Touchtree

Terms & Conditions

Services Generally

1. This Agreement governs the use of the Touch Tree Technology software and associated services (collectively, the “Services“), as further described in the Order to which these Terms are attached (the “Order Form”).
2. The Services may interoperate with various third-party platforms and applications as determined by Touch Tree from time to time (“Add-Ons”). Continued interoperation of the Services with any Add-Ons is dependent upon the availability of each such application and Touch Tree may cease to provide such functionality if access to any Add-On is not available to Touch Tree on commercially reasonable terms. Touch Tree makes no representations or warranties with respect to the Add-Ons.

Right of Use Registration and Accounts

1. Subject to the terms of this Agreement, Touch Tree grants Customer, during the term of the Order Form, a world-wide, non-transferable right to access and use the Services for Customer’s internal business purposes as it sees fit. 
2. Customer may allow its employees, consultants, contractors or agents (“Customer’s Users”) to access and use the Services subject to the limitations specified on the Order Form, solely on Customer’s behalf and for the benefit of Customer, provided that Customer assumes full responsibility for all acts and omissions of Customer’s Users in connection with the use of the Service.
3. Customer is responsible for maintaining the confidentiality of its logins and account and for all activities that occur under its logins and account, including the activities of Customer’s Users. If Customer or Customer’s Users become aware of any unauthorised use of the Services, Customer will contact Touch Tree immediately at info@touchtree.tech.
4. Touch Tree retains all right, title and interest in and to the Services except for the rights granted to Customer pursuant to this Agreement.
5. The Parties acknowledge that the Services may collect and aggregate certain de-identified information and data regarding the use and operation of the Services by Customer. Customer agrees that Touch Tree may utilise such information and data as well as any Customer suggestions, enhancement requests or other recommendations (collectively, “Feedback”) for any lawful business purpose, without a duty of accounting to Customer so long as such Feedback does not identify Customer or any Customer Content. No compensation shall be paid with respect to Touch Tree’s use of Feedback.

Use Restrictions; Customer Content

1. Customer will not: (i) use the Services in any manner that is not permitted under the terms of this Agreement or in violation of applicable law; (ii) permit any third party to access the Services, except for Customer’s Users; (iii) use the Services to store or transmit any viruses, worms, time bombs, Trojan horses and other harmful or malicious code, files, scripts, agents or programs, or otherwise engage in unfair, unlawful or deceptive practices; (iv) interfere with or disrupt the integrity or performance of the Services; (v) attempt to gain unauthorised access to the Services or the Services’ related systems and networks, or systematically access the Services using ‘bots’ or ‘spiders’; (vi) decompile, reverse engineer or undertake any similar efforts with respect to the Services; (vii) create any derivative works of the Services; (viii) copy, modify, frame or mirror the Services; or (ix) use the Services to develop or offer a service that is similar to the Services. The above restrictions apply to the Services in whole and to any portion thereof.
2. All digital files and information uploaded by or on behalf of Customer into the Services (“Customer Content”) are the sole and exclusive property of Customer. Customer grants Touch Tree a right and licence to access and use the Customer Content solely for purposes of providing, developing and supporting the Services pursuant to this Agreement.
3. Customer will not upload to the Services any Customer Content that constitutes or encourages conduct that would constitute a criminal offence, give rise to civil liability or otherwise violate applicable laws and regulations including laws and regulations governing privacy, mass email, spam, export control, consumer protection, unfair competition, false advertising, harassment, anti-competitive activities, misappropriation, libel, defamation, obscene content and incitement.
4. As part of the Services, the Customer Content is regularly backed up on a daily basis and each such backup is retained for 30 days (the “Data Retention Period”). The backup data will be erased after 30 days. During the Data Retention Period, Customer may retrieve such backup data by downloading a copy through the Services or by submitting a request in writing to info@touchtree.tech 

Fees, Costs and Taxes

1. In consideration for the right to use the Services, Customer will pay fees in the amount and in accordance with the payment terms set forth in the Order Form (the “Services Fees”). Except as explicitly provided under this Agreement, Services Fees are not refundable. Customer assumes all responsibilities and costs associated with Customer’s use of the Services.
2. All Services Fees are exclusive of any foreign or domestic sales taxes, withholding taxes, use taxes and any other taxes and charges of any kind imposed by local or foreign governmental entity (other than taxes based on Touch Tree’s income), and Customer is solely responsible for the payment thereof.
3. If any invoiced amount is not received by Touch Tree by the applicable due date then, without limiting Touch Tree’s rights or remedies, those amounts may accrue late interest at a rate of one and a half percent (1.5%) per month or the highest rate permitted by applicable law, whichever is lower, commencing on the date that payment was due.

Data Protection

1. The Customer shall act as the Data Controller for all Personal Data collected, processed, or shared under this Agreement. The Client agrees to comply with all applicable data protection laws, including but not limited to the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any relevant amendments or secondary legislation.
2. TTT shall act as the Data Processor, processing Personal Data only as instructed by the Customer and solely for the purposes provided under this Agreement.
3. TTT shall only process Personal Data on the documented, written instructions of the Customer, except where required by law. In such cases, TTT shall promptly inform the Customer of that legal requirement before processing, unless prohibited by law.
4. The terms, conditions, and specific obligations for the data processing activities performed by TTT are detailed in the Data Processing Agreement (“DPA”) attached here to as SCHEDULE: DATA PROCESSING AGREEMENT. The DPA shall govern all aspects of Personal Data handling, including data security measures, data subject rights, breach notification, and data retention.

Representations and Warranties

1. Authorisation. Each Party represents, warrants and covenants to the other Party that it has the requisite legal power and authority to enter into this Agreement and to carry out the transactions contemplated by this Agreement.
2. By Customer. Customer represents, warrants and covenants that Customer has obtained all rights and permissions necessary to provide the Customer Content to Touch Tree for use as permitted under this Agreement.
3. By Touch Tree. Touch Tree represents, warrants and covenants that: (i) the Services will be free of material programming errors and will operate in accordance with and conform to the documentation provided as part of the Services in all material respects; (ii) the Implementation Services and Support Services will be performed by qualified personnel in a professional manner consistent with industry standards and in compliance with the terms of this Agreement, the applicable Order Form and all applicable laws, rules and regulations; (iii) it uses best commercially reasonable efforts to ensure that no malicious code, including any viruses, disabling code, time bombs or Trojan horses (“Viruses”) are coded or introduced into the Services as made available by Touch Tree to Customer in accordance with the terms of this Agreement; and (iv) the Services will be Available for use at least 99.8% of the time, measured on a monthly basis, excluding Scheduled Downtime. “Scheduled Downtime” shall be defined as: a) any downtime that the Parties agree to in advance; or b) downtime during regularly scheduled maintenance that occurs between 11pm and 3am local time daily. “Available” means that the Services can be accessed by Customer except during: (i) Scheduled Downtime; and (ii) downtime caused by circumstances beyond Touch Tree’s control, including without limitation, Customer modifications, force majeure, general Internet outages, failure of Customer’s infrastructure or connectivity, computer and telecommunications failures and delays not within Touch Tree’s control.
4. OTHER THAN AS PROVIDED IN THIS SECTION 5, TOUCH TREE MAKES NO OTHER WARRANTIES OR REPRESENTATIONS, EXPRESS OR IMPLIED, AND HEREBY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

Confidentiality

1. “Confidential Information” means non-public business, financial and technical information, including any data and business-related information provided by Customer to Touch Tree, the Services and all elements and functionality details related thereof, the terms of this Agreement and any third party information that the disclosing Party is obligated to keep confidential, that is either marked as “confidential” or “proprietary” or which, under the circumstances, should be understood to be confidential.
2. Confidential Information does not include information which: (i) is or becomes generally available to the public other than as a result of wrongful disclosure by the receiving Party; (ii) is or becomes available to the receiving Party on a non-confidential basis by a third party that rightfully possesses the Confidential Information and has the legal right to make such disclosure; or (iii) is developed independently by the receiving Party without use of the disclosing Party’s Confidential Information and by persons without access to such information.
3. The receiving Party will use measures at least as protective as those it uses for its own confidential information, but no less than reasonable measures, to keep confidential and not to disclose to any third party any Confidential Information of the disclosing Party, except to those of the receiving Party’s personnel, including external advisors, consultants, insurers and investors, who need to know such Confidential Information, who are informed of the confidential nature of the Confidential Information and who agree to be bound by terms of confidentiality at least as protective as those in this Agreement or are bound to confidentiality already by mandatory professional rules (e.g. attorney at law, tax advisors, auditors). The receiving Party will not use any Confidential Information, directly or indirectly, for any purpose other than as necessary to perform its obligations and exercise its rights under this Agreement. Each Party is responsible for any breach of the confidentiality of the other Party by its personnel, which for purposes of Customer will include, without limitation, Customer’s Users.
4. If the receiving Party becomes legally compelled to disclose any Confidential Information, it will provide the disclosing Party with prompt prior written notice to the extent legally permitted and assistance, at the disclosing Party’s expense, in obtaining a protective order.
5. Upon termination of the Agreement, the receiving Party will make all reasonable efforts to either: (a) promptly return to the disclosing Party any Confidential Information disclosed under this Agreement, and any copies thereof, or (b) destroy any documents, electronic records, software or other instruments that contain all or any portion of Confidential Information and will certify in writing to the disclosing Party that such Confidential Information has been returned or destroyed, except that the receiving Party may retain a minimum number of copies of the disclosing Party’s Confidential Information under appropriate confidentiality and security arrangements: (i) in backups, until the backup retention cycle deletes the Confidential Information; (ii) as required under applicable laws; and (iii) for legal and administrative proceedings.

Indemnification

1. By Touch Tree. Touch Tree shall, at its expense, defend Customer from or settle any claim, proceeding, or suit brought by a third party (“Claim”) against Customer (i) to the extent (a) that the Services infringe or misappropriate any intellectual property right of such third party or (b) arising out of Touch Tree’s gross negligence or wilful misconduct, and (ii) will indemnify Customer from all damages, costs, and attorneys’ fees finally awarded and unappealable against Customer as a result of such Claim. Touch Tree shall have no obligation under Section 7(a) to the extent any Claim arises out of or is based upon: (i) Customer’s use of the Services not in compliance with this Agreement or the Documentation; (ii) Customer’s combination of the Services with software, hardware, system, data, or other materials not supplied or authorised by Touch Tree (unless expressly permitted by the Documentation) without Touch Tree’s prior written authorisation; or (iii) the Customer Content. In the event an infringement or misappropriation Claim involving the Services is brought or threatened, or is likely to be brought or threatened in Touch Tree’s reasonable opinion, Touch Tree may, at its sole option and expense: (x) procure for Customer the right to continue to use the Services, (y) modify the Services in a manner that does not materially degrade the Service’s functionality, or (z) terminate the affected Services and, with respect to termination of the Services, refund the unearned portion of the Fees previously paid. Notwithstanding anything else herein, the foregoing indemnification obligations are Touch Tree’s only obligations and liability, and Customer’s exclusive remedy, in respect of any infringement or misappropriation Claim.
2. By Customer. Customer shall, at its expense, defend Touch Tree from or settle any Claim against Touch Tree, its Affiliates, licensors and suppliers arising out of: (i) Customer’s breach of Section 3(a), (ii) third party claims that Customer Content infringes on any third party’s intellectual property rights; or (iii) Customer’s gross negligence or willful misconduct. Customer will indemnify Touch Tree from all damages, costs, and attorneys’ fees finally awarded and unappealable against Touch Tree or its Affiliates as a result of any such claim.
3. Indemnification Procedures. Each party seeking indemnification hereunder shall provide the other party with: (i) prompt written notice of any Claim for which indemnification is sought; (ii) complete control of the defence and settlement of such claim; and (iii) reasonable assistance and cooperation in such defence at the indemnifying party’s expense. Notwithstanding the foregoing, the indemnifying party may not enter into a settlement of a claim that involves a remedy other than the payment of money by the indemnified party (which amounts must be subject to indemnification by the indemnifying party) without the indemnified party’s written consent.

Limits of Liability

1. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER OR TO ANY OTHER PERSON FOR (I) ANY INCIDENTAL, INDIRECT, CONSEQUENTIAL, SPECIAL, PUNITIVE, OR EXEMPLARY DAMAGES OF ANY KIND OR NATURE, (HOWEVER ARISING, UNDER ANY THEORY OF LIABILITY) ARISING OUT OF, OR IN ANY WAY CONNECTED WITH, THE SERVICES OR THE AGREEMENT, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES; AND (II) DIRECT DAMAGES IN EXCESS OF THE FEES ACTUALLY PAID OR PAYABLE BY CUSTOMER UNDER THE AGREEMENT DURING THE TWELVE (12) MONTHS PRIOR TO THE DATE ON WHICH THE CLAIM RESULTING IN SUCH DAMAGES AROSE. THE FOREGOING LIMITATIONS AND EXCLUSIONS DO NOT APPLY TO EITHER PARTY’S INDEMNIFICATION OBLIGATIONS, OR CUSTOMER’S FAILURE TO REMIT ALL FEES PROPERLY DUE AND OWING UNDER THE AGREEMENT.

Term and Termination; Suspension

1. This Agreement commences as of the Effective Date and will continue in effect for a minimum term of 12 months, after which the contract will continue indefinitely. The contract is subject to 60 days notice from the Customer in writing to Touch Tree to terminate the Agreement. Each Party may terminate the Agreement, if the other Party breaches the Agreement and does not cure such breach within thirty (30) days after receiving a written notice from the non-breaching Party. If this Agreement is terminated following breach by Touch Tree, Customer will receive a prorated refund of the unearned prepaid Services Fees. If this Agreement is terminated by Touch Tree under this Section 9(a) due to a breach by Customer, Customer will remain liable for the initial 12 month term and if that term has expired the Customer will be liable for 60 days of fees. Upon termination due to a breach Customer’s access to and use of the Services will terminate immediately.
2. Touch Tree may suspend the provision of the Services, if (i) one or more of Customer’s payments are ten (10) days or more past due and Touch Tree has notified Customer of Customer’s payment default; or (ii) if Touch Tree believes that a suspension is necessary to avoid substantial harm to Customer, Customer’s Users, to other Touch Tree customers, to Touch Tree or to any of its affiliates and contractors, or to a third party, including as a result of a third party infrastructure or communications failures or disruptions, or due to malicious attacks on the Services’ systems, or to cure a material breach, or as required by laws, by a court of law or by a governmental authority or agency. Touch Tree will use all reasonable efforts to provide Customer with reasonable advance notice of the need for any such suspension, and at least 5 days for you to cure any breach that is the cause for such suspension. Any suspension made pursuant to this section will only be in effect for as long as necessary to address the issues giving rise to the suspension.

Governing Law Jurisdiction and Dispute Resolution

1. This Agreement, the Services and any Claim, cause of action or dispute arising out of or related thereto, will be governed solely by the laws of the United Kingdom, without giving effect to any conflicts of law principles.
2. Prior and as a condition to initiating any legal action, the Parties will attempt in good faith to resolve any dispute related to this Agreement first by direct communications between the persons responsible for administering this Agreement and next by negotiation between executives with authority to settle the dispute. Either Party may give the other Party a written notice of any dispute not resolved in the normal course of business. Within five (5) business days after delivery of the notice, the receiving Party will submit to the other Party a written response. The notice and the response will include a statement of each Party’s position and a summary of arguments supporting that position and the name and title of the executive who will represent that Party. Within five (5) business days after delivery of the disputing Party’s notice, the executives of both Parties will meet at a mutually acceptable time and place, including by phone or video conference, and thereafter as often as they reasonably deem necessary, to resolve the dispute. All reasonable requests for information made by one Party to the other will be honoured. All negotiations pursuant to this clause are confidential and will be treated as compromise and settlement negotiations for purposes of applicable rules of evidence.

General Provisions

1. Modifications to the Services. Touch Tree may, either partially or in its entirety modify, adapt or change the Services, or any of its features, user interface and design, the extent and availability of the content of the Services and any other aspect related thereto, through updates and upgrades, provided that Touch Tree will not materially decrease the overall functionality of the Services during the term of any then current Order Form. Touch Tree will notify Customer at the same time and in the same manner as Touch Tree notifies its customers generally about substantial changes in the Services.
2. Notice. Any notice required or permitted to be given in accordance with this Agreement will be effective if it is in writing and sent by certified or registered mail, or email, to the appropriate party at the address set forth on Order Form. Either Party may change its address for receipt of notice by notice to the other Party in accordance with this Section. Notices are deemed given two (2) business days following the date of mailing or one business day following delivery by email.
3. Assignment of Rights. Each Party may assign to a third party its rights and obligations under this Agreement in the event of a merger with or acquisition of all or substantially all of a Party’s assets by that third party, provided that the third party undertakes the assigning Party’s entire rights and obligations under this Agreement. Other assignments of rights and obligations under this Agreement are null and void without the prior written consent of the other Party.
4. Relationship Between the Parties. Neither this Agreement, nor any terms and conditions contained herein, will be construed as creating a partnership, joint venture, agency, or franchise relationship between the Parties.
5. No Third-Party Beneficiaries. This Agreement is not intended to and will not be construed to give any third party any interest or rights, including, without limitation, third party beneficiary rights, with respect to or in connection with any provision under this Agreement.
6. Force Majeure. Neither Party will be liable for any default or delay in the performance of its obligations under this Agreement: (a) if and to the extent such default or delay is caused by fire, flood, earthquake, elements of nature or acts of God, riots, civil disorders, war, terrorism, rebellions or revolutions, or any other similar cause beyond the reasonable control of such Party; and (b) provided the non-performing Party is without fault in causing such default or delay, and such default or delay could not have been prevented by reasonable precautions and cannot reasonably be circumvented by the non-performing Party through the use of alternate sources, workaround plans or other means. The affected Party will promptly notify the other Party of the circumstances causing its delay or failure to perform and of its plans and efforts to implement a work-around solution. For as long as such circumstances prevail, the Party whose performance is delayed or hindered will continue to use all commercially reasonable efforts to recommence performance without delay.
7. Complete Terms and Severability. This Agreement constitutes the entire and complete agreement between Customer and Touch Tree concerning any use of, or in connection with the Services. No terms issued by Customer or appearing on any other document provided by Customer including without limitation any invoice, order, purchase order or acknowledgment form will have any force or effect or otherwise be binding on the Parties. If any provision of this Agreement is held invalid or unenforceable, that provision must be construed in a manner consistent with applicable law to reflect, as nearly as possible, the original intentions of the Parties and the remaining provisions will remain in full force and effect.
8. Publicity. Touch Tree may include identification (including the logo) of Customer as a customer on Touch Tree’s website and marketing materials with Customer’s prior consent, which will not be unreasonably withheld.
9. Amendments. This Agreement may be amended only by a written instrument executed by duly authorised representatives of the Parties.
10. Waiver. The failure of either Party to enforce any provision of this Agreement, unless waived in writing by such Party, will not constitute a waiver of that Party’s right to enforce that provision or any other provision of this Agreement.
11. Prevailing Party. Should it become necessary to take any action to enforce the terms of this Agreement, the prevailing Party is entitled to recover its actual and reasonable legal fees and costs including any reasonable legal fees associated with obtaining, enforcing or collecting upon any judgement as well as any subsequent appeal.
12. Survival. Those provisions that by their nature are intended to survive termination or expiration of this Agreement will so survive.

Touch Tree Service Level Agreement

Incident Response & Resolution Times:

*Response time subject to Touch Tree business hours (8am-5pm CET in Europe) including a personal response from one of our support agents.

SCHEDULE: DATA PROCESSING AGREEMENT

This Data Processing Agreement (“Agreement”) applies when you engage our Services (as defined below) and agree to the terms and conditions (“Terms”) relating to the Services (as defined below).

When we talk about “TTT”, “we,” “our,” or “us” in this Agreement, we are referring to Touch Tree Technology Limited, a company registered in England and Wales under company number 14813192 with registered office at Russell House Regent Park 297-299 Kingston Road, Leatherhead, England, KT22 7LU.

And “you” or the “Customer” are you, who have engaged our Services under the Terms.

You agree to be bound by this Agreement which form a binding contractual agreement between you and us. If you don’t agree to the Terms and this Agreement, you must refrain from using our Services. We have also used a few other capitalised words and phrases as shorthand to refer to recurring concepts. Each of these are defined in bold and in brackets after the concepts are first mentioned.

BACKGROUND

1. TTT provides the use of the software and associated services (“Services”) to the Customer, which are governed by the Terms that may require TTT to process Personal Data on behalf of the Customer.
2. During the subsistence of the Terms, TTT will process Personal Data of the Clients and the Parties agree that the terms of this Agreement shall govern such processing.
3. This Agreement sets out the additional terms, requirements and conditions on which TTT will process Personal Data when providing services under the Terms.

1. Definitions and interpretation

The following definitions and rules of interpretation apply in this Agreement.

2. Personal data types and processing

TTT and the Customer agree and acknowledge that for the purpose of the Data Protection Legislation:

1. the Customer is the controller and TTT is the processor.
2. the Customer retains control of the Personal Data and remains responsible for its compliance obligations under the applicable Data Protection Legislation, including but not limited to providing any required notices and obtaining any required consents, and for the lawful processing instructions it gives to TTT.
3. ANNEX A describes the subject matter, duration, nature and purpose of the processing and the Personal Data categories and Data Subject and TTT shall process Personal Data, in accordance with the Customer ‘s instructions, for the duration/term of the Terms.

3. Customer’s obligations

1. The Customer shall ensure that all Personal Data provided to TTT for processing complies with Data Protection Legislation and that appropriate legal bases exist for such processing.
2. The Customer shall provide lawful instructions to TTT for the processing of Personal Data.
3. The Customer may collect Personal Data using a method that involves uploading a subscriber data sheet or indirectly through an API or via a marketing campaign. The Customer shall ensure that Data Subjects are informed through an appropriate privacy notice that their data is shared with TTT. This notice must:
   a. Identify the Customer as the Data Controller and TTT as the Data Processor;
   b. Specify the purpose(s) for which Personal Data will be processed, including any processing conducted by TTT on behalf of the Customer; and
   c. Include any other information necessary to ensure fair and transparent processing under applicable Data Protection Legislation.

4. TTT’s obligations

1. TTT will only process the Personal Data to the extent, and in such a manner, as is necessary for the Purpose in accordance with the Customer’s lawful instructions. TTT will not process the Personal Data for any other purpose or in a way that does not comply with this Agreement or the Data Protection Legislation. TTT must promptly notify the Customer if, in its opinion, the Customer’s instructions do not comply with the Data Protection Legislation.
2. TTT shall comply promptly with any lawful instructions of the Customer requiring TTT to amend, transfer, delete or otherwise process the Personal Data, or to stop, mitigate or remedy any unauthorised processing.
3. TTT will maintain the confidentiality of the Personal Data and will not disclose the Personal Data to third parties unless the Customer or this Agreement specifically authorises the disclosure, or as required by domestic law, court or regulator (including the Commissioner). If a domestic law, court or regulator (including the Commissioner) requires TTT to process or disclose the Personal Data to a third party, TTT must first inform the Customer of such legal or regulatory requirement and give the Customer an opportunity to object or challenge the requirement, unless the domestic law prohibits the giving of such notice.
4. TTT will reasonably assist the Customer with meeting the Customer’s compliance obligations under the Data Protection Legislation, taking into account the nature of TTT’s processing and the information available to TTT, including in relation to Data Subject rights, data protection impact assessments and reporting to and consulting with the Commissioner or other relevant regulator under the Data Protection Legislation. The cost of this processing shall be borne by the Customer.
5. TTT shall promptly notify the Customer of any changes to the Data Protection Legislation that may reasonably be interpreted as adversely affecting TTT’s performance of the this Agreement.

5. TTT’s employees

1. TTT will ensure that all of its employees:
   a. are informed of the confidential nature of the Personal Data and are bound by confidentiality obligations and use restrictions in respect of the Personal Data;
   b. have undertaken training on the Data Protection Legislation relating to handling Personal Data and how it applies to their particular duties; and
   c. are aware both of TTT’s duties and their personal duties and obligations under the Data Protection Legislation and this Agreement.
   
   
2. TTT will take reasonable steps to ensure the reliability, integrity and trustworthiness of all of TTT’s employees with access to the Personal Data.

6. Security

1. TTT must at all times implement appropriate technical and organisational measures against unauthorised or unlawful processing, access, copying, modification, reproduction, display or distribution of the Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage of Personal Data.
2. TTT must implement such measures to ensure a level of security appropriate to the risk involved, including as appropriate:
   a. the pseudonymisation and encryption of personal data;
   b. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
   c. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
   d. a process for regularly testing, assessing and evaluating the effectiveness of the security measures.

7. Personal Data Breach

1. TTT will immediately and in any event without undue delay notify the Customer if it becomes aware of:
   a.the loss, unintended destruction or damage, corruption, or unusability of part or all of the Personal Data. TTT will restore such Personal Data at its own expense as soon as possible.
   b. any accidental, unauthorised or unlawful processing of the Personal Data; or
   c. any Personal Data Breach.
   
   
2. Where TTT becomes aware of (a), (b) and/or (c) above, it shall, without undue delay, also provide the Customer with the following information:
   a. description of the nature of (a), (b) and/or (c), including the categories of in-scope Personal Data and approximate number of both Data Subjects and the Personal Data records concerned;
   b. the likely consequences; and
   c. a description of the measures taken or proposed to be taken to address (a), (b) and/or (c), including measures to mitigate its possible adverse effects.
   
   
3. Immediately following any accidental, unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties will co-ordinate with each other to investigate the matter. Further, TTT will reasonably co-operate with the Customer at no additional cost to the Customer, in the Customer’s handling of the matter, including but not limited to:
   a. assisting with any investigation
   b. providing the Customer with physical access to any facilities and operations affected;
   c. facilitating interviews with TTT’s employees involved in the matter.
   d. making available all relevant records, logs, files, data reporting and other materials required to comply with all Data
   e. Protection Legislation or as otherwise reasonably required by the Customer; and
   f. taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Data Breach or accidental, unauthorised or unlawful Personal Data processing.
   
   
4. TTT will not inform any third party of any accidental, unauthorised or unlawful processing of all or part of the Personal Data and/or a Personal Data Breach without first obtaining the Customer’s written consent, except when required to do so by domestic law.
5. TTT will cover all reasonable expenses associated with the performance of the obligations under clause 1 to clause 7.3 unless the matter arose from the Customer’s instructions, negligence, wilful default or breach of this Agreement, in which case the Customer will cover all reasonable expenses.

8. Subcontractors

1. TTT may only authorise a third party (subcontractor) to process the Personal Data if:
   a. TTT enters into a written contract with the subcontractor that contains terms substantially the same as those set out in this Agreement, in particular, in relation to requiring appropriate technical and organisational data security measures, and, upon the Customer’s request, provides the Customer with copies of the relevant excerpts from such contracts; and
   b.TTT maintains control over all of the Personal Data it entrusts to the subcontractor.
   
   
2. Those subcontractors approved as at the commencement of this Agreement, are as set out in ANNEX A. TTT shall, upon request, list all approved subcontractors and include any subcontractor’s name and location and the contact information for the person responsible for privacy and data protection compliance.
3. Where the subcontractor fails to fulfil its obligations under the written agreement with TTT which contains terms substantially the same as those set out in this Agreement, TTT remains fully liable to the Customer for the subcontractor’s performance of its agreement obligations.

9. Complaints, data subject requests and third-party rights

1. TTT shall, at no additional cost to the Customer, take such technical and organisational measures as may be appropriate, and promptly provide such information to the Customer as the Customer may reasonably require, to enable the Customer to comply with:
   a. the rights of Data Subjects under the Data Protection Legislation, including subject access rights, the rights to rectify, port and erase personal data, object to the processing and automated processing of personal data, and restrict the processing of personal data; and
   b. information or assessment notices served on the Customer by the Commissioner or other relevant regulator under the Data Protection Legislation.
   
   
2. TTT shall notify the Customer immediately in writing if it receives any complaint, notice or communication that relates directly or indirectly to the processing of the Personal Data or to either party’s compliance with the Data Protection Legislation.
3. TTT shall notify the Customer immediately if it receives a request from a Data Subject for access to their Personal Data or to exercise any of their other rights under the Data Protection Legislation.
4. TTT will give the Customer, at no additional cost to the Customer, its full co-operation and assistance in responding to any complaint, notice, communication or Data Subject request.
5. TTT shall not disclose the Personal Data to any Data Subject or to a third party other than in accordance with the Customer’s lawful instructions, or as required by domestic law.

10. Term and termination

1. This Agreement will remain in full force and effect so long as:
   a. the Terms remain in effect; or
   b. TTT retains any of the Personal Data related to the Terms in its possession or control (Term).
   
   
2. Any provision of this Agreement that expressly or by implication should come into or continue in force on or after termination of the Terms in order to protect the Personal Data will remain in full force and effect.
3. If a change in any Data Protection Legislation prevents either party from fulfilling all or part of its obligations under the Terms, the parties may agree to suspend the processing of the Personal Data until that processing complies with the new requirements.

11. Data return and destruction

1. At the Customer’s or a Client’s or Data Subject’s request, TTT will give the Customer, or the Client or the Data Subject, a copy of or access to all or part of the Personal Data in its possession or control in a format acceptable to TTT.
2. On termination of the Terms for any reason or expiry of its term, TTT will securely delete or destroy or, if directed in writing by the Customer, return and not retain (unless otherwise required under clause 12.3), all or any of the Personal Data related to this Agreement in its possession or control.
3. If any law, regulation, or government or regulatory body requires TTT to retain any documents or materials or Personal Data that TTT would otherwise be required to return or destroy, it will notify the Customer in writing of that retention requirement, giving details of the documents, materials or Personal Data that it must retain, the legal basis for retention, and establishing a specific timeline for deletion or destruction once the retention requirement ends.
4. TTT will certify in writing to the Customer that it has destroyed the Personal Data within 5 days after it completes the deletion or destruction.

 12. Records

1. TTT will keep detailed, accurate and up-to-date written records regarding any processing of the Personal Data, including but not limited to, the access, control and security of the Personal Data, approved subcontractors, the processing purposes, categories of processing, any transfers of personal data to a third country and related safeguards, and a general description of the technical and organisational security measures referred to in clause 1 (Records).
2. TTT will ensure that the Records are sufficient to enable the Customer to verify TTT’s compliance with its obligations under this Agreement and TTT will provide the Customer with copies of the Records upon written request.

13. Warranties

1. TTT warrants and represents that:
   a. its employees, subcontractors, agents and any other person or persons accessing the Personal Data on its behalf are reliable and trustworthy and have received the required training on the Data Protection Legislation;
   b. it and anyone operating on its behalf will process the Personal Data in compliance with the Data Protection Legislation and other laws, enactments, regulations, orders, standards and other similar instruments;
   c. considering the current technology environment and implementation costs, it will take appropriate technical and organisational measures to prevent the unauthorised or unlawful processing of Personal Data and the accidental loss or destruction of, or damage to, Personal Data, and ensure a level of security appropriate to:
   
   i. the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage;
   ii. the nature of the Personal Data protected; and
   iii. comply with all applicable Data Protection Legislation and its information and security policies, including the security measures required in clause 1.
   
   
2. The Customer warrants and represents that TTT’s expected use of the Personal Data for the Purpose and as specifically instructed by the Customer will comply with the Data Protection Legislation.

14. Indemnification

1. TTT agrees to indemnify the Customer against all costs, claims, damages or expenses incurred by the Customer or for which the Customer may become liable due to any failure by TTT or its employees, subcontractors or agents to comply with any of its obligations under this Agreement or the Data Protection Legislation.
2. The Customer shall indemnify, defend, and hold harmless TTT against all claims, damages, losses, penalties, and expenses (including reasonable legal fees) arising from:
   a. Any instruction, act, or omission by the Customer that causes TTT to be in breach of applicable Data Protection Legislation;
   b. The Customer’s failure to obtain necessary consents or provide required notices to Data Subjects regarding the processing of Personal Data by TTT;
   c. Any breach of the Customer’s obligations under this Agreement, including but not limited to providing inaccurate or incomplete instructions or failing to notify TTT of changes impacting data processing; and/or
   d. Any claim brought by a Data Subject or third party arising from the Customer’s violation of Data Protection Legislation or this Agreement.
   
   
3. Any limitation of liability set forth in the Terms will not apply to this Agreement’s indemnity or reimbursement obligations.

15. Notice

1. Any notice or other communication given to us under or in connection with this Agreement must be in writing and delivered to at info@touchtree.tech.

16. General

GOVERNING LAW AND JURISDICTION
This Agreement is governed by the law applying in England and Wales. Each party irrevocably submits to the exclusive jurisdiction of the courts of England and Wales. and courts of appeal from them in respect of any proceedings arising out of or in connection with this Agreement. Each party irrevocably waives any objection to the venue of any legal process on the basis that the process has been brought in an inconvenient forum.

THIRD PARTY RIGHTS
No one other than a party to this Agreement, their legal heirs, successors and permitted assignees, shall have any right to enforce any of its terms.

AMENDMENTS
This Agreement may only be amended in accordance with a written agreement between the parties.

WAIVER
No party to this Agreement may rely on the words or conduct of any other party as a waiver of any right unless the waiver is in writing and signed by the party granting the waiver.

SEVERANCE
Any term of this Agreement which is wholly or partially void or unenforceable is severed to the extent that it is void or unenforceable. The validity and enforceability of the remainder of this Agreement is not limited or otherwise affected.

ASSIGNMENT
A party cannot assign, novate or otherwise transfer any of its rights or obligations under this Agreement without the prior written consent of the other party.

COUNTERPARTS
This Agreement may be executed in any number of counterparts. Each counterpart constitutes an original of this Agreement and all together constitute one agreement.

COSTS
Except as otherwise provided in this Agreement, each party must pay its own costs and expenses in connection with negotiating, preparing, executing and performing this Agreement.

ANNEX A. Personal Data processing purposes and details

Latest articles