Crossware Mail Signature™ O365 License Agreement – (Version 2.9 MAY 2018)

This License applies to Crossware Mail Signature™ for Microsoft Office 365® or Microsoft Exchange On-Line®.

For the “Crossware Mail Signature O365 Service Level and Support Agreement″ (“Crossware Mail Signature O365 SLSA” or “CMS O365 SLSA”) please refer to the link: www.crossware.co.nz/cms-o365-slsagreement

  1. Your Agreement to this License

1.1 The License included in these Terms only applies to Crossware Mail Signature for Microsoft Office 365® or Microsoft Exchange On-Line® including any updates and upgrades and any accompanying distributable files, data and materials (“Crossware Mail Signature”). You should carefully read the following terms and conditions before using the Crossware Mail Signature Service (“Service”). By registering for the Service and accessing the Site you agree that you have read, understood and accepted these terms and conditions including the Appendix and its Schedule (“Terms”) and agree to be bound by them.

1.2 These Terms together with the Provisioning Form record the entire agreement, and prevail over any earlier agreement between you and us. Except as otherwise provided in these Terms, variation is only effective if signed by both Crossware and you.

1.3 We may change these Terms or the related Fees at any time and any changes will be effective from the time they are posted on the Site or are otherwise notified to you.

1.4 Crossware Mail Signature operates in conjunction with appropriate versions of Microsoft Office 365® or Microsoft Exchange On-Line®. The use of Microsoft Office 365® or Microsoft Exchange On-Line® are not included in this License. You must separately subscribe and hold sufficient Licenses to use Microsoft Office 365® or Microsoft Exchange On-Line®. Crossware is not responsible for the provision, licensing, or functionality of Microsoft Office 365® or Microsoft Exchange On-Line®

1.5 Please read the License terms below. If you do not agree to all of the terms and conditions of this License, then do not register for or use the Service.

  1. Scope of License

2.1 Subject to the terms below, you are hereby granted a non-exclusive non-transferable license to access the Site and use the Service strictly for your internal business purposes during the subscription Term for which you have purchased a License.

2.2 You may not use the Service for the benefit of any other third party.

2.3 You shall not exceed the number of Authorised Users for which you have subscribed and paid for. If you wish to add more users, you must request a modification to your License and pay the relevant Fees.

  1. Evaluation or Trial Period

3.1 If you have requested and signed up for the Service for a trial or on an evaluation basis then notwithstanding any other term of these Terms:

(a) your access to the Site and use of the Service is limited to use for demonstration, test or evaluation purposes only; and

(b) the trial is not intended for production; and

(c) the Crossware Mail Signature O365 SLSA does not apply to a trial; and

(d) the trial period will automatically terminate 30 days after the date you first accessed the Site and you accepted these Terms or at a later date as agreed between the parties or you registered to use the Service on a trial basis, whichever is earlier.

3.2 If you want to use this Service after the trial period, you must acquire from Crossware a subscription under a license on these Terms to use the Service and pay the applicable Fees. Please contact sales@crossware.co.nz for information about licensing, and ordering options. Use of the Service or access to the Site after the expiration of the trial period without acquiring such a subscription (and valid license) from Crossware is prohibited and a violation of international copyright laws.

  1. License Fee

To use the Service you must have paid all applicable Fees including any applicable taxes and duties. If you do not pay such Fees, Crossware may suspend access to all or part of the Service until payment is received in full and/or cancel your registration and terminate your access to the Site and your use of the Service.

  1. Your Obligations

5.1 Crossware Mail Signature is operated on the Site as Software as a Service. It is licensed strictly on the terms and conditions of these Terms. All rights of any kind in Crossware Mail Signature which are not expressly granted in this License are entirely and exclusively reserved to and by Crossware.

5.2 You agree to provide true and complete information about yourself and your organisation, and to let us know whenever any of your registration information changes. You confirm that you have authority to use the Site.

5.3 Your Information is your property. You license that Information to us so that we can provide the Service to you. The Information will only be used for the purpose of providing the Service and for billing purposes. You undertake that the Information provided to us or uploaded to the Site does not infringe any person’s intellectual property rights and is not otherwise illegal, fraudulent or defamatory.

5.5 While we use our best commercial efforts to prevent loss of your Information, including backing up our own data, which may include the Information in original or amended form, we do not guarantee that there will be no loss of your Information. You must maintain back-up copies of your Information.

5.6 You are responsible for all authorised and unauthorised access to the Site and use of the Service.

5.7 You will procure that any Authorised User comply with these Terms in relation to access to the Site and use of the Service, and you will be responsible for any breach of these Terms by any Authorised User.

5.8 You will keep and maintain:

(a) a valid subscription to Microsoft Office 365® or Microsoft Exchange On-Line® for the number of users for which you have subscribed for the Authorised Users;

(b) network, facilities and equipment and systems in accordance with the minimum specifications stipulated by Microsoft in relation to its Office 365 environment and by Crossware in relation to its Service; and

(c) a network connection and internet link at all times.

5.9 You will provide Crossware with access to your Microsoft Office 365® or Microsoft Exchange On-Line® service via secure protocols and authentication to enable Crossware to provide the Service to you.

5.10 You are responsible for the accuracy of your Information and for the content of the email signatures including disclaimers and other legal information required to be appended to any outbound emails as part of the Service in compliance with the laws of the country in which you are operating.

5.11 You agree that you are solely responsible for all use of your User ID, you will change your Password if we request you to do so and you will not gain or try to gain unauthorised access to the Site.

5.12 You are responsible for access rights of Authorised Users and for ensuring that User IDs of all Authorised Users are kept secure and confidential.

5.13 You can set administration rights to the Site, add, vary and delete any Authorised User and control the rights and permissions of any Authorised User using the Site.

5.14 You must notify us immediately if there has been any unauthorised access to the Site or if your User ID has been disclosed to a third party.

5.15 You will ensure that the number of Authorised Users do not exceed the number of users or mail boxes in respect of which you have paid the applicable Fees. You authorise us to audit the number of users or mail boxes connected to the Service from time to time and will pay the additional Fees in respect of any excess users or mail boxes determined by such audit.

  1. Restrictions on use

6.1 As a condition of using the Service and accessing the Site, you must not

(a) attempt to undermine the security or integrity of Crossware’s computing systems or networks or, where the Service is hosted by a third party, that third party’s computing systems and networks;

(b) use, or misuse, the Service in any way which may impair the functionality of the Service or Site, or other systems used to deliver the Service or impair the ability of any other user to use the Service or Site;

(c) attempt to gain unauthorised access to any materials other than those to which you have been given express permission to access or to the computer system on which the Service is hosted;

(d) transmit, input or upload onto the Site any files that may damage any other person’s computing devices or software, content which may be obscene, offensive, upsetting or defamatory, or material or Information which infringes the intellectual property rights of any other person or otherwise does not comply with all applicable laws; and

(e) attempt to modify, copy, adapt, reproduce, disassemble, decompile or reverse engineer any computer programs or software used to deliver the Service or to operate the Site except as is strictly necessary to use either of them for normal operation.

6.2 We reserve the right to:

(a) place restrictions on the data size of Information transmitted to us and/or uploaded to the Site, including the number of end user outbound emails sent within a 24 hour period and the connection times to and from the Site;

(b) modify the Site and change the URL address of Crossware’s server or service.

  1. Service Levels

7.1 Crossware will provide a level of service, which complies with the Crossware Mail Signature O365 Service Level and Support Agreement (CMS O365 SLSA) available at www.crossware.co.nz/cms-o365-slsagreement/

7.2 While we use our best commercial efforts in providing the Service in accordance with the requirements of the CMS O365 SLSA, we do not guarantee or warrant that the use of the Service or access to the Site will be continuous or fault free. Your sole and exclusive remedy for any failure to meet the required Service Levels is the provision of service credits as set out in the CMS O365 SLSA.

7.3 If a breakdown in any system or facility of Crossware adversely affects the ability of Crossware to provide the Services in accordance with the Service Levels, Crossware will notify you as soon as practicable.

7.4 Subject to compliance with clause 7.1, Crossware may vary its systems, facilities and their specifications at its discretion.

7.5 Crossware will not be responsible for any failure to comply with the CMS O365 SLSA if such failure is caused by factors beyond Crossware’s reasonable control, including but not limited to telecommunications failure or fault, defective equipment utilised by you, or any default by you in your obligations under these Terms.

  1. Support Services

Crossware will provide the Support Services compliant with the Crossware Mail Signature O365 Service Level and Support Agreement (CMS O365 SLSA) available at www.crossware.co.nz/cms-o365-slsagreement

  1. Intellectual property rights

All Intellectual Property Rights to the Service and the Site including all software and documentation associated with the Site and any subsequent modifications and improvements belong to Crossware.

  1. Confidentiality

10.1 Each party must not, without the prior written approval of the other party, disclose the other party’s Confidential Information, and it must ensure that its employees and subcontractors comply with this obligation.

10.2 A party will not be in breach of this provision in circumstances where it is legally compelled to disclose the other party’s Confidential Information or where such information has become publicly available other than by a breach of this agreement.

10.3 This section shall survive termination of these Terms.

11. Data Protection


11.1 The parties will comply with their respective obligations as set out in the Data Protection Appendix (DPA).

12. Warranty Disclaimers and Liability Limitations


12.1 You acknowledge that the use of the Service and access to the Site, and all related features available through the Site are provided:

(a) on an “as is” and “as available” basis,

(b) at your sole risk and

(c) without representations or warranties of any kind, either express or implied, and all warranties, whether express or implied, are excluded including implied warranties of merchantability and fitness for a particular purpose.

12.2 To the maximum extent permitted by law, in no circumstances (including negligence) will Crossware, our related companies and affiliates or their officers, employees, advisers, partners, agents or suppliers, be liable for any:

(a) Sort of damages that result from:
– any of your Information,
– your reliance on the Site, or
– the use of or access to, or the inability to use or access the Site, or
– the loss of any data or Information;

(b) Indirect damage (including punitive damages), loss (including loss of use, data, profits, business or any economic loss) or cost (including legal and lawyer/client costs) caused or contributed to by us or them in relation to these Terms.

12.3 You warrant that you are using this Site or the Service for the purposes of a business, and acknowledge and agree that any consumer related warranties, conditions or guarantees whether express or implied by any legislation or general law are hereby expressly excluded.

12.4 If for any reason the disclaimers or exclusion of liability contained in this clause 12 cannot be relied upon by Crossware or any other party referred to in this clause due to mandatory laws in other jurisdictions, then the sole and exclusive remedy for the breach of any implied warranty or condition shall be at Crossware’s sole discretion:

(a) Re-supplying the Service again,

(b) Refunding you 10% of the total amount actually received by Crossware in respect of Fees for the Service in the 12 month period immediately preceding the month in which liability arises; or

(c) Terminating your registration and/or these Terms.

12.5 Our total aggregate liability to you or anyone else using the Service or the Site in respect of any one incident or series of connected incidents, for damages, losses, and causes of action (whether in contract, tort, including negligence, under statute or otherwise), will not exceed the total Fees actually paid by you to us in the 12 months preceding the month in which the liability arises.

13. Force Majeure


Crossware will have no liability to you under these Terms if it is prevented from or delayed in performing its obligations under these Terms or from carrying on its business by acts, events, omissions or accidents beyond its reasonable control provided that you are notified of such an event as soon as reasonably practicable and its expected duration.

14. Indemnification


At your own expense, you shall indemnify, defend, and hold harmless Crossware, its affiliates and licensors, and their directors, officers, trustees, shareholders, employees, agents, successors and assigns from and against any and all claims, expenses, losses, damages, costs, liabilities and judgments, including without limitation reasonable attorneys’ fees and expenses, arising out of or relating to any claim resulting from or related to:
(i) any use by you of Crossware Mail Signature on the Site other than as expressly allowed by these Terms or in a manner inconsistent with any accompanying documentation;
(ii) any breach of these Terms (including for the avoidance of doubt the Appendix) by you; (iii) any violation of applicable law by you, your directors, officers, trustees, shareholders, employees, affiliates, subsidiaries, agents, successors and assigns;
(iv) non-payment of any Fees when they become due;
(v) any Information and data provided by you;
(vi) your use of the Site or the Service;
(vii) any infringement by you of the rights of any other person.

15. Termination


15.1 These Terms (including the license to use and access the Site) commences upon the earlier of accessing the Site or your acceptance of these Terms or you have registered to use the Service and shall continue for the Term until terminated in accordance with these Terms.

15.2 Either party may terminate these Terms by giving three months’ prior notice in writing to take effect by the end of the current Term. In the absence of such notice in due time, the Term shall be renewed for a further one year period and you agree to pay in advance Crossware’s then current Fees applicable for the further Term, and the number of Authorised Users or mail boxes.

15.3 Crossware may immediately suspend your access to the Site and/or use of the Service or access to the Information or terminate your registration to use the Service:

  • if you breach any of these Terms,
  • if payment of any Fees are more than 10 working days overdue,
  • if we think that you have misused the Site,
  • if your registration information is, or we think that it is, untrue, incomplete or not current, or
  • if you are or become insolvent or bankrupt, or if you make an assignment for the benefit of or enter into or make any arrangement or composition for the benefit of your creditors, or if you go into receivership or have a receiver, trustee and manager (or any of them) (including a statutory manager) appointed in respect of all or any of your property.

15.4 Upon termination, all licenses granted under these Terms will end and you may not use or access the Site; and you shall immediately discontinue any and all use of Crossware Mail Signature.

15.5 Crossware shall cease providing the Service to you and be entitled to remove your Information from the Site; and

15.6 On termination you will remain liable for any accrued Fees which become due for payment before or after termination.

15.7 On suspension or termination of your registration, and/or these Terms, Crossware will not provide any refund for any remaining prepaid period for a prepaid subscription for the period of the suspension, or following termination.

15.8 All provisions of this License that by their nature are intended to survive the expiration of the License granted hereunder shall survive and remain in full force and effect.

16. Notices


Any notice given under these Terms by either party to the other must be in writing by email and will be deemed to have been given on transmission. Notices to Crossware must be sent to sales@crossware.co.nz or to any other email address notified by email to you by Crossware. Notices to you will be sent to the email address which you provided when setting up your access to the Service.

17. Linking


We have not reviewed and are not responsible for any of the sites linked to the Site. You may not link to the Site (including framing, alteration of contents of the Site, re-branding of content, use of metatags or hidden text techniques) without our written consent.

18. Jurisdiction


These Terms, the Service and the Site are governed by New Zealand law and the parties submit to the non-exclusive jurisdiction of the courts of New Zealand.

19. Dispute Resolution


If any dispute arises in relation to these Terms, any party may notify the other in writing of the dispute and request resolution. The parties will then try to resolve the dispute by negotiation, mediation or other alternative resolution techniques. If the dispute is not resolved within 14 days of the date of receipt of the notice any party may refer it to be finally resolved by arbitration under the Arbitration Act 1996 (NZ). The arbitration will be held in Auckland.

20. General


20.1 Crossware Mail Signature operated on the Site, including, without limitation, the information included in its accompanying distributable files, data and materials and any related activation code and registration code files or information, and the know-how embodied in Crossware Mail Signature, is confidential and trade secret information and subject to copyright (the “Proprietary Information”) that is proprietary to and solely owned by or Licensed to Crossware, together with all related trademarks and other intellectual property rights relating thereto. You agree to maintain the Proprietary Information in strictest confidence for the benefit of Crossware and its licensors. You shall not sell, assign, License, publish, display, distribute, disclose, or otherwise make available or allow to be made available the Proprietary Information, to any third party nor use such Proprietary Information except as authorized by these Terms.

20.2 The obligations under this paragraph shall survive any termination or cancellation of these Terms.

20.3 These Terms are the complete statement of the agreement between the parties on the subject matter, and merges and supersedes all other or prior understandings, purchase orders, agreements, and arrangements.

20.4 There are no third-party beneficiaries of any promises, obligations, or representations made by Crossware herein.

20.5 Your rights and obligations under the Terms may not be assigned, transferred or otherwise disposed of in any way by you. We may assign any or all of our rights and obligations under these Terms to any person.

20.6 Any waiver by Crossware of any violation of these Terms by you shall not constitute, nor contribute to, a waiver by Crossware of any other or future violation by you of the same provision, or any other provision, of these Terms.

20.7 You acknowledge and agree that monetary damages alone would not be an adequate remedy in the event of a material breach by you of your obligations or agreements under these Terms and that, in such event, Crossware or any of its affiliates shall be entitled to injunctive relief to require you to comply with its obligations hereunder.

20.8 Any remedy available under these Terms shall be cumulative and not exclusive of any other remedy available to Crossware or any of its affiliates under these Terms, at law or in equity.

20.9 If any part of these Terms or the application thereof to any person or circumstance are for any reason held invalid or unenforceable, it shall be deemed severable, and the validity of the remainder of these Terms, or the applications of such provision to other persons or circumstances, shall not be affected thereby.

20.10 You will keep accurate business records sufficient to allow Crossware Limited to verify on request that your use of the Services complies with these Terms.

21. Definitions


Unless the context otherwise requires, the following expressions shall have the following meanings:

“Authorised User” is a unit of measure by which the Service (Crossware Mail Signature Service) is licensed. An Authorised User is a unique person or a shared mail box for which their email has been configured to use the Crossware Mail Signature Service.

“Fees” means the fees (excluding any taxes and duties) payable by You to use the Service and access the Site as set out in the Invoice, and subject to change from time to time on prior notice to you;

“Confidential Information” means the confidential information relating to the subject matter of this agreement and includes:

(a) confidential information relating to the design, specification and content of the Service and the Site;

(b) information relating to your and Crossware’s business processes and methods;

(c) confidential information relating to the Information; and

(d) information relating to the terms upon which the Service is provided to you.

“Crossware”, “us”, “our” or “we” means Crossware Limited;

“Crossware Mail Signature Application for O365″ means Crossware’s proprietary software that modifies your outbound emails and appends signatures according to your signature configuration and business rules. The Crossware Mail Signature Application for O365 will only modify your outbound emails according to your configuration;

“Crossware Mail Signature Service for O365” or “Service” means the Crossware Mail Signature Application for Office 365 available via the Site including the Implementation Services and the Support Services;

“Data Protection Appendix (DPA)” means the Data Protection Appendix to these Terms;

“Implementation Services” means the initial assistance to set-up and customise the signature configurations or any other assistance to access the Site for your use and initial implementation of your specified business rules to be applied in the validation of your Information including any subsequent changes requested by you from time to time;

“Information” means any data, in any format, document, email, information including MX Record entered, scanned, transmitted or uploaded to the Site or otherwise provided to Crossware by you or on your behalf for the purpose of using the Service;

“Intellectual Property Rights” mean all intellectual property rights including without limitation,

(a) patents, trademarks, copyright, registered designs, trade names, symbols and logos; and

(b) Tools, templates, techniques, computer program code, trade secrets, information or logical sequences (whether or not reduced to writing or other machine or human readable form);

“Invoice”, the actual invoice for the Term of the Service issued by Crossware;

“MX Record” means your resource record in the Domain Name System that specifies the mail server responsible for accepting email messages on behalf of your domain;

“Provisioning Form” means the quote, order form, invoice or other proposal setting out the Fees, Term and other information relating to the Service to be provided by Crossware and accepted by you.

“Service Level” means the service levels set out in the Crossware Mail Signature O365 Service Level and Support Agreement (CMS O365 SLSA) available at www.crossware.co.nz/cms-o365-slsagreement

“Site” means Crossware’s domain that you direct your MX Record to in order to use the Services and the website and webpages of the Site accessed by the Authorised Users as part of the Service including all related systems, files, components and programs, or any part of it;

“Crossware Mail Signature SLSA”, “CMS O365 SLSA” or “SLSA” means the Crossware Mail Signature O365 Service Level and Support Agreement (CMS O365 SLSA) available at www.crossware.co.nz/cms-o365-slsagreement

“Support Services” means the email support services set out in the Crossware Mail Signature O365 Service Level and Support Agreement (CMS O365 SLSA) available at www.crossware.co.nz/cms-o365-slsagreement

“Term” means the term you have agreed to subscribe to the Service and in the absence of any agreed duration, shall be for a period of 1 year;

“User ID” means your user name and your password (“Password”);

“working day” means any day other than a Saturday, Sunday or public holiday in New Zealand;

“you” and “your” means the business entity registered to use the Services and any person or entity authorised by you or on your behalf to use the Service from time to time (“Authorised User”);

Appendix – Data Protection Appendix (DPA)

1. Appointment and role of Crossware


1.1 You appoint Crossware to Process Your Personal Data on your behalf as is necessary for Crossware to provide the Service to you.

1.2 Crossware and you agree that for the purposes of these Terms and Crossware’s Processing of Your Personal Data in connection with the Service, you are the Data Controller and Crossware (and each permitted subcontractor or third party under these Terms) is a Data Processor.

2. Details of Processing


2.1 Processing of Your Personal Data by Crossware under these Terms shall be for the subject-matter, duration, nature and purpose, and the type of Personal Data and categories of Data Subjects, set out in these Terms.

2.2 Your obligations and rights as Data Controller are as set out in these Terms.

3. Complying with Data Protection Laws


3.1 You authorise Crossware to access Your Personal Data (including your directory of users held within the Office 365 environment) for the purpose of providing the Service to you.

3.2 Crossware shall in all cases Process Your Personal Data in compliance with Data Protection Laws

3.3 Crossware shall not cause itself, nor shall it cause another Data Processor, to breach Data Protection Laws.

3.4 Crossware shall procure that any other Data Processor that it engages which has access to or otherwise Processes Your Personal Data shall comply with Crossware’s obligations under these Terms.

4. Acting on controller’s documented instructions


Crossware shall Process Your Personal Data only on your documented instructions or, following Crossware’s prior notification to you, except where mandatory applicable law prohibits such notification on important public interest grounds, otherwise as necessary to perform its obligations under these Terms or as required by law applicable to Crossware. Crossware shall promptly notify you if in Crossware’s reasonable opinion any of your instructions infringes Data Protection Law, with such notification to include an explanation of why Crossware has formed such an opinion.

5. Ensuring employee confidentiality


5.1 Crossware shall ensure:

(a) the reliability of any person acting under its authority who may have access to, or who processes, Your Personal Data;

(b) that any such person is subject to appropriate binding obligations of confidentiality and at all times acts in compliance with Data Protection Law and the data protection obligations under these Terms; and

(c) that such a person receives regular and appropriate training on the same.

6. Implementation of appropriate technical and organisational measures


6.1 Crossware shall implement all appropriate technical and organisational measures:

(a) such that any Processing shall meet the requirements of Data Protection Laws and ensure the protection of the rights of Data Subjects; and

(b) to ensure the security of Your Personal Data, including protection against unauthorised or unlawful Processing (including without limitation unauthorised or unlawful disclosure of, access to, or alteration of Your Personal Data) and against accidental loss or destruct ion of, or damage to, it.

6.2 Crossware shall ensure that the Security Measures are the minimum security standards (or materially similar security standards) governing Crossware’s Processing of Your Personal Data as further outlined in the Schedule.

7. Data breach notification and assistance


7.1 Crossware shall notify you in writing without delay if it becomes aware of or suspects any unauthorised or unlawful Processing, disclosure of, or access to, Your Personal Data or any accidental or unlawful destruction of, loss of, alteration to, or corruption of, Your Personal Data (“Data Breach”), and provide you, as soon as possible, with such information relating to the Data Breach as you require to report the Data Breach to the competent Supervisory Authority or to communicate the Data Breach to affected Data Subjects. Such information shall include, without limitation, the nature of the Data Breach, the nature of the Personal Data affected, the categories and number of Data Subjects concerned, the number of Personal Data records concerned, measures taken to address the Data Breach and the possible consequences and adverse effect of the Data Breach.

7.2 Crossware shall maintain a log of Data Breaches, including facts, effects and remedial action taken.

7.3 Crossware, at its own cost, shall take all steps to restore, re-constitute or reconstruct any of Your Personal Data which is lost, damaged, destroyed, altered, corrupted as a result of a Data Breach, with all possible speed and as if it were the Crossware’s own data, and shall provide you with all reasonable assistance in respect of any such Data Breach. Crossware shall also provide all reasonable assistance to you in this regard in relation to your compliance with applicable Data Protection Law.

8. Assisting controller with Privacy Impact Assessments and prior consultations


Crossware shall notify you prior to adopting a new or updated type of Processing (including, without limitation, the use of new technology to continue current Processing) in respect of Your Personal Data, and at your request Crossware shall participate in a data protection impact assessment in respect of the new or updated type of Processing which is being proposed by Crossware or you. To the extent applicable, Crossware shall provide assistance to you in consulting with Supervisory Authorities in relation to any high-risk Processing, as reasonably required from time to time by you.

9. Subcontracting


9.1 You authorise Crossware to engage another Data Processor to perform Processing activities in respect of Your Personal Data on your behalf (“Crossware Data Processor”), or transfer or disclose any of Your Personal Data to any other party, only as is necessary for the provision of the Service. In such circumstances Crossware shall:

(a) request consent from you in writing in advance should this be a party outside of Crossware’s group and at the conclusion of such engagement, transfer or disclosure; and

(b) comply with these Terms in connection with the engagement of the Crossware Data Processor.

9.2 For the purpose of clause 9.1 of this Appendix, you give your consent to Microsoft Corporation performing Processing activities in respect of Your Personal Data on your behalf in order for us to provide the Service to you, and accordingly you acknowledge and agree that Microsoft Corporation is a Crossware Data Processor under this Appendix (to the extent applicable).

9.3 In any case where Crossware is authorised to act pursuant to Clause 9.1 of this Appendix, Crossware shall enter into a written agreement (“Processor Contract”) with such Crossware Data Processor containing obligations that are equivalent to and no less onerous than those set out in these Terms (including the obligations in relation to engaging another Data Processor)

9.4 Crossware shall remain fully liable to Subscriber for any non-compliance with the terms of these Terms by any Crossware Data Processor.

10. Transferring data outside the EEA


10.1 This clause 10 applies to the extent that any of Your Personal Data is accessed by Crossware in any country or territory within the European Economic Area.

10.2 Subject to clause 10.1 of this Appendix, Crossware shall not, and shall procure that any Crossware Data Processor shall not, transfer any of Your Personal Data to any country or territory (except within the Microsoft Azure environment, and within its datacenter regions detailed at https://azure.microsoft.com/en-us/global-infrastructure/regions/) outside the European Economic Area or to any international organisations (“International Recipient”) without first obtaining your express written consent and, if you consent to the transfer of Your Personal Data to an International Recipient, Crossware shall ensure that such transfer and any onward transfer to any recipient thereafter:

(a) is under a written contract including equivalent obligations relating to security and confidentiality of Your Personal Data;

(b) is affected by way of a legally enforceable mechanism for transfers of Personal Data as may be permitted under Data Protection Laws from time to time (the form and content of which shall be subject to your prior written approval);

(c) complies with Clause 4 of this Appendix; and

(d) otherwise complies with Data Protection Laws.

10.3 For the purpose of Clause 10.2 of this Appendix, you approve the use of Standard Contractual Clauses as a legally enforceable mechanism for transfers of Personal Data and provide a power of attorney for Crossware to enter into any such Standard Contractual Clauses with an International Recipient in the name and on behalf of you as the Data Exporter provided that Crossware shall not modify, vary, supplement or disapply any of the Standard Contractual Clauses or its Appendices without your prior written approval.

10. Assisting controller with handling Data Subject rights requests


Crossware shall, insofar as is possible, implement appropriate technical and organisational measures to provide you with prompt co-operation and assistance in responding to any request to exercise Data Subject rights under Data Protection Laws (including access requests) received by, or on behalf of, or in connection with you or these Terms, including to ensure that all such requests it receives are recorded and then referred to you.

11. Deleting or returning of Your Personal Data


11.1 Crossware shall promptly:

(a) on termination of these Terms, for whatever reason;

(b) after the end of the provision of the relevant Service related to Processing; or

(c) if earlier, as soon as Processing by Crossware of any of Your Personal Data is no longer required for Crossware ‘s performance of its obligations under these Terms, cease all use of such Personal Data and shall either securely destroy all such Personal Data or securely transfer all such Personal Data to you or a nominated third party, and securely delete existing copies (unless storage of any data is required by applicable law, and if so Crossware shall notify you of this).

12. Providing records, information and assistance


12.1 Crossware shall maintain complete, accurate and up to date written records of all categories of Processing activities containing such information as is required under Data Protection Laws and any other information that you reasonably require (“Processing Records”), and shall make available to you on request in a timely manner such information, including the Processing Records, as is reasonably required by you to demonstrate compliance by you with your obligations under Data Protection Laws and these Terms, which you may disclose to the Supervisory Authority or any other relevant regulatory authority.

12.2 Crossware shall permit you, or a third-party reputable auditor acting under your direction, to conduct, at your cost, data privacy and security audits, assessments and inspections concerning Crossware’s data security and privacy procedures relating to the Processing of Your Personal Data, and its compliance with these Terms and Data Protection Laws.

12.3 Crossware shall provide you with such assistance and co-operation as you may reasonably request to enable you to comply with any obligations imposed on you by Data Protection Laws, including, but not limited to:

(a) on your request, promptly providing written information regarding the technical and organisational measures which Crossware has implemented to safeguard Your Personal Data and the security of processing;

(b) promptly providing such information and cooperation as you may reasonably require for the purpose of assisting you to carry out a Privacy Impact Assessment;

(c) disclosing full and relevant details in respect of any and all government, law enforcement or other access protocols or controls which it has implemented; and

(d) notifying you as soon as possible and as far as it is legally permitted to do so, of any access request for disclosure of data which concerns Your Personal Data (or any part thereof) by any governmental or other regulatory authority, or by a court or other authority of competent jurisdiction. For the avoidance of doubt and as far as it is legally permitted to do so, Crossware shall not disclose or release any of Your Personal Data in response to such request served on it without first consulting with and obtaining your written consent.

13. Informing controller of complaints and enquiries


Crossware shall inform you as soon as reasonably possible of any enquiry, complaint, notice or other communication in connection with the Service or your or Crossware’s compliance with Data Protection Laws from any Supervisory Authority or any Data Subject, which Crossware or the third parties appointed by Crossware receives. Crossware shall provide all necessary assistance to you to enable you to promptly respond to such enquiries, complaints, notices or other communications and to comply with Data Protection Laws. For the avoidance of doubt, Crossware shall not respond to any such enquiry, complaint, notice or other communication relating to the Service or your compliance with Data Protection Laws without your prior written consent.

14. Definitions and interpretation 


For the purpose of this Appendix, the following words and phrases shall have the following meaning unless the context otherwise requires:

“Data Controller” (or “controller”), “Data Processor” (or “processor”), “Data Subject”, “Personal Data”, “Processing” and “Sensitive Personal Data” (or “special categories of personal data”) all have the meanings given to those terms in Data Protection Laws (and related terms such as “Process” have corresponding meanings).

“Data Exporter” has the meaning set out in the Standard Contractual Clauses.

“Data Protection Laws” means all laws, regulations, legislative and regulatory requirements and codes of practice applicable to the Processing, privacy, and use of Personal Data, as applicable to you, Crossware or the Service (including to the extent applicable and without limitation, Directive 95/46/EC of the European Parliament and of the Council of October 24 1995 and any successor legislation (including the General Data Protection Regulation (EU) 2016/679), the guidance, directions, determinations, codes of practice, circulars, orders , notices or demands issued by any Supervisory Authority, and any applicable national, international, regional, municipal or other data privacy and data protection laws, standards or regulations in any territory in which the Service is provided or which are otherwise applicable.

“Standard Contractual Clauses” means the standard contractual clauses set forth in EU Commission Decision 2010/87/EU of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC as may be amended or superseded from time to time;

“Security Measures” means your security policies and measures (including IT policies and measures) for the protection of Personal Data issued to Crossware by you from time to time which as at the date of these Terms are as specified in the Schedule.

“Supervisory Authority” means any competent data protection or privacy authority in any jurisdiction in which you or Crossware is established, Crossware provides the Service, or in which Crossware Processes Your Personal Data.

“Your Personal Data” or “Personal Data” means all Personal Data, in whatever form or medium which is: (i) supplied, or in respect of which access is granted to Crossware (or any approved third party) whether by you or otherwise in connection with these Terms, or (ii) produced or generated by or on behalf of Crossware (or any approved third party) in connection with these Terms, including as set out in the Schedule.

 

Schedule: Technical and Organisational Security Measures

1. Technical and organisational security measures


1.1 Crossware shall adhere to or exceed the following standard or a materially similar standard:

(a) Encryption of personal data in transit to at least Transport Layer Security (TLS) v1 .2 with no TLS version. Fall-back options enabled.

(b) Segregation of Personal Data from other networks.

(c) Access control and multi-factor user authentication with access rights being subject to an internal audit at least quarterly. All system access is role based and follows the principle of least privilege.

(d) Employee training on information security. This includes new starter induction training, annual information security refresher courses and ad-hoc information security notifications when new threats emerge.

(e) Documented information security policies and procedures. These are reviewed at least annually or when new threats emerge.

(f) Vulnerability tests are performed quarterly (this may be an internal function). External penetration tests are performed at least annually and are performed by an accredited external Penetration Test company.

(g) Parameter firewalls. The development, staging and production environments are both physically and virtually separated ensuring that code cannot be deployed to the production environment in error.

(h) Backing up of data. All data follows a regular backup process and data is recoverable in a timely manner following any system issues

(i) Commercial grade anti-virus protection on all computers. All computers are protected by commercial grade anti-virus. Virus definitions are updated at least daily and full scans occur at least once per week

(j) All staff under duty of confidence. All staff are subject to both a confidentiality clause in their employment contract or services contract and a confidentiality policy.

Please click here to download the PDF.