Terms and Conditions (5 June 2018-15 August 2021)
- DEFINITIONS
In these terms and conditions of business the following words shall have the following meanings:
1.1 “Agreement” means the Order Form, the Conditions, Service Terms (to the extent applicable to the Services being supplied), the Domain Terms, the AUP and the SLA;
1.2 “AUP” means the Acceptable Use Policy of the Company, a copy of which may be found on the Company’s website and as may be updated from time to time;
1.3 “Auditors” means collectively the internal and external auditors and audit personnel of the Customer, details of whom are added to the MyANS portal by the Customer prior to any proposed audit of the Company;
1.4 “Change Recommendation” means the change(s) which may be recommended by the Company at any time in writing in accordance with the mechanism set out in Clause 3.2;
1.5 “Change Request” means the change(s) which may be requested by the Customer at any time in writing in accordance with the mechanism set out in Clause 3.2;
1.6 “Change Response” means the written response provided by the Company to the Customer in accordance with Clause 3.2 following an investigation into the effect(s) of the proposed change(s);
1.7 “Company” means ANS.Net Limited (Company Registration Number 03845616) whose registered office is situated at ANS Campus, Birley Fields, Manchester M15 5QJ;
1.8 “Company’s Network” means the network owned and operated by the Company for the purpose of connecting the Customer to the Internet;
1.9 “Conditions” means these terms and conditions;
1.10 “Customer” means any person or organisation with whom the Company enters into the Agreement and as stated on the Order Form;
1.11 “Customer Data” means any and all data input into and through the Services by the Customer and the Customer’s clients;
1.12 “Domain Terms” means the domain terms applicable to the Customer, a copy of which may be found on the Company’s website;
1.13 “Initial Term” the minimum term stated on the Order Form commencing from the date upon which the Services are made available to the Customer (being when server details are provided in writing to the Customer once the server build is completed);
1.14 “Internet” means the global data network comprising interconnected networks to which the Company is connected and provides access to its Customer(s);
1.15 “Internet Protocol Address” means such sequence of alphanumeric or numeric only characters as assigned by the Company to the Customer;
1.16 “IPv4/IPv6” means Internet Protocol Version 4 or Version 6 (as the case may be);
1.17 “Order Form” means the Company’s Order Form (which is signed by the Customer or electronically signed by submission of the Customer’s ANS unique pin code) relating to the Services to be provided by the Company to the Customer;
1.18 “Parties” means the Customer and the Company and “Party” shall mean such of them as the context requires;
1.19 “Password” means the alphanumeric characters chosen and used exclusively by the Customer at its own risk for the purpose of securing and maintaining the exclusivity of its access to the Company’s Services;
1.20 “Sanctions” means any trade, economic or financial sanctions laws, regulations or restrictive measures administered, enacted or enforced by the Security Council of the United Nations and/or the governments and official institutions of any of the United States of America, the European Union and/or the United Kingdom from time to time;
1.21 “Securely Delete” means using any and all means (including shredding or incineration in compliance with the National Institute for Standards and Technology (NIST) 800-88 standard) of deleting all data and information to ensure that the data and information deletion is permanent and cannot be retrieved, in whole or in part, by any data or information retrieval tools or similar means in accordance with the Customer’s prior written instructions.
1.22 “Services” means the services to be provided by the Company described in the Order Form and the SLA to be provided by the Company to the Customer;
1.23 “Service Terms” means the terms outlined in the product terms and conditions page of the ANS website /terms/products.html.
1.24 “SLA” means the Service Level Agreement of the Company (being either the standard SLA or SLA+ (as the case may be)) as set out on the Order Form), a copy of which has been made available to the Customer prior to signature of the Order Form;
1.25 “Term” the Initial Term and any extension to this Agreement thereafter subject to clause 11.2;
1.26 “Termination Assistance Period” means the period of time between the effective date of the termination notice and 90 days after the effective date of the termination of the Agreement;
1.27 “Termination Assistance Services” means the Services to the extent the Customer requests the Services during the Termination Assistance Period;
1.28 “User” means any person, organisation or other entity that employs the Services provided by the Company and is in most cases the Customer; and
1.29 “Username” means a sequence of alphanumeric characters as are used by the Customer to identify itself.
- ACCEPTANCE OF AGREEMENT
2.1 The Customer acknowledges that the Conditions prevail over any of the Customer’s own standard terms and conditions whether set out on the Customer’s own standard order form or otherwise. In the event of any conflict between the Conditions and the Agreement for the Services then the Conditions shall prevail. In the event of any conflict between the SLA and any product specific SLA set out in the Service Terms, the product specific SLA in the Service Terms shall prevail over the SLA in relation to that part of the Services.
- SERVICES
3.1 The Company shall provide the Services to the Customer in accordance with the Agreement. The Customer warrants that the signatory to the Order Form has all requisite and due authority to bind the Company to the Agreement.
3.2 Without prejudice to Clause 28, save as expressly otherwise provided, changes can only be effected in accordance with the following change control mechanism:
(a) either the Company may recommend, or the Customer may request, at any time in writing changes to the Services or other provisions of the Agreement; the Customer shall make such request by raising a support ticket or notifying its ANS account manager;
(b) the Company will notify the Customer in writing within 10 working days of either the Company making a change recommendation (known as “a Change Recommendation”) or receiving a written request for changes from the Customer (known as “a Change Request”) of the time needed to investigate the implication(s) of the proposed change(s) together with the costs (if any) to be charged by the Company to the Customer for undertaking such an investigation;
(c) assuming the investigation proceeds (since it is for the Customer to give the Company a written instruction to investigate the implication(s) of the proposed change(s) by first having agreed to pay any costs to be charged by the Company to the Customer for undertaking it) the Company will give a written response (known as “a Change Response”) showing the effect(s) of the proposed change(s) including:
(i) a project timeline;
(ii) any additional expenses and/or charges that will be incurred;
(iii) any effect(s) on other contractual provisions of the Agreement should the proposed change(s) be implemented and in so doing the Company shall use all reasonable endeavours to ensure that the Change Response is given within 10 working days (or such longer period as may be reasonably agreed between the Parties) of receipt by the Company of a written instruction to investigate the implication(s) of the proposed change(s);
(d) should the Customer wish to proceed with the proposed change(s), it will instruct the Company in writing of its wish as soon as reasonably practicable after receipt of the Change Response but in any event not later than 10 working days of receipt of the Change Response (or such longer period as may be reasonably agreed between the Parties) and in such a case those parts of the Agreement affected by the proposed change(s)once implemented will then be deemed to be varied in accordance with the details set out in the Change Response which will then form part of the Agreement; and
(e) until any change is agreed in writing and implemented the Parties shall continue to perform their respective obligations under the Agreement as if the change had not been proposed. The Company shall use reasonable endeavours to implement the proposed change(s) in accordance with any agreed project timeline.
3.3 All key personnel and subcontractors provided by the Company to perform the Services pursuant to the Agreement shall have the appropriate technical and application skills to enable them to adequately perform their duties. The Company will use reasonable endeavours to ensure continuity in staffing of its key personnel. The Services shall be performed in a good and workmanlike manner and in accordance with all applicable laws.
3.4 The Customer agrees to procure the agreement and understanding of the Customer’s own customers where the Services are to be sold to third parties and procure in writing the agreement of such customers that they agree to terms and conditions no less onerous than those contained in the Conditions.
3.5 The Customer agrees not to oversell the Services (or any part thereof) under the Agreement to any third party.
3.6 Total data sent and received within the Company’s network is calculated monthly per customer and measured in Gigabytes rounded up to the next 1 Gigabyte. The total bandwidth for the solution is stated on the Order Form and the Company reserves the right to charge the Customer for additional bandwidth in excess of the stated bandwith per month.
3.7 The Company does not warrant that the Company’s technology or the Services will be compatible with any equipment, software or other technology not furnished by the Company.
3.8 The Company and the Customer record their intention that the Company shall not access in any way Customer Data and that the Customer controls the security of the application environment within which the Customer Data is stored.
3.9 By way of evidence that information security is implemented and operated in accordance with the Company’s information security policy from time to time, copies of which are provided by request, the Company shall provide the Customer upon written request (via the MyANS portal) as soon as reasonably practicable with copies of certifications maintained by it and reasonable evidence of operation in accordance with its information security policies.
Upon the Customer’s written request (via the MyANS portal) with reasonable notice within normal working hours, once per annum the Company will permit a data protection audit in respect of the Company, and its subcontractors, including locations at or from which the Services are provided by Auditors. Any audit shall be chargeable by the Company at a rate of £1200 plus VAT per day. In the case of any visit to a Company data centre such visit shall have to be accompanied by a Company representative. The parties acknowledge that the Auditors will have to follow strict security procedures in relation to such audits and that access will be limited to such parts of the premises as the Customer shall reasonably require and for such persons as are notified via the MyANS portal in advance by the Customer. If the Customer’s server is to be removed from its location and moved to a work area, this would require a Company engineer to be present and the Customer shall pay a rate of £75 (plus VAT) per hour for the services of such engineer. During each audit, the Company will grant the Auditors reasonable access to relevant books, records, systems, facilities, controls, processes and procedures to the extent related to a reasonable assessment of the Company’s data protection procedures and without compromising the confidentiality of itself or any other customer. The Company will, in a timely manner, cooperate so far as is reasonable with the Auditors. The Customer shall use reasonable endeavours to procure that Auditors will seek to avoid disrupting the Company’s normal business operations during any audit. The Auditors shall not seek access to information or data belonging or relating to any other customer of the Company or which does not relate to the Services.
3.10 The Company will return to the Customer all Customer Data within 30 days of written request, such request made via secure ticket of the Customer, in accordance with the Company’s procedure. The Customer shall provide a disk onto which such Customer Data is to be transferred and shall be responsible for arranging for secure courier collection of the same.
3.11 Upon the Customer’s written instruction made via secure ticket of the Customer, the Company will either: (i) Securely Delete electronic Customer Data from all media within 30 days of that direction (or such within such sooner period as the Parties may agree in writing) ; this shall include back ups which shall be deleted in accordance with the Company’s decommissioning policy or (ii) to the extent that Customer Data is in a form or media other than electronic, comply as soon as reasonably practicable with the Customer’s written instruction made via secure ticket of the Customer to Securely Delete that Customer Data. The Company will certify in writing that the Company has complied with its obligations under (i) and (ii), as the case may be, including in compliance with the Customer’s instructions. To the extent that Customer Data cannot be so Securely Deleted due to lawful reasons and to the extent that the Customer expressly agrees in writing, the Company shall promptly provide a written description of measures to be taken that will ensure, for as long as any Customer Data remains under the Company’s control, the continued protection of such Customer Data, in compliance with the requirements of the Agreement.
- THIRD PARTY SOFTWARE AND HARDWARE/ LICENCES
4.1 All third party software and hardware shall be sold subject to the Customer’s acceptance of the relevant suppliers’ software licence(s) for such third party software and the Customer confirms acceptance of such terms by entering into this Agreement. The Company aims, wherever possible, to pass onto the Customer the benefit of any and all representations and warranties it receives from third party software suppliers but is under no obligation to do so given that such matters lie outside the Company’s control.
4.2 The Customer shall inform the Company as soon as practicable of any new Users who at any time during this Agreement have access to any Microsoft® product under a subscriber access licence. The Customer warrants to the Company that it shall notify the Company promptly if at any time during the Agreement it installs any non-Company Microsoft® provided software on its system. The Customer shall not at any time amend the ukfast.support credentials on its system without the prior consent of the Company or transfer images of the Company’s Windows Servers outside of the Company’s Network. If a Customer wishes to use “License Mobility”, the Customer shall notify Microsoft® by submission of a “License Mobility” form within 10 days of deployment thereof. The Customer agrees that the Company shall be entitled to disclose details of its identity to Microsoft® and other third party software vendors where the Company is contractually obligated to do so for licencing purposes.
4.3 If the Customer uses any non-Company provided software on its system the Customer warrants to the Company that it is duly licensed to use the software, that the licence grants sufficient rights to the Company to enable the Company to provide the Services in accordance with the Agreement and is a party to an appropriate written licence agreement with the software vendor. As the Company acts as a reseller for various third party software vendors, the Customer agrees to provide evidence of such licence(s) and/or compliance with such non-Company provided licence(s) upon the Company’s reasonable request. If the Customer fails to provide reasonable evidence of licencing, the Company, at its discretion, may terminate the Agreement, suspend the Services pursuant to clause 10 or charge the Customer the standard fee and any related penalty which the Company is liable for under its licensing agreement with the relevant software vendor. The Customer shall indemnify the Company for any costs, claims, losses, damages, liabilities, demands and/or expenses including legal costs incurred and/or suffered as a result of any failure by the Customer to be appropriately licenced in respect of non-Company provided software.
4.4 The Company is subject to rights of audit where it acts as a reseller for third party software. Accordingly the Customer acknowledges and agrees that the Company may regularly run a series of scripts on the Customer’s server(s) to determine what software is held on the server, how many Users have access to each piece of software and assess any additional fees that may be payable and shall provide reasonable and prompt assistance in relation to any information or audits requested by such third party software suppliers.
4.5 The Customer’s non-Company licensed software may not be compatible with the Company’s standard process for deploying the Services. The Customer agrees that the Company will not be in breach of any SLA or other obligation under this Agreement that would not have occurred but for the Customer’s use of non-Company licensed software.
4.6 The pricing set out in the Order Form for third party software may vary during the Term based upon a number of variables including (but not limited to) the Customer’s specific requirements, changes to the number of Users, changes to functionality, changes in exchange rates and changes in pricing by the third party software vendors on or after the date on which the software is ordered all of which said matters lie outside the control of the Company.
4.7 To the extent that third party software is supplied by the Company, the Customer may procure support services in accordance with the details set out in the Order Form but the Company’s offer to provide these support services is contingent upon the Company’s ability to obtain such support from the appropriate third party software supplier as a result of which the Company cannot and does not warrant that such third party software is or will be supported by the Company because such matters lie outside the control of the Company.
- RIGHT TO CHANGE USERNAME, INTERNET PROTOCOL ADDRESS, PASSWORD
5.1 The Company shall have the right at any time to change the Username, Internet Protocol Address and/or Password allocated by the Company to the Customer for the purpose of essential network maintenance, enhancement modernisation or other work deemed necessary for the effective operation of the Company’s Network. The Customer acknowledges that the Company cannot guarantee the availability of Internet Protocol Addresses under IPv4 and in future it may be necessary for the Company to allocate additional Internet Protocol Addresses which are requested under IPv6.
5.2 The Company shall have the right at any time to make non-service affecting changes to the Company-managed infrastructure including hardware nodes and switches.
- PAYMENTS
6.1 All charges for the Services shall be detailed on the Order Form. Invoices shall be raised and be payable in sterling unless otherwise agreed in writing with the Company. Set up fees and any monthly fees which are agreed to be paid in advance as stated on the Order Form will be invoiced following signature of the Order Form. Invoicing of fees for subsequent months shall commence 30 days after the Services are made available to the Customer (monthly in advance) unless otherwise agreed and stated on the Order Form. All payments shall be due to the Company on presentation of invoice or as otherwise stated on the Order Form.
6.2 The Company reserves the right to vary all charges to the Customer with one month’s notice but any such variation shall only take effect on the date of expiry of the Initial Term or in each year on the anniversary of the date of the Order Form (whichever is the earlier). Any discount agreed at commencement of the Services (as specified on the Order Form) shall apply to the Initial Term only.
6.3 Itemised details of excess usage of bandwidth and any other relevant charges may only be made available to the Customer if ordered in advance but the Company in any event reserves the right to make reasonable additional charges for the provision of these details.
6.4 The Company reserves the right to charge interest on late payments at the rate of 5% above the Bank of England Base Rate in accordance with the provisions of the Late Payment of Commercial Debts (Interest) Act 1998 as amended by the Late Payment of Commercial Debts Regulations 2002.
6.5 All charges and tariffs are quoted exclusive of Value Added Tax.
6.6 The Company reserves the right to change payment terms and require deposits if the Customer is more than 30 days late in making payments during the term of the Agreement in addition to or in lieu of any other remedies set out in the Conditions or otherwise available at law or in equity.
- USAGE
The Customer hereby agrees to accept and abide by the AUP. The Customer shall indemnify the Company for any costs, claims, losses, damages, liabilities, demands and/or expenses including legal costs incurred and/or suffered by the Company as a result of any failure by the Customer to abide by the AUP.
- EQUIPMENT
8.1 Equipment leased from the Company shall at all times remain the property of the Company.
- LIABILITY – THE CUSTOMER’S ATTENTION IS PARTICULARLY DRAWN TO THIS CLAUSE
9.1 Nothing in the Agreement shall limit the Company’s liability to the Customer for
9.1.1 death or personal injury resulting from the Company’s negligence; or
9.1.2 any other act or omission of the Company for which liability may not be limited in law.
9.2 The Company’s maximum aggregate liability arising under or in connection with a breach of Clause 17 of the Agreement shall not exceed the greater of: (a) £10,000 (TEN THOUSAND POUNDS): and
(b) the total amounts paid by the Customer under Clause 6.1 in the month when the event giving rise to the liability occurs (or the first event in any series of connected events) occurs.
9.3 Except for the Company’s liability to the Customer listed in Clause 9.1 (where no limit applies) and under Clause 9.2 above relating to a breach of Clause 17, the Company’s aggregate liability arising under or in connection with the Agreement for the provision of the Services whether in contract, tort, negligence, breach of statutory duty or otherwise howsoever arising shall not exceed the greater of:
(a) £5,000 (FIVE THOUSAND POUNDS): and
(b) the total amounts paid by the Customer under Clause 6.1 in the month when the event giving rise to the liability occurs (or the first event in any series of connected events) occurs.
9.4 Notwithstanding Clause 9.2 and Clause 9.3, in no case shall the Company be liable either to the Customer or to any third party for or in respect of any
9.3.1 indirect, consequential, special or economic loss; or
9.3.2 loss of profit, loss of business, loss of goodwill, loss of turnover, loss of reputation, loss of anticipated savings or loss of margin (in each case whether direct or indirect);
arising from its performance or non-performance of its obligations in connection with the Agreement whether arising from breach of contract, tort, breach of duty, negligence or any other cause of action even if the event was foreseeable by the Company or the possibility thereof is or had been brought to the attention of the Company.
9.5 Except for the purposes of Clause 9.1, no action or proceedings against the Company arising out of or in connection with the Agreement shall be commenced by the Customer more than one year after the Services have been rendered and in this respect the Customer acknowledges that this clause constitutes an express waiver of any and all of its rights under any otherwise applicable statute of limitations.
- SUSPENSION
10.1 Subject always to the provisions of Clause 15, the Services may be suspended by the Company 5 days after a notification of suspension has been issued by email and without prejudice to the Company’s rights of termination under Clause 11 in the event of the Customer:
(a) failing to make any payment to the Company on the relevant due date for payment;
(b) doing or allowing anything to be done which contravenes the AUP; or
(c) being in breach of clause 4.3; or
(d) being otherwise in breach of the Conditions.
Back-up services shall cease to be provided upon suspension of your MyANS area which may take place before the server is switched off.
Unless otherwise agreed by the Company in writing, Services will be permanently decommissioned 5 days after the date of termination, in which case data will be permanently deleted by not later than 30 days thereafter.
10.2 Suspension shall not affect the liability of the Customer to pay charges and other amounts to the Company.
- TERM AND TERMINATION
11.1 Subject to clause 11.2 below, the Agreement shall come into effect on the signature of the Order Form (or electronic signature of the Order Form by submission of the Customer’s ANS unique pin code) and remain in force for the Term.
11.2 Termination of the Agreement can be effected:
(a) by the Customer giving the Company not less than 30 days’ prior written notice (in accordance with Clause 16.1) which notice shall expire on or after expiry of the Initial Term;
(b) by the Company at any time forthwith if the Customer commits any material breach of the Agreement including (but not limited to) non-payment of any fees due or a breach of the AUP;
(c) by the Company giving the Customer 30 days’ prior written notice at its sole discretion for any reason; or
(d) by either party upon an application being made to court or an order being made for the appointment of an administrator, the institution of insolvency, receivership, bankruptcy or any other proceedings for the settlement of the other party’s debts or the other party suspending or threatening to suspend payment of its debts or is business or upon the making of an arrangement for the benefit of the other party’s creditors or upon the dissolution of the other party.
11.3 The Company reserves the right to invalidate any or all of the Customer’s Username and Internet Protocol Address issued to the Customer following termination of the Agreement and to re-allocate it or them to another customer.
11.4 Domain name hosting and transfer requests for domain name server records may be submitted in writing with the authorised signature of the domain name owner or via the MyANS portal and whilst there is no charge for the transfer a small charge may nevertheless be made to cover the Company’s administration costs. Domain name transfers will not be made until all outstanding amounts have been paid by the Customer such that until this happens domain names remain the property of the Company.
11.5 The Customer shall return all equipment cables and literature belonging to the Company at the Customer’s own cost within 5 days of termination of the Agreement and shall ensure that it arrives in good working order otherwise an appropriate fee may be levied by the Company.
- RIGHTS ON TERMINATION
12.1 On termination of the Agreement the Company shall provide the Termination Assistance Services in accordance with the reasonable instructions of the Customer. Except as otherwise set forth in the Agreement, the Termination Assistance Services will be provided at the applicable level of charges then agreed between the Parties for the Services.
12.2 Termination of the Agreement shall not affect any pre-existing liability of the Customer or affect any right of the Company to recover damages or pursue any other remedy in respect of any breach of the Agreement by the Customer.
12.3 On termination of the Agreement the right to the use of the Internet Protocol Address allocated by the Company shall revert to the Company.
12.4 In the event of termination of the Agreement by the Company due to breach of the Conditions by the Customer, the Company shall be entitled to the balance of all payments which would but for such termination have accrued up to the earliest date upon which the Agreement could have been terminated by the Customer in accordance with the Conditions.
12.5 Unless otherwise agreed by the Company in writing, Services will be permanently decommissioned 5 days after the date of termination, in which case data will be permanently deleted within 30 days thereafter.
- RELEASE OF INFORMATION
The Company shall not be required to release any domain name and may refuse to do so until the Agreement has been validly terminated and the Customer has complied with all of its obligations including (but not limited to) the payment of all sums due to the Company. Domain names remain the property of the Company until all sums due have been received.
- INTELLECTUAL PROPERTY
14.1 The Company grants to the Customer a limited, non-exclusive licence to use the Services during the Term of the Agreement and subject to the restrictions set forth in the Agreement which licence does not entitle the Customer to any updates, modifications or new releases to any deliverables or software.
14.2 The Company reserves any and all of the Company’s copyright, trademarks, trade names, patents and all other intellectual property rights created, developed, subsisting or used in connection with any deliverables, software and/or the Services which are the sole property of the Company.
14.3 The Customer shall not transfer the Customer’s licence nor sublicense the deliverables or the software except where permitted to do so by the terms of the Agreement and in particular the Customer shall not (and shall not allow any third party to):
(a) remove any product identification, copyright, trademark or other notices;
(b) sell, pledge, lease, lend, distribute over the Internet;
(c) load or use portions of the software (whether or not modified or incorporated into or with other software) on or with any machine or system that is not physically kept at the facilities of the Customer or within third party facilities contracted by the Customer.
14.4 The Customer shall not disassemble, decompile or otherwise reverse engineer the Services provided under the Agreement.
- FORCE MAJEURE
15.1 The Company shall not have any liability to the Customer for any delay, omission, failure or inadequate performance of the Agreement which is the result of circumstances beyond the reasonable control of the Company. Such circumstances shall include but not be limited to strikes, lock-outs, failure of a utility service or network, default of suppliers, act of god, war, riot, civil commotion, malicious damage, denial-of-service/distributed denial-of-service attacks, compliance with law or governmental order, rule, regulation or direction, fire, flood, storm, earthquake and acts of terrorism. Where the Company is so affected in its performance of the Agreement it will notify the Customer in writing as soon as is reasonably possible.
15.2 Where the performance of the Agreement is affected by force majeure the Company shall use its reasonable endeavours to overcome the problem as soon as practicably possible.
- NOTICES
16.1 Other than suspension notices served pursuant to Clause 10 and any notice served by the Customer under Clause 11.2(a), any notice given under or in connection with the Agreement shall be in writing and shall be duly delivered if sent by first class post to the relevant address given in the Agreement or to such other address as the recipient may have previously notified in writing to the other party for that purpose. Any termination notice served by the Customer under Clause 11.2(a) shall be submitted via a cancellation form issued by the Cancellations Department who can be contacted on + 44 (0) 161 215 7128.
16.2 Suspension notices served pursuant to Clause 10 shall be deemed as duly delivered and received when sent by email to such email address as the Customer may have previously notified in writing to the Company.
16.3 Other than suspension notices served pursuant to Clause 10 or maintenance notices served pursuant to Clause 16.4, any notice shall be deemed to be duly received at the expiration of 48 hours after the envelope containing the notice had been posted and in proving such service it shall be sufficient to show that the envelope containing such notice was properly addressed and posted as a first class letter.
16.4 The Company will provide 5 days’ notice (by email) for any maintenance the Company wishes to undertake but in the event of emergency maintenance the Company will provide as much notice as is reasonably possible.
- DATA PROTECTION17.1 In this Clause, the following terms shall have the following meanings:
- (a) “controller“, “processor“, “data subject“, “personal data” and “processing” (and “process“) shall have the meanings given in Applicable Data Protection Law;
- (b) “Applicable Data Protection Law” shall mean: (i) prior to 25 May 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data; and (ii) on and after 25 May 2018, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
- (c) “Data” means the Personal Data of the Customer and its customers, where such Personal Data is processed by either party under this Agreement.17.2 The Customer (the controller) appoints the Company as a processor to process the Data.
17.3 The Company shall process the Data as a processor as necessary to perform its obligations under the Agreement and in accordance with the documented instructions of the Customer (the “Permitted Purpose“), except where otherwise required by any EU (or any EU Member State) law applicable to the Customer. In no event shall the Company process the Data for its own purposes or those of any third party.
17.4 The Company shall not transfer the Data (nor permit the Data to be transferred) outside of the European Economic Area (“EEA“) unless (i) it has first obtained the Customer’s prior written consent; and (ii) it takes such measures as are necessary to ensure the transfer is in compliance with Applicable Data Protection Law.
17.5 The Company shall ensure that any person that it authorises to process the Data (including its staff, agents and subcontractors) (an “Authorised Person“) shall be subject to a strict duty of confidentiality (whether a contractual duty or a statutory duty), and shall not permit any person to process the Data who is not under such a duty of confidentiality. The Company shall ensure that all Authorised Persons process the Data only as necessary for the Permitted Purpose.
17.6 The Company shall, having regard to the nature of the Services and as more particularly set out in the Agreement, implement appropriate technical and organisational measures to protect the Data (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorised disclosure of, or access to the Data (a “Security Incident“).
17.7 The Company shall not subcontract any processing of the Data to a third party subcontractor without the prior written consent of the Customer. If the Customer refuses to consent to the Company’s appointment of a third party subcontractor on reasonable grounds relating to the protection of the Data, then the Company will not appoint the subcontractor.
17.8 The Company shall so far as technically practicable provide all reasonable and timely assistance to the Customer (at the Customer’s expense) to enable the Customer to respond to: (i) any request from a data subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure and data portability, as applicable); and (ii) any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the processing of the Data. In the event that any such request, correspondence, enquiry or complaint is made directly to the Company, the Company shall inform the Customer as soon as reasonably practicable providing reasonable details of the same.
17.9 If the Company believes or becomes aware that its processing of the Data is likely to result in a high risk to the data protection rights and freedoms of data subjects, it shall inform the Customer as soon as reasonably practicable and provide the Customer with all such reasonable assistance at the Customer’s cost as the Customer may reasonably require in order to conduct a data protection impact assessment.
17.10 Upon becoming aware of a Security Incident, the Company shall inform the Customer without undue delay and shall provide all such timely information and cooperation as the Customer may reasonably require in order for the Customer to fulfil its data breach reporting obligations under (and in accordance with the timescales required by) Applicable Data Protection Law. The Company shall further take all such measures and actions as are technically practicable given the nature of the Services and within its control to remedy or mitigate the effects of the Security Incident and shall keep the Customer up-to-date about all developments in connection with the Security Incident.
17.11 The Company shall notify the Customer as soon as reasonably practical of any legally binding request it receives from law enforcement unless such disclosure is prohibited.
17.12 Upon termination or expiry of this Agreement, the Company shall (at the Customer’s election) destroy or return (in accordance with clause 3.11 or 3.10 (as the case may be)) to the Customer all Data (including all copies of the Data) in its possession or control (including any Data subcontracted to a third party for processing). This requirement shall not apply to the extent that the Company is required by any EU (or any EU Member State) law or by virtue of any other lawful grounds to retain some or all of the Data, in which event the Company shall isolate and protect the Data from any further processing except to the extent required by such law.
17.13 The Company shall not be in breach of this Clause 17 if it acts on the instructions of the Customer.
17.14 The Company acknowledges and agrees that the Customer retains all right, title and interest in and to the Personal Data absolutely, including but not limited to any database rights and copyright.
17.15 In acting as the Data Controller, the Customer shall:
17.15.1 make due notification to any relevant regulator and shall comply at all times with the Applicable Data Protection Law;
- ensure it is not subject to any prohibition or restriction which would:
- prevent or restrict it from disclosing or transferring the Personal Data to the Company, as required under this Agreement;
- prevent or restrict it from granting the Company access to the Personal Data, as required under this Agreement; or
- prevent or restrict the Company from Processing the Customer Data as envisaged under this Agreement;
- ensure that all fair processing notices have been given (and/or, as applicable, consents obtained) and are sufficient in scope to enable both parties to Process the Personal Data as required in order to obtain the benefit of its rights and to fulfil its obligations under this Agreement in accordance with the Data Protection Laws.
17.16 The Customer acknowledges and agrees that telephone calls to or from the Company to it may be recorded for business purposes, such as for quality control and training.
17.17 If an annual security audit is stated on the Order Form, this shall be performed on the Customer’s written request.
- SECURITY
18.1 The Customer is solely responsible for determining the suitability of the Services in light of the nature of any data stored on the Services and for determining what steps are appropriate for maintaining security, protection and back up. The Customer shall inform the Company of brief details of the nature of any Data stored on the Services (and update the Company throughout the Term if the nature of the data changes) and an overview of any encryption methods in place.
18.2 The Company shall maintain appropriate physical security controls at its data centres and shall have responsibility for those aspects assigned to it at the Appendix but has no obligation to provide security or back-ups of data other than as stated in the Agreement.
18.3 The Company is not responsible for:
- application security;
- the encryption of any data at rest/in transit other than as set out in the Appendix for relevant services;
- issues caused by or in respect of the Customer’s code;
- the administration / management of access and responsibilities for the Customer’s end users and for any layers above the Company’s infrastructure
The Company does not run any periodic checks on the integrity of Customer’s Data or backup data. The Company shall have no responsibility for or any other matters for which the Company’s liability is expressly excluded and agreed in writing between the Parties due to the nature of the Customer’s solution.
18.4 The Customer is not permitted to perform penetration testing on its environment without seeking prior written approval from the Company.
- EXPENSES OF THE COMPANY
The Customer shall pay to the Company all costs and expenses reasonably and properly incurred by the Company in enforcing any of the Conditions or in exercising any of the Company’s rights or remedies under the Agreement including (but not limited to) all costs incurred in tracing the Customer in the event that legal process cannot be effected at the last known address of the Customer.
- BRIBERY AND CORRUPTION
Both parties shall and shall procure that persons associated with it shall comply with all applicable laws, statutes and regulations relating to anti-bribery and corruption. Each party shall have and maintain in place throughout the term of the Agreement its own policies and procedures under the Bribery Act 2010 to ensure compliance with the requirements under the Bribery Act 2010.
- SANCTIONS/EXPORT CONTROLS
21.1 In entering into this Agreement the Customer confirms it is not currently the subject of any Sanctions.
21.2 The Services are subject to local export control laws and regulations and dependent on the software used to deliver the Services may be subject to the export control laws and regulations of the United States. The parties shall comply with such laws and regulations governing use, export and re-export of the Services.
- NON-WAIVER
22.1 Any allowance of time to pay or any other form of indulgence by the Company shall in no manner affect or prejudice the Company’s right to payment and interest pursuant to the Conditions or otherwise under this Agreement.
22.2 No failure, neglect or delay in enforcing any of the terms of the Agreement may be construed as a waiver of any of the Company’s rights in respect thereof nor such neglect, failure or delay a variation of the express terms of the Agreement.
- INVALIDITY
In the event that any part of the Agreement is found to be invalid or otherwise unenforceable then such provision shall be regarded and construed as severable from the Agreement so as not to affect the validity and enforceability of the remainder.
- CONFIDENTIALITY
24.1 Each party undertakes to the other that it shall keep (and shall procure that its directors and employees shall keep) secret and confidential and shall not use or disclose to any other person any confidential information or material of a technical or business nature relating in any manner to the business, products or services of the other party which the receiving party may receive or obtain in connection with or incidental to the performance of the Agreement but subject to the remaining provisions of this Clause 24.
24.2 Notwithstanding Clause 24.1, the receiving party shall not be prevented from using any general knowledge, experience and skills not treated by the disclosing party as confidential or which do not properly belong to the disclosing party and which the receiving party may have acquired or developed at any time during the term of the Agreement.
24.3 Notwithstanding Clause 24.1, the receiving party shall not be prevented from using the information or material referred to in Clause 24.1 above to the extent such information or material comes into the public domain otherwise than through the default or negligence of the receiving party.
24.4 Notwithstanding Clause 24.1, either party shall have the right to communicate any information concerning the other party to any Government department, regulatory body or any other form of enforcement authority or as may be required by law.
24.5 In entering into this Agreement the Customer hereby gives its prior consent to the use of its corporate name by the Company solely for the purposes of referring to the Customer as a customer for the Company’s marketing, advertising and promotional purposes and the Customer hereby gives its consent to its name appearing on the Company’s website and/or promotional materials in such capacity. The Customer may revoke this consent in writing at any time.
- ASSIGNMENT
The Customer shall not assign or transfer any of the Customer’s rights or obligations under the Agreement without the prior written consent of the Company.
- CLAUSE HEADINGS
Clause headings are for ease of reference but do not form part of the Agreement and accordingly shall not affect its interpretation.
- ENTIRE AGREEMENT
27.1 The Services are provided subject to the Conditions to the exclusion of any other terms and conditions such that and for the avoidance of doubt no terms and conditions contained in any document previously sent by the Customer to the Company prior (or subsequent to) the Order Form being signed by the Customer shall be of any effect with respect to the Agreement unless expressly agreed in writing by a director of the Company.
27.2 The Customer acknowledges that in entering into the Agreement the Customer has not relied on and shall not be entitled to rescind the Agreement or to claim damages or any other remedy on the basis of any representation, warranty, undertaking or other form of opinion or statement made by or on behalf of the Company save where expressly contained in the Agreement.
27.3 The Parties hereby agree that the Agreement constitutes the entire agreement between the Parties in respect of the Services.
- VARIATION
28.1 The Company reserves the right to vary the Conditions as a result of changes required by its insurers, for operational or administrative reasons or in order to comply with changes in the law.
28.2 The Company will provide the Customer with 14 days’ notice of any significant changes to the Conditions.
28.3 The Customer will keep the Company promptly informed of any changes to the Customer’s address and such other information as may affect the payment of charges due.
- THIRD PARTY RIGHTS
The Parties agree that it is not hereby intended that any rights should be conferred upon or enforceable by any third party as defined in the Contracts (Rights of Third Parties) Act 1999 unless the context otherwise permits.
- LAW AND JURISDICTION
The Agreement is governed by the laws of England and Wales and is subject to the exclusive jurisdiction of the Courts of England and Wales.
Appendix
ANS (Data Processor) | Customer (Data Controller) | |
OS Patching |
❌ Schedule of window OS patches agreed with Customer on launch and set up by ANS. Customer’s responsibility to monitor and patch on an ongoing basis. |
✔ Customers can request or implement custom changes to OS patching policies as per their individual requirements |
Application Patching/ Overall solution patching |
❌ On request only for ANS installed application(s) or service(s) does not cover third party software |
✔ |
Encryption – data at rest |
❌ [Although ANS will enact self-encrypting disks on SANs as part of the public sector service. For FastDrive ANS will enact encryption of data at rest through the Citrixsharefile application.] |
✔ Encryption methods for data at rest are the responsibility of the customer.
Customer shall advise ANS of encryption being in place as this can affect data recovery options and ANS’s ability to comply with its SLA.
ANS are not responsible for any decryption methods required to access data at rest.
|
Encryption – data in transit |
❌ Although ANS can provide a public key cryptography certificate as an additional service if required |
✔ |
Physical security |
✔ |
❌ |
Network & Systems passwords |
✔ |
❌ |
Anti-Virus – installation and updates |
✔ ANS provided Anti-Virus only (McAfee VSE) |
❌ |
Penetration Testing |
❌ ANS penetration tests its own networks |
✔ Application penetration testing for Customer |
Password refreshing |
✔ For customers with PCI as a Service only/only ANS managed accounts |
✔ |
Application security/ authentication |
❌ |
✔ Customer is responsible for application security and authentication methods |
Monitoring for security breaches |
✔ For customers selecting as a paid for option only. |
✔ |
Report security breaches |
✔ ANS would make a report to a customer on becoming aware |
✔ Customer responsibility to report to the Information Commissioners office & relevant regulators |
Data Breach response plan |
✔ |
✔ |