1.1 This document contains the terms and conditions on which Juksta GDPR Representative Limited will provide Customer with any Services. You must read the document from start to finish. Only if you agree with all its terms and conditions should you accept the terms and conditions by clicking "I Agree" on the Website. To comply with your obligations under GDPR you should print and keep a copy of this Agreement.
1.2 When you click "Agree and Signup" to this Agreement on the Website an agreement is made between:
(a) Juksta GDPR Representative Limited (Juksta);
(b) the person who clicks "I Agree", or if that person is an employee acting in the course of his/her employment, the agreement is made by, and binds, the employer of that person (the employer will be deemed to be the entity that is named as the "Customer" in the Contract Details), or if that person is acting as agent for another person, the agreement binds the principal named as the "Customer" in the Contract Details. The person who clicks "I Agree" and is acting in the course of his/her employment or as agent warrants to Juksta that he/she has authority to act on behalf of his/her employer (or the "Customer", as applicable) to enter into the Agreement.
1.3 Juksta does not offer or provide the Services to any undertaking where that undertaking or its group of undertakings has a total worldwide annual turnover in excess of Euro 500 million (as defined by GDPR) and so:
(a) there is no agreement between the parties if Customer and/or its group of undertakings has a total worldwide annual turnover in excess of Euro 500 million at the date when Customer clicks “I Agree” to this Agreement;
(b) this Agreement automatically terminates with immediate effect on the date when Customer and/or its group of undertakings has a total worldwide annual turnover in excess of Euro 500 million, unless the parties have expressly agreed otherwise in writing.
Juksta will refund any Fees and Taxes paid for any period where there is no agreement or the Agreement has end under this clause.
1.4 If Customer has been granted a trial subscription, in accordance with Contract Details, then:
(a) Juksta will act as your “representative” under Article 27 during the trial period;
(b) no Fees will be charged for the “representative service” during the trial period, including the Periodic Fees for the use of the Platform and any Included Requests or Fees for any Additional Requests;
(c) Customer must pay any Fees it incurs for any manual translations or Service Items it acquires from Juksta during the trial period;
(d) both parties must comply with the agreement during the trial period;
(e) Customer may terminate the Agreement at any time before the end of the trial period by:
(i) first notifying Juksta using the features in the Platform that it has complied with the obligations in clause 3.3(d)(termination notices are not valid unless this obligation is performed); and
(ii) then giving Juksta notice using the features in the Platform to terminate the Agreement before the end of the trial period.
(f) unless Customer provides the notices in accordance with clause 1.4(e), the parties shall be deemed to enter into a new Agreement for the new 12 month Contract Period on the day after the last day of the trial period, on the basis of the Fees and terms and conditions in the Contract Details, and Juksta shall automatically start deducting the Fees in accordance with clause 6 of this Agreement.
Establishment of Services
(a) complete the set up procedures in the Platform that results in the Service displaying Customer's name, address, privacy representative's contact details and branding in the Service;
(c) use the features in the Platform to:
(i) provide Juksta with such details as to its business and compliance with Privacy Laws as Juksta may reasonably request;
(ii) notify Juksta in writing of any Enforcement Action or Data Request received by Customer in the previous 12 months (and any details Juksta reasonably requests as a result); and
(iii) provide Juksta with details of and evidence of its insurances as required by clause 10.
(a) Customer has not completed its obligations under clause 2.1 within 10 Business Days of the Effective Date; or
(b) Juksta is not satisfied that the details that Customer has provided to it under clause 2.1 do not expose Juksta to legal or commercial risks that Juksta is not prepared to accept, in its absolute discretion,
then Juksta may either terminate this Agreement and return any monies received from Customer or it may agree other arrangements that are acceptable to both parties.
(a) a platform that facilitates the transfer of Requests and communications between interested persons, including facilitation of access to a third party Translation Tool, the handling of Requests and communications that are received outside of the Platform, in so far as are needed to meet the requirements of Article 27 of GDPR; and
(b) a Platform that facilitates Customer acquiring Service Items.
2.4 The parties acknowledge and agree that the Service does not include, and Juksta is not liable for:
(a) the content of any Requests or communications made through the Service;
(b) the validity, truthfulness, completeness or authenticity of any Request or communication made through the Service, information or documentation provided by any person, including any identity information;
(c) the identity or age of any person making any Request or using the Service;
(d) the availability or accuracy of any Translation Tool or its output;
(e) the availability, features or content of any third party provided Service Items;
(f) the application or interpretation of any Privacy Law.
(a) the parties will perform the set up as set out in clause 2.1 in preparation for the possible supply of an Article 27 representative services;
(b) Juksta is not a "representative" under Article 27 of GDPR and is not required to provide any "representative services" under this Agreement unless and until the UK ceases to be an EU Member State;
(c) no Fees will be charged for any Article 27 representative services services including the Periodic Fees for the use of the Platform and any Included Requests or Fees for any Additional Requests, until the UK ceases to be an EU Member State;
(d) Customer must pay any Fees it incurs for any Service Items it acquires from Juksta at any time prior to the date that the UK ceases to be an EU Member State;
(e) Juksta may terminate the Agreement for any reason at any time prior to the date that the UK ceases to be an EU Member State;
(f) if the UK ceases to be an EU Member State and Juksta has not terminated the Agreement in accordance with clause 2.5(e) then on the date that the UK ceases to be an EU Member State:
(i) Juksta becomes the Customer's "representative" under Article 27 of GDPR and is required to provide any Article 27 representative services under this Agreement from that date;
(ii) that date is the first day of the Contract Period.
2.6 The Periodic Fee that is payable during a Service Billing Period includes up to the maximum number of Included Requests set out in the Contract Details irrespective of the number of Included Requests are actually made, used or provided in that Service Billing Period.
2.7 If, during the Service Billing Period, there are Additional Requests then Customer must pay for those Additional Requests at the rates set out in the Contract Details.
2.8 The Services are provided, and the Fees are calculated on the basis that the Services are provided, in the English language. However the parties acknowledge that there are multiple official languages under which GDPR operates, and it may be necessary or convenient to translate Requests or documents into other languages. The Service includes facilitating access to a third party Translation Tool.
2.9 If Customer chooses to use the Translation Tool Customer acknowledges and agrees that:
(a) the Translation Tool is provided by the third party provider of the Translation Tool and not Juksta;
(b) the Translation Tool will not operate with any document that is not in a format that the Translation Tool is capable of reading the text, (e.g. PDF scanned documents);
(c) Juksta is not responsible for any use of, or output from, the Translation Tool;
(d) Juksta strongly recommends that where a "legally accurate" translation is required, Customer uses a specialist, professional translation service.
2.10 If Customer requests manual translation of any Request, other documentation or communication in any language other than English, then Juksta will arrange for such services, and the Customer must pay any additional costs in at Juksta's then current time and materials based translation Fees, addition to the Periodic Fees.
2.11 The Platform provides for Requests or other communications made through the Platform will be communicated in electronic form.
2.12 If any Request or other communication is received by Juksta from any person in hard copy form or otherwise outside of the Platform, Juksta will scan and/or enter that Request/communication into the Platform in the language in which it is received for Customer to manage within the Platform. Juksta may destroy all hard copies of any request or communication, including identity documentation, that it has received in hard copy form immediately following scanning, without liability to Customer.
2.13 Where the Platform allows Customer to order Service Items these Service Items will be provided to Customer by the third party that owns (or who is an authorised distributor) of the Service Item. Juksta's role is to promote such Service Items and collect payment for the Service Item only, and any contract for the supply of the Service Items is between Customer and the third party that owns (or who is an authorised distributor) of the Service Item.
2.14 At least 10 Business Days prior to the end of each Contract Period, Juksta may provide Customer with notice (Renewal Notice) of the Service, Fees and terms and conditions applicable for a subsequent Contract Period of equal length to the previous Contract Period, including providing such notice using the features in the Platform. This clause does not apply if the Customer is in a trial period.
(a) first notify Juksta using the features in the Platform that it has complied with the obligations in clause 3.3(d) before it is entitled to notify Juksta of termination of this Agreement (termination notices are not valid unless this obligation is performed); and
(b) then give Juksta notice using the features in the Platform, to terminate the Contract Period before the end of the Contract Period.
This clause does not apply if the Customer is in a trial period.
2.16 Unless Customer provides the notices in accordance with clause 2.15, the parties shall be deemed to enter into a new Agreement for the new Contract Period on the day after the last day of the previous Contract Period, on the basis of the Fees and terms and conditions in the Renewal Notice.
2.17 During the Contract Period Juksta may request information relating to Customer's compliance with Privacy Laws and its insurance cover for privacy related risks, and Customer must supply that information within 10 Business Days of receipt of the request, at no cost to Juksta.
2.18 If Juksta forms the opinion, in its absolute discretion, that Customer's level of compliance with Privacy Laws is insufficient or its insurance for privacy related risks is inadequate, or that Juksta will be assuming risks that are incompatible with the normal risks of providing the Service to a customer that meets the requirements of Privacy Laws, Juksta will notify Customer in writing. If Customer fails to satisfy Juksta as to its compliance with Privacy Laws within 10 Business Days, Juksta may terminate the Agreement by giving written notice, without liability to Customer.
2.19 If Privacy Laws change (including as a result of any regulatory ruling or guidance note or any court decision) during the Contract Period, and, in the opinion of Juksta, such change requires a significant change in the cost of, or risk in, performing the Services, Juksta will issue Customer with a notice of this fact and will offer to discuss the issues with Customer with a view to amending the Agreement to address the issues. If the parties are unable to agree a change within 30 days of date of issue of the notice, Juksta reserves the right to terminate the Agreement by giving written notice, without liability to Customer.
2.20 Customer may use the export feature in the Platform to download any data that the export feature supports at any time during the Contract Period. Juksta will retain data in the Platform as follows:
(a) identity data that is uploaded in the Service as an identity data file, for 90 days from date of upload;
(b) any Requests and other communications that are uploaded in the Service, for 7 years from date of upload,
and thereafter Juksta may automatically and permanently delete such data without liability to Customer. Juksta may archive Requests and other communications data at shorter intervals in accordance with good data governance and security practice, and this may affect response times when seeking to access such archived data.
3. Nature of Representative Services under Article 27
Compliance with Article 27
3.1 It is acknowledged and agreed that Article 27 representative services are regulated by the GDPR, and that Customer and Juksta must act in accordance with the relevant obligations under GDPR in respect of the Article 27 representative services.
3.2 Juksta must:
(a) maintain its contact details in a publicly available location, including on its website;
(b) maintain a presence in an EU Member State;
(c) act on behalf of the Customer as its Article 27 representative;
(d) liaise with Customer in respect of any Requests or communication from data subjects, Supervisory Authorities or others on issues relating to processing personal data;
(e) co-operate with any competent Supervisory Authority with regard to any action taken to ensure compliance with GDPR,
in accordance with the requirements of the GDPR.
(a) must notify the Supervisory Authority and publish details of Juksta appointment as is required under GDPR. Customer hereby appoints Juksta as its lawful agent to notify any Supervisory Authority of the period that it is acting as Customer as its representative under Article 27(1) of the GDPR (including providing a notice of commencing to act and a notice when ceasing to act);
(b) appoints Juksta to be addressed in addition to or instead of Customer by third parties, including in particular Supervisory Authorities and data subjects, on all issues related to processing of personal data for the purpose of complying with GDPR;
(e) implement and comply with any operational procedures notified to Customer from time to time, including procedures relating to the automatic transmission of Requests and communication made using the Platform and requirements to respond to Requests/communications using the Platform.
3.4 Juksta is not obliged to represent Customer with any particular view or opinion, and reserves the right to refuse to send any Request/communication (except to the extent required by the GDPR).
3.5 Where Juksta is providing Services under the Agreement, this document is the written document evidencing Customer's appointment of Juksta as its representative under Article 27(1) of the GDPR.
(a) it is required to have an Article 27 representative service; and
(b) Juksta's Article 27 representative service meets Customer's needs.
3.7 The Fees do not include any services or expenses which may arise from any Enforcement Action. The Services are priced solely to manage Requests/communications made using the Service and not to accept any risk associated with any Enforcement Action.
(i) assist Customer to deal with the Enforcement Action;
(ii) defend itself from any Representative GDPR Liability;
(b) Customer must immediately:
(i) provide Juksta with copies of all documents, records, data and information;
(ii) provide Juksta with access to, and Customer must ensure full co-operation and disclosure from, its directors, officers, employees, agents, contractors, insurers, lawyers, accountants and other professional advisers,
as Juksta deems necessary or convenient to defend any Enforcement Action;
(c) Juksta may immediately engage lawyers to advise and defend itself from any Representative GDPR Liability;
(d) if Juksta's lawyer advises that Juksta may be liable for any Representative GDPR Liability then unless Juksta's lawyer advises that Juksta is protected by Customer's insurance that is required under clause 10, Customer must within 7 days of demand provide Juksta with an unconditional bank guarantee in the form required by Juksta or other form of unconditional financial security, from a bank or other financial institute in a jurisdiction of the complainant, Regulator or Juksta as determined by Juksta, in an amount that is no less than the amount advised by Juksta's lawyers as the maximum amount of Juksta's liability in the circumstances of the Enforcement Action plus any costs associated with investigating and defending the Enforcement Action. If Customer disputes this amount, then Customer must first provide the security required by Juksta, then it may provide an alternative legal opinion from a senior lawyer (more than 20 years standing) stating the maximum amount of the Juksta's liability in the circumstances. Juksta will review this advice and may, in its discretion but acting in good faith, reduce the amount of the security that it requires. Juksta may draw on the financial security to reimburse Juksta for any loss, damage, expense or costs it suffers or incurs in connection with any Representative GDPR Liability, including costs associated with investigation and defending the Enforcement Action. Juksta shall release Customer from its obligations to provide the financial security once Juksta's lawyer advises it that its exposure to the GDPR Representative Liability has ended.
3.9 Juksta may at any time following the initiation of an Enforcement Action immediately terminate the Agreement by giving Customer written notice, without liability to Customer.
3.10 The Article 27 representative service is not a "legal service" that is regulated as a legal service under any laws in any jurisdiction.
3.11 To the extent that Juksta provides Customer with information in respect of Privacy Laws or Applicable Laws, any Data Request or Enforcement Action, this advice is factual, general information only and is not tailored to Customer's particular circumstances.
3.12 Customer must seek its own legal advice in respect of its compliance with Privacy Laws, Applicable Laws, Data Requests and Enforcement Actions.
4. Customer Obligations
(a) comply with all Privacy Laws;
(b) provide necessary responses, within the required timescales, to any Request or communication made using the Service relating to a Data Request, Enforcement Action or from Juksta; and
(c) comply with any other Applicable Laws.
4.2 Notwithstanding that the Platform includes a facility for a person making a Request or other communication using the Platform to provide information and documentation that identifies them (and for corporate entities or Regulators, their organisation), their age, geographic place of residence, and the need to identify a responsible person (e.g. a parent or guardian) (Responsible Person) to provide any consent required under Privacy Law (and information and documentation that identifies that Responsible Person, their age, geographic place of residence and relationship with person making the Request), it is acknowledged and agreed that Customer is solely responsible for:
(a) identifying the person (including any corporate entity/Regulator) that makes any Request/communication;
(b) establishing the age of any person making any Request/communication;
(c) identifying any requirement to obtain the consent from a Responsible Person for any person who makes any Request/communication (including establishing the correct jurisdiction and Privacy Law that applies in determining the age of any person making the underlying Request/communication);
(d) identifying the relationship between the person making the Request/communication and any Responsible Person;
(e) where the person making a Request/communication claims to be a Regulator or other corporate entity, identifying the authority of the person making the Request and the lawfulness of the Request/communication;
(f) selecting the language of Request/communication between the parties;
(g) complying with all Privacy Laws in making any Requests/communications.
4.3 Customer warrants that it has the rights and authority to provide, and will not be in breach of any agreements by providing, Juksta, its Affiliates and their respective contractors with access to or use of any Requests/communications and/or Intellectual Property Rights which Customer provides to any of them for use in connection with the Agreement.
5.1 Customer warrants to Juksta that Customer is entitled to use any promotional code or discount that it has used when entering into this Agreement. Customer must promptly notify Juksta in writing if it ceases to be entitled to use that promotional code or discount.
5.2 Juksta warrants to Customer that it will perform the Services with due skill and care and in a timely manner.
(a) the Periodic Fees for the use of the Platform and any Included Requests are due in advance on the first day of each Service Billing Period;
(b) the Fees for any Additional Requests are due at the end of the month of the Service Billing Period in which the Request was made;
(c) the Fees for any manual translations must be paid for in advance, unless otherwise agreed in writing by the parties;
(d) the Fees for any Service Item are due at the time Customer acquires the Service Item, unless stated otherwise in the Contract Details.
6.2 Customer must pay Juksta, (and Juksta may deduct from any Approved Card), the Fees and related Taxes by Approved Card, in the currency stated on the Website, in accordance with the payment process on the Website. Juksta will issue Customer with an invoice/receipt at the time of payment/receipt. Any Juksta Affiliate may collect payment as agent for Juksta.
6.3 Juksta will calculate the Fees due for any Additional Requests, manual translation or other Service Item and Customer must immediately pay Juksta (or Juksta may deduct from the Approved Card) the Fees and related Taxes due for such services.
6.4 Juksta may change the Fees for any Service, Additional Requests or other Service Item at any time by updating the Fees on the Website. The updated Fees will apply to the relevant Service, Additional Requests, manual translation or other Service Item from the beginning of the next calendar month or from the end of the Contract Period, whichever is the later.
6.5 Where the Fees, expenses and Taxes are denominated in a currency other than the currency that is used as the default currency of Customer's Approved Card (i.e. the Approved Card is not issued in the country which uses the currency of payment), Customer agrees:
(a) to pay any charge from the provider of the Approved Card for an international transaction;
(b) to use the exchange rate used by the provider of the Approved Card for the conversion of the Fees, Taxes or other amounts payable under this Agreement into the currency Juksta uses;
(c) that the net amount that is to be received by Juksta must always be the Fees, Taxes and other amounts that are dominated in the local currency specified in this Agreement or on the Website (as applicable).
6.6 Customer irrevocably authorises Juksta to deduct from any Approved Card that Customer has used to pay any amount under this Agreement or for which Customer has provided the details to Juksta, any:
(a) Fees and Taxes that are due under this Agreement;
(b) charge backs or fees, including any related Taxes, incurred by Juksta for any failed transaction from the Approved Card, as well as Juksta's then current administration fee for dealing with any failure to receive payment; and
(c) amount payable as damages, losses or expenses, or any amount payable under an indemnity, arising out of or in connection with this Agreement.
6.7 If there is any failure to make payment by the Approved Card by the due date for any reason, including that the Approved Card ceases to be valid, ceases to be authorised for debiting any amount stated in this Agreement or there is insufficient funds in the relevant account, then Customer must within 5 Business Days:
(a) provide an alternative Approved Card and authorise all amounts due to be deducted from that Approved Card; and/or
(b) make payment of all amounts due by another payment method agreed with Juksta.
6.8 Customer must pay a late charge for any failure to make any payment by the date required under this Agreement, calculated at a rate that is the lesser of 1.5% per month or the maximum rate permitted by law, from the date that the payment first becomes overdue, to the date that the payment is received by Juksta, both dates inclusive.
6.9 All Taxes must be paid by Customer in addition to the Fees and charges, so that the net amount received is the amount of the Fees and charges irrespective of any Tax. Customer must provide Juksta upon request, properly completed exemption certificates for any Tax from which the Customer is entitled to (and claims) an exemption.
6.10 It is acknowledged and agreed by Customer that Juksta may pay or receive commissions, rebate or other financial accommodation when promoting or providing the Services, including for any Service Item.
7.1 Customer grants Juksta the right to use (including re-sizing and re-formatting to enable proper use, whilst retaining the integrity of the mark) any trade mark, service mark, branding, name or get up that Customer supplies to Juksta in connection with the Agreement for the Contract Period:
(a) on Juksta's website, including on the its home page or list of customers; and
(b) on the Platform and any web page that is presented as being a landing page for data subjects, Regulators and others to communicate with Customer (such pages and Requests may be co-branded with Juksta Marks and/or Customer's branding).
7.2 Each party agrees to allow reference to the other and the relationship under the Agreement in its marketing presentations, marketing materials, lists of customers or suppliers (as applicable) and websites, as well as in discussion with prospective channel partners, customers and industry/financial analysts.
7.3 Each party may use the other's trade marks, logos, get up or other branding in connection with such materials and websites, with the other's prior written consent, such consent not to be unreasonably withheld.
8.1 The Recipient must not use any of the Discloser's Confidential Information except in connection with the performance of its obligations stated in the Agreement.
8.2 The Recipient must not disclose the Discloser's Confidential Information to any third party without obtaining the Discloser's prior written approval, provided that the Recipient may disclose the Discloser's Confidential Information to:
(a) its employees, agents and contractors (and those of its Affiliates) who have entered into a written agreement with the Recipient that is no less protective of the Discloser's Confidential Information than the Agreement, provided those persons have a need to know such information for the purposes of the Agreement;
(b) its lawyers, bankers, auditors, accountants and insurers, who have a need to know the information in order to provide professional advice to the Discloser relating to the Agreement.
8.3 The Recipient must use, and must ensure that any person to whom it is permitted by the Agreement to disclose the Discloser's Confidential Information to uses, the same measures to protect the Discloser's Confidential Information as it uses to protect its own confidential information, but in no event less than reasonable measures.
8.4 The restrictions in this clause 8 shall not apply to information that:
(a) is independently developed by the Recipient without any access to the Confidential Information of the Discloser;
(b) becomes known to the Recipient without restriction, from a third party who, to the Recipient's knowledge, was not bound by a confidentiality agreement with the Discloser, or otherwise prohibited from disclosing the information to the Recipient, or had the right to disclose it;
(c) was available to the Recipient on a non-confidential basis prior to disclosure by the Discloser;
(d) was lawfully in the possession of the Recipient before the information was disclosed to it by the Discloser;
(e) is or becomes in the public domain through no act or omission of the Recipient;
(f) the parties agree in writing is not confidential or may be disclosed; or
(g) is required to be disclosed under an order or requirement of a court, administrative agency, or other governmental body (but only to the minimum extent required to comply), provided however, that Recipient shall provide prompt notice to Discloser of any potential disclosure and shall use its reasonable efforts to prevent disclosure of such information.
8.5 Juksta must comply with the secrecy and confidentiality obligations in accordance with GDPR Article 38(5) when performing the Services.
8.6 Customer hereby agrees to Juksta using Customer's Confidential Information, and disclosing Customer's Confidential Information to:
(a) third parties (including data controllers or third party recipients of Personal Information);
(b) the relevant individuals (including data subjects);
(c) Supervisory Authority(ies);
(d) applicable regulators in local jurisdictions;
(e) other entities,
for any purpose that is required or permitted by GDPR or other Privacy Laws, including where there is a personal data breach (or similar, as defined, any GDPR or any other Privacy Laws) occurs, for the purpose of the performance of its obligations or rights under this Agreement or for the purpose of investigating or managing the risks associated with any Enforcement Action.
9. Privacy under GDPR
9.1 Where the Service is used to process personal data that is in a Request or other related communication Juksta is acting on behalf of Customer in respect of that personal data and so Customer is the data controller and Juksta is the data processor of that personal data under GDPR and in respect of that personal data Customer hereby instructs and mandates Juksta to act on Customer's behalf in accordance with Juksta's obligations as Customer's representative under Article 27 of GDPR.
9.2 In respect of a parties role as a data controller or data processor in respect of particular personal data that is disclosed between the parties under this Agreement:
(a) the controller shall solely determine the purposes and the manner in which the personal data shall be processed, and such purpose that be limited to:
(i) the performance of the rights and obligations under this Agreement;
(ii) where the data processor is Juksta, the evaluation and management of the risks of providing the Service, including the risks associated with any Enforcement Action;
(iii) any other purpose that the controller provides a documented instruction regarding; or
(iv) processing is required by the laws of the European Union or any EU Member State to which the controller is subject, in which case the processor shall to the extent permitted by such law inform the controller of that legal requirement before the relevant processing of that personal data;
(b) the controller shall ensure that it has all necessary or appropriate consents and notices in place to enable lawful transfer of personal data to the processor for the duration and purposes of the Agreement and the provision of the Services under this Agreement;
(c) the controller instructs the processor (and authorises its subprocessors, if any) to process personal data and transfer personal data to any country or territory as reasonably necessary for the provision of the Services, provided always that any transfer of personal data to which the GDPR applies outside of the EU is:
(i) to country or territory which the European Commission has determined there exists an adequate level of protection in accordance with Article 45 of the GDPR; or
(ii) subject to appropriate safeguards and on condition that enforceable data subject rights and effective legal remedies for data subjects are available in accordance with Articles 46 or 49 of the GDPR;
(d) the processor must assist the controller by adopting and maintaining appropriate technical and organisational measures, insofar as this is possible, specifically for the fulfilment of the controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR;
(e) the purpose and duration of processing of personal data on the controller's behalf is for the provision of the Services, for the period of this Agreement;
(f) the types of personal data to be processed are:
(i) contact details of directors, officers, employees, agents, contractors and suppliers to a party, including email address, phone number, online identifiers, including IP addresses, geo-locators;
(ii) identity details of users of the Services, including those of persons that a minor designates to be its responsible adult, including passport details, national identity card details, driver's licence, birth certificates, utility bills, and other identity documents,
(iii) personal information that is included in information that is loaded into the Website or the Platform by Customer or any person who is using the Services;
(g) the categories of data subjects to whom the personal data relates are:
(i) directors, officers, employees, agents, contractors and suppliers to a party;
(ii) regulators, data subjects, including persons that a minor data subject designates to be its responsible adult, and others who are exercising their rights under GDPR;
(iii) any other type of person who engages or interacts with the provision of the Service, the Agreement or the parties, in connection with the Agreement;
9.3 The controller must process personal data to with a standard of technical and organisational security that is the higher of:
(a) a high standard of care; or
(b) taking into account the nature of the processing, the standard needed to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the personal data to be protected.
9.4 The controller must take reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to the personal data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant personal data, as strictly necessary for the purposes of this Agreement, and to comply with laws in the context of that individual's duties to the controller, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
9.5 The controller must, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in relation to the personal data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR. In assessing the appropriate level of security, the controller must take account in particular of the risks that are presented by processing, in particular from a personal data breach.
9.6 The controller permits the processor to appoint such subprocessors of personal data provided that any such subprocessor complies with all Applicable Laws, including the GDPR. If a processor appoints a subprocessor as a subcontractor, the processor must comply with Article 28(3)(d) of the GDPR and must:
(a) inform the controller of any intended changes concerning the addition or replacement of subprocessors;
(b) have entered into or, as the case may be, will enter into, with the subprocessor a written agreement incorporating terms which are substantially similar to those set out in clauses 9.1 to 9.13.
9.7 Where Customer is the data controller, Customer permits Juksta to use the following subprocessor for the processing personal data to the extent set out in the table in Appendix A to this Agreement.
9.8 The processor must assist the controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of processing and the information available to the processor.
9.9 At the election of the controller, the processor must delete or return all the personal data to the controller after the end of the provision of the Services relating to processing, and delete existing copies unless an Applicable Law requires storage of the personal data.
9.10 The processor must make available to the controller all information necessary to demonstrate compliance with the obligations set out in clauses 9.1 to 9.13 and allow for and contribute to reasonable audits upon reasonable notice during working hours on normal business days, including inspections, conducted by the controller or another auditor mandated by the controller.
9.11 The processor must immediately inform the controller if, in its opinion, any instruction for the controller infringes GDPR or other Privacy Law.
9.12 Where there as a data breach involving the personal data that has been provided by the other party, then the party that has suffered the data breach must immediately, and in any event within 24 hours of the discovery of the data breach, notify the other party of the data breach, together with all information that is required to be provided to the Supervisory Authority and/or data subjects, as required under GDPR.
9.13 Where the controller is liable for any loss, damage, expense or costs or any administrative fine as a result of the processing by the processer or its sub-processor in breach of GDPR then the processor must indemnify and hold harmless the controller for any loss, damage, expense or cost that the controller is liable as a result, except to the extent that the processor proves that the loss, damage, expense or cost was caused by an event for which the processor was not in any way responsible.
9.14 Each party indemnifies and holds harmless the other party against any loss, damage and expense or cost arising from a breach of GDPR to the extent that the other party was responsible for the event that caused the loss, damage, cost or expense.
10.1 Customer must effect and maintain, or be the insured under, at its cost, the insurances listed in clause 10.2, (the Required Insurances). The Required Insurances must be effected with insurers which are rated not less than A- by Standard & Poor's (or an equivalent rating agency) which has deductibles of no greater than Euro 20,000 per claim or series of connected claims.
10.2 The Required Insurance is insurance for an amount of not less than Euro 20 Million (or 4% of Customer and its Affiliates global turnover, whichever is the higher) for any one loss and in aggregate for each policy year for any liability arising out of:
(a) Customer's breach of Privacy Laws;
(b) any Enforcement Action; and
(c) any GDPR Representation Liability;
(d) all legal defence costs on an indemnity basis for any such claim,
such insurance is to be maintained by Customer during the period of this Agreement and for a period of six years after termination of this Agreement.
10.3 Customer must ensure that all policies of insurance required to be taken out by Customer under this Agreement, note Juksta's interests under or in relation to this Agreement, including in particular providing that the insurer will pay any claim directly to Juksta if and to the extent that Juksta suffers or incurs any liability arising out of Customer's breach of Privacy Laws and/or any Enforcement Action and/or any GDPR Representation Liability and/or legal defence costs.
10.4 Within 5 days of the Effective Date, and on the anniversary of the renewal of the Required Insurances, Customer must provide Juksta with evidence that satisfied Juksta that it has complied with the requirements in this clause 10, including certificates of currency for the Required Insurances.
10.5 Customer must pay any excess/deductible in respect of its own claims under the Required Insurances.
10.6 Customer must not knowingly do or allow anything which would prejudice any of the Required Insurances, or cause them to be terminated.
10.7 Customer must notify Juksta immediately of any cancellation of any insurance policy that Customer is required to hold under this Agreement and of any change to such an insurance policy which affects Juksta's interests.
10.8 Without limiting Juksta's rights in relation to any insurance policy taken out by the Customer in accordance with this Agreement, if an event occurs or a circumstance arises which may affect Juksta's interests and which may give rise to a claim under any Required Insurance, Customer must:
(a) notify Juksta within 10 Business Days of that event;
(b) actively make a claim under the relevant insurance policy and remit to Juksta any insurance proceeds recovered by the Customer in respect of Juksta's rights and interests under or in connection with this Agreement; and
(c) ensure that Juksta is kept fully informed of any subsequent actions and developments concerning the relevant claim.
10.9 Juksta has the right to take out and maintain any insurance policy required by this clause 10, including insurance that provides indemnity to Juksta for any liability that Juksta may suffer or incur arising out of Customer's breach of Privacy Laws and/or any Enforcement Action and/or any GDPR Representation Liability, if the Customer fails to do so.
10.10 Any amount Juksta incurs in taking out and maintaining an insurance policy under clause 10.9 will be a debt due and immediately payable from Customer to Juksta.
11. Limitation of Liability
11.1 To the extent permitted by law and subject to clauses 11.2 or 11.3 the Juksta's liability to Customer for any claim whether it be in contract (including under an indemnity), tort (including negligence), breach of statutory duty or otherwise, arising out of or in connection with the Agreement shall be limited to the greater of:
(a) Euro 20,000; or
(a) a fine, reprimand or other penalty or order (including the consequences of any order) imposed upon Customer by a Supervisory Authority or other person arising out of or in connection with a breach or alleged breach of GDPR;
(b) any claim by any person, including a data subject, arising out of or in connection with a breach or alleged breach of GDPR;
(c) lost profits, lost revenue, failure to realise expected savings, lost or damaged data or business interruption, loss of goodwill or reputational damage; or
(d) indirect, consequential, special, punitive or exemplary,
even if Juksta has been advised of, knows of, or should have known of the possibility of such loss, damage or expense, unless it is unlawful to exclude such liability.
12.1 To the maximum extent permitted by law, Customer indemnifies Juksta, its Affiliates and their respective directors, officers, employees, contractors and agents from any loss, damage or expense incurred or suffered arising out of or in connection with:
(a) any of Customer's acts or omissions in respect of Privacy Laws;
(b) any of Customer's acts or omissions in respect of any other Applicable Laws;
(c) any Representative GDPR Liability;
(d) any failure to provide a bank guarantee or other financial security in accordance with clause 3.8(d);
(e) any work performed by Juksta, its Affiliates or their contractors, including internal costs of its own or its Affiliates' personnel, external advisers' fees and expenses under clause 3.8(a);
(f) breach of clauses 2.1, 3.3, 3.6, 4.1 and 10 of the Agreement,
except to the extent that the loss, damage or expense is directly and solely caused by the negligent act or omission of Juksta.
13.1 A party may immediately terminate the Agreement for the Service by giving the other party written notice if the other party:
(a) breaches any provision of the Agreement and the other party does not remedy it within 10 days of receipt of written notice of the breach;
(b) ceases to carry on business, is unable to pay its debts as they fall due, enters into liquidation or has a controller, managing controller, liquidator or administrator appointed or any suffers and similar event in its relevant jurisdiction.
13.2 Juksta may terminate the Agreement at any time by giving Customer written notice if Juksta believes that it is not able to exercise its responsibilities in accordance with the requirements of GDPR.
(b) any monies for unbilled Services, including for Service Items, or charges must be paid to Juksta immediately;
(c) each party shall immediately return to the other (or at the other party's request destroy) any of the other's Confidential Information related to the Agreement; and
(d) any obligation to provide a bank guarantee or financial security shall continue unaffected.
13.4 Any termination of the Agreement shall not prejudice, limit or restrict any other rights or remedies either party may have arising prior to such termination. To the extent permitted by law, Juksta shall be under no obligation to refund any amounts paid by Customer for any Service that has been provided, performed of for which Juksta was obliged to offer prior to any termination of the Agreement.
14.1 Any notice that is given under the Agreement:
(a) by Juksta, must be in writing and may be:
(i) for notices sent internationally, sent by priority courier to Customer's address stated in the Contract Details;
(ii) delivered to Customer's address stated in the Contract Details;
(iii) emailed to Customer at any email address provided by Customer; or
(iv) posted in the Platform;
(b) by Customer, must be in writing and must be:
(i) for notices sent internationally, sent by priority courier to Juksta's address stated in the Contract Details; or
(ii) delivered to Juksta's address stated in the Contract Details.
14.2 A notice is deemed to be received:
(a) when posted internationally using priority courier service: 3 Business Days after the date when it was dispatched;
(b) when delivered: on the day when the notice is received;
(c) when emailed: 1 Business Day after the email was sent, provided no notice of failure has been received by the sender within 8 hours of when the email was sent; or
(d) when posted in the Platform, 3 Business Days after it is posted.
Relationship of parties
14.3 The parties to the Agreement are independent contractors. Nothing in the Agreement shall be deemed to create an agency, employment, partnership, fiduciary or joint venture relationship between the parties, constitute any party the agent of another party, nor authorise any party to make or enter into any commitments for or on behalf of any other party.
Assignment and Subcontracting
14.7 No failure or delay by a party to exercise any right or remedy provided under the Agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it preclude or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall preclude or restrict the further exercise of that or any other right or remedy.
14.8 Except as specifically provided otherwise in the Agreement, the rights and remedies provided under the Agreement are cumulative and in addition to, and not exclusive of, any rights or remedies provided by law.
14.9 If any part of the Agreement is determined to be invalid, illegal or unenforceable by any court or competent authority, such part will be severed from the remainder of the agreement and the remaining provisions will continue in force.
14.10 Except as otherwise provided in the Agreement, the Agreement, or any part of it, may be only varied by the parties to the Agreement agreeing to the variation in writing (and the variation will be binding when all parties have signed the variation).
14.11 The parties acknowledge and agree that:
(a) the parties dealing with each other through electronic means;
(b) the Agreement may be signed, witnessed and varied through electronic communication using electronic signatures;
(c) a printed version of any document that has been signed by a party constitutes an original of that document.
14.12 Each party must do all acts and complete and execute all documents reasonably required by the other to enforce its rights under the Agreement.
14.13 All clauses that naturally survive termination of the Agreement, including clauses 3.8, 7, 8, 10, 12, 13.3, 14, 16 and 17, shall survive termination of the Agreement.
14.14 To the extent permitted by law:
(a) Juksta excludes any warranty or guarantee not expressly stated in the Agreement, whether express, implied or statutory, including any guarantees or warranties of acceptability and fitness for a particular purpose;
(b) the Agreement constitutes the entire agreement between the parties regarding the subject matter and supersedes all prior or contemporaneous agreements, arrangements, understandings and Requests, whether written or oral. The Customer's purchase order or other ordering document is not incorporated into the Agreement.
14.15 Subject to clauses 16 and 14.16, the Agreement will be governed by the laws of Ireland without regard to its conflict of law principles. The parties submit to the non-exclusive jurisdiction of the court in Dublin, Ireland.
14.16 Juksta may bring action in any jurisdiction, including the jurisdiction in which Customer has its primary business operations, to enforce its rights under clause 3.8. Customer acknowledges and agrees that Juksta may take urgent equitable relief to enforce such rights and Customer waives any right to object to such action, whether on the basis of a lack of jurisdiction or otherwise.
Unless the context requires otherwise, the following words bear the meaning set out below.
15.1 Affiliate means any entity that is ultimately under the common control of a person or entity, directly or indirectly.
15.2 Additional Request means each Request during a Service Billing Period which exceeds the number of Included Requests in that Service Billing Period.
15.3 Agreement means the provisions this Agreement, including the Appendix.
15.4 Applicable Law means any statute, regulation, by-law, ordinance, policy or subordinate legislation in force from time to time in the jurisdiction of the law of this Agreement, and includes the common law and equity as applicable from time to time to a party's business, and any mandatory standards or industry codes of conduct.
15.5 Approved Card means any Visa, MasterCard, PayPal, debit card, charge card or other payment mechanism that Juksta supports from time to time as an acceptable payment method.
15.6 Business Day means any weekday that is not a public holiday in the jurisdiction of the law of this Agreement.
15.7 Confidential Information means any non-trivial information however recorded, preserved, disclosed or communicated (whether directly, indirectly, orally or by writing), disclosed by either party or its authorised contractors to the other party or its authorised contractors in connection with the Agreement that, if disclosed in writing is marked as "Confidential" or "Proprietary," or, if disclosed orally is identified as "Confidential" or "Proprietary" at the time of disclosure and is specifically identified as confidential in a written document provided by Discloser to Recipient within 30 days after the oral disclosure, or which is, or ought to have been, understood by the parties, using reasonable business judgment, to be confidential. For clarity, Juksta's Confidential Information includes the Agreement.
15.8 Contract Details means the description of the Services, whether the subscription is a trial and if so the trial period, the Fees and what metrics are used to calculate the Fees (including the number of Requests, use of Translation Tools or other Service Item), the identity of the Customer, the Contract Period and the Minimum Contract Period and the Service Billing Period, all as set out on the Website at the Effective Date.
15.9 Contract Period means the period during which Juksta must provide, and Customer must pay for, the Services, which shall be 12 month unless stated otherwise in the Contract Details. For a trial, the Contract Period commences at the first day of the trial and continues to the end of the trial, and thereafter the Contract Period of that subscription is 12 months, unless stated otherwise on the Contract Details.
15.10 Customer means the person or entity identified in clause 1.2(b).
15.11 Data Request means a request from any person, including any individual, company, association, body or Regulator, that is made (validly or otherwise) in connection with any Privacy Law.
15.12 Discloser means the party that makes a disclosure of Confidential Information.
15.13 Effective Date means the date when the Customer enters into this Agreement online.
15.14 Enforcement Action includes any claim by a third party against the Customer or Juksta to enforce, administer or implement the rights of a third party in connection with any Privacy Law, or any action by a Regulator or other person to enforce any Privacy Law, including making the initial claim and all actions thereafter, including court, arbitration or other dispute resolution proceedings, initiated by a Regulator, data subject, individual or person representing a group or class of data subjects in connection with any Privacy Law, irrespective of whether the claim is for a civil claim, administrative fine, penalty, order or other compensation, sanction or remedy, or similar event or circumstance as determined by Juksta.
15.15 Fees means the amount payable for the Services, Additional Requests, and/or additional use of Translation Tools, and/or manual translations, and/or any Service Item, as applicable, exclusive of Taxes and expenses, as stated in the Contract Details, or in the case of time and materials rates, Juksta's then current time and materials rates in force at the time the Service is provided, exclusive of Taxes and expenses.
15.16 GDPR means the General Data Protection Regulation (EU) 2016/679.
15.17 Juksta means Juksta GDPR Representative Limited, a company incorporated in Ireland, with its registered office at 22, Northumberland Road, Ballsbridge, Dublin 4 Ireland.
15.18 Juksta Mark means all trade marks, service marks, logos or other words or symbols identifying the Service, Platform, Service Items, Juksta, Juksta's business, any third party provider of goods or services, and/or any third party affiliate with whom Juksta has a business relationship in connection with the Services or Service Items.
15.19 Included Requests means the (maximum) number of Requests which Juksta may send/receive during the Service Billing Period for the Periodic Fee.
15.20 Intellectual Property Rights means copyright, trade marks, design rights, service marks, patent, semiconductor or circuit layout rights, trade secrets, know-how, database rights or other rights in the nature of intellectual property rights (whether registered or unregistered), or any right to registration of such rights, existing anywhere in the world, or protected by statute from time to time.
15.21 Periodic Fees are the fixed Fees which are payable for the Included Requests each Service Billing Period, as set out in the Contract Details. No Periodic Fees are charged during any trial period.
15.22 Personal Information means any information or data that is subject to any Privacy Law, including personal data as defined in the GDPR.
15.23 Platform mean the online application that facilitates the transfer of Data Requests and Requests between interested persons, including facilitation of access to a third party Translation Tool, in so far as are needed to meet the requirements of Article 27 of GDPR, that is part of the Service, as may be updated by Juksta from time to time during the Term.
15.24 Privacy Law means:
(a) GDPR; and
(b) any law, regulation or common law which governs the use of information that is about, identifies or can be used to identify, any identifiable individual, or which is generally understood in the relevant jurisdiction to protect an individual's privacy and/or to govern the collection, use, disclosure or transmission of Personal Information or data.
15.25 Recipient means the party that receives a disclosure of Confidential Information.
15.26 Regulator means any entity that has a regulatory role:
(a) under GDPR, including all Supervisory Authorities, European Data Protection Board and their respective secretariats; or
(b) under any other Privacy Law that applies to the processing of Personal Information.
15.27 Representative GDPR Liability means any loss, damage, cost or expense (including legal costs on an indemnity basis) that that may be suffered or incurred by Juksta that arise out of or in connection with:
(a) any act or omission of Customer in connection with GDPR;
(b) any liability that Juksta may have under Article 27(5) or otherwise under GDPR in connection with Customer; or
(c) any Enforcement Action against Customer and/or Juksta in connection with Customer,
except to where the loss, damage or expense is directly and solely caused by Juksta's negligent act or omission.
15.28 Request means the initial Data Request from a data subject or other person and all communications to/from any other person made through the Service that are connected by the Service to the initial Data Request. For the purpose of calculating the Fees, a single "Request" includes all such connected communications identified in the Service as being connected to the original Request.
15.29 Service means the provision of a Platform that facilitates the transfer of Data Requests and Requests between interested persons, including facilitation of access to a third party Translation Tool, transfer of manual hard copy Requests and communications and/or manual translation services, in so far as are needed to meet the requirements of Article 27 of GDPR, and the provision of any other Service Items as may be available from time to time as part of that Platform, the details of which are set out in the Contract Details, as may be updated by Juksta from time to time during the Term.
15.30 Service Item means:
(a) facilitating access to third party goods and services;
(b) providing services other than Translation Tools,
as set out in the Contract Details or this Agreement.
15.31 Service Billing Period means each period to which the Periodic Fees relate, which shall be monthly unless stated otherwise in the Contract Details.
15.32 Taxes includes any goods and services tax, sales tax, withholding tax, excise, levy, impost, export or import duty, charge or other amount imposed by any government or any body exercising any licensing, permit, certification or other approval, in any jurisdiction, that is connected in any way with the Services or the Agreement, other than taxes imposed upon the net income of Juksta.
15.33 Translation Tool means a third party tool that is promoted by its provider as being capable of providing a translation of text from one language to another.
15.34 Website means the website through which Customer accessed and accepted this Agreement.
15.35 The following words bear the same meaning as given to them in the GDPR:
(c) data subject;
(d) personal data breach;
(g) Supervisory Authority.
(a) the Agreement comprises the Contract Details on the Website and the Terms and Conditions in this document. To the extent of any conflict between the provisions of the Contract Details and the Terms and Conditions, then the Contract Details shall prevail;
(b) the Agreement includes capitalised terms and phrases which are defined in one of the documents that form part of the Agreement. Unless the context requires otherwise each capitalised term or phrase shall have the same meaning in each of the document that form the Agreement;
(c) references to "Article" are references to an Article in the GDPR;
(d) words importing a gender include all other genders and vice versa;
(e) expressions importing a natural person include a corporation, a partnership, an association, a firm, a government and a government authority and agency and vice versa;
(f) if a word or phrase is defined, its other grammatical forms have a corresponding meaning;
(g) a covenant, agreement, warranty, obligation, liability or similar on the part of two or more persons binds each of them jointly and severally;
(h) no rule of construction applies to the disadvantage of a party because that party was responsible for the preparation of this document or part of it;
(i) a reference to a party includes its executors, administrators, successors and persons acting by novation;
(j) headings in this document are for ease of reference only and do not affect the meaning or interpretation of this document;
(k) a reference to any statutory enactment or any law includes that statutory enactment or law as amended, modified or re-enacted from time to time and all rules regulations or other subordinate legislation made under that statute and where relevant corresponding legislation in any Australian state or territory;
(l) a reference to an agreement or document (including a reference to this document) is to the agreement or document as amended, varied, supplemented, transferred or replaced except to the extent prohibited by the provisions in this document or that other agreement or document;
(m) the words includes, including, for example, such as and similar expressions in any form are not intended to operate as words of limitation or imply any limitation;
(n) if the day on or by which anything is to be done is not a Business Day then that thing must be done on or by the next Business Day.
16.1 Only where Customer is located in Australia do the following clauses 16.2 to 16.7 apply in addition to the clauses 1 to 15 of the Agreement.
16.2 Where the Agreement is a "consumer contract" as defined under Schedule 2 to the Competition and Consumer Act 2010 (Cth) Australia (Australian Consumer Law), Customer is entitled to the benefit of the statutory guarantees under sections 60 to 62 of the Australian Consumer Law in respect of any service supplied under the Agreement.
16.3 Where Customer is entitled to a statutory guarantee under sections 60 to 62 of the Australian Consumer Law then to the extent that Juksta fails to comply with such statutory guarantee, Juksta's liability for a failure to comply with such statutory guarantee is limited to one of the following, at Juksta's option:
(a) supplying the services again; or
(b) payment of the cost of having the services supplied again,
unless it is not fair or reasonable for Juksta to rely on this term of the agreement.
16.4 Each party must:
(a) collect, use and disclose the Personal Information (as limited to that as defined in the Privacy Act 1988 (Cth) (Privacy Act)) only as authorised or for the purposes of performing its obligations under this Agreement;
(b) not disclose the Personal Information except:
(i) to its personnel to the minimum extent necessary for the purposes of performing its obligations under this Agreement;
(ii) where the recipient is Juksta, the evaluation and management of the risks of providing the Service, including the risks associated with any Enforcement Action;
(iii) subject to clause 16.7(c) as required by the Privacy Act; or
(iv) with the prior written consent of the other party; and
(v) ensure that any person to whom Personal Information is disclosed under paragraph (b), uses, discloses, transfers, retains and otherwise manages such Personal Information consistently with the that party's obligations under this Agreement.
16.5 Neither party may transfer or disclose any Personal Information to any recipient located outside of Australia, or any other country in which the Personal Information was first collected (the "Relevant Countries"), or allow or permit any person located outside the Relevant Countries to access or receive any Personal Information, without the prior written consent of the other party. Customer consents to Juksta transferring Personal Information to:
(a) any country in an EU Member State:
(b) the United Kingdom;
(c) Australia; and
(d) any country in which Juksta or its Affiliates or their respective contractors or suppliers has an office.
16.6 Except as otherwise required by law or as otherwise agreed between the parties, each party must return to the other party all materials in the first party's possession, custody or control containing Personal Information handled in connection with this Agreement in the following circumstances:
(a) when the Personal Information is no longer required by the other party for the purposes of this Agreement;
(b) upon termination or expiry of this Agreement;
(c) upon demand by the first party; or
(d) if required by law.
16.7 Where there as an eligible data breach (as defined in the Privacy Act) involving the Personal Information (as defined in the Privacy Act) that has been provided by the other party, then the party that has suffered the eligible data breach must:
(a) immediately, and in any event within 24 hours of the discovery of the eligible data breach, notify the other party of the eligible data breach, to the other party with all information that is required to be provided to the Office of the Australian Information Commission and/or the affected individual, as required under the Privacy Act;
(b) co-operate with the other party in any investigation or audit (including by providing access to the breaching party's premises, personnel, processes and systems) in respect of the eligible data breach;
(c) not disclose to any third party (including the Information Commissioner as defined in the Australian Information Commissioner Act 2010 (Cth)) the existence or circumstances surrounding any eligible data breach, without the non-breaching party's prior written approval, unless the non-breaching party does not make any notification that it is lawfully required to do and the breaching party is required by law to make the notification.
17.1 Only where Customer is located in the United Kingdom do the following clauses 17.2 to 17.3 apply in addition to the clauses 1 to 15 of the Agreement.
17.2 If Juksta processes any Personal Information on Customer's behalf when performing Juksta's obligations or exercising its rights under this Agreement, the parties record their intention that Customer is the Data Controller (as defined by the Data Protection Act 1988 (UK)) and Juksta is a Data Processor (as defined by the Data Protection Act 1988 (UK)) and in any such case Customer alone shall determine the purposes for which and the manner in which all Personal Information controlled or owned by Customer will be processed by Juksta.
17.3 Neither party excludes or limits liability to the other party for death or personal injury caused by that party's negligence, or liability for fraudulent misrepresentation, or any breach of any obligations implied by section 12 of the Sale of Goods Act 1979 (UK) or section 2 of the Supply of Goods and Services Act 1982 (UK).
Appendix A: Juksta Sub-Processors