Between: Safe Data Storage Ltd, with registered offices at Eastern House, Clarence Court, Rushmore Hill,
Orpington, Kent BR6 7LZ. Company Registration Number: 05007240
Hereafter ‘Data Processor’
And: You, the client
Hereafter ‘Data Controller’
The Data Controller and the Data Processor may be referred to individually as a ‘Party’ and collectively as the ‘Parties’
“data controller”,means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be processed.
“data processor”, in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.
“processing”, in relation to information or data means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data.
A)The Data Controller wishes to subcontract certain Services, which imply the processing of personal data, to the Data Processor.
B)The Parties seek to implement a data processing agreement that complies with the requirements of the current legal framework in relation to data processing and with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
2.1 You must register with SDSL to use the Services, and you agree to keep your registration information accurate, complete and up-to-date as long as you continue to use the Services.
2.2 If you sign-up for a Trial Account, you agree to pay the fixed subscription and variable usage-based fees if you agree to continue with the service after the 30 days trial expires. The service is an automatic renewal unless cancellation has been received (please refer to point 10 Terms and Termination).
2.3 If you exceed any quota allocated to your account, you agree that SDSL may restrict your ability to backup further data until you reduce your storage usage or agree to increase your account with a higher quota or no quota at all.
2.4 Partners understand that they have control over their own clients’quotas. If a client exceeds its quota limit the partner is responsible for increasing the client’s quota. SDSL will monitor this and will contact the partner directly to inform them if an account is exceeding its quota.
2.5 If you use a credit card for payment, you authorise SDSL to automatically renew your subscription and charge the then-current renewal fees to the credit card associated with your account unless you notify SDSL 30 days before expiration of your current subscription that you do not want to renew.
2.6 Partners understand that if using a Business Client/Multi User that a minimum charge of £2.00 + VAT per client per month will occur if a client account is less than 10GB of storage. As an alternative the Single User client can be used where no additional costs for licenses occur,only data charges.
2.7 If paying by direct debit, please note that Safe Data Storage Ltd has appointed the BACS Approved Direct Debit Bureau, Eazy Collect Services Limited (www.eazycollect.co.uk), to collect your payments. Safe Data Storage will be shown on your bank statement for these direct debit payments.www.eazycollect.co.uk3.
3.1 You are responsible for keeping your passwords secure, and you agree not to disclose your passwords to any third party.
3.2 You are solely responsible for any activity that occurs under your user names and accounts, including any sub-accounts. If you lose your passwords or the encryption keys for your accounts, you may not be able to access your backup data. [Note: Without thisEncryption Key, SDSL are unable to restore client’s data. SDSL are unable to change or reset the Encryption Key. SDSL do not know or store any passwords set].
3.3 You must notify SDSL immediately of any unauthorised use of your accounts or any other security breach related to the Service. If SDSL determines that a security breach has occurred or is likely to occur, SDSL may suspend your accounts and require you to change your user names and passwords.
3.4 SDSL shall notify the you, the Data Controller,without undue delay after becoming aware of a Personal Data Breach, and shall notify the relevant supervisory authority (ICO) as applicable.
4.1 Subject to these Terms, SDSL grants you a limited, non-exclusive, non-transferable and revocable licence to access the Site and use the Services and Software.
4.2 You may install and use the Software in executable form only on the number and type of devices that are specified in the then-current documentation for your account type as described on the Site or as specified in other transaction documentation provided by SDSL or an authorised partner.
4.3You acknowledge that certain third party code may be provided with the Software and that the licence terms accompanying that code will govern its use.
4.4 You specifically agree that you will not, nor will you permit another person to:
4.5 Any Software you have installed will periodically check with SDSL Servers for updates, and you agree that SDSL may automatically download and install such updates on your devices.
5.1 If you have a large amount of data to backup when you first sign-up for the Services, you may choose to seed your initial backup using the SDSL Seeding Service.
5.2 If you use this service, you agree that you bear all risk ofloss and damage to your backup data while it is in transit, and you may not be able to access and retrieve your backup data until you have performed a successful online backup after completion of the Data Seed transfer.All data is fully encrypted at all times.
5.3 As a client or partner you agree to return the seed provided within 30days of receiving the seed. If the seed isn’t returned then charges will occur for the replacement of the seed.All clients will sign a Hard Drive Agreement before a seed is sent.
6.1 You, as Data Controller,are solely responsible for your conduct related to the Service and any data you store or share on the Service. You specifically agree that you will not use the Products to:
(Each of the above, a "Misuse").
7.1 As the performance of the Agreement and the delivery of Services implies the processing of personal data, the Data Controller and the Data Processor shall comply with the applicable data protection legislation and regulations.
7.2 The Data Processor shall ensure that in relation to personal data disclosed to it by, or otherwise obtained from the Data Controller, it shall act as the Data Controller’s data processor in relation to such personal data and shall therefore:
7.2.1 from 25 May 2018, create and maintain a record of its processing activities in relation to this Agreement; The Data Processor shall make a record available to the Data Controller, any auditor appointed by it and/or the supervisory authority on first request;
7.2.2 implement appropriate technical and organisational measures for the fulfilment of Data Controller’s obligation to respond to requests by Data Subjects to exercise their rights of access, rectification or erasure, to restrict or object to processing of Personal Data, or to data portability;
7.2.3 not process the personal data for any purpose other than to deliver the Services and to perform its obligations under the Agreement in accordance with the documented instructions of the Data Controller; if it cannot provide such compliance, for whatever reasons, it agrees to promptly inform the Data Controller of its inability to comply;
7.2.4 inform the Data Controller immediately if it believes that any instruction from the Data Controller infringes applicable data protection legislation and regulations;
7.2.5 not disclose the personal data to any person other than to its personnel as necessary to perform its obligations under the Agreement and ensure that such personnel is subject to statutory or contractual confidentiality obligations;
7.2.6 take appropriate technical and organisational measures against any unauthorised or unlawful processing, and to evaluate at regular intervals the adequacy of such security measures are described in Schedule 1;
7.2.7 ensure that access, inspection, processing and provision of the personal data shall take place only in accordance with the need-to-know principle, ie. information shall be provided only to those persons who require the personal data for their work in relation to the performance of the Services;
7.2.8 promptly notify the Data Controller about (i) any legally binding request for disclosure of the personal data by a data subject, a judicial or regulatory authority unless otherwise prohibited, such as the obligation under criminal law to preserve the confidentiality of a judicial enquiry, and to assist the Data Controller with (ii) any accidental or unauthorised access, and more in the general, any unlawful processing to assist the Data Controller with;
7.2.9 deal promptly and properly with all reasonable enquiries from the Data Controller relating to its processing of the personal data or in connection with the Agreement;
7.2.10 make available to the Data Controller all information necessary to demonstrate compliance with the applicable data protection legislation and regulations;
7.2.11 at the request and costs of the Data Controller, submit its data processing facilities for audit or control of the processing activities;
7.2.12 refrain from engaging another data processor without the prior written consent of the Data Controller;
7.2.13 assist the Data Controller, subject to reasonable additional compensation, with the Data Controller’s obligation under applicable data protection laws and regulations.
7.3 Personal data processed in the context of this Agreement may not be transferred to a country outside of the European Economic Area without the prior written consent of the Data Controller. If personal data processed under this Agreement is transferred from a country within the European Economic Area to a country outside the European Economic Area, both Data Controller and Data processor shall ensure that the personal data is adequately protected.
8.1 Each Party acknowledges that during this Agreement, a Party (the ‘receiving Party’) may become privy to Confidential Information which is disclosed by the other Party (the ‘disclosing Party’).
8.2 The receiving Party shall keep all Confidential Information confidential. The receiving Party shall not disclose Confidential Information to any third party, and shall not use Confidential Information for any purposes other than for the purposes of this Agreement. The receiving Party shall safeguard the Confidential Information to the same extent that it safeguards its own confidential and proprietary information and in any event with no less than a reasonable degree of protection.
8.3 Each Party agrees that before any of its subcontractors and/or agents may be given access to Confidential Information, each such subcontractor and/or agent shall agree to be bound by confidentiality undertaking comparable to the terms of this Agreement. Notwithstanding the return of any Confidential Information, each Party and its subcontractors and/or agents will continue to hold in confidence all Confidential Information, which obligation shall survive any termination of this Agreement.
8.4 In the event the receiving Party is requested or required to disclose, by court order or regulatory decision, any of the disclosingParty’s Confidential Information, the receiving Party shall provide, to the extent permitted, the disclosing Party with prompt written notice so that the disclosing Party may seek a protective order or other appropriate remedy and/or waive compliance with the provisions of this Agreement. The receiving Party shall furnish only that portion of the Confidential Information which is legally required.
8.5 Within 30 business day following (i) the termination or expiry of this Agreement or (ii) the disclosing Party’s reasonable earlier request at any time, the receiving Party shall destroy or return to the disclosing Party (at its option) any and all of the disclosing Party’s Confidential Information, and shall purge all copies and traces of the same from any storage location and/or media.
8.6 The confidentiality undertaking under Section 8 shall not be applicable if the Confidential Information:
8.6.1 has become publicly known prior to being divulged or thereafter, but without any breach of confidentiality undertaking; or
8.6.2 has been legitimately obtained from a third party neither tie by an obligation of confidentiality nor professional secrecy; or
8.6.3 was independently created by the receiving Party without use of any Confidential Information of the disclosing Party; or
8.6.4 was already known or developed by Receiving Party, as can be demonstrated by documentary evidence.
9.1 SDSL is and shall remain the owner of any materials used or made available in the context of the delivery of the Services.
9.2 SDSL respects the intellectual property of others and requires that users of the Service do the same.
9.3 SDSL licenses all such rights to you free of charge on a non-transferable, non-sub licensable, irrevocable (except for breach), nonexclusive, worldwide basis to such extent as is necessary to enable you to make use of the Services during the term of the Contract. If the Contract is terminated, this license will automatically terminate.
10.1 You agree to defend, indemnify and hold SDSL, its supplier, partners, and their respective affiliates harmless from and against any claims, liabilities, damages, losses and expenses, including reasonable legal fees and costs, in connection with:
10.2 This indemnity obligation will survive the termination or expiration of your account and these Terms.
11.1 SDSL reserves the right at any time to modify, suspend, or discontinue providing the Service, in whole or in part.
11.2 In the event SDSL anticipates that any such action will significantly affect your use of the Service in a negative way, SDSL will endeavour to provide you with advance notice by e-mail, an in-client message or by posting relevant information on the Site within 30 days in the event of the following:
11.3 You acknowledge that providing notice of any modification, suspension or discontinuation of the Services or of any modification of the Terms in accordance with clause 10will not be reasonably practicable for SDSL in the following circumstances:
11.4 Any modification to the Terms will be posted to the Site. Notice of change of such Terms shall be sent to you upon posting. The new Terms shall be effective 30 days after such notice.All material modifications to the Terms will apply prospectively only. Your continued use of any Services following notification by SDSL of any modification to the Terms constitutes your agreement to be bound by the modified Terms. To stay informed of any changes, please review the most current version of these Terms posted on the Site.
11.5 If you do not agree to be bound by the Terms (or any modified version thereof), you must stop using the Services immediately, and request termination of the Agreement(and your account) pursuant to clause 12term and termination.
11.6 SDSL reserves the right to amend these Conditions from time to time and shall notify you of any changes within 30 days, and each such modification will be effective upon posting on the site. All material modifications will apply prospectively only.
11.7 Your continued use of any Products following any such modification constitutes your agreement to be bound by the modified Terms. To stay informed of any changes, please review the most current version of these Terms posted on the Site. If you do not agree to be bound by these Terms, you must stop using the Products immediately.
12.1 These Terms, and any posted revisions, remain in effect as long as you continue to maintain an account or use the Services. You may terminate your account at any time, for any reason, by following the instructions on the Site and discontinuing use of the Products.
12.2 SDSL may suspend your account and these Terms immediately on written notice with 24hours notice if you fail to pay any fees or invoices when due or otherwise fail to comply with these Terms.
12.3 SDSL may terminate this Agreement (and your account, regardless of whether it is a Paid or Trial Account) immediately on written notice in any of the following circumstances:
12.4 On suspension or expiration of your account or these Terms, you will no longer have the right to continue to use the Software and the Services, and you will no longer be able to access and restore your backup data. Also, you specifically agree that SDSL has no obligation to provide you or anyone else with a copy of your backup data and may automatically purge your backup data from SDSL systems.
12.5 The Customer is invoiced on the agreed term of monthly, quarterly or annuallyin advance for the service. The customer may terminate this contract or the service provided at any time after the initial 3 months period by giving 30 days notice to SDSL in writing to firstname.lastname@example.org. If notice is given by the customer during the minimum period the customer must pay the charges due for the remainder of the minimum period unless the customer has given notice because SDSL has materially changed the Conditions of this contract to the customer's detriment.
12.6 The customer will be entitled to a refund of any advance monies paid on a pro rata basis. All data held on our servers is deleted immediately after the 30 days notice providing the account is paid to date.SDSL may terminate this contract or the service provided under it at any time on 30 days notice.
13.1 These Terms constitute the entire agreement between you and SDSL and completely replace any prior agreements between you and SDSL in relation to the Products. If any part of these Terms is held invalid or unenforceable, that portion will be construed in a manner consistent with applicable law to reflect, as nearly as possible, the original intentions of the parties, and the remaining portions will remain in full force and effect.
13.2 The Contract shall be governed by and construed in accordance with English law and the Parties agree to submit to the exclusive jurisdiction of the English courts.
14.1 In no event shall SDSL or its advertisers or suppliers have any obligation or liability to you for the cost of procurement of substitute services or data or for any direct, indirect, incidental, special, exemplary or consequential damages (including, without limitation, any loss of data, revenue or profits or business interruption) or other pecuniary loss arising out of your use or inability to use your account or the service or your loss of data or files stored therein.
In addition to the information provided elsewhere in the Agreement, SDSL wish to document the following information in relation to the data processing activities:
The data processing performed by the Data Processor on behalf of the Data Controller relates to the Service – a managed, encrypted backup/copy of data selected by the Data Controller. The data processing activity consists of all selected data being compressed and encrypted prior to it leaving the client system.All data is then stored fully encrypted in secure UK Data Centres.
The categories of personal data that SDSL hold about the Data Controller are:
SDSL is unable to read any of the data that is backed up to our servers.
The duration of the data processing activities is in line with the Term and Conditions and as such will stop upon termination of Services.
The Data Processor has implemented the following security measures: