Background

1. Lypta is a Software as a Service (SaaS) product provided to help organization’s manage and deliver their Continuous Improvement and Transformation programs. Lypta enables an organization to create, manage and track business improvement ideas and initiatives from idea creation through to execution and delivery.
2. The Customer wishes to use Lypta to help manage their Continuous Improvement and/or Transformation programs.
3. The Provider and the Customer therefore wish to enter into a contract in accordance with the provisions of this Agreement.

Agreement

1. Definitions

1.1    In this Agreement:

“Access Credentials” means the usernames, passwords and web tokens enabling access to the Hosted Services, including both access credentials for the User Interface and access credentials for the API;

“Affiliate” means an entity that Controls, is Controlled by, or is under common Control with the relevant entity;

“Agreement” means this agreement including any Schedules, and any amendments to this Agreement from time to time;

“AI Output Data” means data generated using AI Systems;

“AI Systems” means machine learning and other artificial intelligence systems, tools, applications, algorithms and/or models;

“API” means [the application programming interface for the Hosted Services defined by the Provider and made available by the Provider to the Customer];

“Business Day” means any weekday other than a bank or public holiday in Australia;

“Business Hours” means the hours of 09:00 to 17:00 Australian Eastern Standard Time (AEST) on a Business Day;

“Charges” means:

(a)    the charges and other payable amounts specified in Section 3 of Schedule 1 (Hosted Services particulars) and elsewhere in this Agreement;

(b)    such charges and payable amounts as may be agreed in writing by the parties from time to time; and

(c)    [charges calculated by multiplying the Provider’s [standard time-based charging rates (as notified by the Provider to the Customer before the date of this Agreement)] by the time spent by the Provider’s personnel performing [the Support Services] (rounded [down by the Provider to the nearest quarter hour])];

“Control” means the legal power to control (directly or indirectly) the management of an entity (and “Controlled” should be construed accordingly);

“Customer Confidential Information” means:

(a)    any information disclosed by the Customer to the Provider [during the Term] OR [at any time before the termination of this Agreement] (whether disclosed in writing, orally or otherwise) that at the time of disclosure:

(i)     was marked[ or described] as “confidential”; or

(ii)    should have been reasonably understood by the Provider to be confidential; and

(b)    [the Customer Data];

[additional list items]

“Customer Data” means [all data, works and materials: uploaded to or stored on the Platform by the Customer; transmitted by the Platform at the instigation of the Customer; supplied by the Customer to the Provider for uploading to, transmission by or storage on the Platform; or generated by the Customer using the Hosted Services (but excluding usage data relating to the Platform and Hosted Services, and excluding server log files)];

“Customer Indemnity Event” has the meaning given to it in Clause 19.3;

“Customer Personal Data” [means any Personal Data that is processed by the Provider on behalf of the Customer in relation to this Agreement][, but excluding [personal data] with respect to which the Provider is a data controller];

“Data Protection Laws” means [the EU GDPR and the UK GDPR][ and all other applicable laws relating to the processing of Personal Data];

“Documentation” means [the documentation for the Hosted Services produced by the Provider and delivered or made available by the Provider to the Customer];

“Effective Date” means [the date of execution of this Agreement];

“EU GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679) and all other EU laws regulating the processing of Personal Data, as such laws may be updated, amended and superseded from time to time;

“Force Majeure Event” means [an event, or a series of related events, that is outside the reasonable control of the party affected (which may include failures of the internet or any public telecommunications network, hacker attacks, denial of service attacks, virus or other malicious software attacks or infections, power failures, industrial disputes affecting any third party, changes to the law, disasters, epidemics, pandemics, explosions, fires, floods, riots, terrorist attacks and wars)];

“Hosted Services” means [identify hosted services][, as specified [in the Hosted Services Specification] and as updated by the Provider from time to time subject to the restrictions set out in this Agreement];

“Hosted Services Defect” means a defect, error or bug in the Platform having [an adverse effect] OR [a material adverse effect] on [ the appearance, operation, functionality or performance] of the Hosted Services[, but excluding any defect, error or bug caused by or arising as a result of:

(a)    [any act or omission of the Customer or any person authorised by the Customer to use the Platform or Hosted Services];

(b)    [any use of the Platform or Hosted Services contrary to the Documentation, whether by the Customer or by any person authorised by the Customer];

(c)    [a failure of the Customer to perform or observe any of its obligations in this Agreement]; and/or

(d)    [an incompatibility between the Platform or Hosted Services and any other system, network, application, program, hardware or software not specified as compatible in the Hosted Services Specification];]

“Hosted Services Specification” means the specification for the Platform and Hosted Services set out in [Section 2 of Schedule 1 (Hosted Services particulars) and in the Documentation];

“Initial Term” means [the period of 12 months beginning on the Effective Date];

“Intellectual Property Rights” means [all intellectual property rights wherever in the world, whether registrable or unregistrable, registered or unregistered, including any application or right of application for such rights (and these “intellectual property rights” include copyright and related rights, database rights, confidential information, trade secrets, know-how, business names, trade names, trade marks, service marks, passing off rights, unfair competition rights, patents, petty patents, utility models, semi-conductor topography rights and rights in designs)];

“Mobile App” means the mobile application known as [mobile application name] that is made available by the Provider through [the Google Play Store and the Apple App Store];

“Personal Data” means personal data under the applicable Data Protection Laws (UK GDPR laws if the Customer is in the UK or EU GPDR laws if the Customer is in the EU);

“Platform” means [the platform managed by the Provider and used by the Provider to provide the Hosted Services][, including [the application and database software for the Hosted Services, the system and server software used to provide the Hosted Services, and the computer hardware on which that application, database, system and server software is installed]];

“Provider Indemnity Event” has the meaning given to it in Clause 19.1;

“Renewal Term” means [a period of 12 months beginning at the end of the end of the Initial Term or at the end of a preceding Renewal Term];

“Schedule” means any schedule attached to the main body of this Agreement;

“Service Data” means all data, works and materials provided or made available to the Customer by means of the Hosted Services under this Agreement, excluding the Customer Data. This includes, but is not limited to, the Learning Management System (LMS) learning content, the Lypta expert suggested ideas, the Large Language Models (LLMs) suggested ideas and the support content (provided in the User Interface help system);

“Services” means [any services that the Provider provides to the Customer, or has an obligation to provide to the Customer, under this Agreement];

“Set Up Services” means [the configuration, implementation and integration of the Hosted Services] in accordance with Section 1 of Schedule 1 (Hosted Services particulars);

“Support Services” means [support in relation to the use of, and the identification and resolution of errors in, the Hosted Services];

“Supported Web Browser” means [the current release from time to time of Microsoft Edge, Google Chrome or Apple Safari];

“Term” means [the term of this Agreement, commencing in accordance with Clause 2.1 and ending in accordance with Clause 2.2];

“Third Party Services” means [any hosted, cloud or software-based services provided by any third party that are or may be integrated with the Hosted Services by the Provider from time to time in circumstances where the Customer must, in order to activate the integration, have an account with the relevant services provider or obtain activation or access credentials from the relevant services provider];

“UK GDPR” means the EU GDPR as transposed into UK law (including by the Data Protection Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019) and all other UK laws regulating the processing of Personal Data, as such laws may be updated, amended and superseded from time to time; and

“User Interface” means [the interface for the Hosted Services designed to allow individual human users to access and use the Hosted Services].

2. Term

2.1    This Agreement shall come into force upon the Effective Date.

2.2    This Agreement shall continue in force until [date], at the beginning of which this Agreement shall terminate automatically, subject to termination in accordance with Clause 22 or any other provision of this Agreement.

3. Set Up Services

3.1    The Provider shall, if requested, provide the Set Up Services to the Customer.

3.2    The Provider shall use reasonable endeavours to ensure that the Set Up Services, if requested, are provided upon or promptly following the Effective Date with agreement from the Customer.

3.3    The Customer acknowledges that a delay in the Customer performing its obligations in this Agreement may result in a delay in the performance of the Set Up Services; and subject to Clause 20.1 the Provider will not be liable to the Customer in respect of any failure to meet the Set Up Services timetable to the extent that that failure arises out of a delay in the Customer performing its obligations under this Agreement.

3.4    Subject to any written agreement of the parties to the contrary, any Intellectual Property Rights that may arise out of the performance of the Set Up Services by the Provider shall be the exclusive property of the Provider.

4. Hosted Services

4.1    The Provider shall provide, or shall ensure that the Platform will provide, to the Customer upon the Effective Date the Access Credentials necessary to enable the Customer to access and use the Hosted Services.

4.2    The Provider hereby grants to the Customer a licence to use the Hosted Services by means of the User Interface for the internal business purposes of the Customer in accordance with the Documentation during the Term.

4.3    The licence granted by the Provider to the Customer under Clause 4.2 is subject to the following limitations:

(a)    the User Interface may only be used through a Supported Web Browser;

(b)    the User Interface may only be used by the officers, employees, agents and subcontractors of either the Customer or an Affiliate of the Customer;

(c)    the User Interface may only be used by the named users identified in Schedule 1 (Hosted Services particulars), providing that the Customer may change, add or remove a designated named user in accordance with the user change procedure defined by the Hosted Services;

(d)    the User Interface must not be used at any point in time by more than the number of concurrent users specified in Schedule 1 (Hosted Services particulars), providing that the Customer may add or remove concurrent user licences in accordance with the licence change procedure defined by the Hosted Services.

4.4    Except to the extent expressly permitted in this Agreement or required by law on a non-excludable basis, the licence granted by the Provider to the Customer under Clause 4.2 is subject to the following prohibitions:

(a)    the Customer must not sub-license its right to access and use the Hosted Services;

(b)    the Customer must not permit any unauthorised person or application to access or use the Hosted Services;

(c)    the Customer must not use the Hosted Services to provide services to third parties;

(d)    the Customer must not republish or redistribute any content or material from the Hosted Services (which is not IP owned by the Customer);

(f)     the Customer must not conduct or request that any other person conduct any load testing or penetration testing on the Platform or Hosted Services.

4.5    The Customer shall implement and maintain reasonable security measures relating to the Access Credentials to ensure that no unauthorised person or application may gain access to the Hosted Services by means of the Access Credentials.

4.6    The parties acknowledge and agree that Schedule 3 (Availability SLA) shall govern the availability of the Hosted Services.

4.7    The Customer must comply with Schedule 2 (Acceptable Use Policy), and must ensure that all persons using the Hosted Services with the authority of the Customer or by means of the Access Credentials comply with Schedule 2 (Acceptable Use Policy).

4.8    The Customer must not use the Hosted Services in any way that causes, or may cause, damage to the Hosted Services or Platform or impairment of the availability or accessibility of the Hosted Services.

4.9    The Customer must not use the Hosted Services in any way that uses excessive Platform resources and as a result is liable to cause a material degradation in the services provided by the Provider to its other customers using the Platform; and the Customer acknowledges that the Provider may use reasonable technical measures to limit the use of Platform resources by the Customer for the purpose of assuring services to its customers generally.

4.10  The Customer must not use the Hosted Services:

(a)    in any way that is unlawful, illegal, fraudulent or harmful; or

(b)    in connection with any unlawful, illegal, fraudulent or harmful purpose or activity.

4.11  For the avoidance of doubt, the Customer has no right to access the software code (including object code, intermediate code and source code) of the Platform, either during or after the Term.

4.12  The Provider may suspend the provision of the Hosted Services if any amount due to be paid by the Customer to the Provider under this Agreement is overdue, and the Provider has given to the Customer at least 30 days’ written notice, following the amount becoming overdue, of its intention to suspend the Hosted Services on this basis.

5. Scheduled maintenance

5.1    The Provider may from time to time suspend the Hosted Services for the purposes of scheduled maintenance to the Platform, providing that such scheduled maintenance must be carried out in accordance with this Clause 5.

5.2    The Provider shall, where practicable, give to the Customer at least 5 Business Days’ prior written notice, which may be sent by email, of scheduled maintenance that will, or is likely to, affect the availability of the Hosted Services or have a material negative impact upon the Hosted Services.

5.3    The Provider shall ensure that all scheduled maintenance is carried out outside Business Hours.

6. Service Data

6.1    The Provider grants to the Customer a licence to access, copy, transmit, store, edit, create derivative works of and otherwise use the Service Data, during the Term and thereafter for the internal business purposes of the Customer, subject to the other provisions of this Clause 6.

6.2    Except to the extent required by law on a non-excludable basis, the Customer must not:

(a)    publish, republish, sell, license, sub-license, rent, transfer, broadcast, distribute or redistribute the Service Data;

(b)    use the Service Data or any part of the Service Data in any way that is unlawful or in breach of any person’s legal rights under any applicable law;

(c)    use the Service Data to compete with the Provider, whether directly or indirectly, or use the Service Data to create any products or services that compete with or are intended to compete with the products or services of the Provider;

(d)    use the Service Data for a commercial purpose; or

(e)    use the Service Data to create, generate, train, verify or test any AI Systems that compete with or are intended to compete, or provide or will provide identical or similar functionality to, the Hosted Services or any other products or services of the Provider.

6.3    The Customer shall implement and maintain reasonable security measures relating to the Service Data to ensure that no unauthorised application or person may gain access to the Service Data.

6.4    The Customer acknowledges that the Service Data contains AI Output Data generated by AI Systems that were not developed or trained by or on behalf of the Provider.

6.5    Subject to Clause 20.1, to the extent that the Service Data contains AI Output Data, the Provider shall not be liable to the Customer with respect to that Service Data or the use of that Service Data. Without prejudice to the generality of the foregoing, the Provider shall not be liable to the Customer with respect to:

(a)    any infringement of Intellectual Property Rights by that Service Data;

(b)    any breach of applicable law arising out of the use by the Customer of that Service Data; or

(c)    any legal claim or proceedings by any third party arising out of the use by the Customer of that Service Data.

7. Support Services

7.1    The Provider shall provide the Support Services to the Customer during the Term.

7.2    The Provider shall provide the Support Services with reasonable skill and care.

7.3    The Provider shall provide the Support Services in accordance with Schedule 4 (Support SLA).

7.4    The Provider may suspend the provision of the Support Services if any amount due to be paid by the Customer to the Provider under this Agreement is overdue, and the Provider has given to the Customer at least 30 days’ written notice, following the amount becoming overdue, of its intention to suspend the Support Services on this basis.

8. Customer obligations

8.1    Save to the extent that the parties have agreed otherwise in writing, the Customer must provide to the Provider, or procure for the Provider, such:

(a)    co-operation, support and advice;

(b)    information and documentation; and

(c)    governmental, legal and regulatory licences, consents and permits,

        as are reasonably necessary to enable the Provider to perform its obligations under this Agreement.

8.2    If the Customer has requested Single Sign-On (SSO) access to the Hosted Services, the Customer must provide to the Provider, or procure for the Provider, such access to the Customer’s computer networks and systems as may be reasonably required by the Provider to enable the Provider to perform its obligations under this Agreement.

9. Customer Data

9.1    The Customer hereby grants to the Provider a licence to copy, store and transmit the Customer Data to the extent reasonably required for the performance of the obligations of the Provider under this Agreement. The Customer also grants to the Provider the right to sub-license these rights to its hosting, connectivity and telecommunications service providers strictly for this purpose and subject to any express restrictions elsewhere in this Agreement.

9.2    The Customer hereby grants to the Provider a licence to use the Customer Data for the purposes of creating, generating, training, testing and verifying the AI Systems of the Provider, providing that such use must not involve the processing of any Customer Personal Data. The Provider must ensure that the Customer Data is not incorporated into such AI Systems.

9.3    The Customer hereby grants to the Provider a licence to use the Customer Data to create aggregated datasets, providing that those aggregated datasets must not incorporate any Customer Personal Data, any other Personal Data supplied or made available by the Customer to the Provider, or any information contained in or derived from the Customer Data that identifies the Customer or that identifies any other organisation, business or person (legal or natural).

9.4    The Customer warrants to the Provider that the Customer Data will not infringe the Intellectual Property Rights or other legal rights of any person, and will not breach the provisions of any law, statute or regulation, in any jurisdiction and under any applicable law.

9.5    The Provider shall create a back-up copy of the Customer Data at least daily, shall ensure that each such copy is sufficient to enable the Provider to restore the Hosted Services to the state they were in at the time the back-up was taken, and shall retain and securely store each such copy for a minimum period of 7 days.

9.6    Within the period of 1 Business Day following receipt of a written request from the Customer, the Provider shall use all reasonable endeavours to restore to the Platform the Customer Data stored in any back-up copy created and stored by the Provider in accordance with Clause 9.5. The Customer acknowledges that this process will overwrite the Customer Data stored on the Platform prior to the restoration. The charge for this support service is detailed in Schedule 4 (Support SLA).

10. Integrations with Third Party Services

10.1  The Hosted Services are integrated with certain Third Party Services; and the Provider may integrate the Hosted Services with additional Third Party Services at any time.

10.2  Notwithstanding the presence of any Third Party Services integration, Customer requested Third Party Services shall only be activated with respect to the Hosted Services account of the Customer by:

(a)    the Customer; or

(b)    the Provider with the prior written agreement of the Customer.

10.3  For Customer requested Third Party Services, the Provider shall use reasonable endeavours to maintain any integration with Third Party Services that has been activated with respect to the Hosted Services account of the Customer. Subject to this, the Provider may remove, suspend, deactivate or limit any Third Party Services integration at any time in its sole discretion.

10.4  For Customer requested Third Party Services, the supply of Third Party Services shall be under a separate contract or arrangement between the Customer and the relevant third party. The Provider does not contract to supply the Third Party Services and is not a party to any contract for, or otherwise responsible in respect of, the provision of any Third Party Services. Fees may be payable by the Customer to the relevant third party in respect of the use of Third Party Services.

10.5  For Customer requested Third Party Services, the Customer acknowledges and agrees that:

(a)    the activation of Third Party Services with respect to the Hosted Services account of the Customer may result in the transfer of Customer Data and/or Customer Personal Data from the Hosted Services to the relevant Third Party Services and vice versa;

(b)    the Provider has no control over, or responsibility for, any disclosure, modification, deletion or other use of Customer Data and/or Customer Personal Data by any provider of Third Party Services;

(c)    the Customer must ensure that it has in place the necessary contractual safeguards to ensure that the transfer of Customer Personal Data to, and use of Customer Personal Data by, a provider of Third Party Services is lawful; and

(d)    the Customer shall ensure that the transfer of Customer Data to a provider of Third Party Services does not infringe any person’s Intellectual Property Rights or other legal rights and will not put the Provider in breach of any applicable laws.

10.6  For Customer requested Third Party Services, additional Charges may be payable by the Customer to the Provider in respect of the activation and/or use of a Third Party Services integration, as set out in Schedule 1 (Hosted Services particulars).

10.7  Subject to Clause 20.1, for Customer requested Third Party Services:

(a)    the Provider gives no guarantees, warranties or representations in respect of any Third Party Services; and

(b)    the Provider shall not be liable to the Customer in respect of any loss or damage that may be caused by Third Party Services or any provider of Third Party Services.

11. Native Mobile App

11.1  The parties acknowledge and agree that if a Native Mobile App was provided as an additional service after the Effective Date, the use of that Native Mobile App, the parties’ respective rights and obligations in relation to that Native Mobile App and any liabilities of either party arising out of the use of that Native Mobile App shall be subject to separate terms and conditions, and accordingly this Agreement shall not govern any such use, rights, obligations or liabilities.

12. No assignment of Intellectual Property Rights

12.1  Nothing in this Agreement shall operate to assign or transfer any Intellectual Property Rights from the Provider to the Customer, or from the Customer to the Provider.

13. Charges

13.1  The Customer shall pay the Charges to the Provider in accordance with this Agreement.

13.2  All amounts stated in or in relation to this Agreement are, unless the context requires otherwise, stated exclusive of any applicable Goods and Services Tax (GST), which will be added to those amounts and payable by the Customer to the Provider.

14. Payments

14.1  The Provider shall issue invoices for the Charges to the Customer on or after the invoicing dates set out in Section 3 of Schedule 1 (Hosted Services particulars).

14.2  The Customer must pay the Charges to the Provider on the dates as set out in Section 3 of Schedule 1 (Hosted Services particulars).

14.3  The Customer must pay the Charges by the payment means as set out in Section 3 of Schedule 1 (Hosted Services particulars).

14.4  If the Customer does not pay any amount properly due to the Provider under this Agreement, the Provider may charge the Customer interest as set out in Section 3 of Schedule 1 (Hosted Services particulars);

15. Provider’s confidentiality obligations

15.1  The Provider must:

(a)    keep the Customer Confidential Information strictly confidential;

(b)    not disclose the Customer Confidential Information to any person without the Customer’s prior written consent, and then only under conditions of confidentiality no less onerous than those contained in this Agreement; and

(c)    use the same degree of care to protect the confidentiality of the Customer Confidential Information as the Provider uses to protect the Provider’s own confidential information of a similar nature, being at least a reasonable degree of care;

15.2  Notwithstanding Clause 15.1, the Provider may disclose the Customer Confidential Information to the Provider’s officers, employees, professional advisers, insurers, agents and subcontractors who have a need to access the Customer Confidential Information for the performance of their work with respect to this Agreement and who are bound by a written agreement or professional obligation to protect the confidentiality of the Customer Confidential Information.

15.3  This Clause 15 imposes no obligations upon the Provider with respect to:

(a)    Customer Confidential Information that is known to the Provider before disclosure under this Agreement and is not subject to any other obligation of confidentiality;

(b)    Customer Confidential Information that is or becomes publicly known through no act or default of the Provider; or

(c)    information that is independently developed by the Provider without reliance upon or use of any Customer Confidential Information.

15.4  The restrictions in this Clause 15 do not apply to the extent that any Customer Confidential Information is required to be disclosed by any law or regulation, or by any judicial or governmental order or request, or pursuant to disclosure requirements relating to the listing of the stock of the Provider on any recognised stock exchange. If the Provider makes a disclosure to which this Clause 15.4 applies then, to the extent permitted by applicable law, the Provider shall promptly notify the Customer of the fact of the disclosure, the identity of the disclosee, and the Customer Confidential Information disclosed.

15.5  The provisions of this Clause 15 shall continue in force for a period of 5 years following the termination of this Agreement, at the end of which period they will cease to have effect.

16. Data protection

16.1  The Provider shall comply with the Data Protection Laws with respect to the processing of the Customer Personal Data.

16.2  The Customer warrants to the Provider that it has the legal right to disclose all Personal Data that it does in fact disclose to the Provider under or in connection with this Agreement.

16.3  The Customer shall only supply to the Provider, and the Provider shall only process, in each case under or in relation to this Agreement:

(a)    the Personal Data of data subjects falling within the categories specified in Section 1 of Schedule 5 (Data processing information); and

(b)    Personal Data of the types specified in Section 2 of Schedule 5 (Data processing information).

16.4  The Provider shall only process the Customer Personal Data for the purposes specified in Section 3 of Schedule 5 (Data processing information).

16.5  The Provider shall only process the Customer Personal Data during the Term, subject to the other provisions of this Clause 16 and for not more than 30 days following the end of the Term, subject to the other provisions of this Clause 16.

16.6  The Provider shall only process the Customer Personal Data on the documented instructions of the Customer (including with regard to transfers of the Customer Personal Data to a third country under the Data Protection Laws).

16.7  The Customer hereby authorises the Provider to make the following transfers of Customer Personal Data:

(a)    the Provider may transfer the Customer Personal Data to its third party processors in the jurisdictions identified in Section 5 of Schedule 5 (Data processing information) and may permit its third party processors to make such transfers, providing that such transfers must be protected by any appropriate safeguards identified therein; and

(c)    the Provider may transfer the Customer Personal Data to a country, a territory or sector to the extent that the competent data protection authorities have decided that the country, territory or sector ensures an adequate level of protection for Personal Data.

16.8  The Provider shall promptly inform the Customer if, in the opinion of the Provider, an instruction of the Customer relating to the processing of the Customer Personal Data infringes the Data Protection Laws.

16.9  Notwithstanding any other provision of this Agreement, the Provider may process the Customer Personal Data if and to the extent that the Provider is required to do so by Australian law. In such a case, the Provider shall inform the Customer of the legal requirement before processing, unless that law prohibits such information.

16.10 The Provider shall ensure that persons authorised to process the Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

16.11 The Provider shall implement appropriate technical and organisational measures to ensure an appropriate level of security for the Customer Personal Data[, including those measures specified in Section 4 of Schedule 5 (Data processing information)].

16.12 The Provider must not engage any third party to process the Customer Personal Data without the prior specific or general written authorisation of the Customer. In the case of a general written authorisation, the Provider shall inform the Customer at least 14 days in advance of any intended changes concerning the addition or replacement of any third party processor, and if the Customer objects to any such changes before their implementation, then the Provider must not implement the changes. The Provider shall ensure that each third party processor is subject to the same legal obligations as those imposed on the Provider by this Clause 16.

16.13 As at the Effective Date, the Provider is hereby authorised by the Customer to engage, as sub-processors with respect to Customer Personal Data, the third parties identified in Section 5 of Schedule 5 (Data processing information).

16.14 The Provider shall, insofar as possible and taking into account the nature of the processing, take appropriate technical and organisational measures to assist the Customer with the fulfilment of the Customer’s obligation to respond to requests exercising a data subject’s rights under the Data Protection Laws.

16.15 The Provider shall assist the Customer in ensuring compliance with the obligations relating to the security of processing of personal data, the notification of personal data breaches to the supervisory authority, the communication of personal data breaches to the data subject, data protection impact assessments and prior consultation in relation to high-risk processing under the Data Protection Laws. The Provider may charge the Customer at its standard time-based charging rates for any work performed by the Provider at the request of the Customer pursuant to this Clause 16.15.

16.16 The Provider must notify the Customer of any Personal Data breach affecting the Customer Personal Data without undue delay after the Provider becomes aware of the breach.

16.17 The Provider shall make available to the Customer all information necessary to demonstrate the compliance of the Provider with its obligations under this Clause 16 and the Data Protection Laws. The Provider may charge the Customer at its standard time-based charging rates for any work performed by the Provider at the request of the Customer pursuant to this Clause 16.17, providing that no such charges shall be levied with respect to the completion by the Provider (at the reasonable request of the Customer, not more than once per calendar year) of the standard information security questionnaire of the Customer.

16.18 The Provider shall, at the choice of the Customer, delete or return all of the Customer Personal Data to the Customer after the provision of services relating to the processing, and shall delete existing copies unless Australian law requires storage of the relevant Personal Data.

16.19 The Provider shall allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer in respect of the compliance of the Provider’s processing of Customer Personal Data with the Data Protection Laws and this Clause 16. The Provider may charge the Customer at its standard time-based charging rates for any work performed by the Provider at the request of the Customer pursuant to this Clause 16.19.

16.20 If any changes or prospective changes to the Data Protection Laws result or will result in one or both parties not complying with the Data Protection Laws in relation to processing of Personal Data carried out under this Agreement, then the parties shall use their best endeavours promptly to agree such variations to this Agreement as may be necessary to remedy such non-compliance.

17. Warranties

17.1  The Provider warrants to the Customer that:

(a)    the Provider has the legal right and authority to enter into this Agreement and to perform its obligations under this Agreement;

(b)    the Provider will comply with all applicable legal and regulatory requirements applying to the exercise of the Provider’s rights and the fulfilment of the Provider’s obligations under this Agreement; and

(c)    the Provider has or has access to all necessary know-how, expertise and experience to perform its obligations under this Agreement.

17.2  The Provider warrants to the Customer that:

(a)    the Platform and Hosted Services will conform in all material respects with the Hosted Services Specification; and

(d)    the Platform will incorporate security features reflecting the requirements of good industry practice.

17.3  The Customer warrants to the Provider that it has the legal right and authority to enter into this Agreement and to perform its obligations under this Agreement.

17.4  All of the parties’ warranties and representations in respect of the subject matter of this Agreement are expressly set out in this Agreement. To the maximum extent permitted by applicable law, no other warranties or representations concerning the subject matter of this Agreement will be implied into this Agreement or any related contract.

18. Acknowledgements and warranty limitations

18.1  The Customer acknowledges that complex software is never wholly free from defects, errors and bugs; and subject to the other provisions of this Agreement, the Provider gives no warranty or representation that the Hosted Services will be wholly free from defects, errors and bugs.

18.2  The Customer acknowledges that complex software is never entirely free from security vulnerabilities; and subject to the other provisions of this Agreement, the Provider gives no warranty or representation that the Hosted Services will be entirely secure.

18.3  The Customer acknowledges that the Hosted Services are designed to be compatible only with that software and those systems specified as compatible in the Hosted Services Specification; and the Provider does not warrant or represent that the Hosted Services will be compatible with any other software or systems.

18.4  The Customer acknowledges that the Provider will not provide any legal, financial, accountancy or taxation advice under this Agreement or in relation to the Hosted Services; and, except to the extent expressly provided otherwise in this Agreement, the Provider does not warrant or represent that the Hosted Services or the use of the Hosted Services by the Customer will not give rise to any legal liability on the part of the Customer or any other person.

19. Indemnities

19.1  The Provider shall indemnify and shall keep indemnified the Customer against any and all liabilities, damages, losses, costs and expenses (including legal expenses and amounts paid in settlement of legal claims) suffered or incurred by the Customer pursuant to any legal dispute with or claim by a third party or to any regulatory investigation, action or penalty, and arising directly or indirectly as a result of any breach by the Provider of any third party’s Intellectual Property Rights, any applicable law, or any provision of this Agreement (a “Provider Indemnity Event“).

19.2  The Customer must:

(a)    upon becoming aware of an actual or potential Provider Indemnity Event, notify the Provider;

(b)    provide to the Provider all such assistance as may be reasonably requested by the Provider in relation to the Provider Indemnity Event;

(c)    allow the Provider the exclusive conduct of all disputes, proceedings, negotiations and settlements with third parties relating to the Provider Indemnity Event; and

(d)    not admit liability to any third party in connection with the Provider Indemnity Event or settle any disputes or proceedings involving a third party and relating to the Provider Indemnity Event without the prior written consent of the Provider,

        without prejudice to the Provider’s obligations under Clause 19.1.

19.3  The Customer shall indemnify and shall keep indemnified the Provider against any and all liabilities, damages, losses, costs and expenses (including legal expenses and amounts paid in settlement of legal claims) suffered or incurred by the Provider pursuant to any legal dispute with or claim by a third party or to any regulatory investigation, action or penalty and arising directly or indirectly as a result of any breach by the Customer of any third party’s Intellectual Property Rights, any applicable law, or any provision of this Agreement (a “Customer Indemnity Event“).

19.4  The Provider must:

(a)    upon becoming aware of an actual or potential Customer Indemnity Event, notify the Customer;

(b)    provide to the Customer all such assistance as may be reasonably requested by the Customer in relation to the Customer Indemnity Event;

(c)    allow the Customer the exclusive conduct of all disputes, proceedings, negotiations and settlements with third parties relating to the Customer Indemnity Event; and

(d)    not admit liability to any third party in connection with the Customer Indemnity Event or settle any disputes or proceedings involving a third party and relating to the Customer Indemnity Event without the prior written consent of the Customer,

        without prejudice to the Customer’s obligations under Clause 19.3.

19.5  The indemnity protection set out in this Clause 19 shall be subject to the limitations and exclusions of liability set out in this Agreement.

20. Limitations and exclusions of liability

20.1  Nothing in this Agreement will:

(a)    limit or exclude any liability for death or personal injury resulting from negligence;

(b)    limit or exclude any liability for fraud or fraudulent misrepresentation;

(c)    limit any liabilities in any way that is not permitted under applicable law; or

(d)    exclude any liabilities that may not be excluded under applicable law.

20.2  The limitations and exclusions of liability set out in this Clause 20 and elsewhere in this Agreement:

(a)    are subject to Clause 20.1; and

(b)    govern all liabilities arising under this Agreement or relating to the subject matter of this Agreement, including liabilities arising in contract, in tort (including negligence) and for breach of statutory duty, except to the extent expressly provided otherwise in this Agreement.

20.3  Neither party shall be liable to the other party in respect of any losses arising out of a Force Majeure Event.

20.4  Neither party shall be liable to the other party in respect of any loss of profits or anticipated savings.

20.5  Neither party shall be liable to the other party in respect of any loss of revenue or income.

20.6  Neither party shall be liable to the other party in respect of any loss of use or production.

20.7  Neither party shall be liable to the other party in respect of any loss of business, contracts or opportunities.

20.8  Neither party shall be liable to the other party in respect of any loss or corruption of any data, database or software.

20.9  Neither party shall be liable to the other party in respect of any special, indirect or consequential loss or damage.

20.10 The liability of each party to the other party under this Agreement in respect of any event or series of related events shall not exceed the total amount paid and payable by the Customer to the Provider under this Agreement in the 12-month period preceding the commencement of the event or events.

20.11 The aggregate liability of each party to the other party under this Agreement shall not exceed the greater of the total amount paid and payable by the Customer to the Provider under this Agreement.

21. Force Majeure Event

21.1  If a Force Majeure Event gives rise to a failure or delay in either party performing any obligation under this Agreement (other than any obligation to make a payment), that obligation will be suspended for the duration of the Force Majeure Event.

21.2  A party that becomes aware of a Force Majeure Event which gives rise to, or which is likely to give rise to, any failure or delay in that party performing any obligation under this Agreement, must:

(a)    promptly notify the other; and

(b)    inform the other of the period for which it is estimated that such failure or delay will continue.

21.3  A party whose performance of its obligations under this Agreement is affected by a Force Majeure Event must take reasonable steps to mitigate the effects of the Force Majeure Event.

22. Termination

22.1  Either party may terminate this Agreement by giving to the other party not less than 30 days’ prior written notice of termination expiring at the end of the end of the Initial Term or at the end of any Renewal Term.

22.2  Either party may terminate this Agreement immediately by giving written notice of termination to the other party if:

(a)    the other party commits any material breach of this Agreement, and the breach is not remediable;

(b)    the other party commits a material breach of this Agreement, and the breach is remediable but the other party fails to remedy the breach within the period of 30 days following the giving of a written notice to the other party requiring the breach to be remedied; or

(c)    the other party persistently breaches this Agreement (irrespective of whether such breaches collectively constitute a material breach).

22.3  Subject to applicable law, either party may terminate this Agreement immediately by giving written notice of termination to the other party if:

(a)    the other party:

(i)     is dissolved;

(ii)    ceases to conduct all (or substantially all) of its business;

(iii)    is or becomes unable to pay its debts as they fall due;

(iv)   is or becomes insolvent or is declared insolvent; or

(v)    convenes a meeting or makes or proposes to make any arrangement or composition with its creditors;

(b)    an administrator, administrative receiver, liquidator, receiver, trustee, manager or similar is appointed over any of the assets of the other party;

(c)    an order is made for the winding up of the other party, or the other party passes a resolution for its winding up (other than for the purpose of a solvent company reorganisation where the resulting entity will assume all the obligations of the other party under this Agreement)

22.4  The Provider may terminate this Agreement immediately by giving written notice to the Customer if:

(a)    any amount due to be paid by the Customer to the Provider under this Agreement is unpaid by the due date and remains unpaid upon the date that that written notice of termination is given; and

(b)    the Provider has given to the Customer at least 30 days’ written notice, following the failure to pay, of its intention to terminate this Agreement in accordance with this Clause 22.4.

23. Effects of termination

23.1  Upon the termination of this Agreement, all of the provisions of this Agreement shall cease to have effect, save that the following provisions of this Agreement shall survive and continue to have effect (in accordance with their express terms or otherwise indefinitely): Clauses 1, 4.11, 6.1, 6.2, 6.3, 6.5, 9.2, 9.3, 10.7, 11, 14.2, 14.4, 15, 16, 19, 20, 23, 26, 27, 28, 29, 30.1, 30.2, 31, 32 and 33 [MB Check].

23.2  Except to the extent expressly provided otherwise in this Agreement, the termination of this Agreement shall not affect the accrued rights of either party.

23.3  Within 30 days following the termination of this Agreement for any reason:

(a)    the Customer must pay to the Provider any Charges in respect of Services provided to the Customer before the termination of this Agreement; and

(b)    the Provider must refund to the Customer any Charges paid by the Customer to the Provider in respect of Services that were to be provided to the Customer after the termination of this Agreement,

        without prejudice to the parties’ other legal rights.

24. Notices

24.1  Any notice from one party to the other party under this Agreement must be given by one of the following methods (using the relevant contact details set out in Clauses 24.2 and Section 4 of Schedule 1 (Hosted Services particulars)):  

(a)    delivered personally or sent by courier, in which case the notice shall be deemed to be received upon delivery; or

(b)    sent by recorded signed-for post, in which case the notice shall be deemed to be received 2 Business Days following posting,

        providing that, if the stated time of deemed receipt is not within Business Hours, then the time of deemed receipt shall be when Business Hours next begin after the stated time.

25. Subcontracting

25.1  Subject to any express restrictions elsewhere in this Agreement, the Provider may subcontract any of its obligations under this Agreement, providing that the Provider shall remain responsible to the Customer for the performance of any subcontracted obligations.

25.2  Notwithstanding the provisions of this Clause 25 but subject to any other provision of this Agreement, the Customer acknowledges and agrees that the Provider may subcontract to any reputable third party hosting business the hosting of the Platform and the provision of services in relation to the support and maintenance of elements of the Platform.

26. Assignment

26.1  The Customer hereby agrees that the Provider may assign, transfer or otherwise deal with the Provider’s contractual rights and obligations under this Agreement.

26.2  The Provider hereby agrees that the Customer may assign, transfer or otherwise deal with the Customer’s contractual rights and obligations under this Agreement.

27. No waivers

27.1  No breach of any provision of this Agreement will be waived except with the express written consent of the party not in breach.

27.2  No waiver of any breach of any provision of this Agreement shall be construed as a further or continuing waiver of any other breach of that provision or any breach of any other provision of this Agreement.

28. Severability

28.1  If a provision of this Agreement is determined by any court or other competent authority to be unlawful and/or unenforceable, the other provisions will continue in effect.

28.2  If any unlawful and/or unenforceable provision of this Agreement would be lawful or enforceable if part of it were deleted, that part will be deemed to be deleted, and the rest of the provision will continue in effect.

29. Third party rights

29.1  This Agreement is for the benefit of the parties and is not intended to benefit or be enforceable by any third party.

29.2  The exercise of the parties’ rights under this Agreement is not subject to the consent of any third party.

30. Variation

30.1  This Agreement may not be varied except in accordance with this Clause 30.

30.2  This Agreement may be varied by means of a written document signed by or on behalf of each party.

30.3  The Provider may vary this Agreement by giving to the Customer at least 30 days’ written notice of the proposed variation, providing that if the Provider gives to the Customer a notice under this Clause 30.3, the Customer shall have the right to terminate this Agreement by giving written notice of termination to the Provider at any time during the period of 14 days following receipt of the Provider’s notice.

31. Entire agreement

31.1  The main body of this Agreement and the Schedules shall constitute the entire agreement between the parties in relation to the subject matter of this Agreement, and shall supersede all previous agreements, arrangements and understandings between the parties in respect of that subject matter.

31.3  The provisions of this Clause 31 are subject to Clause 20.1.

32. Law and jurisdiction

32.1  This Agreement shall be governed by and construed in accordance with the laws of the State of New South Wales, Australia.

32.2  Any disputes relating to this Agreement shall be subject to the non-exclusive jurisdiction of the courts of the State of New South Wales, Australia.

33. Interpretation

33.1  In this Agreement, a reference to a statute or statutory provision includes a reference to:

(a)    that statute or statutory provision as modified, consolidated and/or re-enacted from time to time; and

(b)    any subordinate legislation made under that statute or statutory provision.

33.2  The Clause headings do not affect the interpretation of this Agreement.

33.3  References in this Agreement to “calendar months” are to the 12 named periods (January, February and so on) into which a year is divided.

33.4  In this Agreement, general words shall not be given a restrictive interpretation by reason of being preceded or followed by words indicating a particular class of acts, matters or things.

 

[In relation to specific authorisations, identify sub-processors of personal data; in relation to general authorisations, identify categories of sub-processor; in each case, specify authorised international third country (extra-EEA/UK) transfers to sub-processors as well as any appropriate safeguards that must be used]