Terms and Conditions
1. ABOUT US
1.1 Company details. Test Partnership (company number 08020351) (we and us) is a company registered in England and Wales and our registered office is at 108 Waverley Road, St Albans, AL3 5TH, United Kingdom. Our VAT number is 223214555.
2. OUR AGREEMENT WITH YOU
2.1 Our Agreement. These terms and conditions (Terms) apply to the order by you and supply of Services by us to you (Contract). They apply to the exclusion of any other terms that you seek to impose or incorporate, or which are implied by trade, custom, practice or course of dealing.
2.2 Change. This version was last updated on 7 February 2020 and historic versions can be obtained by contacting us. We may make commercially reasonable changes to this Contract from time to time. If we make material changes to it, we will give you reasonable notice of the changes by emailing you and these shall be deemed to have been accepted by you and will be effective 30 calendar days from the date of notice for all subsequent orders unless we agree otherwise in writing.
2.3 Entire agreement. The Contract is the entire agreement between you and us in relation to its subject matter. You acknowledge that you have not relied on any statement, promise or representation or assurance or warranty that is not set out in the Contract.
2.4 Language. These Terms and the Contract are made only in the English language.
3. PLACING AN ORDER AND ITS ACCEPTANCE
3.1 Placing your order. Please follow the onscreen prompts to place an order. You may submit an order by using the method set out on www.tptests.com and www.testpartnership.com (together Our Websites) or by emailing us at email@example.com. Each order is an offer by you to buy the services specified in the order (Services) subject to these Terms.
3.2 Correcting input errors. Our order process allows you to check and amend any errors before submitting your order to us. Please check the order carefully before confirming it. You are responsible for ensuring that your order is complete and accurate.
3.4 Accepting your order. Our acceptance of your order takes place when we send a transaction receipt email to you to accept it (Order Confirmation), at which point and on which date (Commencement Date) the Contract between you and us will come into existence. The Contract will relate only to those Services confirmed in the Order Confirmation.
3.5 If we cannot accept your order. If we are unable to supply you with the Services for any reason, we will inform you of this by email and we will not process your order. If you have already paid for the Services, we will refund you the full amount.
4. CANCELLING YOUR ORDER AND OBTAINING A REFUND
4.1 You may cancel the order and receive a refund, if you notify us as set out in Clause 4.2 within 30 days of your receipt of the Order Confirmation. You cannot cancel orders that have been completed, even if the 30-day period is still running.
4.2 To cancel the order, you must contact us by email at firstname.lastname@example.org setting our your request for cancellation. We will email you to confirm we have received your cancellation.
4.3 If you cancel the order we will refund you in full for the price you paid for the Services by the method you used for payment. We may deduct from any refund an amount for the supply of the Services already delivered.
5. OUR SERVICES
5.1 Compliance with specification. Subject to our right to amend the specification (see Clause 5.2) we will supply the Services to you in accordance with the specification for the Services appearing on Our Websites at the date of your order in all material respects.
5.2 Changes to specification. We reserve the right to amend the specification of the Services if required by any applicable statutory or regulatory requirement or if the amendment will not materially affect the nature or quality of the Services.
5.4 Reasonable care and skill. We warrant to you that the Services will be provided using reasonable care and skill.
6. YOUR OBLIGATIONS
6.1 It is your responsibility to ensure that:
(a) the terms of your order are complete and accurate;
(b) you provide us with such information and materials we may reasonably require in order to supply the Services, and ensure that such information is complete and accurate in all material respects;
(c) you comply with all applicable laws, including the Equality Act 2010 and General Data Protection Regulation ((EU) 2016/679)
(d) you do not copy, reproduce, modify or adapt, translate, disassemble, reverse engineer, create derivative works from, republish, display, transmit, or distribute all or any portion of the Services in any form or media or by any means, except as permitted in accordance with the Contract;
(e) you do not make recruitment or employment decisions solely based on your use of the Services; it is good practice to combine multiple assessments, interviews, and other criteria to form balanced employment decisions;
(f) you do not interfere with the security of, or disrupt or otherwise cause harm to the Services, or its system resources;
(g) you do not act as a reseller of our Services to any third party, unless given express prior permission by us in accordance with a separate reseller agreement;
(h) In any event, unless agreed in writing with us, you will not assess more than 10,000 candidates per calendar year.
6.2 If our ability to perform the Services is prevented or delayed by any failure by you to fulfill any obligation listed in Clause 6.1 (Your Default):
(a) we will be entitled to suspend performance of the Services until you remedy Your Default, and to rely on Your Default to relieve us from the performance of the Services, in each case to the extent Your Default prevents or delays performance of the Services. In certain circumstances Your Default may entitle us to terminate the Contract under Clause 15 (Termination);
(b) we will not be responsible for any costs or losses you sustain or incur arising directly or indirectly from our failure or delay to perform the Services; and
(c) it will be your responsibility to reimburse us on written demand for any costs or losses we sustain or incur arising directly or indirectly from Your Default.
8.1 In consideration of us providing the Services you must pay our charges (Charges) in accordance with this Clause 8.
8.2 The Charges are the prices quoted in Appendix A.
8.3 Our Charges may change from time to time, but changes will not affect any order you have already placed.
8.4 Our Charges are, unless otherwise stated, exclusive of VAT. Where VAT is payable in respect of some or all of the Services you must pay us such additional amounts in respect of VAT, at the applicable rate, at the same time as you pay the Charges.
9. HOW TO PAY
9.1 Payment for the Services is in advance. You can pay for the Services using a debit card or credit card, or bank transfer.
9.2 We will send you an electronic receipt of payment within seven days of us receiving the cleared funds.
9.3 If you fail to make a payment under the Contract by the due date, then, without limiting our remedies under Clause 15 (Termination), you will have to pay interest on the overdue sum from the due date until payment of the overdue sum, whether before or after judgment. Interest under this Clause 9.4 will accrue each day at 4% a year above the Bank of England’s base rate from time to time, but at 4% a year for any period when that base rate is below 0%.
11. INTELLECTUAL PROPERTY RIGHTS
11.1 All intellectual property rights in or arising out of or in connection with the Services (other than intellectual property rights in any materials provided by you) will be owned by us.
12. DATA PROTECTION
12.1 Details of how we will process personal information are set out in our Privacy Notice (https://www.testpartnership.com/privacy.html)
12.2 The terms on which we will process personal data are detailed in Appendix B. In accordance with Appendix B you agree that we will delete candidate data after 24 months, or within twenty business days of receiving from you or the candidate a request to delete candidate data, whichever is the sooner.
13. LIMITATION OF LIABILITY
13.1 Nothing in the Contract limits or excludes our liability for:
(a) death or personal injury caused by our negligence, or the negligence of our employees, agents or subcontractors;
(b) fraud or fraudulent misrepresentation; or
(c) breach of the terms implied by section 2 of the Supply of Goods and Services Act 1982 (title and quiet possession) or any other liability which cannot be limited or excluded by applicable law.
13.2 Subject to Clause 13.1, we will not be liable to you, whether in contract, tort (including negligence), for breach of statutory duty, or otherwise, arising under or in connection with the Contract for:
(a) loss of profits;
(b) loss of sales or business;
(c) loss of agreements or contracts;
(e) loss of use or corruption of software, data or information;
(f) loss of or damage to goodwill; and
(g) any indirect or consequential loss.
13.3 We are not responsible for any recruitment or employment decision made by you or for any other decision made by you connected with your use of the Services. We will not be liable for any claims made against you or against us relating to recruitment or selection decisions made by you resulting from the use of the Services.
13.4 Subject to Clause 13.1, our total liability to you arising under or in connection with the Contract, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, will be limited to 100% of the total Charges paid under the Contract during the 12 months immediately preceding the date on which the claim arose.
13.5 Except as expressly stated in these Terms, we do not give any representations, warranties or undertakings in relation to the Services. Any representation, condition or warranty which might be implied or incorporated into these Terms by statute, by common law or otherwise are, to the fullest extent permitted by law, excluded from the Contract.
13.6 This Clause 13 will survive termination of the Contract.
14.1 Each of us may only use the other’s confidential information for the purpose of fulfilling our respective obligations under the Contract.
14.2 Each party agrees that it shall keep any non-public information that it receives from the other party strictly confidential and shall not disclose it to a third party unless (a) it is required to by a legal or regulatory authority or (b) has the prior written consent of the disclosing party.
15.1 Without limiting any of our other rights, we may suspend the performance of the Services, or terminate the Contract with immediate effect by giving written notice to you if:
(a) you commit a material breach of any term of the Contract and (if such a breach is remediable) fail to remedy that breach within 5 days of you being notified in writing to do so;
(b) you fail to pay any amount due under the Contract on the due date for payment;
(c) you take any step or action in connection with you entering administration, provisional liquidation or any composition or arrangement with your creditors (other than in relation to a solvent restructuring), being wound up (whether voluntarily or by order of the court, unless for the purpose of a solvent restructuring), having a receiver appointed to any of your assets or ceasing to carry on business; or
(e) your financial position deteriorates to such an extent that in our opinion your capability to adequately fulfill your obligations under the Contract has been placed in jeopardy.
15.2 Either party may terminate the Contract by giving not less than 30 days prior written notice to the other.
15.3 Termination of the Contract will not affect your or our rights and remedies that have accrued as at termination.
15.4 Any provision of the Contract that expressly or by implication is intended to come into or continue in force on or after termination will remain in full force and effect.
15.5 Effect of Termination. Upon termination of the Contract for any reason:
(a) Any rights or licences granted under or pursuant to the Contract shall cease to have effect;
(b) Any provision of the Contract that expressly or by implication is intended to come into or continue in force on or after termination will remain in full force and effect; and
(c) All sums owing pursuant to the Contract shall become due.
16. EVENTS OUTSIDE OUR CONTROL
16.1 We will not be liable or responsible for any failure to perform, or delay in performance of, any of our obligations under the Contract that is caused by any act or event beyond our reasonable control (Event Outside Our Control).
16.2 If an Event Outside Our Control takes place that affects the performance of our obligations under the Contract:
(a) we will contact you as soon as reasonably possible to notify you; and
(b) our obligations under the Contract will be suspended and the time for performance of our obligations will be extended for the duration of the Event Outside Our Control. We will arrange a new date for performance of the Services with you after the Event Outside Our Control is over.
16.3 You may cancel the Contract affected by an Event Outside Our Control. To cancel please contact us. If you opt to cancel we will refund the price you have paid, less the charges reasonably and actually incurred us by in performing the Services up to the date of the occurrence of the Event Outside Our Control.
17. DATA PROTECTION
Please see Appendix B to this Contract.
18. COMMUNICATIONS BETWEEN US
18.1 When we refer to “in writing” in these Terms, this includes email.
18.2 Any notice or other communication given by one of us to the other under or in connection with the Contract must be in writing and be delivered by email.
18.3 A notice or other communication sent by email is deemed to have been received at 9.00 am the next working day after transmission.
18.4 In proving the service of any notice, it will be sufficient to prove, in the case of an email, that such email was sent to the specified email address of the addressee.
18.5 The provisions of this clause will not apply to the service of any proceedings or other documents in any legal action.
19.1 Waiver. If we do not insist that you perform any of your obligations under the Contract, or if we do not enforce our rights against you, or if we delay in doing so, that will not mean that we have waived our rights against you or that you do not have to comply with those obligations. If we do waive any rights, we will only do so in writing, and that will not mean that we will automatically waive any right related to any later default by you.
19.2 Severance. Each paragraph of these Terms operates separately. If any court or relevant authority decides that any of them is unlawful or unenforceable, the remaining paragraphs will remain in full force and effect.
19.3 Third party rights. The Contract is between you and us. No other person has any rights to enforce any of its terms.
19.4 Governing law and jurisdiction. The Contract is governed by English law and we each irrevocably agree to submit all disputes arising out of or in connection with the Contract to the exclusive jurisdiction of the English courts.
The Charges are the prices quoted on Our Websites at the time you submit your order.
Test Partnership Ltd (Provider) and the counterparty agreeing to these terms (Customer) have entered into an agreement for the supply of services (Contract) that may require the Provider to process Personal Data on behalf of the Customer.
This Test Partnership Personal Data Processing Addendum (Agreement) sets out the additional terms, requirements, and conditions on which the Provider will process Personal Data when providing services under the Contract. This Agreement will be effective, and replace any previously applicable terms relating to their subject matter (including any data processing amendment or data processing addendum relating to the Services), from the Agreement Effective Date.
If you are accepting this Agreement on behalf of Customer, you warrant that: (a) you have full legal authority to bind Customer to this Agreement; (b) you have read and understand the Agreement; and (c) you agree, on behalf of Customer, to this Agreement. If you do not have the legal authority to bind Customer, please do not accept this Agreement.
1.DEFINITIONS AND INTERPRETATION
The following definitions and rules of interpretation apply in this Agreement.
Agreement Effective Date: means the date on which Customer clicked to accept, or the parties otherwise accepted, this Agreement.
Personal Data: means any information relating to an identified or identifiable natural person that is processed by the Provider as a result of, or in connection with, the provision of the Service; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing, processes and process: either any activity that involves the use of Personal Data or as the Data Protection Legislation may otherwise define processing, processes or process; and includes any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Processing also includes transferring Personal Data to third parties.
Data Protection Legislation: all applicable privacy and data protection laws including the General Data Protection Regulation ((EU) 2016/679) and any applicable national implementing laws, regulations and secondary legislation in England and Wales relating to the processing of Personal Data and the privacy of electronic communications, as amended, replaced or updated from time to time, including the Privacy and Electronic Communications Directive (2002/58/EC) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426).
Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
Service: means the applicable services described in the Contract.
Subcontractor: means a data sub-processor or third party appointed by the data processor to process the Personal Data; and
Standard Contractual Clauses (SCC): the European Commission’s Standard Contractual Clauses for the transfer of Personal Data from the European Union to processors established in third countries, as set out in the Annex to Commission Decision 2010/87/EU.
1.2 This Agreement is subject to the terms of the Contract and is incorporated into the Contract. Interpretations and defined terms set forth in the Contract apply to the interpretation of this Agreement.
1.3 The Annexes form part of this Agreement and will have effect as if set out in full in the body of this Agreement. Any reference to this Agreement includes the Annexes and their Appendices.
1.4 A reference to writing or written includes faxes and email.
1.5 In the case of conflict or ambiguity between:
(a) any provision contained in the body of this Agreement and any provision contained in the Annexes, the provision in the body of this Agreement will prevail;
(b) the terms of any accompanying invoice or other documents annexed to this Agreement and any provision contained in the Annexes, the provision contained in the Annexes will prevail;
(c) any of the provisions of this Agreement and the provisions of the Contract, the provisions of this Agreement will prevail; and
(d) any of the provisions of this Agreement and any executed SCC, the provisions of the executed SCC will prevail.
2 PERSONAL DATA TYPES AND PROCESSING PURPOSES
2.1 The Customer and the Provider acknowledge that for the purpose of the Data Protection Legislation, the Customer is the data controller and the Provider is the data processor, except when Customer acts as a processor of Personal Data, in which case the Provider is a sub-processor.
2.2 The Customer retains control of the Personal Data and remains responsible for its compliance obligations under the applicable Data Protection Legislation, including providing any required notices and obtaining any required consents, and for the processing instructions it gives to the Provider.
2.3 Annex A describes the subject matter, duration, nature and purpose of processing and the Personal Data categories and Data Subject types in respect of which the Provider may process to fulfil the Service or any other purpose specifically identified in Annex A.
2.4 Customer agrees that, without prejudice to Provider’s obligations under section 3, Customer is solely responsible for its use of the Service, including:
(a) making appropriate use of the Services to ensure a level of security appropriate to the risk in respect of Personal Data; and
(b) securing the account authentication credentials, systems and devices Customer uses to access the Service.
3. PROVIDER’S OBLIGATIONS
3.1 By entering into this Agreement, the Customer instructs the Provider to process personal data on behalf of the Customer only in accordance with applicable law:
(a) to provide the Service and any related technical support;
(b) as further specified via Customer’s use of the Service (including in the settings and other functionality of the Services);
(c) as documented in the form of the Contract, including this Agreement; and
(d) as further documented in any other written instructions given by Customer and acknowledged by Provider as constituting instructions for the purposes of this Agreement.
The Provider will not process the Personal Data for any other purpose or in a way that does not comply with this Agreement or the Data Protection Legislation. The Provider must promptly notify the Customer if, in its opinion, the Customer’s instruction would not comply with the Data Protection Legislation.
3.2 The Provider will comply with the instructions described in section 3.1 (Customer’s Instructions) unless EU or EU Member State law to which Provider is subject requires other processing of Personal Data by Provider, in which case Provider will inform Customer (unless that law prohibits Provider from doing so on important grounds of public interest).
3.3 The Provider must promptly comply with any Customer request or instruction requiring the Provider to amend, transfer, delete or otherwise process the Personal Data, or to stop, mitigate or remedy any unauthorised processing.
3.4 The Provider will maintain the confidentiality of all Personal Data and will not disclose Personal Data to third parties unless the Customer or this Agreement specifically authorises the disclosure, disclosure of Personal Data to an approved subcontractor is necessary for the provision of services described in Annex A, or as required by law. If a law, court, regulator or supervisory authority requires the Provider to process or disclose Personal Data, the Provider must first inform the Customer of the legal or regulatory requirement and give the Customer an opportunity to object or challenge the requirement, unless the law prohibits such notice.
3.5 The Provider will reasonably assist the Customer with meeting the Customer’s compliance obligations under the Data Protection Legislation, taking into account the nature of the Provider’s processing and the information available to the Provider, including in relation to Data Subject rights, data protection impact assessments and reporting to and consulting with supervisory authorities under the Data Protection Legislation.
3.6 The Provider must promptly notify the Customer upon becoming aware of any changes to Data Protection Legislation that may adversely affect the Provider’s performance of the Contract.
4. PROVIDER’S EMPLOYEES
4.1 The Provider will ensure that all employees:
(a) are informed of the confidential nature of the Personal Data and use restrictions in respect of the Personal Data;
(b) have undertaken training on the Data Protection Legislation relating to handling Personal Data and how it applies to their particular duties;
(c) are aware both of the Provider’s duties and their personal duties and obligations under the Data Protection Legislation and this Agreement; and
(d) have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
5.1 The Provider must at all times implement appropriate technical and organisational measures against unauthorised or unlawful processing, access, disclosure, copying, modification, storage, reproduction, display or distribution of Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage of Personal Data including, but not limited to, the security measures set out in Annex B.
5.2 The Provider will take reasonable steps to implement such measures to ensure a level of security appropriate to the risk involved, including as appropriate:
(a) where possible the pseudonymisation or anonymisation; and encryption of personal data;
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
(d) a process for testing, assessing, and evaluating the effectiveness of security measures.
6. PERSONAL DATA BREACH
6.1 The Provider, during Working Hours, will promptly and without undue delay notify the Customer if it becomes aware of:
(a) any accidental, unauthorised or unlawful processing of the Personal Data; or
(b) any Personal Data Breach.
6.2 Where the Provider becomes aware of (a) and/or (b) above, it shall, without undue delay, also provide the Customer with the following information:
(a) description of the nature of (a) and/or (b), including the categories and approximate number of both Data Subjects and Personal Data records concerned;
(b) the likely consequences; and
(c) description of the measures taken or proposed to be taken to address (a) and/or (b), including measures to mitigate its possible adverse effects.
6.3 Immediately following either party’s awareness of any unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties will co-ordinate with each other to investigate the matter. The Provider will reasonably co-operate with the Customer in the Customer’s handling of the matter, including:
(a) assisting with any investigation;
(b) providing the Customer with physical access to any facilities and operations affected;
(c) facilitating interviews with the Provider’s employees, former employees and others involved in the matter;
(d) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by the Customer; and
(e) taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach or unlawful Personal Data processing.
6.4 The Provider will not inform any third party of any Personal Data Breach without first obtaining the Customer’s prior written consent, except when required to do so by law.
6.5 The Provider agrees that the Customer has the sole right to determine:
(a) whether to provide notice of the Personal Data Breach to any Data Subjects, supervisory authorities, regulators, law enforcement agencies or others, as required by law or regulation or in the Customer’s discretion, including the contents and delivery method of the notice; and
(b) whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy.
7. CROSS-BORDER TRANSFERS OF PERSONAL DATA
7.1 The Provider or any subcontractor must not transfer or otherwise process Personal Data outside the European Economic Area (EEA) unless the transfer or processing is conducted with one of the approved subcontractors listed in Annex A, or unless the Provider obtains the Customer’s prior written consent.
7.2 If any Personal Data transfer between the Customer and the Provider requires execution of SCC in order to comply with the Data Protection Legislation, the parties will complete all relevant details in, and execute, the SCC and take all other actions required to legitimise the transfer.
8.1 The Provider may authorise a third party to process the Personal Data provided:
(a) the Customer is provided with an opportunity to object to the appointment of each subcontractor within 30 days after the Customer requests and Provider supplies the Customer with full details regarding such subcontractor; and
(b) the Provider maintains control over all Personal Data it entrusts to the subcontractor; and
(c) the Provider enters into a written contract with the subcontractor which imposes the same obligations on the subcontractor as are imposed on the Provider under this Agreement.
8.2 Those subcontractors approved as at the commencement of this Agreement are as set out in Annex A.
8.3 Where the subcontractor fails to fulfil its obligations under such written agreement, the Provider remains liable to the Customer for the subcontractor’s performance of its agreement obligations.
8.4 The Parties consider the Provider to control any Personal Data controlled by or in the possession of its subcontractors.
8.5 On the Customer’s written request and at the Customer’s expense, the Provider will audit a subcontractor’s compliance with its obligations regarding the Customer’s Personal Data and provide the Customer with the audit results.
9. COMPLAINTS, DATA SUBJECT REQUESTS AND THIRD PARTY RIGHTS
9.1 The Provider must take such technical and organisational measures as may be appropriate, and promptly provide such information to the Customer as the Customer may reasonably require, to enable the Customer to comply with:
(a) the rights of Data Subjects under the Data Protection Legislation, including subject access rights, the rights to rectify and erase personal data, object to the processing and automated processing of personal data, and restrict the processing of personal data; and
(b) information or assessment notices served on the Customer by any supervisory authority under the Data Protection Legislation.
9.2 The Provider must notify the Customer promptly during Working Hours if it receives any complaint, notice or communication that relates directly or indirectly to the processing of the Personal Data or to either party’s compliance with the Data Protection Legislation.
9.3 The Provider must notify the Customer promptly during Working Hours if it receives a request from a Data Subject for access to their Personal Data or to exercise any of their related rights under the Data Protection Legislation.
9.4 The Provider will give the Customer its full co-operation and assistance as reasonably required in responding to any complaint, notice, communication or Data Subject request.
9.5 The Provider must not disclose the Personal Data to any Data Subject or to a third party other than at the Customer’s request or instruction, as provided for in this Agreement or as required by law.
10. TERM AND TERMINATION
10.1 This Agreement will remain in full force and effect so long as:
(a) the Contract remains in effect, or
(b) the Provider retains any Personal Data related to the Contract in its possession or control (Term).
10.2 Any provision of this Agreement that expressly or by implication should come into or continue in force on or after termination of the Contract in order to protect Personal Data will remain in full force and effect.
10.3 If a change in any Data Protection Legislation prevents either party from fulfilling all or part of its Contract obligations, the parties will suspend the processing of Personal Data until that processing complies with the new requirements. If the parties are unable to bring the Personal Data processing into compliance with the Data Protection Legislation within 90 days, they may terminate the Contract on written notice to the other party.
11. DATA RETURN AND DESTRUCTION
11.1 At the Customer’s request, the Provider will give the Customer a copy of or access to all or part of the Customer’s Personal Data in its possession or control in the format and on the media originally provided by the Customer.
11.2 On termination of the Contract for any reason or expiry of its term, the Provider will securely delete or destroy or, if directed in writing by the Customer, return and not retain, all or any Personal Data related to this Agreement in its possession or control, except for one copy that it may retain and use for 30 days for audit and/or archiving purposes only.
11.3 If any law, regulation, or government or regulatory body requires the Provider to retain any documents or materials that the Provider would otherwise be required to return or destroy, it will notify the Customer in writing of that retention requirement, giving details of the documents or materials that it must retain, the legal basis for retention, and establishing a specific timeline for destruction once the retention requirement ends.
11.4 The Provider will delete candidate data after 24 months, or within twenty business days of receiving from the Customer or the candidate a request to delete candidate data, whichever is the sooner.
12.1 The Provider will keep accurate and up-to-date written records regarding any processing of Personal Data it carries out for the Customer, including but not limited to, processing purposes, categories of processing, any transfers of personal data to a third country and related safeguards, and a general description of the technical and organisational security measures referred to in Clause 5.1 (Records).
12.2 The Provider will ensure that the Records are sufficient to enable the Customer to verify the Provider’s compliance with its obligations under this Agreement and the Provider will provide the Customer with copies of the Records upon request.
12.3 The Customer and the Provider must review the information listed in the Annexes to this Agreement once a year to confirm its current accuracy and update it when required to reflect current practices.
13.1 The Provider will permit the Customer and its third-party representatives to audit the Provider’s compliance with its Agreement obligations, on at least 25 days’ notice, during the Term. The Provider will give the Customer and its third-party representatives all necessary assistance to conduct such audits. The assistance may include, but is not limited to:
(a) physical access to, or remote electronic access to, or copies of any information relevant to the Customer held at the Provider’s premises or on systems storing Personal Data; and
(b) access to and meetings with any of the Provider’s personnel reasonably necessary to provide all explanations and perform the audit effectively.
13.2 If a Personal Data Breach occurs or is occurring, or the Provider becomes aware of a breach of any of its obligations under this Agreement or any Data Protection Legislation, the Provider will:
(a) promptly conduct its own audit to determine the cause;
(b) produce a written report that includes detailed plans to remedy any deficiencies identified by the audit;
(c) provide the Customer with a copy of the written audit report; and
(d) remedy any deficiencies identified by the audit within 25 days.
14.1 The Provider warrants and represents that:
(a) its employees, subcontractors, agents and any other person or persons accessing Personal Data on its behalf are reliable and trustworthy and have received the required training on the Data Protection Legislation relating to the Personal Data;
(b) it and anyone operating on its behalf will process the Personal Data in compliance with the Data Protection Legislation and other laws, enactments, regulations, orders, standards and other similar instruments;
(c) it has no reason to believe that the Data Protection Legislation prevents it from providing any of the Contract’s contracted services; and
(d) considering the current technology environment and implementation costs, it will take appropriate technical and organisational measures to prevent the unauthorised or unlawful processing of Personal Data and the accidental loss or destruction of, or damage to, Personal Data, and ensure a level of security appropriate to:
(i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage;
(ii) the nature of the Personal Data protected; and
(iii) comply with all applicable Data Protection Legislation and its information and security policies, including the security measures required in Clause 5.1.
14.2 The Customer warrants and represents that the Provider’s expected use of the Personal Data for providing the Service and as specifically instructed by the Customer will comply with the Data Protection Legislation.
15.1 Any notice or other communication given to a party under or in connection with this Agreement must be in writing and delivered to:
For the Customer: the email address designated by Customer via the user interface of the Service.
For the Provider: either email@example.com or firstname.lastname@example.org.
15.2 Clause 15.1 does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.
15.3 For clarity, a notice given under this agreement is valid if sent by email.
Annex A to APPENDIX B
PERSONAL DATA PROCESSING PURPOSES AND DETAILS
Subject matter of processing
The Provider will process Personal Data as necessary to perform the Service pursuant to the Contract, and as further instructed by Customer in its use of the Service.
Duration of Processing
The duration of the processing will be until the earliest of (i) expiry/termination of the Contract, or (ii) the date upon which processing is no longer necessary for the purposes of either party performing its obligations under the Contract (to the extent applicable).
Nature of Processing
The Provider will process (including, as applicable to the Contract and the Customer’s instructions, collecting, recording, structuring, organising, consultation, storing, altering, retrieving, using, disclosing, combining, erasing, and destroying) personal data for the purpose of providing psychometric assessments and any related technical support in accordance with this Agreement.
The processing is necessary for the provision of the Service and related technical support.
Types of Personal Data
Personal Data processed by the Provider on the Customer’s behalf in provision of the Service may include, but is not limited to, the following types of personal data:
- First and last name
- Business or personal email address
- Business or personal phone number
- Physical address of company/organisation where applicable
- Online identifiers (including cookie identifiers, connection data, internet protocol addresses and device identifiers, and client identifiers)
Categories of Data Subjects
Personal Data will concern the following categories of data subjects:
- data subjects about whom the Provider collects personal data in its provision of the Services; and/or
- data subjects about whom the personal data is transferred to the Provider in connection with the Services by, at the direction of, or on behalf of, the Customer.
These data subjects may include individuals: (a) who have been directed by the Customer to visit the Provider’s online properties; and/or (b) whose details have been transferred by the Customer to the Provider; and/or natural persons authorised by the Customer to use the Service.
The persons or categories of persons that the Customer authorises to give the Provider personal data processing instructions are:
- Employees, agents, and advisors of the Customer who are natural persons; and
- Natural persons authorised by the Customer to use the Service.
Atlassian PTY Ltd EU-U.S. Privacy Shield, Passed Provider’s due diligence process
Amazon Web Services, Inc.EU-U.S. Privacy Shield, Swiss-U.S. Privacy Shield, Passed Provider’s due diligence process
Box, Inc. EU-U.S. Privacy Shield, Swiss-U.S. Privacy Shield, Passed Provider’s due diligence process
Cloudflare, Inc. EU-U.S. Privacy Shield, Swiss-U.S. Privacy Shield, Passed Provider’s due diligence process
Cronos Internet UK Based, Passed Provider’s due diligence process
Dropbox, Inc. EU-U.S. Privacy Shield, Swiss-U.S. Privacy Shield, Passed Provider’s due diligence process
Google LLC EU-U.S. Privacy Shield, Swiss-U.S. Privacy Shield, Passed Provider’s due diligence process
HubSpot, Inc. EU-U.S. Privacy Shield, Swiss-U.S. Privacy Shield, Passed Provider’s due diligence process
Microsoft Corporation EU-U.S. Privacy Shield, Swiss-U.S. Privacy Shield, Passed Provider’s due diligence process
Mouseflow, Inc EU-U.S. Privacy Shield, Swiss-U.S. Privacy Shield, Passed Provider’s due diligence process
SendGrid, Inc. EU-U.S. Privacy Shield, Swiss-U.S. Privacy Shield, Passed Provider’s due diligence process
Stripe, Inc. EU-U.S. Privacy Shield, Swiss-U.S. Privacy Shield, Passed Provider’s due diligence process
Zendesk, Inc EU-U.S. Privacy Shield, Swiss-U.S. Privacy Shield, Passed Provider’s due diligence process