Please read the following terms carefully. This is a legal agreement (“agreement”) between you (“client”) and labaroma limited explaining the terms on which you may access our software, the labaroma databases and our services. By using our site to access our software, the labaroma databases and our services, you are agreeing to all of the terms stated herein. If you do not agree to these terms, do not access our software or services.
1. DEFINITIONS
In this Agreement the following words shall have the following meanings:
- Agreement Date means the date of this agreement between us to allow you to access the Software.
- Client means any individual or entity who subscribes to access the Software, the LabAroma Databases and the Services.
- Client Data means any and all data, information and material entered the Client into the Software in accordance with this Agreement.
- Client IPRs means any Intellectual Property Rights belonging or licensed to the Client, the use of which by LabAroma is required in order to enable LabAroma to provide the Software in accordance with this Agreement, and/or any Intellectual Property Rights in the Client Data (but excluding any Intellectual Property Rights licensed to the Client by LabAroma under the terms of this Agreement).
- LabAroma means LabAroma Limited, a company registered in Northern Ireland under company number NI643082 with its registered office at 175 Ballygawley Road, Dungannon, Co Tyrone, BT70 1RX.
- LabAroma Databases means any databases created and developed by LabAroma which the client may access via the Software.
- LabAroma IPRs means any Intellectual Property Rights belonging or licensed to LabAroma in the Software (including any LabAroma Databases) or the Services.
- Fees means the annual or monthly subscription fees payable by the Client to LabAroma for access to the Software and the LabAroma Databases in accordance with this Agreement.
- Intellectual Property Rights means patents, patent applications, and patent rights, copyrights, copyright applications, and copyright registrations, trademarks, trademark applications, trademark registrations, and trademark rights, trade secrets, and all other intellectual property and proprietary information rights as may exist now or hereafter come into existence, all modifications, continuations, renewals, and extensions of any of the foregoing, and all claims, actions, causes of action, damages, costs, expenses, profits, penalties, recoveries, and remedies relating to any past, present, or future infringement of any of the foregoing, arising under the laws of any country, state, or jurisdiction in the world.
- Parties means the parties to this Agreement and Party shall mean either of them.
- Services means [the Support Services] and any related services provided by LabAroma under this Agreement.
- Site means the website at which LabAroma provides access to the Software (currently available at https://labaroma.com).
- Software means the LabAroma blending tool software provided by LabAroma, and shall include the Software as a Service.
- Software as a Service means the facility by which the Client can Use the Software via the internet in accordance with this Agreement.
- Support Services [insert details of basic support to be provided with the Software].
- Term means the term of this Agreement as specified in Clause 8.
- Third Party means any third party licensing or providing (directly or indirectly) to LabAroma any element of the Software (including any component service, software, hardware or facility).
- Use shall have the meaning given it in clause 2.1.
- User shall mean any user of the Software or the Services.
- Year means the period of a calendar year commencing either on the Agreement Date or any anniversary thereof.
1.2. In this Agreement (except where the context otherwise requires) reference to a clause means a reference to a clause of this Agreement; the clause headings are included for convenience only and shall not affect the interpretation of this Agreement; use of the singular includes the plural and vice versa; use of any gender includes the other genders; any reference to a statute, statutory provision or subordinate legislation (legislation) shall (except where the context otherwise requires) be construed as referring to such legislation as amended and enforced from time to time and to any legislation which (either with or without modification) re-enacts, consolidates or enacts in rewritten form any such legislation and any former legislation which it re-enacts, consolidates or enacts in rewritten form; any phrase introduced by the term including, include, in particular or any similar expression shall be construed as illustrative and shall not limit the sense of the words preceding those terms.
2. SOFTWARE LICENCE TERMS
2.1. In consideration of the payments to be made by the Client to LabAroma pursuant to this Agreement (the sufficiency of which LabAroma hereby acknowledges) and subject to receipt of payment in full, LabAroma hereby grants to the Client on and subject to the terms and conditions of this Agreement a personal, non-exclusive, non-transferable and non-assignable licence for the Term to allow the Client to access the Software strictly for the purposes of accessing the LabAroma Databases and/or Client Data made available via the Software and to use the Software in object code only (such use, the Use).
- 2.2. The Client shall be solely responsible for its actions while using the Software. The Client shall: 2.2.1. not attempt to duplicate, modify or distribute any portion of the Software nor remove any proprietary notices from the Software,
- 2.2.2. not reverse engineer, decompile, disassemble, or adapt any portion of the Software, except as specifically permitted by applicable law,
- 2.2.3. not use the Software to provide software related services to third parties (including in the operation of a service bureau),
- 2.2.4. not attempt to obtain, or assist others in obtaining, unauthorised access to the Software nor in any circumstances use, nor allow any third party to use, any "webcrawler", "crawler", "spider" or similar technology in relation to the Site;
- 2.2.5. abide by all local and international laws and regulations applicable to the Client’s Use of the Software;
- 2.2.6. not upload or distribute in any way files that contain viruses, corrupted files, or any other similar software or programs that may damage the operation of the Software or another's computer;
- 2.2.7. not engage in any activity that interferes with or disrupts the Software and/or the Software as a Service, or the servers and networks which are connected to the Software and/or the Software as a Service.
- 2.2.8. not take any action that imposes, or may impose (in each case in LabAroma’ sole discretion) an unreasonable or disproportionately large load on LabAroma’s infrastructure;
- 2.2.9. not upload Client Data that contains information relating to an identified or identifiable natural person or confidential information (including, without limitation, the Client’s patients);
- 2.2.10. not transmit or post any material that encourages conduct that could constitute a criminal offense or give rise to civil liability; and
- 2.2.11. comply with all regulations, policies and procedures of networks connected to the Software. The Client acknowledges and agrees that LabAroma neither endorses the contents of any Client communications nor assumes any responsibility for any threatening, libellous, obscene, harassing or offensive material contained therein, any infringement of third party intellectual property rights arising therefrom or any crime facilitated thereby.
- 2.3. The Client grants LabAroma the right to (but acknowledges that LabAroma is not obligated to) audit the Client’s use of the Software and/or the Software as a Service, so as to ensure compliance by the Client with this Agreement.
- 2.4. The Client acknowledges and accepts as reasonable that the undertakings given at Clause 2,2 above are of material importance to LabAroma and that LabAroma has entered into Agreement in reliance on these undertakings. The Client acknowledges that without affecting any rights or remedies that LabAroma may have, damages would not be an adequate remedy for any breach by the Client of Clause 2.2 and that LabAroma shall be entitled to apply for the remedies of injunction, specific performance and other equitable relief for any threatened or actual breach of Clause 2.2 and that no proof of special damages shall be necessary for the enforcement of this clause.
3. PRICES, TAXES AND PAYMENT
- 3.1. The Fees will be as specified by LabAroma on site from time to time.
- 3.2. Rates are fixed for the Initial Term. LabAroma may increase the rates for subsequent Years by notification to the Client no later than one month before the end of any Year.
- 3.3. In the event that the Client fails to pay any sum when due LabAroma may without notice suspend its obligations under this Agreement. LabAroma may charge the Client interest on sums due in accordance with the Late Payment of Commercial Debts (Interest) Act 1998, compounded monthly, from the due
- date for payment until payment has been made, together with any additional costs and expenses (including any legal costs) incurred by LabAroma in recovering the sums due from the Client.
- 3.4. All Fees shall be exclusive of value added tax or any other tax, duty, levy, fee or charge which shall be added to invoices at the rate applicable at the date of invoice and which shall be payable by the Client.
4. INTELLECTUAL PROPERTY RIGHTS
- 4.1. The Client acknowledges that it hereby acquires only the right to access and Use the Software and the LabAroma Databases shall remain vested in LabAroma or where relevant LabAroma’s licensors. Nothing in this Agreement shall confer on the Client any right, title or interest in the Software or the LabAroma Databases (except the rights of use as set out in this Agreement), or to any source code within the Software.
- 4.2. The Software may include components licensed to LabAroma by third parties. To the extent that the terms of any such license impose any obligation on the Client which is in addition to any obligation imposed on the Client by this Agreement (Third Party Obligation) the Client undertakes fully to comply with and fulfil all requirements of any such Third Party Obligation.
- 4.3. LabAroma shall indemnify the Client from and against all claims and expenses (including reasonable legal expenses) actually incurred as a direct result of a claim that the use of the LabAroma IP by the Client infringes any third party’s IPRs provided that the Client promptly notifies LabAroma in writing of the claim, allows LabAroma exclusive control of the defence, and reasonably cooperates with LabAroma in the defence at LabAroma’ reasonable expense. LabAroma shall have no liability for any infringement claim to the extent based on (i) any use of the Software within it other than in accordance with LabAroma’ instructions or (ii) the combination, operation or use of Software with products or data not furnished and/or approved by LabAroma.
- 4.4. By uploading Client Data onto the Software, the Client grants to LabAroma for the Term a non-exclusive, world-wide, royalty-free licence to use, store, share and make available the Client’s IPRs solely to the extent necessary for LabAroma to perform its obligations under the Agreement. Client shall indemnify LabAroma from and against all claims and expenses (including reasonable legal expenses) actually incurred as a direct result of a claim that the use of the Client’s IPRs by LabAroma infringes any third party’s IPRs provided that LabAroma promptly notifies the Client in writing of the claim, allows the Client exclusive control of the defence, and reasonably cooperates with the Client in the defence at the Client’s reasonable expense.
- 4.5. All Intellectual Property Rights subsisting in or used in connection with the LabAroma Databases are and shall remain the sole property of LabAroma. The Client acknowledges and agrees that all present and future rights in and title to the LabAroma Databases (including the right to grant access to them via any present or future technology) are solely and exclusively reserved to LabAroma and that the LabAroma Databases are not in the public domain. The Client further acknowledges that the LabAroma Databases have been developed by LabAroma through substantial amounts of work time and expense invested in obtaining and presenting its content and further acknowledges that the selection and arrangement of such information are original to LabAroma.
- 4.6. The Client acknowledges and agrees that, in performing the required technical steps to provide the Software, LabAroma may: 4.6.1. transmit or distribute Client Data over various public networks and in various media which may not be secure or private and that Client Data sent using the Software or the Services may be read or intercepted by others; and
- 4.6.2. make such changes to Client Data as are necessary to conform and adapt that Client Data to the technical requirements of connecting networks, devices, services or media.
- 4.7. The Client acknowledges and agrees that LabAroma has the right (but not the obligation) to un-publish, take offline, delete, archive, prohibit, ban, or otherwise remove Client Data that, in LabAroma’ sole opinion, does not relate or bears no relation, or, in any manner or form, is improper or inappropriate to the Software (including any Client Data which, in LabAroma’ sole discretion, places or may place the Client in breach of the warranties given by the Client at clause 4.8).
- 4.8. The Client represents and warrants to LabAroma that: 4.8.1. the Client has all the rights, power and authority necessary to grant the license at clause 4.4;
- 4.8.2. the Client has the lawful right to upload, reproduce and distribute Client Data;
- 4.8.3. the uploading, downloading, posting, emailing or transmission by any other means of the Client Data will not constitute or encourage a criminal offence, violate the rights (including without limitation intellectual property rights) of any party or otherwise create liability or violate any local, state, national or international law;
- 4.8.4. the Client Data will not be unlawful, harmful, threatening, abusive, vulgar, harassing, defamatory, obscene, pornographic, indecent, inflammatory, libellous, tortious, hateful, or racially, ethnically or otherwise objectionable, or invasive of another’s rights including rights of celebrity, privacy and intellectual property; and
- 4.8.5. the Client Data will not contain viruses, Trojan horses, worms, corrupted files or code, file and programs designed to impede or destroy the functionality of any computer software of hardware; spyware and malware designed for phishing and with a view to compromise the data security and integrity, or confidential information or personal data (including any special category personal data).
- 4.9. The Client agrees that it is soley responsible for (and that LabAroma has no responsibility to the Client or any Third Party for) any use of or reliance on Client Data or the LabAroma Database and for the consequences of the Client’s actions (including any loss or damage which LabAroma or any third party may suffer relating to the Client Data).
5. LIABILITY
- 5.1. LabAroma shall not be liable: 5.1.1. for any breach of this Agreement for any breach or loss suffered by the Client or other third party if and to the extent that such breach and/or loss arises from the following: 5.1.1.1. the incorrect use, abuse or corruption of the Software;
- 5.1.1.2. any failure by the Client to follow LabAroma’s reasonable instructions and/ or advice;
- 5.1.1.3. the act or omission of any third-party provider of any product, service or solution beyond LabAroma’ reasonable control, including any failure of the internet and/or any software or equipment of the Client or any third party which enables access to the Site.
- 5.2. LabAroma makes no warranty or representation not expressly set forth in this Agreement. To the maximum extent permitted by law, and except for the warranties expressly set forth herein, LabAroma disclaims any and all other warranties and conditions, whether express, implied, or statutory, including but not limited to implied warranties (if any) of merchantability, non-infringement, fitness for a particular purpose and satisfactory quality.
- 5.3. The Client expressly understands and agrees that its Use of the Software, the LabAroma Databases and the Services is at its sole risk and the Software and the LabAroma Databases are provided on an “as is” basis. In particular, LabAroma or its licensors do not warrant that any information obtained by the Client, or a third party as a result of their use of the Software, the LabAroma Databases or the Services will be accurate (as neither LabAroma nor its licensor have any control over the Client Data) or that the Client Data will be accessible at any particular time.
- 5.4. LabAroma’s liability will be limited as follows: 5.4.1. nothing in this Agreement shall limit LabAroma’s liability for death or personal injury caused by the negligence of LabAroma
- or its employees, or for any liability which may not be limited under governing law;
- 5.4.2. The Client acknowledges and agrees that LabAroma have no liability for any use or reliance on Client Data by any party nor for any misuse or loss of Client Data or third parties. The Client further acknowledges that since LabAroma have no control over Client Data or its use, this limitation of liability is reasonable.
- 5.4.3. subject to clauses 5.4.1, and 5.4.2 above, LabAroma shall not be liable in contract, tort, or in relation to breach of statutory duty or any other right of action for the following losses: 5.4.3.1. loss of, damage to or corruption or destruction of, data or other information belonging to the Client or any other third party (and the Client acknowledges that the Software and Services are not a back-up service);
- 5.4.3.2. loss of or damage to software;
- 5.4.3.3. any economic losses, including loss of revenues, profits, contracts, goodwill, reputation, business, use of money or anticipated savings;
- 5.4.3.4. loss of use or downtime;
- 5.4.3.5. damages relating to the procurement by the Client of any substitute products or services;
- 5.4.3.6. any special, incidental, indirect or consequential losses which may arise in respect of the Software, the LabAroma Databases and/or the Services and their use or availability (whether or not such loss or damage is of the type specified in clauses 5.3.2.1 to 5.3.2.5 above);
- 5.4.3.7. any loss incurred by the Client, or any third party as a result of a third party’s use or reliance on any Client Data or the LabAroma Databases; and
- 5.4.3.8. any effect which the Software or the Services may have on any device or computer system used to access the Software or the Service and the Client acknowledges that any material (including Client Data) downloaded or otherwise obtained or accessed via the Software or the Services is done at the Client’s sole risk
- 5.5. subject to clauses 5.4.1 and 5.4.2 above, and save in relation to any act of fraud, wilful negligence and/or any liability to be indemnified by LabAroma in accordance with clause 4.3 the aggregate liability of LabAroma in respect of any loss or damage suffered by the Client and arising out of or in connection with this Agreement shall not exceed the amount of the total Fees actually paid in accordance with this Agreement by the Client to LabAroma during the twelve months preceding the point in time that such liability is incurred (and for the avoidance of doubt the Client will act at all times to mitigate any such loss or damage). 5.6. The Client agrees and acknowledges: 5.6.1. that it is in a better position than LabAroma to foresee and evaluate any potential damage or loss which the Client may suffer in connection with the Software and/or the Services;
- 5.6.2. that LabAroma cannot adequately insure its potential liability to the Client; and
- 5.6.3. that the Fees payable by the Client have been calculated on the basis that LabAroma shall exclude liability in accordance with the provisions of this clause 5.
- 5.6.4. Each provision of this clause 5 shall be construed separately and shall continue and survive even if for any reason one or other of those provisions is held invalid or unenforceable in any circumstances.
- 5.7. In relation to any software and/or any Intellectual Property Right provided to LabAroma by a third party, the Client acknowledges and accepts as reasonable that: 5.7.1. LabAroma excludes all liability to the maximum extent permitted by applicable law for any loss whatsoever incurred by the Client as a result of any act or omission of any third party, or of the failure, suspension and/or termination of any facility, software or service provided by any third party, or the breach of any third party of any relevant licence (each such act, omission, failure, suspension or termination a Third Party Breach);
- 5.7.2. any Third Party Breach shall not constitute a breach by LabAroma on the provisions of this Agreement.
6. AVAILABILITY
- LabAroma does not warrant or represent that the operation of the Software or the Services will be uninterrupted, timely or error free or that defects in the operation or functionality of the Software will be corrected, rectified or remedied.
7. CONFIDENTIALITY AND DATA PROTECTION
- 7.1. In relation to either Party, Confidential Information as used in this Agreement shall mean any and all information relating to that Party (or to any holding company and/or subsidiary of that Party, as those terms are defined by the Companies Act 2006 (as amended)) which is disclosed before or after the Agreement Date by that Party (Discloser) to the other Party (Recipient), and which is provided, either directly or indirectly, in writing, orally or by inspection, and being any and all information which is specified as confidential or which a reasonably prudent person should know is expected to be treated as confidential (including financial information, customer lists, business forecasts, sales and merchandising, and marketing plans and information). For the avoidance of doubt LabAroma’s Intellectual Property Rights (to the extent disclosed to the Client) constitute Confidential Information of LabAroma.
- 7.2. Each Party agrees that: 7.2.1. it will not use any Confidential Information of the other Party for any purpose, nor disclose any such Confidential Information to any third party without the other Party’s prior consent (and in the event that such consent is given Recipient will ensure, prior to such disclosure, that each such third party is made aware of the confidential nature of the Confidential Information and agrees in writing to be bound by conditions of secrecy no less strict than those set out in this Agreement);
- 7.2.2. it shall disclose Confidential Information of the other Party only to those of its employees who need to know such
information, and that it will procure that such employees agree, either as a condition of employment or in order to obtain the Confidential Information, to be bound by terms and conditions substantially similar to those of this Agreement; and
- 7.2.3. without affecting any rights or remedies that Discloser may have, that damages would not be an adequate remedy for any breach by Recipient of the provisions of this Agreement and Discloser shall be entitled to the remedies of injunction, specific performance and other equitable relief for any threatened or actual breach of the provisions of this letter by Recipient and that no proof of special damages shall be necessary for the enforcement of this Agreement.
- 7.3. Information shall not be deemed to be Confidential Information to the extent that: 7.3.1. it was in the public domain at or subsequent to the time it was communicated to Recipient by Discloser through no fault of Recipient;
- 7.3.2. it was rightfully in Recipient's possession free of any obligation of confidence at or subsequent to the time it was communicated to Recipient by Discloser;
- 7.3.3. it was communicated by the Discloser to an unaffiliated third party free of any obligation of confidence; or
- 7.3.4. the communication was in response to a valid order by a court or other governmental body or was otherwise required by law.
- 7.4. Each of LabAroma and the Client undertake to comply with the provisions of Schedule 1, GDPR Requirements.
- 7.5. LabAroma reserves the right to establish a maximum amount of memory or other computer storage and a maximum amount of Client Data that the Client may store, post or transmit on or through the Software.
- 7.6. LabAroma shall retain the Client Data for a minimum period of ninety days after expiration or termination of this Agreement, unless otherwise agreed with the Client. The Client may request that LabAroma conduct a mass export of the Client Data, and LabAroma may agree to provide such services at its then current daily rates.
8. TERM AND TERMINATION
- 8.1. This Agreement shall commence on the Agreement Date and continue, subject to earlier termination in accordance with this clause 8, for a minimum period of one year, from the Effective Date (the “Initial Term”). Thereafter, this Agreement shall automatically renew for successive periods of 12 months unless terminated sooner by either Party giving two months’ written notice before the expiry of the ten current term (“Renewal Term”). If the Client terminates this Agreement before the expiry of the Initial Term or any Renewal Term, LabAroma is entitled to retain the Fees paid for the remainder of the Initial Term or any Renewal Term.
- 8.2. If either Party materially breaches or materially fails to observe (together Breach) any provision of this Agreement the other Party may (if the Breach is capable of remedy) give notice of the Breach and the Party in breach shall have 28 days from receipt of the notice in which to remedy the Breach. Should the Breach fail to be remedied in this period or if the Breach is not capable of remedy, then the Party not in breach may terminate the Agreement with immediate effect.
- 8.3. If either Party becomes insolvent or bankrupt or (being a company) makes an arrangement with its creditors or has an administrative receiver or administrator appointed or commences to be wound up (other than for the purpose of amalgamation or reconstruction) the other Party may without replacing or reducing any other of its rights terminate the Agreement with immediate effect by written notice.
- 8.4. The provisions of clauses 4, 6, 8 and 9 will survive expiration or termination of this Agreement.
Disclaimers
The client acknowledges that (a) use of the labaroma databases by it is at client’s sole risk, (b) whilst labaroma compiles the labaroma databases in good faith from sources which labaroma considers to be reliable, the contents of the Labaroma databases are not independently verified by labaroma, (c) labaroma does not guarantee the sequence, accuracy, completeness and/or timeliness of the labaroma databases, (d) the services, the software and the labaroma databases are educational in nature any may not relfect all recent legal developments (e) the services, the software and the labaroma databases are not intended to amount to advice on which reliance should be placed or to be a substitute for professional medical advice, diagnosis and treatment advice, (f) the client should seek professional medical advice before acting on data obtained from the labaroma databases (g) labaroma shall not be under, and excludes to the fullest extent permitted by law all liability to the client for, any liability whatsoever in respect of (I) any mistakes, errors, inaccuracies or omissions in, or incompleteness of, the labaroma databases, (ii) delays in updating the labaroma databases or non-availability thereof (iii) loss of profit, business revenue, goodwill and anticipated savings (whether direct or indirect) incurred through the use of the labaroma databases; (iv) other losses which client may incur as a result of use of or reliance upon the labaroma databases and/or (v) internet failure, and/or failure of the client to have in place any necessary software or equipment; and/or (vi) any claim that the provision of the labaroma databases infringes any law
10. GENERAL
- 10.1. Except for a Party's payment obligations, neither Party shall be liable for delay in performing the obligations or for the failure to perform obligations if the delay or failure results from any cause beyond its reasonable control (including acts of God, fire, explosion, war, terrorism, embargo, and any governmental action (Force Majeure Event)). The Party claiming a Force Majeure Event shall take all action which is reasonable under the circumstances to overcome any such cause of prevention or delay and to proceed
- with the performance of its obligations hereunder. Notice of any Force Majeure Event and any abatement thereof shall forthwith be given to the other Party by the Party claiming the benefit of this clause 10.1.
- 10.2. A person who is not a party to the Agreement shall have no rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any of its terms.
- 10.3. The Client may not transfer, assign or novate the whole or any part of the Agreement or the benefit of it or any right under it without LabAroma’s prior written approval.
- 10.4. A failure at any time to enforce any provision of the Agreement shall in no way affect the right at a later date to require complete performance of the Agreement, nor shall the waiver of the breach of any provision be taken or held to be a waiver of any subsequent breach of the provision, or be a waiver of the provision itself.
- 10.5. Nothing in this Agreement shall create or shall be deemed to create a partnership or the relationship of employer and employee between the Parties.
- 10.6. If any provision of this Agreement or part thereof should be found to be invalid, ineffective or unenforceable under any applicable statute or regulation, the remainder of the provisions shall stand in full force and effect.
- 10.7. This Agreement is governed by the laws of Northern Ireland. All disputes, claims or proceedings between the Parties relating to the validity construction or performance of this Agreement shall be subject to the jurisdiction of the courts of Northern Ireland to which the Parties hereto irrevocably submit.
SCHEDULE 1
GDPR REQUIREMENTS
1. DEFINITIONS AND INTERPRETATIONS
- 1.1. In this schedule the following definitions shall apply:
controller shall have the meaning given in Article 4 of the GDPR.
Data Subject means an identified or identifiable natural person who is the subject of any Personal Data.
Data Protection Laws means the General Data Protection Regulation (EU) 2016/679 (GDPR), and the Privacy and Electronic Communications Directive 2002/58/EC (and respective local implementing laws) as amended, replaced or superseded from time to time.
Personal Data shall have the meaning given in Article 4 of the GDPR.
processor shall have the meaning given in Article 4 of the GDPR.
Software means the software to which access is provided by LabAroma in accordance with the terms of this Agreement.
Sub-processor means a natural or legal person, public authority, agency or any other body contracted by LabAroma to process Personal Data.
Supervisory Authority shall have the meaning given in Article 4 of the GDPR.
- 1.2. In this schedule, reference to a paragraph is to a paragraph of this schedule (save to the extent expressly stated otherwise); the paragraph headings do not affect the interpretation of this schedule; words in the singular include the plural and in the plural include the singular; a reference to a particular law is a reference to it as it is in force for the time being taking account of any amendment, extension, application or re-enactment and includes any subordinate legislation for the time being in force made under it; references to including and include(s) shall be deemed to mean respectively including without limitation and include(s) without limitation.
2. WHERE A PARTY IS A CONTROLLER
- 2.1. Where either LabAroma or the Client acts as controller in relation to any Personal Data in the course of the operation of this Agreement, the provisions of this paragraph 2 apply.
- 2.2. Each Party undertakes that it will: 2.2.1. comply with Data Protection Laws when processing Personal Data;
- 2.2.2. rely on a valid legal ground under Data Protection Laws for its processing, including obtaining Data Subjects’ appropriate consent if required or appropriate under Data Protection Laws;
- 2.2.3. take reasonable steps to ensure that Personal Data is (a) accurate, complete and current and limited to what is necessary in relation to the processing; and (b) kept in a form which permits identification of Data Subjects for no longer than is necessary for the processing (unless a longer retention is required or allowed under applicable law);
- 2.2.4. implement appropriate technical and organizational measures to ensure, and to be able to demonstrate, that the processing of Personal Data is performed in accordance with Data Protection Laws;
- 2.2.5. not transfer any Personal Data to any Inadequate Country, unless such Party ensures (a) that the transfer is at all times subject to one of the appropriate safeguards permitted by Article 46 of GDPR and (b) that in all other respects the transfer complies with GDPR. Inadequate Country means a country which is (a) outside of the European Economic Area and (b) not a country which has been determined by the European Commission as ensuring an appropriate level of protection for the purposes of Article 45 of GDPR;
- 2.2.6. respond to Data Subject requests to exercise their rights of (a) access, (b) rectification, (c) erasure, (d) data portability, (e) restriction of Processing, (f) objection to the Processing, and (g) the rights related to automated decision-making and profiling, if and as required under Data Protection Laws; and
- 2.2.7. cooperate with the other Party to fulfil their respective data protection compliance obligations under Data Protection Laws.
3. WHERE THE CLIENT IS CONTROLLER, AND LabAroma IS PROCESSOR
- 3.1. Where, in relation to any Personal Data, the Client is controller and LabAroma is processor under the terms of this Agreement, the provisions of paragraphs 3 to 7 apply.
- 3.2. For the purposes of Article 28.3 of GDPR the subject matter of the processing is as follows: 3.2.1. the personal data used in the processing will be the following personal data in relation to each administrative User appointed by the Client to administer access to the Software or the Services: forename(s), surname, email address, password, IP address, database use activity history;
- 3.2.2. the duration of the processing will be the duration of this Agreement (as may be extended from time to time);
- 3.2.3. the nature and purpose of the processing will be limited to the storing and use of the personal data (a) to allow each User access to the Software, to provide a password and password recognition services to the User, and to send User updates, notificatory emails and alerts as part of the provision of access and use of the Software; and (b) use by Users of the personal data as part of the normal operational functionality of the Software.
- 3.3.1. process the Personal Data only in accordance with the Client’s documented instructions, including where relevant for transfers of Personal Data outside the European Economic Area (EEA) (unless required to do so by European Union, Member State and/or UK law to which LabAroma is subject, in which case LabAroma shall inform the Client of that legal requirement before processing unless prohibited by that law);
- 3.3.2. ensure that persons authorised to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
- 3.3.3. take all measures required pursuant to Article 32 of the GDPR;
- 3.3.4. appoint Sub-processors only in accordance with paragraph 5 below;
- 3.3.5. taking into account the nature of the processing, assist the Client by taking appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Client’s obligation to respond to requests for exercising a Data Subject’s rights laid down in Chapter III of the GDPR;
- 3.3.6. taking into account the nature of the processing and the information available to LabAroma, assist the Client in ensuring compliance with the Client’s obligations to: 3.3.6.1. keep Personal Data secure (Article 32 GDPR);
- 3.3.6.2. notify Personal Data breaches to the Supervisory Authority (Article 33 GDPR);
- 3.3.6.3. advise Data Subjects when there has been a Personal Data breach (Article 34 GDPR);
- 3.3.6.4. carry out data protection impact assessments (Article 35 GDPR); and
- 3.3.6.5. consult with the Supervisory Authority where a data protection impact assessment indicates that there is an unmitigated high risk to the processing (Article 36 GDPR);
- 3.3.7. at the choice of the Client, delete or return all Personal Data to the Client upon termination of this Agreement, save to the extent that European Union or EU member state law requires retention of the Personal Data;
- 3.3.8. make available to the Client all information necessary to demonstrate compliance with the obligations laid down in this schedule and allow for and contribute to audits, including inspections, conducted by the Client or another auditor mandated by the Client as set out in paragraph 4 below;
- 3.3.9. comply with Article 30 of the GDPR;
- 3.3.10. co-operate on request, with the Information Commissioner’s Office (or any successor body thereto) in the performance of its tasks; and
- 3.3.11. notify the Client without undue delay after becoming aware of a personal data breach and in any event within 24 hours.
4. AUDIT RIGHTS
- 4.1. Upon the Client’s reasonable request, LabAroma agrees to provide the Client with any documentation or records (which may be redacted to remove confidential commercial information not relevant to the requirements of this schedule) which will enable it to verify and monitor LabAroma’s compliance with this schedule, within 14 days of receipt of such request.
- 4.2. Where, in the reasonable opinion of the Client, such documentation is not sufficient in order to meet the obligations of Article 28 of the GDPR, the Client will be entitled, upon reasonable prior written notice to LabAroma and upon reasonable grounds, to conduct an on-site audit of LabAroma’ premises used in connection with the Service, solely to confirm compliance with its data protection and security obligations under this schedule. Any audit carried out by the Client will be conducted in a manner that does not disrupt, delay or interfere with LabAroma’ performance of its business. The Client shall ensure that the individuals carrying out the audit are under the same confidentiality obligations as set out in this Agreement.
5. USE OF SUB-PROCESSORS
- 5.1. The Client provides its consent for LabAroma to use Sub-processors in the delivery of the Software. Where LabAroma uses any other third party LabAroma shall: 5.1.1. enter into a legally binding written agreement that places the equivalent data protection obligations as those set out in this schedule to the extent applicable to the nature of the services provided by such Sub-processor, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR;
- 5.1.2. remain liable for the performance of the Sub-processor; and
- 5.1.3. inform the Client of any intended changes concerning the addition or replacement of a
- Sub-processor and give the Client the opportunity to object to such changes.
6. TRANSFERS OF PERSONAL DATA TO NON-EEA COUNTRIES
- 6.1. Where a transfer to an end user whose organisation is established outside of the EEA is necessary for the purposes of this Agreement, the Parties acknowledge and accept that the end user shall either provide adequate safeguards as set out in Article 46 GDPR or rely on one of the derogations for specific situations set out in Article 49 GDPR to transfer Personal Data to a third country or an international organisation.
7. CUSTOMER OBLIGATIONS
- 7.1. The Client warrants and represents to LabAroma that: 7.1.1. all instructions provided to LabAroma in relation to the processing of Personal Data are lawful and are provided in accordance with the Data Protection Laws;
- 7.1.2. it shall only provide instructions to LabAroma that are in accordance with the terms of this Agreement (including this schedule); and
- 7.1.3. all Personal Data is sourced lawfully and that it is solely responsible for determining the purpose for which Personal Data may be processed by LabAroma.
- 7.2. The Client acknowledges and agrees that LabAroma is reliant on the Client for direction as to the extent to which LabAroma is entitled to use and process Personal Data. Consequently, LabAroma shall not be liable for any claim brought by a subject of Personal Data and arising from any breach by LabAroma of the Data Protection Laws to the extent that such action or omission resulted from the Client’s instructions.