1. Your Agreement to this License
1.1 - The License included in these Terms only applies to Crossware Email Signature including any updates and upgrades and any accompanying distributable files, data and materials. You should carefully read the following terms and conditions before using the Crossware Email Signature Service. By registering for the Service you agree that you have read, understood and accepted these terms and conditions including the Appendix and its Schedule and agree to be bound by them.
1.2 - These Terms together with the Provisioning Form record the entire agreement and prevail over any earlier agreement between you and us. Except as otherwise provided in these Terms, variation is only effective if signed by both Crossware and you.
1.3 - We may change these Terms or the related Fees at any time and any changes will be effective from the time they are posted on our website or are otherwise notified to you.
1.4 - Crossware Email Signature operates in conjunction with appropriate versions of a Third-Party Systems. The use of a Third-Party Systems are not included in this License. You must separately subscribe and hold sufficient Licenses to use such Third-Party Systems. Crossware is not responsible for the provision, licensing, or functionality of any Third-Party Systems.
1.5 - Please read the License terms below. If you do not agree to all of the terms and conditions of this License, then do not register for or use the Service.
2. Scope of License
2.1 - Subject to the terms below, you are hereby granted a non-exclusive non-transferable license to access the Service strictly for your internal business purposes during the subscription Term for which you have purchased a License.
2.2 - You may not use the Service for the benefit of any other third party.
2.3 - You shall not exceed the number of Authorised Users for which you have subscribed and paid for. If you wish to add more users, you must request a modification to your License and pay the relevant Fees.
3. Evaluation or Trial Period
3.1 - If you have requested and signed up for the Service for a trial or on an evaluation basis then notwithstanding any other term of these Terms:
(a) your access to the Service is limited to use for demonstration, test or evaluation purposes only; and
(b) the trial is not intended for production; and
(c) the Crossware Email Signature SLSA does not apply to a trial; and
(d) the trial period will automatically terminate 30 days after the date you first accessed the Service and you accepted these Terms or at a later date as agreed between the parties or you registered to use the Service on a trial basis, whichever is earlier.
3.2 - If you want to use this Service after the trial period, you must acquire from Crossware a subscription under a license on these Terms to use the Service and pay the applicable Fees. Please contact sales@crossware365.com for information about licensing, and ordering options. Use of the Service after the expiration of the trial period without acquiring such a subscription (and valid license) from Crossware is prohibited and a violation of international copyright laws.
4. License Fee
4.1 - To use the Service, you must have paid all applicable Fees, including any applicable taxes and duties. If you do not pay such Fees, Crossware may suspend access to all or part of the Service until payment is received in full and/or cancel your registration and terminate your access to the Service.
4.2 - Crossware continuously monitors the number of Authorised Users and mailboxes accessing the Service. By adding additional users or mailboxes, whether intentionally or unintentionally, you acknowledge and agree that such additions will increase your usage under this Agreement.
4.3 - If your usage exceeds the subscribed and paid-for amount, Crossware may automatically charge for such excess usage, based on its then-current pricing. The additional users or mailboxes amount will be invoiced at the end of each billing cycle or at such intervals as determined by Crossware, and you agree to pay them within the standard payment terms.
4.4 - Crossware’s records shall be deemed conclusive for determining the number of users and mailboxes for billing purposes.
5. Your Obligations
5.1 - Crossware Email Signature is operated as the Service. It is licensed strictly on the terms and conditions of these Terms. All rights of any kind in Crossware Email Signature which are not expressly granted in this License are entirely and exclusively reserved to and by Crossware.
5.2 - You agree to provide true and complete information about yourself and your organisation, and to let us know whenever any of your registration information changes. You confirm that you have authority to use the Service.
5.3 - Your Information is your property. You license that Information to us so that we can provide the Service to you. The Information will only be used for the purpose of providing the Service and for billing purposes. You undertake that the Information provided to us or uploaded to the Service does not infringe any person’s intellectual property rights and is not otherwise illegal, fraudulent or defamatory.
5.4 - While we use our best commercial efforts to prevent loss of your Information, including backing up our own data, which may include the Information in original or amended form, we do not guarantee that there will be no loss of your Information. You must maintain back-up copies of your Information.
5.5 - You are responsible for all authorised and unauthorised access to the Service.
5.6 - You will procure that any Authorised Users comply with these Terms in relation to the Service, and you will be responsible for any breach of these Terms by any Authorised Users.
5.7 - You will keep and maintain:
(a) a valid subscription or licences for all Third-Party Systems in respect of the number of users for which you have subscribed to Crossware Email Signature;
(b) network, facilities and equipment and systems in accordance with the minimum specifications stipulated by Third-Party Systems environments and by Crossware in relation to its Service; and
(c) a network connection and internet link at all times.
5.8 - You will provide Crossware with access to your Third-Party Systems via secure protocols and authentication to enable Crossware to provide the Service to you.
5.9 - You are responsible for the accuracy of your Information and for the content of the email signatures including disclaimers and other legal information required to be appended to any email as part of the Service in compliance with the laws of the country in which you are operating.
5.10 - You agree that you are solely responsible for all use of your User ID.
5.11 - You are responsible for access rights of Authorised Users and for ensuring that User IDs of all Authorised Users are kept secure and confidential.
5.12 - You can set administration rights to the Service, add, vary and delete any Authorised Users and control the rights and permissions of any Authorised Users using the Service.
5.13 - You must notify us immediately if there has been any unauthorised access to the Service or if your User ID has been disclosed to a third party.
5.14 - You will ensure that the number of Authorised Users do not exceed the number of users or mail boxes in respect of which you have paid the applicable Fees. You authorise us to audit the number of users or mail boxes connected to the Service from time to time and will pay the additional Fees in respect of any excess users or mail boxes determined by such audit.
6. Restrictions on use
6.1 - As a condition of using the Service, you must not:
(a) attempt to undermine the security or integrity of Crossware's computing systems or networks or, where the Service is hosted by a third party, that third party's computing systems and networks;
(b) use, or misuse, the Service in any way which may impair the functionality of the Service, or other systems used to deliver the Service or impair the ability of any other user to use the Service;
(c) attempt to gain unauthorised access to any materials other than those to which you have been given express permission to access or to the computer system on which the Service is hosted;
(d) transmit, input or upload to the Service any files that may damage any other person's computing devices or software, content which may be obscene, offensive, upsetting or defamatory, or material or Information which infringes the intellectual property rights of any other person or otherwise does not comply with all applicable laws; and
(e) attempt to modify, copy, adapt, reproduce, disassemble, decompile or reverse engineer any computer programs or software used to deliver the Service except as is strictly necessary to use either of them for normal operation.
6.2 - We reserve the right to:
(a) place restrictions on the data size of Information transmitted or uploaded to the Service, including the number of end user outbound emails sent within a 24-hour period and the connection times to and from the Service;
(b) modify the Service and change the URL address of Crossware’s server or service.
7. Service Levels
7.1 - Crossware will provide a level of service, which complies with the Crossware Email Signature SLSA.
7.2 - While we use our best commercial efforts in providing the Service in accordance with the requirements of the SLSA, we do not guarantee or warrant that the use of the Service will be continuous or fault free. Your sole and exclusive remedy for any failure to meet the required service levels is provided for in the SLSA.
7.3 - If a breakdown in any system or facility of Crossware adversely affects the ability of Crossware to provide the Services in accordance with the service levels set out as applicable, Crossware will notify you as soon as practicable.
7.4 - Subject to compliance with clause 7.1, Crossware may vary its systems, facilities and their specifications at its discretion.
7.5 - Crossware will not be responsible for any failure to comply with the SLSA if such failure is caused by factors beyond Crossware’s reasonable control, including but not limited to telecommunications failure or fault, defective equipment utilised by you, or any default by you in your obligations under these Terms.
7.6 - Crossware will provide support services compliant with the SLSA.
8. Intellectual property rights
8.1 - All Intellectual Property Rights to the Service including all software and documentation associated with the Service and any subsequent modifications and improvements belong to Crossware.
9. Confidentiality
9.1 - Each party must not, without the prior written approval of the other party, disclose the other party's Confidential Information, and it must ensure that its employees and subcontractors comply with this obligation.
9.2 - A party will not be in breach of this provision in circumstances where it is legally compelled to disclose the other party's Confidential Information or where such information has become publicly available other than by a breach of this agreement.
9.3 - This section shall survive termination of these Terms.
10. Warranty Disclaimers and Liability Limitations
10.1 - You acknowledge that the use of the Service, and all related features available are provided:
(a) on an “as is” and “as available” basis,
(b) at your sole risk and
(c) without representations or warranties of any kind, either express or implied, and all warranties, whether express or implied, are excluded including implied warranties of merchantability and fitness for a particular purpose.
10.2 - To the maximum extent permitted by law, in no circumstances (including negligence) will Crossware, our related companies and affiliates or their officers, employees, advisers, partners, agents or suppliers, be liable for any:
(a) Sort of damages that result from:
· any of your Information,
· your reliance on the Service, or
· the use of or access to, or the inability to use or access the Service, or
· the loss of any data or Information;
(b) Indirect damage (including punitive damages), loss (including loss of use, data, profits, business or any economic loss) or cost (including legal and lawyer/client costs) caused or contributed to by us or them in relation to these Terms.
10.3 - You warrant that you are using the Service for the purposes of a business, and acknowledge and agree that any consumer related warranties, conditions or guarantees whether express or implied by any legislation or general law are hereby expressly excluded.
10.4 - If for any reason the disclaimers or exclusion of liability contained in this clause 12 cannot be relied upon by Crossware or any other party referred to in this clause due to mandatory laws in other jurisdictions, then the sole and exclusive remedy for the breach of any implied warranty or condition shall be at Crossware’s sole discretion:
(a) Re-supplying the Service again,
(b)Refunding you 10% of the total amount actually received by Crossware in respect of Fees for the Service in the 12 month period immediately preceding the month in which liability arises; or
(c) Terminating your registration and/or these Terms.
10.5 - Our total aggregate liability to you or anyone else using the Service in respect of any one incident or series of connected incidents, for damages, losses, and causes of action (whether in contract, tort, including negligence, under statute or otherwise), will not exceed the total Fees actually paid by you to us in the 12 months preceding the month in which the liability arises.
11. Force Majeure
11.1 - Crossware will have no liability to you under these Terms if it is prevented from or delayed in performing its obligations under these Terms or from carrying on its business by acts, events, omissions or accidents beyond its reasonable control provided that you are notified of such an event as soon as reasonably practicable and its expected duration.
12. Indemnification
12.1 - At your own expense, you shall indemnify, defend, and hold harmless Crossware, its affiliates and licensors, and their directors, officers, trustees, shareholders, employees, agents, successors and assigns from and against any and all claims, expenses, losses, damages, costs, liabilities and judgments, including without limitation reasonable attorneys’ fees and expenses, arising out of or relating to any claim resulting from or related to:
(a) any use by you of Crossware Email Signature other than as expressly allowed by these Terms or in a manner inconsistent with any accompanying documentation;
(b) any breach of these Terms (including for the avoidance of doubt the Appendix) by you;
(c) any violation of applicable law by you, your directors, officers, trustees, shareholders, employees, affiliates, subsidiaries, agents, successors and assigns;
(d) non-payment of any Fees when they become due;
(e) any Information and data provided by you;
(f) your use the Service;
(g) any infringement by you of the rights of any other person.
13. Termination
13.1 - These Terms (including the license to use and access the Service) commences upon the earlier of accessing the Service or your acceptance of these Terms or you have registered to use the Service and shall continue for the Term until terminated in accordance with these Terms.
13.2 - Either party may terminate these Terms by giving three months’ prior notice in writing to take effect by the end of the current Term. In the absence of such notice in due time, the Term shall be renewed for a further one year period and you agree to pay in advance Crossware’s then current Fees applicable for the further Term, and the number of Authorised Users or mail boxes.
13.3 - Crossware may immediately suspend your access to the Service or access to the Information or terminate your registration to use the Service:
(a) if you breach any of these Terms,
(b) if payment of any Fees are more than 10 working days overdue,
(c) if we think that you have misused the Service,
(d) if your registration information is, or we think that it is, untrue, incomplete or not current, or
(e) if you are or become insolvent or bankrupt, or if you make an assignment for the benefit of or enter into or make any arrangement or composition for the benefit of your creditors, or if you go into receivership or have a receiver, trustee and manager (or any of them) (including a statutory manager) appointed in respect of all or any of your property.
13.4 - Upon termination, all licenses granted under these Terms will end and you may not use or access the Service; and you shall immediately discontinue any and all use of Crossware Email Signature.
13.5 - Crossware shall cease providing the Service; and
13.6 - On termination you will remain liable for any accrued Fees which become due for payment before or after termination.
13.7 - On suspension or termination of your registration, and/or these Terms, Crossware will not provide any refund for any remaining prepaid period for a prepaid subscription for the period of the suspension, or following termination.
13.8 - All provisions of this License that by their nature are intended to survive the expiration of the License granted hereunder shall survive and remain in full force and effect.
14. Data Protection
14.1 - The parties will comply with their respective obligations as set out in the DPA.
15. Linking
15.1 - We have not reviewed and are not responsible for any content linked to our Service. You may not link to our Service (including framing, altering its content, re-branding content, or using metatags or hidden text techniques) without our written consent.
16. Notices
16.1 - Any notice given under these Terms by either party to the other must be in writing by email and will be deemed to have been given on transmission. Notices to Crossware must be sent to sales@crossware365.com or to any other email address notified by email to you by Crossware. Notices to you will be sent to the email address which you provided when setting up your access to the Service.
17. Jurisdiction
17.1 - These Terms and the Service are governed by New Zealand law and the parties submit to the non-exclusive jurisdiction of the courts of New Zealand.
18. Dispute Resolution
18.1 - If any dispute arises in relation to these Terms, any party may notify the other in writing of the dispute and request resolution. The parties will then try to resolve the dispute by negotiation, mediation or other alternative resolution techniques. If the dispute is not resolved within 14 days of the date of receipt of the notice any party may refer it to be finally resolved by arbitration under the Arbitration Act 1996 (NZ). The arbitration will be held in Auckland.
19. General
19.1 - Crossware Email Signature operated on the Service, including, without limitation, the information included in its accompanying distributable files, data and materials and any related activation code and registration code files or information, and the know-how embodied in Crossware Email Signature, is confidential and trade secret information and subject to copyright (the “Proprietary Information”) that is proprietary to and solely owned by or Licensed to Crossware, together with all related trademarks and other intellectual property rights relating thereto. You agree to maintain the Proprietary Information in strictest confidence for the benefit of Crossware and its licensors. You shall not sell, assign, License, publish, display, distribute, disclose, or otherwise make available or allow to be made available the Proprietary Information, to any third party nor use such Proprietary Information except as authorized by these Terms.
19.2 - The obligations under this paragraph shall survive any termination or cancellation of these Terms.
19.3 - These Terms are the complete statement of the agreement between the parties on the subject matter, and merges and supersedes all other or prior understandings, purchase orders, agreements, and arrangements.
19.4 - There are no third-party beneficiaries of any promises, obligations, or representations made by Crossware herein.
19.5 - Your rights and obligations under the Terms may not be assigned, transferred or otherwise disposed of in any way by you. We may assign any or all of our rights and obligations under these Terms to any person.
19.6 - Any waiver by Crossware of any violation of these Terms by you shall not constitute, nor contribute to, a waiver by Crossware of any other or future violation by you of the same provision, or any other provision, of these Terms.
19.7 - You acknowledge and agree that monetary damages alone would not be an adequate remedy in the event of a material breach by you of your obligations or agreements under these Terms and that, in such event, Crossware or any of its affiliates shall be entitled to injunctive relief to require you to comply with its obligations hereunder.
19.8 - Any remedy available under these Terms shall be cumulative and not exclusive of any other remedy available to Crossware or any of its affiliates under these Terms, at law or in equity.
19.9 - If any part of these Terms or the application thereof to any person or circumstance are for any reason held invalid or unenforceable, it shall be deemed severable, and the validity of the remainder of these Terms, or the applications of such provision to other persons or circumstances, shall not be affected thereby.
19.10 - You will keep accurate business records sufficient to allow Crossware Limited to verify on request that your use of the Services complies with these Terms.
20. Definitions
Unless the context otherwise requires, the following expressions shall have the following meanings:
"Authorised Users" is a unit of measure by which the Service is licensed. Authorised Users are unique persons or a shared mail boxes for which their email has been configured to use Crossware Email Signature.
"Fees" means the fees (excluding any taxes and duties) payable by You to use the Service as set out in the Invoice, and subject to change from time to time on prior notice to you;
"Confidential Information" means the confidential information relating to the subject matter of this agreement and includes:
(i) confidential information relating to the design, specification and content of the Service;
(ii) information relating to your and Crossware’s business processes and methods;
(iii) confidential information relating to the Information; and
(iv) information relating to the terms upon which the Service is provided to you.
"Crossware", "us", "our" or "we" means Crossware Limited;
“Crossware Email Signature " means Crossware’s proprietary software that modifies your email and appends signatures according to your signature configuration and business rules and may be interchangeably be referred to as Crossware Email Signature or Crossware Mail Signature;
“DPA” means the Data Protection Appendix to these Terms annexed in the Schedule;
"Information" means any data, in any format, document, email, information including MX Record entered, scanned, transmitted or uploaded to the Service or otherwise provided to Crossware by you or on your behalf for the purpose of using the Service;
“Intellectual Property Rights” mean all intellectual property rights including without limitation:
(i) patents, trademarks, copyright, registered designs, trade names, symbols and logos; and
(ii) tools, templates, techniques, computer program code, trade secrets, information or logical sequences (whether or not reduced to writing or other machine or human readable form);
"Invoice" the actual invoice for the Term of the Service issued by Crossware;
“MX Record” means your resource record in the Domain Name System that specifies the mail server responsible for accepting email messages on behalf of your domain;
“Provisioning Form” means the quote, order form, invoice or other proposal setting out the Fees, Term and other information relating to the Service to be provided by Crossware and accepted by you.
“SLSA” means the Crossware Email Signature Service Level and Support Agreement available at www.crossware.co.nz/cms-o365-slsagreement.
“Service” means the Crossware Email Signature service, add in or application (as the case maybe);
“Term” means the term you have agreed to subscribe to the Service and in the absence of any agreed duration, shall be for a period of 1 year;
“Third-Party Systems” means Microsoft 365®, Microsoft Exchange, Microsoft Exchange On-Line®, Google Workspace, HCL Domino, and any other third-party system or service required for the operation of Crossware Email Signature.
"User ID" means your user name and your pertinent user details;
”working day” means any day other than a Saturday, Sunday or public holiday in New Zealand;
"you" and "your" means the business entity registered to use the Services and any person or entity authorised by you or on your behalf to use the Service from time to time.
Appendix – Data Protection Appendix (DPA)
1. Appointment and role of Crossware
1.1 - You appoint Crossware to Process Your Personal Data on your behalf as is necessary for Crossware to provide the Service to you.
1.2 - Crossware and you agree that for the purposes of these Terms and Crossware's Processing of Your Personal Data in connection with the Service, you are the Data Controller and Crossware (and each permitted subcontractor or third party under these Terms) is a Data Processor.
2. Details of Processing
2.1 - Processing of Your Personal Data by Crossware under these Terms shall be for the subject-matter, duration, nature and purpose, and the type of Personal Data and categories of Data Subjects, set out in these Terms.
2.2 - Your obligations and rights as Data Controller are as set out in these Terms.
3. Complying with Data Protection Laws
3.1 - You authorise Crossware to access Your Personal Data (including your directory of users held within the Third-Party Systems environment) for the purpose of providing the Service to you.
3.2 - Crossware shall in all cases Process Your Personal Data in compliance with Data Protection Laws
3.3 - Crossware shall not cause itself, nor shall it cause another Data Processor, to breach Data Protection Laws.
3.4 - Crossware shall procure that any other Data Processor that it engages which has access to or otherwise Processes Your Personal Data shall comply with Crossware’s obligations under these Terms.
4. Acting on controller's documented instructions
4.1 - Crossware shall Process Your Personal Data only on your documented instructions or, following Crossware’s prior notification to you, except where mandatory applicable law prohibits such notification on important public interest grounds, otherwise as necessary to perform its obligations under these Terms or as required by law applicable to Crossware. Crossware shall promptly notify you if in Crossware's reasonable opinion any of your instructions infringes Data Protection Law, with such notification to include an explanation of why Crossware has formed such an opinion.
5. Ensuring employee confidentiality
5.1 - Crossware shall ensure:
(a) the reliability of any person acting under its authority who may have access to, or who processes, Your Personal Data;
(b) that any such person is subject to appropriate binding obligations of confidentiality and at all times acts in compliance with Data Protection Law and the data protection obligations under these Terms; and
(c) that such a person receives regular and appropriate training on the same.
6. Implementation of appropriate technical and organisational measures
6.1 - Crossware shall implement all appropriate technical and organisational measures:
(a)such that any Processing shall meet the requirements of Data Protection Laws and ensure the protection of the rights of Data Subjects; and
(b) to ensure the security of Your Personal Data, including protection against unauthorised or unlawful Processing (including without limitation unauthorised or unlawful disclosure of, access to, or alteration of Your Personal Data) and against accidental loss or destruct ion of, or damage to, it.
6.2 - Crossware shall ensure that the Security Measures are the minimum security standards (or materially similar security standards) governing Crossware's Processing of Your Personal Data as further outlined in the Schedule.
7. Data breach notification and assistance
7.1 - Crossware shall notify you in writing without delay if it becomes aware of or suspects any unauthorised or unlawful Processing, disclosure of, or access to, Your Personal Data or any accidental or unlawful destruction of, loss of, alteration to, or corruption of, Your Personal Data ("Data Breach"), and provide you, as soon as possible, with such information relating to the Data Breach as you require to report the Data Breach to the competent Supervisory Authority or to communicate the Data Breach to affected Data Subjects. Such information shall include, without limitation, the nature of the Data Breach, the nature of the Personal Data affected, the categories and number of Data Subjects concerned, the number of Personal Data records concerned, measures taken to address the Data Breach and the possible consequences and adverse effect of the Data Breach.
7.2 - Crossware shall maintain a log of Data Breaches, including facts, effects and remedial action taken.
7.3 - Crossware, at its own cost, shall take all steps to restore, re-constitute or reconstruct any of Your Personal Data which is lost, damaged, destroyed, altered, corrupted as a result of a Data Breach, with all possible speed and as if it were the Crossware's own data, and shall provide you with all reasonable assistance in respect of any such Data Breach. Crossware shall also provide all reasonable assistance to you in this regard in relation to your compliance with applicable Data Protection Law.
8. Assisting controller with Privacy Impact Assessments and prior consultations
8.1 - Crossware shall notify you prior to adopting a new or updated type of Processing (including, without limitation, the use of new technology to continue current Processing) in respect of Your Personal Data, and at your request Crossware shall participate in a data protection impact assessment in respect of the new or updated type of Processing which is being proposed by Crossware or you. To the extent applicable, Crossware shall provide assistance to you in consulting with Supervisory Authorities in relation to any high-risk Processing, as reasonably required from time to time by you.
9. Subcontracting
9.1 - You authorise Crossware to engage another Data Processor to perform Processing activities in respect of Your Personal Data on your behalf (“Crossware Data Processor”), or transfer or disclose any of Your Personal Data to any other party, only as is necessary for the provision of the Service. In such circumstances Crossware shall:
(a) request consent from you in writing in advance should this be a party outside of Crossware's group and at the conclusion of such engagement, transfer or disclosure; and
(b)comply with these Terms in connection with the engagement of the Crossware Data Processor.
9.2 - For the purpose of clause 9.1 of this Appendix, you give your consent to any Third-Party Systems performing Processing activities in respect of Your Personal Data on your behalf in order for us to provide the Service to you, and accordingly you acknowledge and agree that the Third-Party Systems are a Crossware Data Processor under this Appendix (to the extent applicable).
9.3 - In any case where Crossware is authorised to act pursuant to clause 9.1 of this Appendix, Crossware shall enter into a written agreement ("Processor Contract") with such Crossware Data Processor containing obligations that are equivalent to and no less onerous than those set out in these Terms (including the obligations in relation to engaging another Data Processor)
9.4 - Crossware shall remain fully liable to Subscriber for any non-compliance with the terms of these Terms by any Crossware Data Processor.
10. Transferring data outside the EEA
10.1 - This clause 10 applies to the extent that any of Your Personal Data is accessed by Crossware in any country or territory within the European Economic Area.
10.2 - Subject to clause 10.1 of this Appendix, Crossware shall not, and shall procure that any Crossware Data Processor shall not, transfer any of Your Personal Data to any country or territory outside the European Economic Area or to any international organisations ("International Recipient"), except within the environment of Third-Party Systems and their datacentre regions as specified by the applicable Third-Party Systems provider, without first obtaining your express written consent, if you consent to the transfer of Your Personal Data to an International Recipient, Crossware shall ensure that such transfer and any onward transfer to any recipient thereafter:
(a) is under a written contract including equivalent obligations relating to security and confidentiality of Your Personal Data;
(b) is affected by way of a legally enforceable mechanism for transfers of Personal Data as may be permitted under Data Protection Laws from time to time (the form and content of which shall be subject to your prior written approval);
(c) complies with Clause 4 of this Appendix; and
(d) otherwise complies with Data Protection Laws.
10.3 - For the purpose of clause 10.2 of this Appendix, you approve the use of Standard Contractual Clauses as a legally enforceable mechanism for transfers of Personal Data and provide a power of attorney for Crossware to enter into any such Standard Contractual Clauses with an International Recipient in the name and on behalf of you as the Data Exporter provided that Crossware shall not modify, vary, supplement or disapply any of the Standard Contractual Clauses or its Appendices without your prior written approval.
11. Assisting controller with handling Data Subject rights requests
11.1 - Crossware shall, insofar as is possible, implement appropriate technical and organisational measures to provide you with prompt co-operation and assistance in responding to any request to exercise Data Subject rights under Data Protection Laws (including access requests) received by, or on behalf of, or in connection with you or these Terms, including to ensure that all such requests it receives are recorded and then referred to you.
12. Deleting or returning of Your Personal Data
12.1 - Crossware shall promptly:
(a) on termination of these Terms, for whatever reason;
(b) after the end of the provision of the relevant Service related to Processing; or
(c) if earlier, as soon as Processing by Crossware of any of Your Personal Data is no longer required for Crossware 's performance of its obligations under these Terms, cease all use of such Personal Data and shall either securely destroy all such Personal Data or securely transfer all such Personal Data to you or a nominated third party, and securely delete existing copies (unless storage of any data is required by applicable law, and if so Crossware shall notify you of this).
13. Providing records, information and assistance
13.1 - Crossware shall maintain complete, accurate and up to date written records of all categories of Processing activities containing such information as is required under Data Protection Laws and any other information that you reasonably require ("Processing Records"), and shall make available to you on request in a timely manner such information, including the Processing Records, as is reasonably required by you to demonstrate compliance by you with your obligations under Data Protection Laws and these Terms, which you may disclose to the Supervisory Authority or any other relevant regulatory authority.
13.2 - Crossware shall permit you, or a third-party reputable auditor acting under your direction, to conduct, at your cost, data privacy and security audits, assessments and inspections concerning Crossware's data security and privacy procedures relating to the Processing of Your Personal Data, and its compliance with these Terms and Data Protection Laws.
13.3 - Crossware shall provide you with such assistance and co-operation as you may reasonably request to enable you to comply with any obligations imposed on you by Data Protection Laws, including, but not limited to:
(a) on your request, promptly providing written information regarding the technical and organisational measures which Crossware has implemented to safeguard Your Personal Data and the security of processing;
(b) promptly providing such information and cooperation as you may reasonably require for the purpose of assisting you to carry out a Privacy Impact Assessment;
(c) disclosing full and relevant details in respect of any and all government, law enforcement or other access protocols or controls which it has implemented; and
(d) notifying you as soon as possible and as far as it is legally permitted to do so, of any access request for disclosure of data which concerns Your Personal Data (or any part thereof) by any governmental or other regulatory authority, or by a court or other authority of competent jurisdiction. For the avoidance of doubt and as far as it is legally permitted to do so, Crossware shall not disclose or release any of Your Personal Data in response to such request served on it without first consulting with and obtaining your written consent.
14. Informing controller of complaints and enquiries
14.1 - Crossware shall inform you as soon as reasonably possible of any enquiry, complaint, notice or other communication in connection with the Service or your or Crossware's compliance with Data Protection Laws from any Supervisory Authority or any Data Subject, which Crossware or the third parties appointed by Crossware receives. Crossware shall provide all necessary assistance to you to enable you to promptly respond to such enquiries, complaints, notices or other communications and to comply with Data Protection Laws. For the avoidance of doubt, Crossware shall not respond to any such enquiry, complaint, notice or other communication relating to the Service or your compliance with Data Protection Laws without your prior written consent.
15. Definitions and interpretation
For the purpose of this Appendix, the following words and phrases shall have the following meaning unless the context otherwise requires:
"Data Controller" (or "controller"), "Data Processor" (or "processor"), "Data Subject", "Personal Data", "Processing" and "Sensitive Personal Data" (or "special categories of personal data") all have the meanings given to those terms in Data Protection Laws (and related terms such as "Process" have corresponding meanings).
"Data Exporter" has the meaning set out in the Standard Contractual Clauses.
"Data Protection Laws" means all laws, regulations, legislative and regulatory requirements and codes of practice applicable to the Processing, privacy, and use of Personal Data, as applicable to you, Crossware or the Service (including to the extent applicable and without limitation, Directive 95/46/EC of the European Parliament and of the Council of October 24 1995 and any successor legislation (including the General Data Protection Regulation (EU) 2016/679), the guidance, directions, determinations, codes of practice, circulars, orders , notices or demands issued by any Supervisory Authority, and any applicable national, international, regional, municipal or other data privacy and data protection laws, standards or regulations in any territory in which the Service is provided or which are otherwise applicable.
"Standard Contractual Clauses" means the standard contractual clauses set forth in EU Commission Decision 2010/87/EU of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC as may be amended or superseded from time to time;
"Security Measures" means your security policies and measures (including IT policies and measures) for the protection of Personal Data issued to Crossware by you from time to time which as at the date of these Terms are as specified in the Schedule.
"Supervisory Authority" means any competent data protection or privacy authority in any jurisdiction in which you or Crossware is established, Crossware provides the Service, or in which Crossware Processes Your Personal Data.
"Your Personal Data" or "Personal Data" means all Personal Data, in whatever form or medium which is: (i) supplied, or in respect of which access is granted to Crossware (or any approved third party) whether by you or otherwise in connection with these Terms, or (ii) produced or generated by or on behalf of Crossware (or any approved third party) in connection with these Terms, including as set out in the Schedule.
Schedule: Technical and Organisational Security Measures
1. Technical and organisational security measures
1.1 - Crossware shall adhere to or exceed the following standard or a materially similar standard:
(a) Encryption of personal data in transit to at least Transport Layer Security (TLS) v1.2 with no TLS version. Fall-back options enabled.
(b) Segregation of Personal Data from other networks.
(c) Access control and multi-factor user authentication with access rights being subject to an internal audit at least quarterly. All system access is role based and follows the principle of least privilege.
(d) Employee training on information security. This includes new starter induction training, annual information security refresher courses and ad-hoc information security notifications when new threats emerge.
(e) Documented information security policies and procedures. These are reviewed at least annually or when new threats emerge.
(f) Vulnerability tests are performed quarterly (this may be an internal function). External penetration tests are performed at least annually and are performed by an accredited external Penetration Test company.
(g) Parameter firewalls. The development, staging and production environments are both physically and virtually separated ensuring that code cannot be deployed to the production environment in error.
(h) Backing up of data. All data follows a regular backup process and data is recoverable in a timely manner following any system issues
(i) Commercial grade anti-virus protection on all computers. All computers are protected by commercial grade anti-virus. Virus definitions are updated at least daily and full scans occur at least once per week
(j) All staff under duty of confidence. All staff are subject to both a confidentiality clause in their employment contract or services contract and a confidentiality policy.
