republic terms and conditions

Recyber Terms and Conditions

By purchasing a license to use our Products (whether directly from us or via your chosen channel partner), you agree that this Agreement (“Agreement”) shall govern the provision and use of each Product you subscribe to from the Recyber Platform. This Agreement is made between you and Recyber Opco Limited, a private limited company registered in England and Wales with its registered number 15294137 and whose business address is 85 Great Portland Street, First Floor, London, W1W 7LT (“Recyber”, “we”, “our” or “us”).  Your continued use of our Products is deemed acceptance of this Agreement.

 

1.      Definitions

“Confidential Information” has the meaning given to it in clause 10.1.

“Customer Data” means any data or information submitted by you to us.

“Data Protection Legislation” : all applicable data protection and privacy legislation in force from time to time in the UK including without limitation the UK GDPR; the DPA 2018 (and regulations made thereunder); and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended; and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of Personal Data (including, without limitation, the privacy of electronic communications);

“Data Protection Rules” has the meaning given to it in Clause 77;

“DPA 2018” means the Data Protection Act 2018 (and regulations made thereunder);

“Data Subject” means the identified or identifiable living individual to whom the Personal Data relates;

“Disclosing Party” has the meaning given to it in clause 10.1.

“Effective Date” has the meaning given to it in clause 3.1.

“Product(s)” means the specific product(s) that you have subscribed to from our Recyber Platform.  Such Products can include actionable feedback on the cultural and behavioural aspects of cybersecurity within your organisation to assist your employees to be more knowledgeable about cybersecurity through a series of games and prompts and/or further Products we may add to the Recyber Platform from time to time.

“Receiving Party” has the meaning given to it in clause 10.1.

“Recyber Platform” means the software as a service platform through which we provide our Products.

“User Error” means an error made by your Users when using the Products.

“Users” means individuals who are authorised by you to use the Products by means of a purchase of a subscription license for each of them and who have been supplied user identifications and passwords to the Products by you (or by us at your request).  Users include but are not limited to your employees, consultants, contractors and agents or your affiliates and/or associated partnerships.

 

2. Products
   • Provision of Products. Subject to your payment of the applicable fees for the use of the Products (whether direct to us or your chosen channel partner), we shall make the Products available to the number of Users from whom you have purchased a license pursuant to this Agreement.  You agree that your purchase of subscriptions is neither contingent upon the delivery of any future functionality or features nor dependent upon any oral or written public comments made by us with respect to such future functionality or features.
   • Additional Users/Products. User subscriptions are for designated Users and cannot be shared or used by more than one User but may be reassigned to new Users replacing former Users who no longer require ongoing use of the Product. The term for additional User subscriptions or any new Products you purchase shall fall in line with your monthly/annual subscription license, allowing all Users (or new Products as applicable) to expire at the end of the same subscription term.  If you are buying directly from us, pricing for additional User subscriptions shall be the same as that for the pre-existing subscriptions prorated for the remainder of the subscription term in effect at the time the additional Users are added.

 

3. Start Date and Renewal of Products
   • For each Product you subscribe to, it shall commence within no more than 14 days from the date of your purchase – on the date notified to you by us or your channel partner (“Effective Date”) and the Product shall continue for the initial duration you have purchased. If you are buying a monthly subscription, your subscription shall automatically renew at the end of each month unless you give notice in writing to us at least 48 hours prior to the end of the month that you do not wish to renew.  If you are buying an annual subscription, your subscription will automatically renew at the end of the 12 months unless you give notice in writing to us at 30 days prior to the end of the year that you do not wish to renew.

 

4. Service Level Assurance
   • Network Server Availability. We will use reasonable efforts to ensure a Product availability level at 99.5% (measured over a calendar year), except for those periods during scheduled network and/or application maintenance and except for emergencies. If scheduled maintenance needs to occur during normal UK business hours (excluding emergencies), Recyber agrees to notify the Customer 5 business days in advance.

 

5. Use of the Products
   • Our Responsibilities. We shall take all reasonable steps to:
     • Ensure the Products are provided to you with reasonable skill and care in a professional manner;
     • In addition to our confidentiality obligations hereunder, we shall not use, modify or disclose your Customer Data to anyone other than our employees and contractors who need to know the same to provide the Products;
     • Take appropriate technical, organisational and security measures against unauthorised access to or unauthorised alteration, disclosure, destruction or loss of Customer Data;
     • Take reasonable steps to ensure that our employees engaged in providing the Products are aware and are suitably trained in such technical, organisational and security measures; and
     • Maintain the security and integrity of the Products and your Customer Data;
     • maintain the underlying software in fully working order and in a timely manner fix, patch or provide workarounds for any software errors, faults or bugs that are known to be affecting the running of the Recyber Platform or the software; and
     • use commercially reasonable efforts to maintain the correct functionality and delivery of the system and to make the Products available in accordance with clause 4 above, except for a) planned maintenance; or b) any unavailability caused by circumstances beyond our reasonable control.
   • Your Responsibilities. You are responsible for all activities that occur in your Users’ accounts and for your Users’ compliance with this Agreement.  You shall:  i) have sole responsibility for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Customer Data and shall ensure all instructions given by you to us in respect of the Customer Data will be in compliance with applicable data protection legislation; ii) use commercially reasonable efforts to prevent unauthorized access to, or use of your access to the Products, and notify us promptly of any unauthorized access or use of which you become aware; iii) comply with all applicable laws in using the Products, including without limitation all applicable data protection laws and regulations; and (iv) not use the Products in any manner or for a purpose not permitted by applicable export laws, regulations or sanctions; nor export or re-export the Products to any country, region, organisation or individual that is named as a restricted area or person on any applicable export laws, regulations or sanctions.
   • User Requirements. You agree to use the Product solely for your internal business purposes as contemplated by this Agreement and not to:  (i) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, or otherwise commercially exploit or make the Products available to any third party, other than to Users or as otherwise contemplated by this Agreement; (ii) send spam or otherwise duplicative or unsolicited messages through the Recyber Platform in violation of applicable laws; (iii) send or store infringing, obscene, threatening, libellous, or otherwise unlawful material on the Recyber Platform; (iv) send or store any virus or other malicious code to or through the Recyber Platform; (v) interfere with or disrupt the integrity or performance of the Products or the data contained therein; or (vi) attempt to gain unauthorized access to the Products or its related systems or networks.

 

6. As far as reasonably possible, we will resolve support issues remotely by email and webchat facilities in a professional and efficient manner and as quickly as we can.  You agree to supply evidence and supporting materials such as screen shots, as necessary to assist us to reproduce any faults detected.  Where a fault is due to User Error or incorrect use of the system, the cost to rectify shall be agreed by the parties (acting reasonably and in good faith).

 

7. Data Protection. The parties shall ensure that they, their employees, contractors, agents and sub-contractors comply with the requirements of all applicable laws, rules, regulations, decrees and/or official government orders of any jurisdiction relevant to this Agreement relating to data protection and any amendments or revisions thereto (“Data Protection Rules“) in the provision and use of the subject matter of this Agreement and personal data processed under it. The parties shall comply with any request made or direction given to the other which is directly due to the requirements of the Data Protection Rules.  The parties shall comply with its obligations set out in Schedule 1 to this Agreement.

 

8. Fees & Payment (where you are buying direct from us)

 

• User Fees. If you are buying direct from us, you agree to pay all applicable subscription fees in advance in the applicable currency quoted to you upfront by credit card for all monthly subscriptions and within 30 days of the date of our invoice for annual subscriptions which are not paid upfront by credit card. You are responsible for paying any additional taxes on the fees (including without limitation any VAT, sales, use or withholding taxes now or hereafter enacted), and any duties, levies, excises or tariffs (together “duties”), that are applicable to the Products (but excluding on our income). All payments hereunder shall be made without deduction for taxes or duties of any kind or nature. Except as otherwise specified, fees are based on Products purchased and not actual usage, payment obligations are non-cancellable, fees paid are non-refundable, and the number of subscriptions purchased cannot be decreased during the relevant subscription term.  You agree to accept invoices by email only.
• Cancellations/Refunds. If your subscription is cancelled by either you or us, we will not provide a refund or credit for any unused subscription period as we will incur costs as a result of the cancellation.
• Overdue Payments. Any payment not received from you by the due date may, at our discretion, accrue interest at a rate of 8% above the Bank of England base rate per annum.
• Credit Card Authorisation. For credit card payments, we use third-party intermediaries to manage credit and debit card processing. These intermediaries are not permitted to store, retain or use your billing information except as required to process your credit or debit card payment for us. You give us authority to share your information (including without limitation credit and debit card details and other personal data as required) with the third- party intermediaries for such purposes.
• Suspension of access to the Product. If your account is 30 days or more overdue (except with respect to fees then under reasonable and good faith dispute), in addition to any of our other rights or remedies, we reserves the right to suspend the Products provided to you, without liability, until such amounts are paid in full.  We will provide a 3 days’ notice to you prior to suspending Products under this clause.

 

9. Proprietary Rights
   • Reservation of Rights. Subject to the rights expressly granted hereunder, we reserve all rights, title and interest in and to the Recyber Platform and the Products, including all related intellectual property rights. No rights are granted to you hereunder other than as expressly set forth herein.
   • Save to the extent expressly permitted by applicable law, you shall not (i) modify, copy or create derivative works based on the Products; (ii) frame or mirror any content forming part of the Products, other than on your own intranets or otherwise for your own internal business purposes; (iii) reverse engineer the Product; or (iv) access the Products in order to (i) build a competitive product or service, or (ii) copy any ideas, features, functions or graphics of the Products.
   • Customer Data. As between us, you exclusively own all rights, title and interest in and to all Customer Data. Customer Data is deemed the Confidential Information of Customer under this Agreement.  We shall not access your User accounts, including Customer Data, except to respond to service or technical problems; or at your request or as otherwise permitted under applicable data protection laws to allow us to access and process Customer Data (aggregated and anonymised) for our legitimate interest in developing and improving the Products and providing customers with more relevant content and service offerings.
   • We shall have a royalty-free, worldwide, transferable, sub-licensable, irrevocable, perpetual license to use or incorporate into the Products any suggestions, enhancement requests, recommendations or other feedback provided by you or your Users relating to the operation of the Products.

 

10. Confidentiality
    • Definition of Confidential Information. As used herein, “Confidential Information” means all non-public confidential information of a party (“Disclosing Party”) disclosed to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, including the terms and conditions of this Agreement (including pricing). Confidential Information shall not, however, include any information which (i) is in or subsequently becomes part of the public domain through no breach of this Agreement by the Receiving Party; (ii) is already in the possession of the Receiving Party; (iii) is obtained by the Receiving Party from a third party without a breach of such third party’s obligations of confidentiality; (iv) is independently developed by the Receiving Party, as shown by documents and other competent evidence in the Receiving Party’s possession; or (v) is required by law to be disclosed by the Receiving Party.
    • The Receiving Party shall not disclose or use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, except with the Disclosing Party’s prior written permission.
    • Each party agrees to protect the confidentiality of the Confidential Information of the other party in the same manner and extent that it protects the confidentiality of its own confidential information of like kind (but in no event using less than reasonable care).
    • Compelled Disclosure. If the Receiving Party is compelled by law to disclose Confidential Information of the Disclosing Party, if legally permissible, it shall provide the Disclosing Party with prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure. Such disclosure shall not in itself negate the obligation to otherwise maintain the confidentiality of the Confidential Information under this clause 10.
    • Remedies. If the Receiving Party discloses or uses (or threatens to disclose or use) any Confidential Information of the Disclosing Party in breach of confidentiality protections hereunder, the Disclosing Party shall have the right, in addition to any other remedies available to it, to seek injunctive relief to enjoin such acts without posting a bond or other securely, it being specifically acknowledged by the parties that any other available remedies are inadequate.

 

11. Warranties & Disclaimers
    • Each party represents and warrants that it has the legal power to enter into this Agreement. We warrant that i) we will provide the Products in a manner consistent with general industry standards reasonably applicable to the provision thereof; ii) the functionality of the Products will not be materially decreased during a subscription term; iii) we will not knowingly allow the Products to contain or transmit to Customer any virus or other malicious code; iv) we own or licence all rights in the Products and software required to grant to you the rights to use the Products and software granted herein; and v) the Product do not, and your use of the Products as provided hereunder will not, infringe any intellectual property rights of any third party.  You warrant that the collection and processing of any Customer Data by us and/or as contemplated by this Agreement complies in all respects with applicable data protection laws and regulations.
    • Warranty Exclusions. Notwithstanding the foregoing, we:  (a) do not warrant that use of the Products will be uninterrupted or error-free; and (b) are not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including without limitation the internet, and you acknowledge that the Products may be subject to limitations, delays and other problems inherent in the use of such communications networks and facilities. We provide no assurance or guarantee that the Products will provide a solution to your specific needs.  The Products are not bespoke or tailored to you or your requirements and we do not warrant that the Products will meet your requirements.
    •   EXCEPT AS EXPRESSLY PROVIDED HEREIN, WE PROVIDE NO WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, SUITABILITY, SATISFACTORY QUALITY OR FITNESS FOR A PARTICULAR PURPOSE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.  ALL PRODUCTS ARE PROVIDED “AS IS”.
12. Indemnification
    • Indemnification by us. Subject to your compliance with the terms of this Agreement and payment of all fees due, we shall defend and indemnify you against any loss, damage or costs (including reasonable legal’ fees) incurred in connection with claims, demands, or proceedings, to the extent that we have been negligent, (“Claims”) made or brought against you by a third party alleging i) a breach by us of our obligations under applicable data protection laws and regulations; or ii) that the use of the Products as contemplated hereunder infringe the intellectual property rights of a third party; provided, that you a) promptly give written notice of the Claim to us; b) give us sole control of the defence and settlement of the Claim (provided that we may not settle or defend any Claim unless it unconditionally releases you of all liability); and c) provides to us, at our cost, all reasonable assistance.
    • Indemnification by you. Subject to this Agreement, you shall defend, indemnify and hold us harmless against any loss, damage or costs (including reasonable legal fees) incurred in connection with Claims made or brought against us by a third party alleging i) a breach by you of your obligations under applicable data protection laws and regulations; or ii)  that the Customer Data, or your use of the Products in violation of this Agreement, infringes the intellectual property rights of, or has otherwise harmed, a third party; provided, that we a) promptly give written notice of the Claim to you; b) give you sole control of the defence and settlement of the Claim (provided that you may not settle or defend any Claim unless it unconditionally releases us of all liability); and c) provides to you, at your cost, all reasonable assistance.

 

13. Limitation of Liability
    • The following provisions shall apply:
      • Limitation of Liability. Nothing in this Agreement shall limit or exclude either party’s liability for: (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; or (c) any other liability which cannot be limited or excluded by applicable law. SAVE AS AFORESAID, TO THE MAXIMUM EXTENT PERMITTED BY LAW, OUR AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, SHALL NOT EXCEED THE AMOUNTS ACTUALLY PAID BY YOU FOR THE PRODUCTS IN THE TWELVE MONTHS PRECEDING THE INCIDENT GIVING RISE TO LIABILITY.
      • Exclusion of Consequential and Related Damages. TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE SHALL HAVE NO LIABILITY YOU FOR ANY LOST PROFITS, LOSS OF BUSINESS, LOSS, CORRUPTION OR RECOVERY OF DATA OR SYSTEMS, OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, AND WHETHER OR NOT FORESEEABLE OR WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

 

14. Term & Termination
    • Term of Agreement. This Agreement commences on the Effective Date and, subject to Clause 3 and the remainder of this Clause 14, shall continue until all User subscriptions granted in accordance with this Agreement have expired or been terminated.
    • Termination for Convenience. You may terminate this Agreement at any time for convenience on notice to us by email at helpdesk@www.recyber.com 
    • Termination for Cause. A party may terminate this Agreement for cause:  i) upon thirty (30) days written notice of a material breach to the other party if such breach remains uncured at the expiration of such period; or ii) if the other party becomes the subject of a petition in insolvency or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors or any event analogous to the foregoing occurs in relation to that other party in any jurisdiction. 
    • Termination by us. If we are no longer legally able to grant licenses to use our Products, we reserve the right to terminate the Agreement and your subscription.
    • Outstanding Fees. Termination shall not relieve you of the obligation to pay any fees accrued or payable to us prior to the effective date of termination.
    • Return of Customer Data. Upon request made within in writing to us within 30 days after the effective date of termination, we will make return or destroy any Customer Data in our possession.

 

15. General Provisions
    • Relationship of the Parties. The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties.
    • No Third-Party Beneficiaries. There are no third-party beneficiaries to this Agreement.
    • You agree that we may include your name and logo in our published lists of customers or vendors. Any other use of your name or logo for marketing purposes shall be made only with your prior approval.
    • All notices under this Agreement shall be in writing and shall be deemed to have been given upon: (i) personal delivery; (ii) the second business day after mailing; or (iii) at the time of transmission, or, if this time falls outside business hours in the place of receipt, when business hours resume after sending by email. 
    • Waiver and Cumulative Remedies. No failure or delay by either party in exercising any right under this Agreement shall constitute a waiver of that right.  Other than expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a party at law or in equity.
    • If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision to be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement shall remain in effect.
    • You shall not, without our prior written consent assign, transfer, mortgage, charge, subcontract, delegate, declare a trust over or deal in any other manner with any of its rights and obligations under this Agreement. We may at any time assign, mortgage, charge, subcontract, delegate, declare a trust over or deal in any other manner with any or all of its rights and obligations under this Agreement.
    • Governing Law. This Agreement (including any non-contractual obligations or liabilities arising out of it or in connection with it) shall be governed exclusively by, and construed exclusively in accordance with, the laws of England and Wales to the exclusion of its conflict of law provisions.
    • The courts of England and Wales shall have exclusive jurisdiction to adjudicate and dispute arising out of or relating to this Agreement (including non-contractual disputes or claims). Each party hereby consents to the jurisdiction of such courts.
    • Entire Agreement. This Agreement constitutes the entire agreement between the parties, and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. These terms may be modified or updated from time to time by us and any modified terms published on our website will apply to you from the renewal date of your subscription (at the end of the month for monthly subscriptions and at the end of 12 months for annual subscriptions). Notwithstanding any language to the contrary therein, no terms or conditions stated in your purchase order or in any other order documentation from you shall be incorporated into or form any part of this Agreement, and all such items or conditions shall be null and void.

Schedule 1: Data Protection

 

1. Personal data types and processing purposes
   • The parties agree and acknowledge that for the purpose of the Data Protection Legislation:
     • You are the Controller and we are the Processor.
     • You retain control of the Personal Data and remain responsible for its compliance obligations under the Data Protection Legislation, including but not limited to, providing any required notices and obtaining any required consents, and for the processing instructions it gives to us.

2. Recyber’s obligations
   • We will only process the Personal Data to the extent, and in such a manner, as is necessary for the provisions of the Product(s) in accordance with your instructions. We will not process the Personal Data for any other purpose or in a way that does not comply with this Agreement or the Data Protection Legislation. We must promptly notify you if, in our opinion, your instructions do not comply with the Data Protection Legislation.
   • We must comply promptly with any of your written instructions requiring us to amend, transfer, delete or otherwise process the Personal Data, or to stop, mitigate or remedy any unauthorised processing.
   • We will maintain the confidentiality of the Personal Data and will not disclose the Personal Data to third parties unless you or this Agreement specifically authorises the disclosure, or as required by domestic law, court or regulator (including the Commissioner). If a domestic law, court or regulator requires us to process or disclose the Personal Data to a third party, we must first inform you of such legal or regulatory requirement and give you an opportunity to object or challenge the requirement, unless the domestic law prohibits the giving of such notice.
   • We will reasonably assist you, subject to its reasonable costs being met, with meeting your compliance obligations under the Data Protection Legislation, taking into account the nature of our processing and the information available to us, including in relation to Data Subject rights, data protection impact assessments and reporting to and consulting with the Commissioner under the Data Protection Legislation.
   • We must notify you promptly of any changes to the Data Protection Legislation that may reasonably be interpreted as adversely affecting our performance of this Agreement.
3. Recyber’s employees
   • We will ensure that all of its employees:
     • are informed of the confidential nature of the Personal Data and are bound by written confidentiality obligations and use restrictions in respect of the Personal Data; and
     • are aware both of our duties and their personal duties and obligations under the Data Protection Legislation and this Agreement.

4. Security
   • We must at all times implement appropriate technical and organisational measures against accidental, unauthorised or unlawful processing, access, copying, modification, reproduction, display or distribution of the Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage of Personal Data.
   • We must implement such measures to ensure a level of security appropriate to the risk involved, including as appropriate:
     • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
     • the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and
     • a process for regularly testing, assessing and evaluating the effectiveness of the security measures.

5. Personal data breach
   • We will promptly and in any event without undue delay notify you if it becomes aware of:
     • the loss, unintended destruction or damage, corruption, or unusability of part or all of the Personal Data. We will restore such Personal Data at its own expense as soon as possible;
     • any accidental, unauthorised or unlawful processing of the Personal Data; or
     • any Personal Data Breach.
   • Where we become aware of (a), (b) and/or (c) above, we will, without undue delay, also provide you with the following written information:
     • description of the nature of (a), (b) and/or (c), including the categories of in-scope Personal Data and approximate number of both Data Subjects and the Personal Data records concerned;
     • the likely consequences; and
     • a description of the measures taken or proposed to be taken to address (a), (b) and/or (c), including measures to mitigate its possible adverse effects.
   • Immediately following any accidental, unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties will co-ordinate with each other to investigate the matter. Further, we will reasonably co-operate with you, in your handling of the matter.
   • We will not inform any third-party of any accidental, unauthorised or unlawful processing of all or part of the Personal Data and/or a Personal Data Breach without first obtaining your written consent, except when required to do so by domestic law.
   • We agrees that you have the sole right to determine:
     • whether to provide notice of the accidental, unauthorised or unlawful processing and/or the Personal Data Breach to any Data Subjects, the Commissioner, other in-scope regulators, law enforcement agencies or others, as required by law or regulation or in your discretion, including the contents and delivery method of the notice; and
     • whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy.
   • We will cover all reasonable expenses associated with the performance of the obligations under Clause 15.3 to Clause 5.3unless the matter arose from your instructions, negligence, wilful default or breach of this Agreement, in which case you will cover all reasonable expenses.
6. Cross-border transfers of personal data
   • We (and any subcontractor) must not transfer or otherwise process the Personal Data outside the EU without obtaining yoyur prior written consent.
7. Complaints, data subject requests and third-party rights
   • We must, subject to its reasonable costs being met by you, take such technical and organisational measures as may be appropriate, and promptly provide such information to you as you may reasonably require, to enable you to comply with:
     • the rights of Data Subjects under the Data Protection Legislation, including, but not limited to, subject access rights, the rights to rectify, port and erase personal data, object to the processing and automated processing of personal data, and restrict the processing of personal data; and
     • information or assessment notices served on you by the Commissioner under the Data Protection Legislation.
   • We must notify you immediately in writing if it receives any complaint, notice or communication that relates directly or indirectly to the processing of the Personal Data or to either party’s compliance with the Data Protection Legislation.
   • We must notify you within two days if it receives a request from a Data Subject for access to their Personal Data or to exercise any of their other rights under the Data Protection Legislation.
   • We will give you, subject to its reasonable costs being met, its full co-operation and assistance in responding to any complaint, notice, communication or Data Subject request.
   • We must not disclose the Personal Data to any Data Subject or to a third-party other than in accordance with your written instructions, or as required by domestic law.
8. Records
   • We will keep detailed, accurate and up-to-date written records regarding any processing of the Personal Data, including but not limited to, the access, control and security of the Personal Data, the processing purposes, categories of processing, and a general description of the technical and organisational security measures referred to in Clause 4.
   • We will ensure that the Records are sufficient to enable you to verify our compliance with its obligations under this Agreement and the Data Protection Legislation and we will provide you with copies of the records upon request.