data protection authorities. Both Parties also hereby warrant, undertake and bind themselves to, in the event of such a third-country transfer (as described above), promptly execute those Standard Contractual Clauses with one another.
11. TERM AND TERMINATION
11.1 This Processing Agreement shall remain valid for the entire duration of the Agreement between the Provider and the Customer. This Processing Agreement shall continue to bind the Parties despite the expiry or termination of the Agreement for as long as the Provider has access to Customer Data or any Customer Data in its possession (Term).
11.2 Any provision of this Processing Agreement that expressly or by implication should come into or else continue in force on or after the Term, including (but not limited to) Clause 14 (‘Liability’), Clause 15 (‘Indemnification’) and Clause 20 (‘Governing law and Dispute Resolution’), will remain in full force and effect.
12. DATA RETURN AND DESTRUCTION
12.1 On termination of the Agreement for any reason whatsoever or upon the expiry of its term, the Provider will securely delete or destroy or, if directed in writing by the Customer, return and not retain, all or any Customer Data in their possession (if any), except and unless the Provider is required by law to continue processing the Customer Data.
12.2 The Provider may, however, retain Customer Data to the extent and for such period as may be required by any applicable law, or by any order or direction of any competent Court, tribunal government or regulatory body, to which it may be subject.
13.1 At least once a year, the Provider shall conduct site audits and inspections of its processing operations relating to the Customer Data and the IT and information security controls for all facilities and systems used to comply with its obligations under this Processing Agreement.
13.2 On the Customer’s written request, provided it is reasonable, the Provider shall make its audit reports available to the Customer for review and the Customer shall treat and protect any and all such reports as the confidential information of the Provider. The Customer acknowledges and agrees that it shall be subject to all statutory duties of confidentiality, without limit of time, in respect of any and all audit reports made available to it pursuant to this Clause 13.
14.1 The Provider shall only be liable to the Customer for damages or losses which the Customer suffers or sustains as a direct result of a breach by the Provider of any or all of its obligations under this Processing Agreement (direct damages or losses), to the exclusion of any and all special, indirect, consequential, punitive and exemplary damages or losses.
14.2 Subject to Clause 14.1, in all instances the Parties agree that the Provider’s total liability, for all claims in any given one year relating to or arising out of this Processing Agreement, shall be capped to the total amount of professional and/or support services invoiced during the twelve (12) month period immediately preceding the date on which the event giving rise to the claim occurred.
15.1 The Customer shall defend, indemnify and hold harmless the Provider, on a full indemnity basis and at its own expense, against any and all losses, liabilities, damages, costs, penalties and expenses (including attorney fees, judicial fees and administrative fines) that may be incurred or suffered by the Provider, or for which the Provider may become liable, due to any failure by the Customer (including its respective directors, representatives, officers, employees, agents, contractors or subcontractors) to comply with any or all of its obligations under this Processing Agreement or under any Data Protection Law.
15.2 The Provider shall not be responsible for observing or performing any processing instructions given to it by the Customer. The Customer shall, in addition to Clause 1, defend, indemnify and hold harmless the Provider, on a full indemnity basis and at its own expense, against any and all losses, liabilities, damages, costs, penalties and expenses (including attorney fees, judicial fees and administrative fines) that may be incurred or suffered by the Provider, or for which the Provider may become liable, as a result of or otherwise in connection with observing or performing any instructions given to it by the Customer.
15.3 The Provider shall defend, indemnify and hold the Customer harmless against any and all losses, liabilities, damages, costs, penalties and expenses (including attorney fees, administrative fines and court costs) that may be incurred or suffered by the Customer, or for which the Customer may become liable, due to any failure by the Provider (including its respective directors, representatives, officers, employees, agents or subcontractors) to comply with any or all of its obligations under this Processing Agreement or Data Protection Laws. In all cases, the Provider’s indemnity obligations hereto shall be strictly limited to the extent of the limitation of liability capping set forth above in Clause 14 of this Processing Agreement.
16.1 If any of the clauses or part thereof of this Processing Agreement is or becomes invalid, illegal or unenforceable for any reason whatsoever, the validity of the remaining clauses or part thereof will not in any way be affected or impaired. The invalid, illegal or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the Parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid, illegal or unenforceable part had never been contained therein.
17. VARIATION AND WAIVER
17.1 No variation or amendment of this Processing Agreement shall be effective unless it is in writing and signed by, or on behalf of, each of the Parties.
17.2 No failure or delay by either Party in exercising any rights, power or legal remedy available to it herein shall operate as a waiver thereof.
17.3 The rights and remedies provided under this Processing Agreement are cumulative and are in addition to, and not exclusive of, any rights and remedies provided by law.
18. ENTIRE AGREEMENT
18.1 Each Party acknowledges and agrees that this Processing Agreement constitutes the entire agreement between them in relation to the processing of Customer Data by the Provider as the processor of the Customer and supersedes all previous drafts, agreements, arrangements, assurances and understandings between them, whether oral or written, in respect of the processing of Customer Data by the Provider, including any clauses in this respect that may be found or implied from the Terms above.
19.1 Any notice or other communication given to the Provider under or in connection with this Agreement must be in writing and delivered to: email@example.com
20. GOVERNING LAW AND DISPUTE RESOLUTION
20.1 This Processing Agreement (including its construction, validity and performance) shall be governed and construed in all respects by the laws of Malta.
20.2 In the event of any dispute arising out of or relating to this Processing Agreement (including its subject-matter, validity or formation), the Customer and ICT shall make every reasonable effort to resolve the dispute through good faith negotiation, and if the dispute cannot be resolved by negotiation, it shall be decided solely and exclusively by arbitration in Malta in accordance with the Malta Arbitration Act, Chapter 387 of the laws of Malta and the Arbitration Rules of the Malta Arbitration Centre as at present in force, which rules are deemed to be incorporated by reference into this clause. The number of arbitrators shall be one. The place of arbitration shall be Malta. The language to be used in the proceedings shall be English. The applicable substantive law shall be the laws of Malta. The award shall be final and binding upon the Parties, and no appeal shall lie thereto.
SCHEDULE 1 of ANNEX A
PERSONAL DATA PROCESSING PURPOSES AND DETAILS
(i) Subject matter of processing:
The provision of the Services ordered by the Customer in the Order Form.
(ii) Duration of Processing:
As set out in Clause 11 of this Processing Agreement (“Term and Termination”)
(iii) Nature of Processing:
Accessing, collecting, correcting, modifying, recording, organising, storing, retrieving, consulting, disclosing by transmission, using, dissemination, erasing or destroying the items of personal data mentioned in (iv) below for the Processing Services (as hereby instructed by the Customer) or otherwise on any other documented instructions that may from time to time be given by the Customer.
(iv) Personal Data Categories
The personal data categories include but are not limited to:
- Phone Number
- E-mail Address
- Postal Address
- Identity Card No
- Passport No
- Social Security No
- Any other data required for or related to the provision of Service.
(v) Data Subject Types
- Customer Employees
- Customer Clients
- Customer Contractors, Consultants, Sub-Contractors
SCHEDULE 2 of ANNEX A
The technical and organizational data security measures include:
- Physical access controls.
- System access controls.
- Data access controls.
- Transmission controls.
- Input controls.
- Data backups.
- Data segregation.