Alliance Partner Agreement ("Conditions")
These Conditions form a legal agreement between Risc IT Solutions and you (“Partner”) and set out the terms and conditions upon which you are appointed to resell Services to your customers. By clicking to accept these Conditions as part of the sign up process to become a partner of Risc IT Solutions, you agree to be bound by these Conditions. Risc IT Solutions reserves the right to change or modify these Conditions from time to time and any changes or modifications will be effective on the date that they are uploaded onto our partner website. You should frequently review these Conditions as continued use of our Services will confirm your acceptance of any changes or modifications.
You should print a copy of these Conditions for future reference.
1. Definitions and Interpretation
1.1 In these Conditions the following words have the following meanings.
"Agreement" means the agreement between Risc IT Solutions and Partner for the appointment of Partner as a partner of Risc IT Solutions which incorporates and is subject to these Conditions and which is formed through acceptance of these Conditions;
"Applicable Laws" means all applicable statutory and other acts, regulations, rules, instruments, provisions and codes of conduct in force from time to time;
"Confidential Information" means any information or data relating to Risc IT Solutions that is proprietary or confidential including information relating to software, services or designs; commercial or technical know-how, research or technology; business operations and strategies, accounts, financial or contractual arrangements; customers, clients or suppliers past, present or future, or their dealings, transactions or affairs; and pricing and marketing, provided directly or indirectly by Risc IT Solutions to Partner or otherwise acquired by Partner, orally or in writing or other tangible form or by demonstrations whether before on or after the date of the Agreement and whether or not marked as confidential;
"Control" means the beneficial ownership of more than 50% of the issued share capital of a company or the legal power to direct or cause the direction of the general management of the company and controls, controlled and the expression change of control shall be construed accordingly;
"Effective Date" means the date on which Risc IT Solutions sends confirmation that the Partner has been accepted as a reseller of Risc IT Solutions;
"End User" means any third party who purchases Services from a Partner;
"Flow Down Terms" means the licence terms and any acceptable use policy of a Vendor for use of a Service and as may be updated from time to time;
"Group Company" means in relation to a company each and any subsidiary or holding company from time to time of that company, and each and any subsidiary from time to time of a holding company of that company;
"Intellectual Property" means any and all intellectual property rights of any kind existing anywhere in the world whether or not registered and all applications, renewals and extensions of the same and whenever arising, registered or applied to be registered including copyright, database rights, design rights, patents, trade marks, service marks, trade names and other rights in goodwill, rights in know-how, trade secrets and other confidential information;
"Risc IT Solutions" means Risc IT Solutions Limited a company registered in England and Wales (Company No. 03935051) whose registered office is at Church Walks Business Centre, Church Walks, Llandudno LL30 2HL;
"Licence" means a licence granted by a Vendor to an End User to use a Service through acceptance of the relevant Flow Down Terms;
"Partner" means the person entering into the Agreement with Risc IT Solutions;
"Privacy Legislation" means any and all applicable data protection and privacy laws, regulations and/or codes of conduct in any relevant jurisdiction relating to the processing and/or security of personal data and to direct marketing including Data Protection Act 1998, the EU Directive 95/46/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the GDPR;
"SaaS" means software as a service;
"Service" means any cloud application, product or service or any other services provided by Risc IT Solutions to the Partner whether delivered to the Partner, an End User or any third party;
"Vendor" means a third party vendor of a Service;
1.2 A “person” includes a natural person, corporate or unincorporated body (whether or not having separate legal personality).
1.3 Clause headings shall not affect the interpretation of these Conditions and references to clauses are to the clauses in these Conditions.
1.4 Any words following the terms including, include, in particular, for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.
1.5 Unless the context otherwise requires, words in the singular shall include the plural and in the plural include the singular.
1.6 A reference to "writing" or "written" includes email.
1.7 A reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time.
1.8 A reference to a statute or statutory provision shall include all subordinate legislation made from time to time under that statute or statutory provision.
2.1 Risc IT Solutions appoints Partner as its non-exclusive partner to sell the Services to End Users on the terms of these Conditions. The Partner will adhere to the territorial restrictions that may apply to the scope of its appointment as stipulated by the Vendor.
2.2 Nothing in these Conditions shall prevent Risc IT Solutions from appointing other partners and/or agents and/or from selling Services itself direct to end users.
2.3 Partner shall be entitled to describe itself as an “Authorised Partner” of Risc IT Solutions but shall not:
2.3.1 represent itself as an agent of Risc IT Solutions for any purpose;
represent itself as an agent of Risc IT Solutions for any purpose;
2.3.2 pledge Risc IT Solutions credit or give any condition or warranty or make any representation on Risc IT Solutions behalf or commit Risc IT Solutions to any contracts;
2.3.3 make any representations, warranties, guarantees or other commitments with respect to the specifications, features or capabilities of Services which are inconsistent with those contained in the promotional material or documentation supplied to Partner by Risc IT Solutions or a Vendor (as applicable); and/or
2.3.4 incur any liability on behalf of Risc IT Solutions howsoever arising.
2.4 Partner's appointment under this clause 2 only grants to Partner a licence to sell software Services on a software as a service (“SaaS”) basis, and does not transfer any right, title or interest in or to any such Services to Partner and/or its End Users. Use of the terms “sell”, “sold”, “license”, “purchase”, “licence fees” and “price” will be interpreted in accordance with this clause.
2.5 Partner shall inform Risc IT Solutions immediately of any changes in ownership or Control of Partner and/or of any change in its organisation.
3. Supply of Services
3.1 Risc IT Solutions shall provide Partner with access to provision of Services to End Users.
3.2 Risc IT Solutions shall provide End Users with limited second and third line support subject to Partner having first supplied the End User with comprehensive first line support using adequately trained and competent support staff and Partner having fulfilled all of its obligations under clause 4.1.3 of this Agreement. In the event that Risc IT Solutions persistently receives support requests from End User(s) that should have been resolved as first line support issues then Risc IT Solutions reserves the right to withhold support from End Users and refer them to the Partner.
3.3 Partner shall be solely responsible for the security of any logins and shall ensure that the logins are only used by its personnel and not by any third party. Partner will promptly notify Risc IT Solutions if it becomes aware of any unauthorised use of such logins.
3.4 Risc IT Solutions does not warrant that the use of the Services will be uninterrupted or error- free, or that the Services, and/or the information obtained through the Services will meet Partner’s and/or End User’s requirements.
3.5 Risc IT Solutions is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and Partner acknowledges that Services may be subject to limitations, delays and other problems inherent in the use of such communication facilities.
3.6 Without prejudice to any other rights or remedies to which Risc IT Solutions may be entitled, Risc IT Solutions may prevent Partner’s, its employees, agents, resellers and all End Users’ access to the Services without notice if on the due date of an invoice payment is not made by Partner in respect of amounts invoiced to it by Risc IT Solutions. No compensation or credit will be issued in respect of any period for which the Services may have been suspended and/or terminated as a result of non-payment, and Partner will indemnify Risc IT Solutions in respect of any claims against Risc IT Solutions arising from it invoking this clause 3.6.
3.7 Risc IT Solutions is entitled at any time to make changes to the Services available and shall give notice of such changes to Partner as soon as reasonably practicable.
3.8 Partner shall contract on its own account directly with each End User for the sale of the Services at such price as Partner shall determine at its sole discretion.
3.9 Partner shall manage the purchase of new Services via Risc IT Solutions and/or it’s provisioning systems.
3.10 Partner shall manage the licence quantity changes of existing Services.
3.11 Partner shall be liable for all costs accrued on a usage basis by End Users. Partner shall provide to Risc IT Solutions such information about the End Users as reasonably required by Risc IT Solutions for its purposes, including but not limited to, of managing and enforcing the terms of the Flow Down Terms and EULA with such End Users and providing support.
4. Partner's Obligations
4.1 Partner Shall:
4.1.1 procure that all End Users are aware of and accept the applicable Flow Down Terms and the EULA prior to the use of the Services. Partner shall notify all End Users of any changes to applicable Flow Down Terms and of any changes to the EULA and ensure that all End Users are bound by the most recent version of such terms;
4.1.2 not make any amendments to the EULA and/or the Flow Down Terms and/or enter into a contract with an End User that conflicts with any of the provisions in the EULA and/or the Flow Down Terms; and
4.1.3 provide first line support to End Users of the Services including but not limited to provision of assistance and consultation on the installation and use of the Services, timely responses to End Users’ general queries regarding the Services and assistance to End Users in the diagnosis and correction of problems encountered in using the Services.
5. Risc IT Solutions Obligations
5.1 Risc IT Solutions shall provide such information and support as may be reasonably requested by Partner to enable it to properly and efficiently to discharge its duties under these Conditions.
6. Prices and Payment
6.1 The price payable by Partner to Risc IT Solutions for Services shall be as determined by Risc IT Solutions and notified to Partner from time to time.
6.2 Risc IT Solutions shall give Partner written notice of any changes to the prices.
6.3 Any and all expenses, costs and charges incurred by Partner in the performance of its obligations under the Agreement shall be paid by Partner.
6.4 Risc IT Solutions will invoice Partner on a monthly basis. The sums due from Partner to Risc IT Solutions shall be solely determined by the records held by Risc IT Solutions. All prices are exclusive of any Value Added Tax or other applicable sales taxes for which Partner shall be additionally liable.
6.5 Partner shall pay the full amount invoiced to it by reference to currency of the Service purchased in each instance. Partner shall set up an automated payment method and payment will be taken by Risc IT Solutions 7 days after the date of invoice. Time for payment is of the essence. Failure to maintain a valid automated payment method may result in the suspension of Services without notice.
6.6 Partner is solely responsible for the payment of all Services ordered by Partner or End Users ordered or updated using Partner’s log in credentials or used where use or consumption of Vendor’s Services requires additional payment.
6.7 Partner shall not be entitled by reason of any set-off, counter-claim, abatement, or other similar deduction to withhold payment of any amount due to Risc IT Solutions, unless an error is discovered by either party, in which case the amount of set-off, counter- claim, abatement, or other similar deduction shall be limited to the amount of the error. For the avoidance of doubt, Partner shall be liable to pay to Risc IT Solutions all sums due whether or not it has been paid the corresponding sums by its customer.
6.8 If a payment due from Partner is subject to tax (whether by way of direct assessment or withholding at its source), Risc IT Solutions shall be entitled to receive from Partner such amounts as shall ensure that the net receipt, after tax, is the same as it would have been were the payment not subject to tax.
6.9 Risc IT Solutions shall not complete any forms or other documentation appertaining to a Partner’s taxation status or to payments made to Risc IT Solutions, whether in relation to directly assessed or withholding taxes.
6.10 In the event that any invoice is not paid in full when due, Risc IT Solutions shall be entitled to immediately terminate this Agreement and/or suspend and/or terminate all of the Services or any part of them at its sole discretion whether any amount in question has been part paid or not. Non-payment is a fundamental breach of these Conditions. In the event of suspension or termination the Partner and/or End Users will not be able to access the Services, the applications or data and such data may be irrecoverable.
7. Terminating End User Services
7.1 In the event that the Partner wishes to cancel Services, the Partner must:
7.1.1 Provide 30 days’ notice of the cancellation of End User’s Services. For monthly billed services, termination of charges will take effect at the end of the calendar month following the expiry of the 30 day notice period. For annually billed Services, termination of charges will take effect at the end of the billing period;
7.1.2 Ensure that it promptly informs each End User that they must backup any data held within the Services that they wish to keep ahead of the Service termination date. Post termination data will NOT be recoverable;
7.1.3 Ensure that all users are unassigned from licences to the Services being terminated ahead of the Service termination date;
7.1.4 Ensure all locally installed software relating to the Services is uninstalled prior to the Service termination date.
7.2 Partner will continue to be liable for all charges relating to active Services under its Partner account until such a time that the Services are set to cancelled.
7.3 Should Partner request reactivation of an End User’s Service(s) after any Service suspension, Risc IT Solutions reserves the right to charge Partner professional services charges to reactivate and/or retrieve data relating to the suspended Service(s) where Risc IT Solutions deems recovery is possible.
7.4 Risc IT Solutions is under no obligation to reactivate Services which have been suspended or terminated unless Risc IT Solutions deems that the termination was in error.
8. Advertising and Promotion
8.1 Partner shall:
8.1.1 be responsible for the promotion of Services;
8.1.2 observe all reasonable directions and instructions given to it by Risc IT Solutions in relation to the promotion of the Services available, and shall not make any written statement as to the quality of Services without the prior written approval of Risc IT Solutions.
8.1.3 conduct its business in a manner that reflects favourably at all times on Risc IT Solutions and the good name, goodwill and reputation of Risc IT Solutions and not enter into any contract or engage in any practice detrimental to Risc IT Solutions interests; and
8.1.4 avoid deceptive, misleading or unethical practices that are, or might be, detrimental to Risc IT Solutions or the Services and shall not publish or employ, or co-operate in the publication or employment of, any false, misleading or deceptive advertising material or other representations with regard to Risc IT Solutions or Services.
8.2 Risc IT Solutions shall:
8.2.1 grant to Partner a non-exclusive licence to use its name and logo in the promotion of the Services, subject to, and for the duration of, this Agreement. The Partner acknowledges and agrees that all rights in all names and logos shall remain in Risc IT Solutions, and Partner has and will acquire no right in them.
9. Intellectual Property Rights
9.1 Partner acknowledges and agrees that all Intellectual Property in and to the Services belongs to the Vendors and that use of the Services is subject to the Flow Down Terms.
9.2 Without prejudice to the right of Partner or any third party to challenge the validity of any Intellectual Property of Risc IT Solutions, Partner shall not do or authorise any third party to do any act which would or might invalidate or be inconsistent with any Intellectual Property of Risc IT Solutions and/or a Vendor and shall not omit or authorise any third party to omit to do any act which, by its omission, would have that effect or character.
9.3 Partner shall have no rights in respect of any trade names or trade marks used by a Vendor in relation to a Service or its associated goodwill, and Partner acknowledges that all such rights and goodwill shall inure for the benefit of and are (and shall remain) vested in the Vendor and/or its licensors.
9.4 Partner shall promptly give notice in writing to Risc IT Solutions in the event that it becomes aware of:
9.4.1 any infringement or suspected infringement of Flow Down Terms by it and/or by an End User;
9.4.2 any infringement or suspected infringement of any Intellectual Property in or relating to the Services; and
9.4.3 any claim that any Service or the manufacture, use, sale or other disposal of any Service infringes the rights of any third party.
10.1 Partner may have access to Confidential Information pursuant to the Agreement. Confidential Information shall not include information that:
10.1.1 is or becomes publicly known through no act or omission of Partner; or
10.1.2 is lawfully disclosed to Partner by a third party without restriction on disclosure; or
10.1.3 is independently developed by Partner, which independent development can be shown by written evidence.
10.2 Partner shall hold the Confidential Information in confidence and secure and not make the other's Confidential Information available to any third party or use the other's Confidential Information for any purpose other than the implementation of the Agreement. Partner may disclose Confidential Information:
10.2.1 to its employees, officers, representatives or advisers who need to know such information for the purposes of carrying out the Partner’s obligations under the Agreement. Partner shall procure that all such persons comply with the terms of this clause 10; and
10.2.2 as may be required by law, a competent jurisdiction or any governmental or regulatory authority except that, to the extent permitted by law, Partner shall give Risc IT Solutions prior notice of such disclosure.
10.3 This clause 10 shall survive termination of the Agreement for any reason.
11. Data Protection
11.1 Partner acknowledges and agrees that in relation to any Personal Data relating to an End User that it processes, it shall be the Data Controller. The terms “Personal Data” and “Data Controller” shall have the meanings set out in the GDPR (as may be amended from time to time).
11.2 Partner warrants that:
11.2.1 it will process Personal Data in compliance with all Applicable Laws, enactments, regulations, orders, standards and other similar instruments; and
11.2.2 it will take appropriate technical and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data.
11.3 Partner shall notify Risc IT Solutions immediately if it becomes aware of:
11.3.1 any unauthorised or unlawful processing, loss of, damage to or destruction of Personal Data;
11.3.2 any advance in technology and methods of working which mean that Risc IT Solutions should revise its security measures.
11.4 If Partner receives any complaint, notice or communication which relates directly or indirectly to the processing of Personal Data or to either party's compliance with the GDPR and the data protection principles set out therein, it shall immediately notify Risc IT Solutions and it shall provide Risc IT Solutions with full co-operation and assistance in relation to any such complaint, notice or communication.
11.5 Risc IT Solutions owns all End User data notified to it by Partner or End Users.
11.6 Partner shall not transfer Personal Data outside the European Economic Area without the prior written consent of Risc IT Solutions.
12.1 Partner shall:
12.1.1 conduct its business in all respects in accordance with all Applicable Laws and regulations regarding bribery including but not limited to the Bribery Act 2010 and all regulations made and guidance issued under the Act and Partner agrees that it has established procedures to ensure continued compliance with all such legislation and guidance;
12.1.2 not engage in any activity, practice or conduct which would constitute an offence under sections 1, 2 or 6 of the Bribery Act 2010 if such activity, practice or conduct had been carried out in the UK; and
12.1.3 promptly report to Risc IT Solutions any request or demand for any undue financial or other advantage of any kind received by it in connection with the performance of the Agreement and/or the sale of Services.
12.2 Breach of this clause 12 shall be deemed a material breach, which is irremediable, under clause 15.3.1.
13.1 Each party represents, warrants and undertakes that:
13.1.1 It has full capacity and authority and all necessary consents to enter into and to perform the Agreement and to grant the rights and licences referred to in the Agreement; and
13.1.2 it shall comply with all Applicable Laws in the performance of its obligations under the Agreement.
13.2 Except as expressly and specifically provided in these Conditions, all warranties, conditions and other terms implied by statute or common law are, to the fullest extent permitted by law, excluded from the Agreement.
13.3 Partner shall indemnify and keep Risc IT Solutions fully and effectively indemnified in respect of any and all claims made by an End User against Risc IT Solutions relating to the Services, except where such claim arises as a direct result of the default and/or negligence of Risc IT Solutions.
14. Limitation of Liability
14.1 Subject to clause 14.3, Risc IT Solutions shall not be liable to Partner in contract, tort (including negligence), breach of statutory duty, misrepresentation (whether innocent or negligent), by way of indemnity or otherwise for any special, incidental, consequential, indirect, exemplary and/or punitive damages or liabilities; lost profit; lost revenue; loss of use; loss of goodwill; loss of reputation; loss of/or damage to data, costs of recreating lost data; the cost of any substitute equipment, program, or data; in all cases regardless of whether the possibility of such damages or liabilities have been communicated to Risc IT Solutions and regardless of whether Risc IT Solutions has or gains knowledge of the existence of such damages or liabilities.
14.2 Subject to clause 14.3, the cumulative, aggregate liability of Risc IT Solutions (including without limitation costs awarded under the Agreement) to Partner for all claims, liabilities and damages arising out of or in relation to the Agreement, whether in contract, tort (including negligence), breach of statutory duty, misrepresentation (whether innocent or negligent), by way of indemnity, or otherwise, shall not exceed the lower of;
14.2.1 monies actually paid by Partner to Risc IT Solutions under the Agreement in the 12 months preceding the date on which the claim arose; or
14.2.2 one hundred thousand pounds (£100,000).
14.3 Nothing in these Conditions shall exclude or limit Risc IT Solutions liability for:
14.3.1 fraud or fraudulent misrepresentation;
14.3.2 personal injury or death caused by the negligence of its employees in connection with the performance of their duties hereunder; or
14.3.3 any other liability that cannot be excluded by law.
15. Term and Termination
15.1 The Agreement shall commence on the Effective Date and shall continue until terminated as provided in these Conditions.
15.2 Either party may by written notice to the other terminate the Agreement on not less than 30 days’ written notice after the first annual anniversary of the agreement. Termination will take effect at the end of the calendar month following the expiry of the 30 day notice period.
15.3 Without prejudice to any other rights or remedies to which the parties may be entitled, either party may terminate the Agreement without liability to the other if the other party:
15.3.1 commits a material breach of any of the terms of the Agreement and (if such a breach is remediable) fails to remedy that breach within 21 days of that party being notified in writing of the breach;
15.3.2 shall become insolvent, enters into liquidation (whether voluntary or compulsory), an administration order is made or a receiver and/or administrative receiver is appointed in respect of all or any of the other party's assets; the other party makes or proposes a voluntary arrangement with its creditors; or if any procedural step is taken in relation to or with a view to any of the above; and/or
15.3.3 ceases or threatens to cease to exist or to carry on trading.
15.4 Without prejudice to any other rights or remedies to which Risc IT Solutions may be entitled, Risc IT Solutions may terminate the Agreement without liability to Partner if Partner:
15.4.1 does or omits to do anything that has the intention or effect of damaging Risc IT Solutions business or reputation; or
15.4.2 undergoes a change of Control.
16. Effects of Termination
16.1 Upon termination, Partner shall destroy all marketing materials and other documents used in the sale and marketing of Services.
16.2 The termination of the Agreement shall not of itself give rise to any liability on the part of Risc IT Solutions to pay any compensation to Partner for loss of profits or goodwill, to reimburse Partner for any costs relating to or resulting from such termination, or for any other loss or damage including but not limited to any loss of data by Partner or End User. For the avoidance of doubt Risc IT Solutions will not refund any subscription or other fees paid to it in respect of any subscription period after the date of termination.
16.3 Termination of the Agreement shall not affect any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the Agreement which existed at or before the date of termination.
16.4 Any clause of this Agreement that expressly or by implication is intended to survive termination or expiration of this Agreement shall remain in full force and effect.
17. Force Majeure
17.1 Neither party shall in any circumstances be in breach of the Agreement nor liable for delay in performing, or failure to perform, any of its obligations under the Agreement if such delay or failure results from events, circumstances or causes beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes, failure of a utility service or transport or telecommunications network, power outage, internet backbone failure, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or sub-contractors. In such circumstances the affected party shall be entitled to a reasonable extension of the time for performing such obligations, provided that if the period of delay or non- performance continues for three months, the party not affected may terminate the Agreement by giving 30 days' written notice to the other party.
18.1 A waiver of any right under the Agreement is only effective if it is in writing and it applies only to the party to whom the waiver is addressed and the circumstances for which it is given and the failure of a party to enforce or to exercise any term or right under the Agreement shall not be a waiver of such term or right and shall not affect such party's right to later enforce or exercise it.
18.2 If any term of the Agreement is found to be illegal, invalid or unenforceable under any applicable law, such term shall, insofar as it is severable from the remaining terms (or capable of modification), be deemed omitted from the Agreement (or modified as appropriate) and shall in no way affect the legality, validity or unenforceability of the remaining terms which shall remain in full force and effect.
18.3 Each of the parties acknowledges and agrees that in entering into the Agreement, and the documents referred to in it, it does not rely on, and shall have no remedy in respect of, any statement, representation, warranty or understanding (whether negligently or innocently made) of any person (whether party to the Agreement or not) other than as expressly set out in the Agreement. Nothing in this clause shall, however, operate to limit or exclude any liability for fraud.
18.4 These Conditions and any documents referred to in them (including the EULA) constitute the entire agreement and understanding of the parties and supersede any previous agreement between the parties relating to the subject matter of the Agreement.
18.5 Except as set out in these Conditions, no variation of the Agreement by Partner, including the introduction of any additional terms and conditions, shall be effective unless it is in writing and signed by Risc IT Solutions.
18.6 Each of the parties acknowledges and agrees that in entering into the Agreement, and the documents referred to in it, it does not rely on, and shall have no remedy in respect of, any statement, representation, warranty or understanding (whether negligently or innocently made) of any person (whether party to the Agreement or not) other than as expressly set out in the Agreement. Nothing in this clause shall, however, operate to limit or exclude any liability for fraud.
18.7 Partner shall not, without the prior written consent of Risc IT Solutions, assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under the Agreement. Risc IT Solutions may assign, transfer or subcontract any of its rights and/or obligations to any Group Company or to any acquirer of all or substantially all of Risc IT Solutions assets or business relating to the subject matter of the Agreement.
18.8 Nothing in the Agreement is intended to, or shall be deemed to, establish any partnership or joint venture between any of the parties, constitute any party the agent of another party, nor authorise any party to make or enter into any commitments for or on behalf of any other party.
18.9 Save as expressly provided in these Conditions, no term of the Agreement shall be enforceable under the Contracts (Rights of Third parties) Act 1999 by a third party.
18.10 Notwithstanding clause 1.6 of this Agreement, any notice to be given to Risc IT Solutions by the Partner shall be in writing. Risc IT Solutions may give notice by email or in writing to the Partner.
18.11 A notice delivered by hand will be deemed to have been received when delivered. A correctly addressed notice sent by pre-paid post will be deemed to have been received in the case of pre-paid recorded delivery two days after the date of posting, or in the case of airmail, five days after the date of posting. A notice given by email will be deemed to be served when sent.
19. Law and Jurisdiction
19.1 The Agreement and any disputes or claims arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) are governed by and construed in accordance with English law.
19.2 Subject to clause 19.3, the parties irrevocably agree that the courts of England have exclusive jurisdiction to settle any disputes or claims arising out of or in connection with the Agreement, its subject matter or its formation (including non-contractual disputes or claims).
19.3 Notwithstanding clause 19.2, the parties irrevocably agree that Risc IT Solutions shall have the right to take, and shall not be prevented from taking, proceedings against Partner to settle any dispute or claim arising out of, or in connection with, these Conditions, its subject matter or formation (including non-contractual disputes or claims) in any other court of competent jurisdiction and that Risc IT Solutions may take such proceedings in any number of jurisdictions, whether concurrently or not, to the extent permitted by law.
Data Processing Schedule
The terms used in this Schedule shall have the meanings set out below or as set out in the Agreement (where not defined below). Except as modified below, the terms of the Agreement shall remain in full force and effect.
"Appropriate Safeguards" means such legally enforceable mechanism(s) for transfers of Personal Data outside the EEA as may be permitted under Data Protection Laws from time to time;
"Data Controller" has the meaning given to that term (or to the term ‘controller’) in the GDPR;
"Data Processor" has the meaning given to that term (or to the term ‘processor’) in the GDPR;
"Data Protection Laws" means any applicable UK or EU law relating to the Processing, privacy, and use of Personal Data, as applicable to RISC IT SOLUTIONS and/or the Software including:
(i) the Data Protection Act 1998;
(ii) the EU Data Protection Directive (95/46/EC) as implemented in each relevant jurisdiction;
(iii) the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the EU Privacy and Electronic Communications Directive 2002/58/EC as implemented in each relevant jurisdiction; and
(iv) the GDPR from the GDPR Date;
and any corresponding or equivalent national laws or regulations and any amending, equivalent or successor legislation to any of the above from the date that they come into force and the guidance and codes of practice issued by the Information Commissioner or any other Supervisory Authority in any relevant jurisdiction;
"Data Protection Losses" means any costs (including legal costs), liabilities, claims, demands, actions, settlements, interest, charges, expenses, losses, damages, administrative fines, penalties, sanctions, costs of compliance with an investigation by a Supervisory Authority and/or compensation ordered by a Supervisory Authority;
"Data Subject" has the meaning given to that term in the GDPR;
"Data Subject Request" means a request made by a Data Subject to exercise any rights of Data Subjects under Data Protection Laws;
"GDPR" means the General Data Protection Regulation (EU) 2016/679;
"GDPR Date" means from when the GDPR applies on 25 May 2018;
"Personal Data" has the meaning given to that term in the GDPR;
"Personal Data Breach" means any breach of security by RISC IT SOLUTIONS leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Protected Data on systems managed by or otherwise controlled by RISC IT SOLUTIONS excluding unsuccessful attempts or activities that do not compromise the security of Protected Data and/or where the breach is unlikely to result in a risk to the rights and freedoms of natural persons;
"Processing" has the meanings given to that term in the GDPR (and related terms such as process have corresponding meanings);
"Processing Instructions" has the meaning given to that term in paragraph 3.1.1;
"Protected Data" means Personal Data comprised in the Data and processed by RISC IT SOLUTIONS on behalf of the End User in connection with the provision of Software and/or performance of RISC IT SOLUTIONS obligations under the Agreement;
"Sub-Processor" means another Data Processor engaged by RISC IT SOLUTIONS for carrying out Processing activities in respect of the Protected Data as part of the Software on behalf of the End User;
"Supervisory Authority" means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering Data Protection Laws.
1.1 The following paragraphs in this Schedule will only apply to the extent that the Data Protection Laws apply to the Processing of Protected Data by RISC IT SOLUTIONS.
1.2 Where there is any conflict between the between the terms of the Agreement and the terms of this Schedule, the terms of this Schedule shall prevail.
2. Data Processor and Data Controller
2.1 The parties agree that, in relation to the Protected Data, the End User is the Data Controller and RISC IT SOLUTIONS is the Data Processor.
2.2 RISC IT SOLUTIONS shall process Protected Data in compliance with:
2.2.1 the obligations of Data Processors under Data Protection Laws in respect of the performance of its obligations under this Schedule and the Agreement; and
2.2.2 the terms of this Schedule.
2.3 The End User shall comply with:
2.3.1 all Data Protection Laws in connection with the Processing of Protected Data and the exercise and performance of its respective rights and obligations under this Schedule and the Agreement, including maintaining all relevant regulatory registrations and notifications as required under Data Protection Laws; and
2.3.2 the terms of this Schedule.
2.4 The End User warrants, that:
2.4.1 all Protected Data shall comply in all respects, including in terms of its collection, storage and Processing (which shall include the End User providing all of the required fair Processing information to, and obtaining all necessary consents from, relevant Data Subjects), with Data Protection Laws;
2.4.2 all instructions given by it to RISC IT SOLUTIONS in respect of Personal Data shall at all times be in accordance with Data Protection Laws; and
2.4.3 it has undertaken due diligence in relation to RISC IT SOLUTION Processing operations, and it is satisfied that:
(a) RISC IT SOLUTIONS Processing operations are suitable for the purposes for which the End User proposes to use the Software and engage RISC IT SOLUTIONS to process the Protected Data; and
(b) RISC IT SOLUTIONS has sufficient expertise, reliability and resources to implement technical and organisational measures that meet the requirements of Data Protection Laws.
2.5 The End User shall not withhold, delay or condition its agreement to any change requested by RISC IT SOLUTIONS to the Software in order to ensure the Software and RISC IT SOLUTIONS (and each Sub-Processor) can comply with Data Protection Laws.
3. Instructions and details of processing
3.1 Insofar as RISC IT SOLUTIONS processes Protected Data on behalf of the End User, RISC IT SOLUTIONS:
3.1.1 unless required to do otherwise by applicable law, shall (and shall take steps to ensure each person acting under its authority shall) process the Protected Data only on and in accordance with the End User’s documented instructions as set out in this paragraph 3 and 09 (Data processing details), as updated from time to time upon written agreement between the parties and/or as further specified via the End User’s use of the Software (Processing Instructions);
3.1.2 if applicable law requires it to process Protected Data other than in accordance with the Processing Instructions, shall notify the End User of any such requirement before Processing the Protected Data (unless applicable law prohibits such information on important grounds of public interest).
4. Technical and organisational measures
4.1 RISC IT SOLUTIONS shall implement and maintain, at its cost and expense, appropriate technical and organisational measures to:
4.1.1 ensure the security, integrity, availability and confidentiality of the Protected Data and protect against accidental loss or destruction of, or damage to Protected Data, such measures to be appropriate to the harm that might result from the unauthorised or unlawful Processing or accidental loss, destruction or damage and the nature of the data to be protected having regard to the state of technological development and the cost of implementing any measures;
4.1.2 taking into account the nature of the Processing, assist the End User insofar as is possible in the fulfilment of the End User’s obligations to respond to Data Subject Requests relating to Protected Data.
5. Using staff and other processors
5.1 The End User acknowledges and agrees that RISC IT SOLUTIONS engages Sub-Processors to host and provide some of the Software. Details of the Sub-Processors are as set out at www.riscitsolutions.com/en/compliance-centre and may be amended from time to time. The End User provides general consent to RISC IT SOLUTIONS engaging such Sub-Processors provided that RISC IT SOLUTIONS:
5.1.1 provides to the End User details of any new Sub-Processor appointed after the date of the Agreement;
5.1.2 notifies the End User in advance of any change in a Sub-Processor. The End User may object to any change in the Sub-Processor where it has reasonable grounds for doing so and in such circumstances RISC IT SOLUTIONS shall be entitled to address the objection through one of the following options at its sole discretion:
(a) cease to use the relevant Sub-Processor;
(b) take steps suggested by the End User to address the objection; or
(c) cease to provide the particular Software which involves the relevant Sub-Processor.
5.2 RISC IT SOLUTIONS shall prior to the relevant Sub-Processor carrying out any Processing activities in respect of the Protected Data, appoint each Sub-Processor under a written contract containing obligations which offer materially the same level of protection for the Protected Data as those set out in this Schedule. The End User acknowledges and agrees that it has no right to audit and inspect a Sub-Processor’s facilities and premises and that RISC IT SOLUTIONS shall not be obliged to include such rights in its agreement with its Sub-Processors.
5.3 RISC IT SOLUTIONS shall ensure that all persons authorised by it (or by any Sub-Processor) to process Protected Data are subject to an obligation to keep the Protected Data confidential (except where disclosure is required in accordance with applicable law, in which case RISC IT SOLUTIONS shall, where practicable and not prohibited by applicable law, notify the End User of any such requirement before such disclosure).
6. Assistance with the End User's compliance and Data Subject rights
6.1 RISC IT SOLUTIONS shall promptly refer all Data Subject Requests it receives to the End User upon receipt of the request, and shall, at the End User’s cost at RISC IT SOLUTIONS standard rates in force at the time, assist the End User with Data Subject Requests.
6.2 RISC IT SOLUTIONS shall provide such reasonable assistance as the End User reasonably requires (taking into account the nature of Processing and the information available to RISC IT SOLUTIONS) to the End User in ensuring compliance with the End User’s obligations under Data Protection Laws with respect to:
6.2.1 security of Processing;
6.2.2 data protection impact assessments (as such term is defined in Data Protection Laws);
6.2.3 prior consultation with a Supervisory Authority regarding high risk Processing; and
6.2.4 notifications to the Supervisory Authority and/or communications to Data Subjects by the End User in response to any Personal Data Breach,
provided the End User shall pay RISC IT SOLUTIONS charges for providing the assistance in this paragraph 6.2, at RISC IT SOLUTIONS standard rates in force at the time.
7. Data Transfers
7.1 RISC IT SOLUTIONS uses certain Sub-Processors (as referred to in paragraph 5.1) to assist in providing some of the Software. Some of these Sub-Processors may be based outside of the European Economic Area where identified at www.riscitsolutions.com/en/compliance-centre. Where the End User contracts with RISC IT SOLUTIONS for the provision of any Software that involve a transfer to a Sub-Processor outside of the European Economic Area, the End User agrees to the transfer outside of the European Economic Area subject to RISC IT SOLUTIONS compliance with paragraph 7.2 below.
7.2 Where a Sub-Processor is based outside of the European Economic Area, RISC IT SOLUTIONS shall ensure that there are Appropriate Safeguards in place and that any transfer will be in accordance with Data Protection Laws.
8. Records, Information and audit
8.1 RISC IT SOLUTIONS shall maintain, in accordance with Data Protection Laws binding on RISC IT SOLUTIONS, written records of all categories of Processing activities carried out on behalf of the End User.
8.2 RISC IT SOLUTIONS shall, in accordance with Data Protection Laws, make available to the End User such information as is reasonably necessary to demonstrate RISC IT SOLUTIONS compliance with the obligations of Data Processors under Data Protection Laws, and allow for and contribute to audits, including inspections, by the End User (or another auditor mandated by the End User) for this purpose, subject to paragraph 5.2 and subject to the End User:
8.2.1 giving RISC IT SOLUTIONS reasonable prior notice of such information request, audit and/or inspection being required by the End User;
8.2.2 carrying out no more than one audit or inspection in any calendar year except where the End User reasonably believes necessary due to genuine concerns as to RISC IT SOLUTIONS compliance with this Schedule or where the End User is required or requested to carry out such an audit or inspection by Data Protection Laws and/or a Supervisory Authority;
8.2.3 ensuring that all information obtained or generated by the End User or its auditor(s) in connection with such information requests, inspections and audits is kept strictly confidential (save for disclosure to the Supervisory Authority or as otherwise required by applicable law);
8.2.4 ensuring that such audit or inspection is undertaken during normal business hours in England, with minimal disruption to RISC IT SOLUTIONS business and the business of other customers of RISC IT SOLUTIONS; and
8.2.5 paying RISC IT SOLUTIONS reasonable costs for assisting with the provision of information and allowing for and contributing to inspections and audits.
8.3 Information and audit rights under this paragraph only arise to the extent that the Agreement does not otherwise give the End User information and audit rights meeting the relevant requirements of Data Protection Laws.
9. Breach Notification
9.1 In respect of any Personal Data Breach involving Protected Data, RISC IT SOLUTIONS shall, without undue delay, notify the End User of the Personal Data Breach and provide the End User with details of the Personal Data Breach.
9.2 In the event that the End User becomes aware of a Personal Data Breach by RISC IT SOLUTIONS or otherwise in connection with the Software, it shall without undue delay notify RISC IT SOLUTIONS of the Personal Data Breach and provide RISC IT SOLUTIONS with details of the Personal Data Breach.
9.3 As the Data Controller, the End User is solely responsible for complying with its notification obligations for Personal Data Breaches under Data Protection Laws, including providing notification to the relevant Supervisory Authority and Data Subjects (where applicable).
10. Deletion or return of Protected Data and copies
10.1 The End User is entitled to recover the Protected Data at any time including after the provision of the Software provided that the End User shall not be able to recover the Protected Data after the expiry of any retention period specified in the Agreement. RISC IT SOLUTIONS shall, at the End User’s written request delete the Protected Data (unless storage of any data is required by applicable law and, if so, RISC IT SOLUTIONS shall inform the End User of any such requirement). Otherwise Protected Data shall be deleted in accordance with the terms of the Agreement.
11.1 The End User shall indemnify and keep indemnified RISC IT SOLUTIONS in respect of all Data Protection Losses suffered or incurred by, awarded against or agreed to be paid by, RISC IT SOLUTIONS and any Sub-Processor arising from or in connection with any:
11.1.1 non-compliance by the End User with the Data Protection Laws;
11.1.2 Processing carried out by RISC IT SOLUTIONS or any Sub-Processor pursuant to any Processing Instruction that infringes any Data Protection Law; or
11.1.3 breach by the End User of any of its obligations under this Schedule,
except to the extent RISC IT SOLUTIONS is liable under paragraph 11.2.
11.2 RISC IT SOLUTIONS liability for any Data Protection Losses (howsoever arising, whether in contract, tort (including negligence) or otherwise) under or in connection with this Schedule is limited to the extent caused by the Processing of Protected Data by RISC IT SOLUTIONS under this Schedule and where such Data Protection Losses result directly from RISC IT SOLUTIONS breach of paragraphs 2 to 10 (inclusive) and are not contributed to or caused by any breach by the End User of Data Protection Laws, this Schedule and/or the Agreement.
11.3 RISC IT SOLUTIONS shall in no way be responsible for or liable to the End User in respect of any Processing of Protected Data by any third party engaged by the End User to provide services in connection with the Software.
11.4 The liability of RISC IT SOLUTIONS under or in connection with this Schedule (howsoever arising, whether in contract, tort (including negligence), statutory duty or otherwise) is subject to the exclusions and limitations of liability in the Agreement.
11.5 The End User shall not be entitled to claim back from RISC IT SOLUTIONS any part of any compensation paid by the End User to a person relating to the Processing of Protected Data, to the extent that the End User is liable to indemnify RISC IT SOLUTIONS under paragraph 11.1.
12.1 RISC IT SOLUTIONS may amend this Schedule at any time as permitted in the Agreement including where required to comply with any applicable law or where the amendments do not result in a material reduction in the protection of Protected Data and/or do not breach Data Protection Laws.
Data Processing Details
1 Subject-matter of Processing:
Risc IT Solutions licence of the Software to the End User
2 Duration of the Processing:
The term of the Agreement until the deletion of Protected Data in accordance with the Agreement.
3 Nature and purpose of the Processing:
Risc IT Solutions will process End User Personal Data for the purposes of providing the Software to the End User in accordance with the Agreement.
4 Type of Personal Data:
Data relating to the Data Subjects provided to Risc IT Solutions via the Software, by (or at the direction of) the End User.
5 Categories of Data Subjects:
Data relating to Data Subjects provided to Risc IT Solutions via the Software, by (or at the direction of) the End User.
Direct Debit Mandate
Please download and complete the Direct Debit Agreement and email to: firstname.lastname@example.org
Or post to: Risc IT Solutions, Church Walks Business Centre, Church Walks, Llandudno, LL30 2HL