XpertHR Data Services Terms and Conditions
XpertHR Data Services Terms and Conditions ("Terms")
1 General
1.1 These Terms apply to the XpertHR data services products ("Data Services Product(s)") supplied by or on behalf of LNRS Data Services Ltd, trading as XpertHR, ("XpertHR") as may be ordered by Customer from time to time via a signed order as accepted and fulfilled by XpertHR ("Order Form" or an "Order Proposal").
1.2 Each Order Form identifies specific XpertHR Data Services Product(s) that Customer orders, fees due and any specific amendments to these Terms. All Order Forms are subject to and incorporate these Terms. In the event that an Order Form amends any of the provisions in these Terms, the provision in the Order Form shall control.
1.3 Except as specifically authorized on an Order Form, the licence granted under these Terms shall not extend to any of Customer's Affiliates, and Customer shall not make any XpertHR Data Services Product(s) available to any of its Affiliates except with XpertHR's express prior written approval.
1.4 Where XpertHR expressly permits the use of XpertHR Data Services Product(s) by one or more Customer Affiliate(s), each such Customer's Affiliate shall be added to the applicable Order Form as a Permitted Affiliate. Customer shall ensure that each Permitted Affiliate complies with the Terms (other than as to payment obligations, for which Customer remains solely liable) including any restrictions on access to or use of any XpertHR Data Services Product(s).
1.5 Customer will be responsible and liable for the acts and omissions of any of Customer's Permitted Affiliate(s); and Customer agrees that any changes to its corporate structure, employee or user numbers or usage entitles XpertHR to charge additional fees. Customer shall be liable for all access to and use of the Licensed Material by any of its Affiliates.
1.6 XpertHR Data Services Product(s) may be provided by an Affiliate of XpertHR.
2 License Terms and Use Restrictions
2.1 Subject to Customer fulfilling its obligations under these Terms and prompt payment of all fees, XpertHR grants Customer a non-exclusive, non-transferable, non-sublicensable, limited term, revocable licence for the Customer and its Licensed Users to access and use the XpertHR Data Services Product(s) and the Licensed Material for the Permitted Purposes only, and only as permitted by the relevant Licence Type, and at all times subject to and in accordance with these Terms. All other uses are expressly reserved and prohibited.
2.2 Unless otherwise specified in the Order Form, the Licence Type shall be a Per User Licence.
2.3 Subject to the above, Customer and its Licensed Users may: (i) search, interrogate, and display the data accessed through the Licensed Material on screen; (ii) make a limited number of printouts of items included in the Licensed Material using the printing commands contained in the XpertHR Data Services Product(s); (iii) download and store in machine readable format a copy of insubstantial portions of the Licensed Material; and (iv) download and store a single copy of relevant Licensed Material for the Customer's audit and regulatory purposes but not for any other purpose.
2.4 The following is not permitted in this licence but would be subject to a separate additional licence or agreement and additional or different fees or payment arrangements:
2.4.1 the creation of Derived Materials;
2.4.2 resale or distribution to third parties.
2.5 The Customer may not:
2.5.1 abstract, download, store, reproduce, transmit, display, copy or use the Licensed Material other than as expressly permitted in these Terms;
2.5.2 lend, sell, resell, license, sublicense, distribute, make available, rent or lease any XpertHR Data Services Product(s) or any parts of the Licensed Material or include it in a service bureau or outsourcing offering;
2.5.3 modify the XpertHR Data Services Product(s) or the Licensed Material without XpertHR's express written permission;
2.5.4 use any algorithm, application, device, method, system or software to: (i) access, use, search, copy, monitor, mine, extract or scrape data or other Licensed Material from the XpertHR Data Services Product(s); or (ii) disable or incapacitate any part of the XpertHR Data Services Product(s) or any usage tracking application or program used by XpertHR
2.5.5 make multiple printouts or copies of Licensed Material for distribution to any party other than Licensed Users (with the exception of clause 2.6 – on ad hoc inclusion in presentations below);
2.5.6 make the XpertHR Data Services Product(s) or any Licensed Material available to any party other than Licensed Users on a local area network, a wide area network or on any intranet or extranet except as may be otherwise agreed;
2.5.7 use or authorise the use of software incorporated in the XpertHR Data Services Product(s) other than as part of the XpertHR Data Services Product(s);
2.5.8 use or access any XpertHR Data Services Product(s) for the purposes of monitoring its availability, performance or functionality, or for any other benchmarking, comparison with products not supplied by XpertHR or other competitive purposes;
2.5.9 use the XpertHR Data Services Product(s) or Licensed Material therein for or in conjunction with any unlawful purpose;
2.5.10 interfere with or disrupt the integrity or performance of any XpertHR Data Services Product(s) or third-party data contained therein;
2.5.11 remove any copyright or other proprietary rights notice contained or included in the XpertHR Data Services Product(s) or Licensed Material;
2.5.12 permit or seek to obtain direct or indirect access to or use of any XpertHR Data Services Product(s) in a way that circumvents a contractual usage limit;
2.5.13 except as permitted by applicable law, copy, reverse engineer, decompile or modify any software incorporated in any XpertHR Data Services Product(s) or any part, feature, function or user interface thereof or make any other attempt to discover the source code or scripts used to provide the XpertHR Data Services Product(s);
2.5.14 use the XpertHR Data Services Product(s) in any way that may infringe any intellectual property right of XpertHR, its Affiliates, any of XpertHR's third-party data providers and/or any other third parties;
2.5.15 do anything that could reasonably be assumed to jeopardise XpertHR's or any of XpertHR's Affiliates' relationships with any of its or their third party providers, or any other third party;
2.5.16 use the XpertHR Data Services Product(s) and any Licensed Material in any way not expressly authorized in these Terms.
2.6 Notwithstanding the aforegoing, Customer may include small extracts of Licensed Material in presentations to customers and prospects on an ad-hoc basis, provided always that the Customer acknowledges XpertHR as a data source, and further provided that Customer accompanies the extract with the following disclaimer in all such presentations:
"This information has been extracted from an XpertHR Data Services Product(s). XpertHR has not seen or reviewed any conclusions, recommendations or other views that may appear in this document. XpertHR makes no warranties, express or implied, as to the accuracy, adequacy, timeliness, or completeness of its data or its fitness for any particular purpose. XpertHR disclaims any and all liability relating to or arising out of use of its data and other content or to the fullest extent permissible by law."
2.7 XpertHR accepts no liability or responsibility to any third party who benefits from, uses or relies on the XpertHR Data Services Product(s) or gains access to the Licensed Material. The Customer will indemnify XpertHR from and against all liabilities, losses, damages, costs and expenses that XpertHR incurs in connection with any claims against XpertHR by any such third party.
2.8 The use of and access to XpertHR Data Services Product(s) are subject to usage limits, including the quantities specified in the Order Form: (i) where a quantity in the Order Form refers to Licensed Users, the XpertHR Data Services Product(s) may not be accessed by more than that number of Licensed Users; (ii) If Customer exceeds a contractual usage limit, XpertHR may charge for uses above the contractual limits.
2.9 Customer grants to XpertHR and its Affiliates (subject always to Clause 15 and the DPA):
2.9.1 a royalty-free, non-exclusive, worldwide license to host, copy, transmit, amend, adapt, translate, co-mingle with other data and display Customer Data as reasonably necessary for XpertHR to produce and supply XpertHR Data Services Product(s); and
2.9.2 a worldwide, perpetual, irrevocable, royalty-free license to use and incorporate into XpertHR's and/or its Affiliates' services and products (including the XpertHR Data Services Product(s)) Customer Data as well as any suggestion, enhancement request, recommendation, correction or other feedback provided by Customer or Licensed Users relating to the operation of or other attributes of any XpertHR's or its Affiliates' services and products.
2.10 Qualification for participant subscription rates to Cendex or Salary Survey services is conditional on submission of data relating to the subscribing organisation ("Data"). Customer acknowledges that certain product functionality will not be available until Customer submits Data. Further, Customers of the Gender Pay Gap Reporting service are also required to submit the required Data to XpertHR. By using the Cendex or Salary Survey service(s) (including the Gender Pay Gap Reporting service) Customer agrees to the following:
2.10.1 To submit Data by the deadline date and in accordance with the format and guidelines. For first-time subscribers to Cendex or Salary Survey, XpertHR will notify Customer of any deadlines within 24 hours of the subscription being activated. For existing Cendex or Salary Survey subscribers, XpertHR will notify Customer of any deadlines approximately six to eight weeks before the deadline date;
2.10.2 To submit pay Data via the secure participant portal;
2.10.3 To submit Data for all job posts in Customer's organisation covered by the survey(s) to which the Customer has subscribed, unless otherwise agreed on an Order Form;
2.10.4 Customer shall not submit to XpertHR any Personal Data, and shall exclude from Data all names and all other personal data or personally identifiable information unless XpertHR expressly agrees to process such data on Customer's behalf. To the extent that any Personal Data is transmitted to XpertHR, the provisions of Clause 15 and the DPA shall apply;
2.10.5 That the Customer's organisation will be listed as a participant in the products which include the Data (Customer may opt not be named by emailing a request to participants@xperthr.co.uk);
2.10.6 That if the Customer fails to supply Data by the deadline date, Customer's Cendex or Salary Survey subscription automatically converts on the day after the deadline date to a non-participation subscription for the full subscription period, and XpertHR may invoice Customer for the balance of the non-participation subscription fee due. Participant subscription rates are 50% of non-participation subscription rates.
3 Fees
3.1 Customer shall pay all applicable fees, and agrees that its access to and use of XpertHR Data Services Product(s) and Licensed Materials is contingent on Customer paying all applicable fees.
3.2 Payment obligations are non-cancellable, and fees paid are non-refundable except as otherwise expressly foreseen in these Terms.
3.3 Quantities or levels of usage licensed cannot be decreased during any Contract Year.
3.4 Invoiced charges are due net twenty eight (28) calendar days from the invoice date. Customer is responsible for providing complete and accurate billing and contact information to XpertHR and notifying XpertHR of any changes to such information.
3.5 If any invoiced amount is not received by XpertHR by the due date, then without limiting its rights or remedies: (i) those charges may accrue late interest at the rate of three per cent (3%) above the base rate of the Bank of England of the outstanding balance per year; (ii) XpertHR may suspend or terminate Customer's access to the XpertHR Data Services Product(s) until such amounts are paid in full; (iii) XpertHR may condition future renewals on payment terms shorter than those specified in these Terms.
3.6 XpertHR's fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction whatsoever (collectively, "Taxes") except as expressly set out in an invoice. Customer is responsible for paying all Taxes associated with Customer's purchases and use hereunder. If XpertHR has a legal obligation to pay or collect Taxes, XpertHR will invoice Customer, and Customer will pay that amount unless Customer provide XpertHR with a valid tax exemption certificate authorised by the appropriate taxing authority. For clarity, XpertHR is solely responsible for taxes assessable against XpertHR based on its income, property and employees.
4 Access to XpertHR Data Services Product(s); Security
4.1 The Customer shall comply with all of XpertHR's instructions relating to the security of the XpertHR Data Services Product(s) and the Licensed Material. Customer shall have in place and maintain appropriate and up-to-date technical and organizational measures designed to protect all Licensed Material against unauthorized access, disclosure, copying or distribution, and Customer shall comply with XpertHR's reasonable instructions from time to time in any matters relating to the protection of and the prevention of piracy of Licensed Material.
4.2 A specially designated username and password may be allocated by XpertHR to the Customer and to Licensed Users for the sole use of the Customer or Licensed Users to access the Products and the Licensed Material. Where usernames are issued, they are unique to the named individual Licensed User and must not be shared or transferred. XpertHR may alter usernames and/or passwords from time to time in accordance with its standard security procedures and shall inform the Customer accordingly.
4.3 The Customer shall notify XpertHR promptly if it becomes aware or suspects that any unauthorised person has obtained a password. XpertHR will alter the password and inform the Customer accordingly.
4.4 Customer shall disable any Licensed User's access to the XpertHR Data Services Product(s) and related documentation promptly in the event that the Licensed User no longer requires access to XpertHR Data Services Product(s) to perform their work for Customer for any reason.
4.5 If XpertHR suspects that a password is being used by more than one person or by anyone other than the Licensed User for whom it was issued, or if XpertHR detects use of the Licensed Material in excess of licensed usage specified on the applicable Order Form, it may immediately suspend access by Customer and/or individual accounts or cancel the relevant password.
5 Intellectual Property Rights
5.1 Customer agrees that the Intellectual Property Rights comprised in or relating to all XpertHR Data Services Product(s), Licensed Material, and Derived Material within any materials prepared by or on behalf of Customer, and all compilations thereof and in documentation supplied by XpertHR are and shall remain the sole property of XpertHR or (as applicable) their third-party licensors. RELX Group and the RE symbol are trademarks of RELX Group plc, used under licence.
5.2 No rights in any XpertHR Data Services Product(s) or Licensed Material are granted or conveyed by XpertHR other than the limited licence to use them as set forth in these Terms, and nothing in these Terms will be deemed to grant any licence, sub-licence, Intellectual Proprietary Right or other claim against or interest in XpertHR's Intellectual Property Rights.
5.3 In the event that Customer were to own any rights in any XpertHR Data Services Product(s) or Licensed Material, Customer shall assign to XpertHR, with full title guarantee for all purposes, applications and field of use (including by way of assignment of future Intellectual Property Rights) all such Intellectual Property Rights including the right to take action for any past, present and future damages and other remedies in respect of any infringement. Customer must execute, and will procure that any Affiliates and Representatives execute, such documents and do such things as XpertHR may consider reasonably necessary to give effect to this clause.
5.4 Where the Licensed Material contains data and/or other material licensed by third party licensors, such Licensed Material is made available on the terms and conditions of such third party licensors as communicated to Customer from time to time.
6 Changes to the Product; Discontinuation
6.1 XpertHR shall be entitled to update, enhance, withdraw or otherwise change the XpertHR Data Services Product(s) from time to time, at any time without notice.
6.2 Where such change will lead to a material decrease in functionality, XpertHR shall provide notice.
6.3 During a period of thirty calendar days starting on the day that XpertHR provided the notice, Customer may terminate the license relating to the affected XpertHR Data Services Product(s), by giving notice, and may request a refund of unused portions of time of the remaining term for that XpertHR Data Services Product(s). If Customer does not exercise this right to terminate within thirty calendar days from XpertHR's notice, Customer has accepted the changed product, and may no longer exercise this termination right.
6.4 In the event that XpertHR discontinues any XpertHR Data Services Product(s), XpertHR may choose to offer Customer a refund of the unused portion of any prepaid fees for the applicable Contract Year, or may make available an alternative product.
7 Changes to the Terms
7.1 XpertHR may at its discretion change these Terms and provide notice to Customer. During a period of thirty calendar days starting on the day that XpertHR provided the notice, Customer may terminate the license relating to the affected XpertHR Data Services Product(s), by giving notice. If Customer does not exercise this right to terminate within thirty calendar days from XpertHR's notice, Customer has accepted the changed product, and may no longer exercise this termination right.
8 Availability of XpertHR Data Services Product(s)
8.1 XpertHR shall use reasonable endeavours to ensure that XpertHR Data Services Product(s) are available to Customers and Licensed Users excluding downtime for regular or emergency maintenance which shall be kept to a minimum.
8.2 Time is not of the essence in respect to the delivery of any particular XpertHR Data Services Product(s) or Licensed Material, and XpertHR's sole obligation and Customer's sole and exclusive remedy is to request that XpertHR effect delivery or reinstate service as soon as is practically possible.
9 Indemnities
9.1 The Customer shall indemnify XpertHR against any liabilities, losses, damages, costs or expenses incurred by XpertHR directly or indirectly as a result of any claim or course of action made or instituted against XpertHR by any third party arising from the unauthorised use of the XpertHR Data Services Product(s) or Licensed Material by the Customer or its Licensed Users.
9.2 Customer will defend XpertHR and its Affiliates against any claim, demand, suit or proceeding made or brought against it by a third party alleging that any Customer Data provided to XpertHR infringes or misappropriates such third party's Intellectual Property Rights, or arising from Customer's use of XpertHR Data Services Product(s) in violation of these Terms or applicable laws or regulations (each a "Third Party Claim"). Customer will indemnify XpertHR from any damages and costs finally awarded against it as a result of, or for any amounts paid by XpertHR under a settlement approved by Customer in writing of, a Third Party Claim, provided that XpertHR: (i) promptly gives Customer written notice of the Third Party Claim; (ii) gives Customer all reasonable assistance, at Customer's cost.
10 Use of the Products
10.1 The Customer shall use the XpertHR Data Services Product(s) and the Licensed Material in accordance with all laws and regulations applicable to the Customer.
10.2 It shall be the responsibility of the Customer to ensure that its computing environment, network, connectivity, terminals and other associated equipment are compatible with the requirements of the XpertHR Data Services Product(s), and the Customer shall pay all relevant charges associated with such hardware, equipment or other network components of Customer.
11 Verification and Audit
11.1 The Customer shall, within seven calendar days of a written request from XpertHR provide (i) a list of all individuals who have access to the XpertHR Data Services Product(s); and (ii) an explanation of how the XpertHR Data Services Product(s) and Licensed Material are used by Customer and its Licensed Users.
11.2 Upon providing Customer with reasonable prior written notice, XpertHR (including its representatives and its Affiliates or representatives or any regulators) ("Audit Representative(s)") shall have the right, either directly or through a third party auditor and not more than once every 12 months, to conduct an audit during Customer's normal business hours to verify that XpertHR Data Services Product(s) are being used in a manner consistent with the provisions of these Terms and the Order Form.
11.3 Customer shall co-operate with, and provide information as is reasonably requested by any Audit Representative.
11.4 Without prejudice to XpertHR's other rights or remedies, if XpertHR, determines that Customer, Customer's Affiliates, Customer's Representatives and/or any Licensed Users are using the XpertHR Data Services Product(s) or Licensed Materials in a manner inconsistent with these Terms, Customer shall: (i) at XpertHR's option, immediately cease such inconsistent use and pay XpertHR the additional fees sufficient to permit such use; and (ii) reimburse XpertHR for the fees due for the unlicensed use of the Licensed Materials and the cost of such audit.
11.5 XpertHR shall treat as confidential all information relating to the Customer's business that it acquires in the course of such verification or audit.
11.6 The rights of XpertHR under this Clause shall continue for the term and for 6 months thereafter.
12 Warranties; Limitations on Liability
12.1 The XpertHR Data Services Product(s) and Licensed Material are provided by XpertHR on an 'as is' and 'as available' basis. XpertHR excludes to the extent permitted by law all implied warranties relating to fitness for a particular purpose, merchantability, accuracy, timeliness, and completeness. XpertHR is not responsible for errors and omissions in the Licensed Materials of any kind, regardless of the cause, or for results obtained from using XpertHR Data Services Product(s) or Licensed Material.
12.2 Nothing in these Terms or any Order Form shall exclude or limit either party's liability: (i) for death or personal injury caused by its (or its agent's or sub-contractor's) negligence; (ii) for fraud or fraudulent misrepresentation; (iii) for losses arising from breach of the provisions of the confidentiality obligations in these Terms; (iv) indemnities in these Terms; and (v) matters that cannot, as a matter of law, be limited or excluded.
12.3 Other than as set out in Clause 12.2, in no event shall the aggregate liability of each party together with all of its Affiliates arising out of or related to these Terms exceed the total amount paid by Customer and Customer's Affiliates hereunder for the XpertHR Data Services Product(s) giving rise to the liability in the twelve (12) months preceding the first incident out of which the liability first arose. The foregoing limitation will apply whether an action is in contract or tort and regardless of the theory of liability, but will not limit Customer's and Customer Affiliates' payment obligations, even if a party or its Affiliates have been advised of the possibility of such damages or if a party's or its Affiliates' remedy otherwise fails of its essential purpose.
12.4 Other than as set out in Clause 12.2, in no event will either party or its Affiliates have any liability arising out of or related to these Terms and/or any Order Form for any: (i) loss of profits, business or revenues; (ii) loss of anticipated savings; (iii) loss of goodwill; (iv) business interruption; (v) loss of data (including use or receipt of data); or (vi) for any indirect, special, incidental, consequential, or exemplary damages. The foregoing limitation will apply whether an action is in contract or tort and regardless of the theory of liability, even if a party or its Affiliates have been advised of the possibility of such damages or if a party's or its Affiliates' remedy otherwise fails of its essential purpose.
12.5 Without prejudice to any of the foregoing, XpertHR will not be liable for breach of any term of these Terms arising from or in relation to: (i) the use of any XpertHR Data Services Product(s)(s) in breach of these Terms; (ii) any alterations to any XpertHR Data Services Product(s) made by anyone other than XpertHR or someone expressly authorised by XpertHR to make that alteration; (iii) any delay or failure in the provision of any XpertHR Data Services Product(s) to Customer caused by anyone other than XpertHR; or (iv) any breach of these Terms by Customer or any other wrongful or negligent act or omission by Customer, any Customer Affiliate, or any Representative.
12.6 The XpertHR Data Services Product(s) may contain links to external sites. XpertHR is not responsible for and has no control over the content of such sites and, to the extent permissible by law, disclaims all responsibility and liability in relation to information available on such sites or accessible from the XpertHR Data Services Product(s) via hypertext links.
13 Term; Suspension and Termination
13.1 The term of an order will commence on the Start Date.
13.2 Except to the extent stated otherwise in an Order Form, each order shall renew automatically for further periods of the term stated in the Order Form (and if that doesn't state a term for periods of twelve (12) months) unless either party provides the other party with a written notice no fewer than thirty (30) calendar days in advance of the expiry to cancel the renewal.
13.3 The fees due for each renewal term shall be assessed at the then current prices for the XpertHR Data Services Product(s) ordered.
13.4 Without prejudice to any other right or remedy which may be available to it, XpertHR may suspend or terminate Customer's access to any XpertHR Data Services Product(s) and/or the Terms immediately and without compensation if: (i) the Customer is in breach of these Terms; (ii) the Customer fails to make any payment to XpertHR within 14 (fourteen) calendar days of the due date and fails to remedy such breach within 14 (fourteen) calendar days after written notice from XpertHR specifying the breach and requiring it to be remedied; (iii) the Customer at any time becomes insolvent or bankrupt (or the equivalent in any jurisdiction) or enters into any arrangements with or for the benefit of its creditors or be wound up compulsorily or voluntarily (otherwise than for the purpose of a bona fide reconstruction or amalgamation without insolvency) or has a receiver appointed of all or any part of its undertaking or assets ceases or threatens to cease to carry on business; (iv) Customer or any entity controlling Customer acquires, is acquired by and/or merges with another legal entity; or (v) Customer or any Licensed Users is sanctioned by the United Kingdom, the European Union, the United Nations or the United States of America trade sanction regimes.
13.5 XpertHR shall additionally be entitled to suspend supply of the XpertHR Data Services Product(s) to the Customer if it reasonably suspects that the Customer or any Licensed User is in breach of these Terms, and may impose a reasonable charge to the Customer for restoring the XpertHR Data Services Product(s).
14 Consequences of Termination or Expiry
14.1 On expiry, or on termination or cancellation for any reason, the Customer, its Affiliates, all Representatives, and all Licensed Users shall immediately cease using all of the terminated XpertHR Data Services Product(s) and Licensed Material, and shall promptly delete such Licensed Material from each of their systems, applications or other storage. Customer shall provide certification to XpertHR of any such destruction upon XpertHR's request.
14.2 The undertaking to delete Licensed Material does not apply to any data which the Customer is required to retain under any applicable legal or regulatory obligation including the rules of a professional body (in each case only to the extent and for such time as is required under any such obligation), provided that and for as long as Customer (i) continues to comply with the provisions of these Terms in Clause 2.5 (licence restrictions) Clause 4.1 (security), Clause 5 (Intellectual Property Rights) as well as Clause 16 (confidentiality), and (ii) only retains such copies in its archives and does not use the Licensed Material in any part of its business for any reason.
14.3 In no event will the termination or expiry relieve Customer of its obligation to pay any fees payable to XpertHR for the period prior to the effective date of termination.
14.4 If the Order Form is terminated for any reason other than discontinuation of the applicable XpertHR Data Services Product(s), Customer must pay any unpaid fees covering the remainder of the term of existing Order Forms to XpertHR.
14.5 Expiry or termination of these Terms shall be without prejudice to the accrued rights and obligations of the parties and, in particular, Clause 25 (Definitions), Clause 5 (Intellectual Property Rights), Clause 11 (Verification and Audit), Clause 12 (Limitation of Liability), Clause 16 (Confidentiality) and Clause 3 (Fees) in so far as it sets out Customer's obligation to pay all amounts due hereunder shall survive expiry or termination for whatever reason.
15 Data Protection
15.1 The terms "controller", "data subject", "personal data", "personal data breach", "processing", and "processor" will have the meanings ascribed to them in the Data Protection Laws, and where the relevant Data Protection Laws use the term 'data controller' or 'data processor', they shall be read as controller and processor, respectively. "Data Protection Laws" means all data protection laws and regulations, including those of the United Kingdom ("UK"), Switzerland, European Economic Area ("EEA") and the European Union ("Union"), applicable to the processing of personal data under the Agreement, including the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR") from May 25, 2018.
15.2 Customer recognises that, in the process of accessing and using the XpertHR Data Services Product(s) and Licensed Materials, it and the Licensed Users will supply personal data. Customer represents and warrants that it and the Licensed Users have complied with all applicable obligations under the Data Protection Laws in supplying personal data to XpertHR, including providing any required notices and obtaining any required consents and authorizations for XpertHR's processing such personal data, and that it is responsible for its decisions and actions concerning the use and other processing of the personal data.
15.3 To the extent that XpertHR acts as a processor of personal data on Customer's behalf, XpertHR will process such personal data in accordance with the Data Protection Laws and, as of May 25, 2018, the GDPR Data Processing Addendum ("DPA") attached to these General Terms as Schedule 1.
15.4 Customer acknowledges and agrees that the Services XpertHR provides include (i) compiling statistical and other information related to the performance, operation and use of the XpertHR Data Services Product(s) and Licensed Materials, and (ii) use data in aggregated and/or anonymized form for security and operations management or for research and development purposes or other business purposes, provided that such information and data will not identify or serve to identify Customer or any data subject.
15.5 The XpertHR Data Services Product(s) provide analysis and insight, Customer alone will be responsible for any decisions it may take using insights from XpertHR Data Services Product(s) as one of several factors, and that therefore Customer will be responsible for compliance with any requirements under Articles 21 or 22 GDPR in so far as they might arise as well as for responding to any requests from any data subject (subject to Clause 4 of the DPA).
16 Confidentiality
16.1 Each party receiving Confidential Information ("Receiving Party") from the other party ("Disclosing Party") shall: (i) use the Disclosing Party's Confidential Information solely for the purposes of fulfilling its obligations under these Terms (ii) keep the Disclosing Party's Confidential Information secure and take no lesser security measures and degree of care to protect the Disclosing Party's Confidential Information than the Receiving Party applies to its own confidential or proprietary information (but not less than reasonable care); and (iii) not disclose the Disclosing Party's Confidential Information to any third party except with the prior written consent of the Disclosing Party or in accordance with this clause
16.2 The obligations of confidentiality shall not apply where the Receiving Party can demonstrate that the Confidential Information: (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party; (ii) is or was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party; (iii) is or was received from a third party without breach of any obligation owed to the Disclosing Party; or (iv) was independently developed by the Receiving Party.
16.3 Upon the expiry or termination of these Terms, each party will promptly return or destroy the relevant Confidential Information of the other and any copies, extracts and derivatives thereof, except as otherwise set out in these Terms.
16.4 The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of the compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the disclosure.
16.5 Each party acknowledges that its breach of this Clause may cause irreparable injury to the other party for which monetary damages may not be an adequate remedy. Accordingly, a party will be entitled to seek any legal or equitable remedies in the event of such a breach by the other. The operation of this clause shall survive the termination or expiration of these Terms.
17 Notice
17.1 To Customer. XpertHR may provide any notice to Customer under these Terms by: (i) posting a notice XpertHR's website; or (ii) sending a message to the email address then associated with Customer's account. Notices XpertHR provides by posting on its website will be effective upon posting and notices by email will be effective when XpertHR sends the email. It is Customer's responsibility to keep Customer's email address current. Customer will be deemed to have received any email sent to the email address then associated with Customer's account when the email is sent, whether or not Customer actually receives the email.
17.2 To XpertHR. To give XpertHR notice under these Terms, Customer must contact XpertHR as follows: by personal delivery, overnight courier or registered or certified mail to LNRS Data Services Ltd, Quadrant House, Sutton, Surrey, SM2 5AS, United Kingdom, attention General Counsel. XpertHR may update the address for notices by posting a notice on XpertHR's website. Notices provided by personal delivery will be effective immediately. Notices provided by overnight courier will be effective one business day after they are sent. Notices provided registered or certified mail will be effective three business days after they are sent.
18 Governing Law and Jurisdiction
18.1 These Terms and any dispute or non-contractual obligation arising out of or in connection with them shall be governed by, and construed in accordance with the laws of England and Wales.
18.2 Each party hereby submits to the exclusive jurisdiction of the courts of England and Wales over any dispute arising out of or in connection with these Terms.
19 Entire Agreement
These Terms, including all schedules hereto and together with the Order Form, constitutes the entire agreement and understanding between the parties and supersedes any prior and contemporaneous agreements, proposals or representations, written or oral, between them concerning the subject matter of these Terms and the Order Forms. Each party acknowledges that, in entering into these Terms, it does not rely on any statement, representation, assurance or warranty of any person (whether a party to these Terms or not) other than as expressly set out in these Terms or any Order Form. Nothing in these Terms shall restrict or exclude any liability for (or remedy in respect of) fraud or fraudulent misrepresentation. Neither these Terms, nor any order or associated Order Form shall be modified by any purchase order submitted by Customer, even if such purchase order is accepted by XpertHR.
20 Assignment
Customer may not assign, novate or otherwise transfer any of its rights or obligations hereunder, whether by operation of law or otherwise, without XpertHR's prior written consent. XpertHR may assign, novate or otherwise transfer any or all of its rights and/or obligations under these Terms at any time; provided, the assignor/transferee assumes the performance obligations set forth hereunder. Subject to the foregoing, these Terms will bind and inure to the benefit of the parties, their respective successors and permitted assigns.
21 Relationship of the Parties
The parties are independent contractors. Nothing in these Terms shall be construed as constituting a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties.
22 Third-Party Beneficiaries
Save as expressly set out in these Terms, a person who is not a party to these Terms has no rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any of its terms or otherwise.
23 Waiver and Cumulative Remedies
No failure or delay by either party in exercising any right under these Terms will constitute a waiver of that right. The rights and remedies arising under, or in connection with, these Terms are cumulative and, except where otherwise expressly provided in these Terms, do not exclude rights and remedies provided by law or otherwise. Any termination of these Terms and/or parts of them does not affect any accrued rights or liabilities of either party and nor does it affect the coming into force or the continuance in force of any provision of the Terms that is expressly or by implication intended to come into or continue in force on or after such termination.
24 Severability
If any provision (or part provision) of these Terms is or becomes illegal, invalid or unenforceable in any respect: (i) it shall not affect or impair the legality, validity or enforceability of the remaining provisions of these Terms; and (ii) that provision (or part provision) shall be limited or eliminated to the minimum extent necessary so that these Terms shall otherwise remain in full force and enforceable effect.
25 Definitions
These Terms contain the following definitions:
"Affiliate" in respect of a corporate entity means any other corporate entity which directly or indirectly, controls, is controlled by or is under common control with such entity and the term "control" (including the terms "controlled by" and "under common control with") in relation to an entity means the power to direct or cause the direction of the management and policies of another entity, whether through the ownership of voting securities, by contract or otherwise;
"Confidential Information" means any information which is disclosed by one party to the other whether before or after the Start Date, which is designated in writing as confidential or would appear to a reasonable person to be confidential and which relates to a party's business, affairs, operations, customers, processes, budgets, pricing policies, products, information, strategies, developments, trade secrets, know-how, design rights, market opportunities, personnel, plans or intentions, suppliers, other contracting parties, or other persons in respect of whom a confidentiality obligation may arise of the party disclosing it;
"Contract Year" means any period of 12 consecutive calendar months commencing on (a) the Start Date of an order or (b) any anniversary thereof occurring during the term of the applicable order;
"Customer" means the legal entity specified as customer in the applicable Order Form;
"Customer Data" means all code, data, documents, information, text, drawings, statistics, analysis, diagrams, images, sounds and other Licensed Materials embodied in any form relating to Customer which Customer may supply (or make available) to XpertHR, XpertHR's Affiliates and/or a XpertHR sub-contractor;
"Derived Materials" means Derived Materials created by or on behalf of the Customer incorporating more than an insubstantial portion of the Licensed Material in combination with other information and/or data for the purposes of creating another product or other offering, whether in the form of analyses, directories, databases, mailing lists or otherwise;
"Intellectual Property Rights" means: (i) patents, utility models, supplementary protection certificates, petty patents, rights in trade secrets and other confidential or undisclosed information (such as inventions (whether patentable or not) or know-how) registered designs, rights in copyright (including authors' and neighbouring or related insert "moral" rights), database rights, design rights, semiconductor topography rights, mask work rights, trademarks and service marks; (ii) all registrations or applications to register any of the items referred to in paragraph (i); and (iii) all rights in the nature of any of the items referred to in paragraphs (i) or (ii) including continuations, continuations in part and divisional applications, reputation, personality or image, trade names, business names, brand names, get-up, logos, domain names and URLs, rights in unfair competition and, without prejudice to anything set out elsewhere in this definition, rights to sue for passing off and all rights having equivalent or similar effect to, and the right to apply for any of, the rights referred to in this definition in any jurisdiction;
"Licence Type" means the type of licence specified on the applicable Order Form authorizing Customer's use of the Licensed Material.
"Licensed Material" means all information, data and editorial content including all updates thereof, contained within or made available through or as part of XpertHR Data Services Product(s), whether such information, data or editorial content is obtained by XpertHR from publicly available sources or third party providers or generated or curated by XpertHR itself;
"Licensed User" means a named employee or Representative of the Customer who is authorised to access and use the Licensed Material in accordance with these Terms, the Permitted Purpose and the special conditions set forth in the applicable Order Form;
"Per User Licence" means the licence type whereby only the named individual(s) may access the XpertHR Data Services Product(s) and use the Licensed Material in the ordinary course of the Customer's regular business as related to its business sector;
"Permitted Purpose" shall have the meaning set out in the Order Form. If the Order Form is silent, it means Customer's use of the Licensed Material for Customer's internal business purposes in the ordinary course of managing its workforce and in line with the Licence Type;
"Permitted Affiliate" means each of the Customer's Affiliates listed on the applicable Order Form;
"Personal Data" means any information relating to an identified or identifiable individual that XpertHR is processing on behalf of Customer under these Terms;
"Representative" means an individual contractor or agent engaged by Customer to perform services in support of Customer's use of the Licensed Material in accordance with the Permitted Purpose. A Representative with access to the Licensed Material shall at all times be bound to written terms and conditions with Customer consistent with the terms and conditions protecting the Licensed Material as required under these Terms;
"Start Date" means the commencement date of Customer's access to the Licensed Materials listed on the applicable Order Form.
"XpertHR" is a trading name of LNRS Data Services Ltd, and all references to XpertHR in these Terms are to LNRS Data Services Ltd;
"XpertHR Data Services Product(s)" means: the data products or information services (delivered in various formats and channels including but not limited to online user interfaces, by emails, in excel spreadsheets or pdf documents, made available on FTP servers or other secure online locations, or via an application program interface or other automated means), online reference services and software tools including all components thereof licensed by or on behalf of XpertHR;
Schedule 1
GDPR Data Processing Addendum
1. Scope
1.1. This GDPR Data Processing Addendum ("DPA") applies to XpertHR's processing of personal data on Customer's behalf under the Agreement. With regard to such processing, Customer is the controller of the personal data and XpertHR is the processor of the personal data. This DPA does not apply where XpertHR is a controller of personal data.
2. Processing
2.1. XpertHR shall not engage another processor without Customer's prior specific or general written authorisation. In the case of general written authorisation, XpertHR shall inform Customer of any intended changes concerning the addition or replacement of other processors, thereby giving Customer the opportunity to object to such changes in the manner more specifically set forth herein.
2.2. XpertHR's processing shall be governed by this DPA under Union or governing Member State law as set forth in the Agreement. In particular, XpertHR shall:
a) process the personal data only on Customer's documented instructions, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by the Union or Member State law governing such personal data; in such a case, XpertHR shall inform Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
b) ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
c) take all measures required pursuant to Article 32 of the GDPR;
d) respect the conditions referred to in paragraphs 2.1 and 2.3 for engaging another processor;
e) taking into account the nature of the processing, assist Customer by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of Customer's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR;
f) assist Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of processing and the information available to XpertHR;
g) at Customer's choice and/or on expiry or termination of the Agreement, delete or return to Customer all the personal data after the end of the provision of services relating to processing and delete existing copies unless Union or Member State or other applicable law requires storage of the personal data (which, for the avoidance of doubt, does not apply to aggregated or anonymized data);
h) make available to Customer all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by Customer or another auditor Customer mandate;
i) immediately inform Customer if, in XpertHR's opinion, an instruction from Customer to XpertHR infringes the GDPR or other Union or Member State data protection provisions.
2.3. Where XpertHR engages another processor for carrying out specific processing activities on Customer's behalf, the same data protection obligations as set out in this DPA shall be imposed on that other processor by way of a contract or other legal act under Union or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR. Where that other processor fails to fulfil those data protection obligations, XpertHR shall (subject to the terms of the Agreement) remain fully liable to Customer for the performance of that other processor's obligations.
2.4. The subject-matter of XpertHR's processing is the personal data provided in respect of the XpertHR Data Services Product(s) and Licensed Materials under the Agreement. The duration of the processing is the duration of the provision of the XpertHR Data Services Product(s) and Licensed Materials under the Agreement. The nature and purpose of the processing is in connection with the provision of the XpertHR Data Services Product(s) and Licensed Materials under the Agreement. The types of personal data processed are as set out in the product descriptions made available to Customer from time to time, and may also include any other types of personal data submitted to the XpertHR Data Services Product(s) as agreed between the Customer and XpertHR. The categories of data subjects are Customer's current and previous employees and other workers, representatives, Licensed Users and others whose personal data is submitted to the XpertHR Data Services Product(s).
2.5. The Agreement including this DPA are Customer's complete and final documented instructions to XpertHR for the processing of personal data. Additional or alternate instructions must be agreed upon separately by the parties. XpertHR will ensure that its personnel engaged in the processing of personal data will process personal data only on Customer's documented instructions, unless required to do so by Union, Member State or other applicable law.
3. Subprocessing
3.1. Customer hereby provide XpertHR general consent to engage other processors for the processing of personal data in accordance with this DPA. XpertHR shall maintain a list of such processors at https://www.xperthr.co.uk/pages/subprocessors. At least 14 days before authorising any new such processor to process personal data, XpertHR shall update the list on XpertHR's website and provide Customer with a mechanism to obtain notice of that update. Customer may object to the change without penalty by notifying XpertHR within 14 days after receipt of XpertHR's notice. Without prejudice to any applicable refund or termination rights Customer has under the Agreement, XpertHR shall use reasonable endeavours to change, modify or remove the affected XpertHR Data Services Product(s) or Licensed Materials to avoid processing of personal data by such new processor to which Customer reasonably objects.
4. Data Subject Rights
4.1. XpertHR shall, to the extent legally permitted, promptly notify Customer of any data subject requests XpertHR receives and reasonably cooperate with Customer to fulfil Customer's obligations under the GDPR in relation to such requests. Customer shall be responsible for any reasonable costs arising from XpertHR's providing assistance to Customer to fulfil such obligations.
5. Transfer
5.1. XpertHR shall ensure that, to the extent that any personal data originating from the UK, Switzerland or EEA is transferred by XpertHR to another processor in a country or territory outside the UK, Switzerland or EEA that has not received a binding adequacy decision by the European Commission or competent national data protection authority, such transfer shall be subject to an appropriate transfer mechanism that provides an adequate level of protection in accordance with the GDPR.
6. Security of Processing
6.1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the parties shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
a) the pseudonymisation and encryption of personal data;
b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
6.2. In assessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
6.3. The parties shall take steps to ensure that any natural person acting under the authority of either party who has access to personal data does not process them except on instructions from Customer, unless he or she is required to do so by Union or Member State law.
7. Personal Data Breach
7.1. XpertHR shall notify Customer without undue delay after becoming aware of a personal data breach and shall reasonably respond to Customer's requests for further information to assist Customer in fulfilling Customer's obligations under Articles 33 and 34 of the GDPR.
8. Records of Processing Activities
8.1. XpertHR shall maintain all records required by Article 30(2) of the GDPR and, to the extent applicable to the processing of personal data on Customer's behalf, make them available to Customer as required.
9. Audit
9.1. Audits shall be:
a) Limited to the processing of personal data and compliance with this DPA only;
b) Conducted by an independent third party reputable auditor;
c) Subject to the execution of appropriate confidentiality undertakings;
d) Conducted no more than once per year, unless a demonstrated reasonable belief of non-compliance with the Agreement has been made, upon thirty (30) days written notice and having provided a plan for such review; and
e) Conducted at a mutually agreed upon time and in an agreed upon manner.
10. Conflict
10.1. If there is any conflict or inconsistency between the terms of this DPA and the General Terms or Additional Terms, the terms of this DPA shall control to the extent required by law. Otherwise, the General Terms shall control in the case of such conflict or inconsistency.
Schedule 2
LNRS Data Services Security
XpertHR is provided by LNRS Data Services Limited ("XpertHR").
Introduction
At XpertHR we understand that the security of our products and services is one of a number of critical elements in your decision process. Our aim is to provide you with the confidence to make these choices by ensuring you have the information on how XpertHR implements safeguards designed to maintain the confidentiality, integrity and availability of the data you entrust to us.
Regulatory Compliance and Certifications
XpertHR complies with applicable local, national, and foreign laws, including those related to data privacy and transmission of personal data. XpertHR maintains a formal and comprehensive security program designed to ensure the privacy and confidentiality of client data, including to seek to protect against security threats or data breaches and prevent unauthorized access to data and systems associated with XpertHR services.
The XpertHR Security Team works in alignment with our business to deliver a global security strategy throughout our business, products and services.
ISO 27001:2013 Standard
ISO27001 is a standard for Information Security Management Systems (ISMS) published in 2013 by the International Organization for Standardization (ISO). This standards-based approach to security is supported internationally by members of the ISO and is commonly used by businesses around the world.
The Security policies and standards followed by XpertHR are based upon ISO 27001, designing and implementing security controls as part of an overarching management process to meet security needs on an ongoing basis.
Security Operations
Our operational security processes and procedures ensure endpoint protection through the identification, assessment and deployment of patches to protect against new vulnerabilities and the maintenance and monitoring of anti-virus through industry recognised products.
XpertHR performs regular vulnerability assessments of our internal and external facing services and environments, using a variety of specialist tools. Where we employ the use of third-parties these entities are assessed to determine their security posture and any impact that they may have on the security of XpertHR products and services and client data.
Network Security
XpertHR operates defense-in-depth controls across our network infrastructure including the maintenance and monitoring of Firewalls and Intrusion Protection Systems in conjunction with tiered security architectures that further enhance the protection of data within our environments.
Application Security
All development within XpertHR follows a defined Software Development Life Cycle (or SDLC), which includes secure coding practices and security testing. Our Secure SDLC stresses the incorporation of security considerations as part of our standard development practices across all phases.
Web enabled services are secured using Web Application Firewalls and Hypertext Transfer Protocol Secure (HTTPS) to reduce risk and ensure encrypted communications of sensitive data.
Data Security
Our products and services are designed to ensure that access is available only to authorized individuals. Controls are defined based on data risk and include, as appropriate, the use of role based access, encryption at rest, data segmentation and segregation of duties.
Physical Security
XpertHR hosts its production systems in data centres designed to protect from environmental and physical threats. With fully redundant subsystems and compartmentalized security zones, the data centres used by XpertHR adhere to the strict physical security measures and, as appropriate:
- Multiple layers of authentication before access is granted to sensitive areas
- Camera surveillance systems at critical internal and external entry points
- Security personnel monitor 24/7
- Unauthorized access attempts are logged and monitored by data centre security personnel
- All physical access to the data centres is highly restricted.
Summary
We continue to adapt and evolve our security controls to meet the challenges of changes to our risk profile.
If you have any further questions, please direct them to your primary contact at XpertHR.