Enterprise Terms (“Agreement”)

Effective Date July 2023

1.1   This Agreement commences on the date set out in the Order Form and ends on the first of the following events: 

1.1.1  the end of the Subscription Period (as defined below); or 

1.1.2   termination of this Agreement under clause 4.

1.2  The Subscription Period shall be, unless agreed otherwise, the period defined in the Order Form. The Subscription Period will renew automatically for further periods of one year, unless the Customer gives Datamaran written notice, to be received no less than one month prior to the end of the current Subscription Period, that it does not want the Subscription Period to renew further. 

1.3  The Customer acknowledges that, if it notifies Datamaran that it wishes to renew the Subscription Period for a period that is not continuous with the previous Subscription Period, Datamaran may charge the Customer a reactivation fee, which will be notified to the Customer and added to the applicable Service Fee (as defined below).

2.1   In return for access to the Datamaran® platform and associated products and/or services as set out in the Order Form (the Service) for the Subscription Period, the Customer will pay to Datamaran the relevant fees set out in the Order Form (the Service Fee). 

2.2   The Service Fee will be fixed for the then-current Subscription Period. Datamaran reserves the right to change the applicable Service Fee at any time, provided that any such revised Service Fee shall only take effect in the event of renewal for an additional Subscription Period in accordance with clause 1.2. Datamaran will notify the Customer of the relevant Service Fees that will apply to any renewal of the Subscription Period in advance of the notification date set out in clause 1.2. 

2.3   In the event that the Customer requests a change to the Service during the Subscription Period (including but not limited to a change to the number of Authorised Users), the Customer agrees to pay the fees applicable to the changed Service as are effective at the date of such change as set out in the Order Form.

2.4   If the Customer elects to pay the Service Fee by credit card, Datamaran reserves the right to charge the Customer (and the Customer agrees to pay) an additional 3% fee. Furthermore, if the Customer requires Datamaran to use any service (including an online platform) in order to submit invoices or process payments made between the Customer and Datamaran, Datamaran reserves the right to charge the Customer for (and the Customer agrees to pay) the costs (if any) incurred in registering for, accessing, or using such service.  

2.5   Datamaran reserves the right to suspend access to the Service if payment is overdue for the relevant period of access to the Service (including any renewal).

3.1   Subject to the restrictions set out in this clause 3 and the other terms and conditions of this Agreement, Datamaran grants to the Customer with effect for the term of the Order Form a non-exclusive, non-transferable, limited right to access and use the Service. 

3.2   In relation to use of the Service, the Customer:

3.2.1   may permit access to the Service by up to the number of its individual officers, employees, agents, representatives or contractors that is specified in the Order Form or as otherwise agreed between us in writing (together with the Authorised Users). No other parties shall be allowed access to the Service without our prior written consent, including in particular (but without limitation) (i) officers and employees of any other company that is part of the same group of companies as the Customer; or (ii) employees or representatives of the Customer’s own customers or clients; 

3.2.2   must maintain a written, up to date list identifying the individual Authorised Users and provide such list to Datamaran promptly on our request. In the event that the Customer wishes to substitute one individual Authorised User for another, the Customer must notify us in writing and provide any additional details requested by us in order to grant access to the replacement Authorised Users. The Customer must ensure that any  Authorised Users who are replaced in this way must cease using the Service immediately; 

3.2.3  acknowledges and agrees that any and all access to and use of the Service shall be in accordance with Datamaran’s Terms of Use including the other documents referred to in them, as they are varied from time to time in 

3.2.4  accordance with their terms (together the Terms of Use), which shall be incorporated into this Agreement by reference;

3.2.5  agrees to ensure that its Authorised Users comply with the Terms of Use and that it will indemnify us against any and all claims, actions, proceedings, losses, damages, expenses and costs arising out of or in connection with the acts and omissions of its Authorised Users (including but not limited to compliance with the Terms of Use); and

3.2.6  is responsible for making all arrangements necessary for its Authorised Users to have access to the Service.

4.1   This Agreement may be terminated by either party: 

4.1.1   if the other party is in material breach of any of its terms (including the Terms of Use) and, if remediable, such breach is not remedied within the period of twenty (20) working days after written notice of it has been given to the party in breach; or 

4.1.2  if the other party becomes bankrupt, insolvent or undergoes any form of administration, liquidation, winding-up procedure, voluntary arrangement or other similar procedure.

4.2   In the event of termination of this Agreement by the Customer under clause 4.1.1 for a material breach, we will issue the Customer with a pro-rata refund of the Service Fee in respect of the portion of the relevant Subscription Period following the termination date. Notwithstanding any other provision of this Agreement, in the event of termination of this Agreement for any other reason, the full Service Fee shall be due and payable.

4.3   On termination of this Agreement for any reason all the Customer’s and its Authorised Users’ rights to access and use the Service shall immediately terminate

4.4  Termination shall not affect or prejudice the accrued rights of the parties as at termination, or the continuation after termination of any provision expressly stated to survive or implicitly surviving termination.

4.5   If you incorporate Datamaran Output (including extracts of Datamaran Output) into any documentation of the Customer, you must clearly attribute Datamaran as the source of that Output by using the wording “source: Datamaran”.

5.1   In the course of the receipt or delivery of the Service, each party may receive access to information regarding the other party, its business, operations or interests that is proprietary or confidential (Confidential Information).

5.2   Each party shall hold the other's Confidential Information in confidence and shall not make the other's Confidential Information available to any third party, or use the other's Confidential Information for any purpose other than as permitted under the terms of this Agreement including the Terms of Use.

5.3  The above obligations shall not apply to Confidential Information that (i) is or becomes publicly known other than through any act or omission of the receiving party; (ii) is lawfully disclosed to the receiving party by a third party without restriction on disclosure; or (iii) is required to be disclosed by law, by any court of competent jurisdiction or by any regulatory or administrative body.

5.4  This clause 5 shall survive termination of this Agreement, however arising.

6.1   No variation of this Agreement shall be effective unless it is in writing and signed by or on behalf of both parties.

6.2   The rights provided under this Agreement are granted to the Customer and its Authorised Users only, and shall not without our prior written consent be considered granted to any other company that is part of the same group of companies as the Customer. Except as expressly permitted under the terms of this Agreement including the Terms of Use, the Customer may not assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement without our prior written consent.

6.3   If any provision (or part of a provision) of this Agreement is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, the other provisions shall remain in force. If any invalid, unenforceable or illegal provision would be valid, enforceable or legal if some part of it were deleted, the provision shall apply with whatever modification is necessary to give effect to the commercial intention of the parties. 

6.4   This Agreement constitutes the entire agreement and understanding of the parties and supersede any other documentation or Agreement between the parties relating to the subject matter of this Agreement (including but not limited to terms attached to the Customer’s purchase order). Each of the parties acknowledges and agrees that in entering into this Agreement it does not rely on, and shall have no remedy in respect of, any statement, representation, warranty or understanding (whether negligently made or not) of any person (whether party to this Agreement or not) other than as expressly set out in this Agreement. The only remedy available to it for breach of the Agreement shall be for breach of contract under the terms of this Agreement.

6.5   This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of, and subject to the non-exclusive jurisdiction of the courts of, England and Wales.  

This Data Processing Addendum (DPA) sets out the additional terms, requirements and conditions on which Datamaran will process Personal Data when providing services under the terms of its Enterprise Agreement and Terms of Use (Agreement).

The following definitions and rules of interpretation apply in this Agreement.

1.1  Definitions:

1   Business Purposes: the services to be provided by Datamaran to the Customer as described in the Agreement.

2   Commissioner: the Information Commissioner (see Article 4(A3), UK GDPR and section 114, DPA 2018).

3  Controller, Processor, Data Subject, Personal Data, Personal Data Breach and Processing: have the meanings given to them in the Data Protection Legislation.

4  Data Protection Legislation:

4a)  To the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom which relates to the protection of Personal Data.
4b)  To the extent the EU GDPR applies, the law of the European Union or any member state of the European Union to which the Customer or Provider is subject, which relates to the protection of Personal Data.]

5  EU GDPR: the General Data Protection Regulation ((EU) 2016/679).

EEA: the European Economic Area.

6  UK GDPR: has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the DPA 2018.

1.2  This DPA is subject to the terms of the Agreement and is incorporated into the Agreement. Interpretations and defined terms set forth in the Agreement apply to the interpretation of this DPA.

1.3  The Annexes form part of this DPA and will have effect as if set out in full in the body of this DPA. Any reference to this DPA includes the Annexes.

1.4  A reference to writing or written includes email.

1.5 In the case of conflict or ambiguity between:

(a)  any provision contained in the body of this DPA and any provision contained in the Annexes, the provision in the body of this DPA will prevail;
(b)  the terms of any other documents annexed to this DPA and any provision contained in the Annexes, the provision contained in the Annexes will prevail; and
(c)  any of the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA will prevail.

2.1  The Customer and Datamaran agree and acknowledge that for the purpose of the Data Protection Legislation:

(a)  the Customer is the Controller and Datamaran is the Processor of Personal Data in the Submitted Content.
(b)  the Customer retains control of the Personal Data and remains responsible for its compliance obligations under the Data Protection Legislation, including but not limited to, providing any required notices and obtaining any required consents, and for the written processing instructions it gives to Datamaran.
(c)  ANNEX A describes the subject matter, duration, nature and purpose of the processing and the Personal Data categories and Data Subject types in respect of which Datamaran may process the Personal Data to fulfil the Business Purposes.

3.1  Datamaran will only process the Personal Data to the extent, and in such a manner, as is necessary for the Business Purposes in accordance with the Customer's written instructions. Datamaran will not process the Personal Data for any other purpose or in a way that does not comply with this Agreement or the Data Protection Legislation. Datamaran must promptly notify the Customer if, in its opinion, the Customer's instructions do not comply with the Data Protection Legislation.

3.2  Datamaran must comply promptly with any Customer written instructions requiring Datamaran to amend, transfer, delete or otherwise process the Personal Data, or to stop, mitigate or remedy any unauthorised processing.

3.3  Datamaran will maintain the confidentiality of the Personal Data and will not disclose the Personal Data to third-parties unless the Customer or this Agreement specifically authorises the disclosure, or as required by domestic or EU law, court or regulator (including the Commissioner). If a domestic or EU law, court or regulator (including the Commissioner) requires Datamaran to process or disclose the Personal Data to a third-party, Datamaran must first inform the Customer of such legal or regulatory

3.4  requirement and give the Customer an opportunity to object or challenge the requirement, unless the domestic or EU law prohibits the giving of such notice.

3.5  Datamaran will reasonably assist the Customer with meeting the Customer's compliance obligations under the Data Protection Legislation, taking into account the nature of Datamaran's processing and the information available to Datamaran, including in relation to Data Subject rights, data protection impact assessments and reporting to and consulting with the Commissioner under the Data Protection Legislation.

3.6  Datamaran must notify the Customer promptly of any changes to the Data Protection Legislation that may reasonably be interpreted as adversely affecting Datamaran's performance of the Agreement or this DPA.

4.1 Datamaran will ensure that all of its employees:

(a)  are informed of the confidential nature of the Personal Data and are bound by written confidentiality obligations and use restrictions in respect of the Personal Data;
(b)  have undertaken training on the Data Protection Legislation and how it relates to their handling of the Personal Data and how it applies to their particular duties; and
(c)  are aware both of Datamaran's duties and their personal duties and obligations under the Data Protection Legislation and this Agreement.

5.1  Datamaran must at all times implement appropriate technical and organisational measures against accidental, unauthorised or unlawful processing, access, copying, modification, reproduction, display or distribution of the Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage of Personal Data.

5.2  Datamaran must implement such measures to ensure a level of security appropriate to the risk involved, including as appropriate:

(a)  the pseudonymisation and encryption of personal data;
(b)  the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(c)  the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and

(d)  a process for regularly testing, assessing and evaluating the effectiveness of the security measures.

6.1. Datamaran will without undue delay and where feasible within 72 hours notify the Customer in writing if it becomes aware of:

(a)   the loss, unintended destruction or damage, corruption, or unusability of part or all of the Personal Data;
(b)  any accidental, unauthorised or unlawful processing of the Personal Data; or
(c)  any Personal Data Breach.

6.2   Where Datamaran becomes aware of (a), (b) and/or (c) above, it will, without undue delay, also provide the Customer with the following written information:

(a)  Personal Data and approximate number of both Data Subjects and the Personal Data records concerned;
(b). the likely consequences; and
(c)  a description of the measures taken or proposed to be taken to address (a), (b) and/or (c), including measures to mitigate its possible adverse effects.

6.3  Immediately following any accidental, unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties will co-ordinate with each other to investigate the matter. Further, Datamaran will reasonably co-operate with the Customer in the Customer's handling of the matter.

6.4  Datamaran will not inform any third-party of any accidental, unauthorised or unlawful processing of all or part of the Personal Data and/or a Personal Data Breach without first obtaining the Customer's written consent, except when required to do so by domestic or EU law.

6.5  Datamaran agrees that the Customer has the sole right to determine:

(a)  whether to provide notice of the accidental, unauthorised or unlawful processing and/or the Personal Data Breach to any Data Subjects, the Commissioner, other in-scope regulators, law enforcement agencies or others, as required by law or regulation or in the Customer's discretion, including the contents and delivery method of the notice; and
(b)  whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy.

6.6  Datamaran will cover all reasonable expenses associated with the performance of the obligations under 6.1 to 6.3 to the extent it is responsible for the Personal Data Breach.  If the matter arose from the Customer's specific written instructions, negligence, wilful default or breach of this Agreement, in which case the Customer will cover all reasonable expenses.

7.1 Datamaran (and any subcontractor) must not transfer or otherwise process the Personal Data outside the UK or the EEA without obtaining the Customer's prior written consent.

8.1  Other than those subcontractors as set out in ANNEX A, Datamaran may not authorise any other third-party or subcontractor to process the Personal Data.

8.2  Where the subcontractor fails to fulfil its obligations under the written agreement with Datamaran which contains terms substantially the same as those set out in this Agreement, Datamaran remains fully liable to the Customer for the subcontractor's performance of its agreement obligations.

9.1. Datamaran must take such technical and organisational measures as may be appropriate, and promptly provide such information to the Customer as the Customer may reasonably require, to enable the Customer to comply with:

(a)  the rights of Data Subjects under the Data Protection Legislation, including, but not limited to, subject access rights, the rights to rectify, port and erase personal data, object to the processing and automated processing of personal data, and restrict the processing of personal data; and
(b)  information or assessment notices served on the Customer by the Commissioner under the Data Protection Legislation.

9.2   Datamaran must notify the Customer promptly in writing if it receives any complaint, notice or communication that relates directly or indirectly to the processing of the Personal Data or to either party's compliance with the Data Protection Legislation.6.3  Immediately following any accidental, unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties will co-ordinate with each other to investigate the matter. Further, Datamaran will reasonably co-operate with the Customer in the Customer's handling of the matter.

9.3  Datamaran must notify the Customer within 7 working days if it receives a request from a Data Subject for access to their Personal Data or to exercise any of their other rights under the Data Protection Legislation.

9.4  Datamaran will give the Customer reasonable co-operation and assistance in responding to any complaint, notice, communication or Data Subject request.

9.5  Datamaran must not disclose the Personal Data to any Data Subject or to a third-party other than in accordance with the Customer's written instructions, or as required by domestic or EU law.

10. 1  At the Customer's request, Datamaran will give the Customer, or a third-party nominated in writing by the Customer, a copy of or access to all or part of the Personal Data in its possession or control in the format and on the media reasonably specified by the Customer.

10.2  On termination of the Agreement for any reason or expiry of its term, Datamaran will securely delete or destroy or, if directed in writing by the Customer, return and not retain, all or any of the Personal Data related to this DPA in its possession or control, except for one copy that it may retain and use in accordance with its backup and retention policies.

10.3  If any law, regulation, or government or regulatory body requires Datamaran to retain any documents, materials or Personal Data that Datamaran would otherwise be required to return or destroy, it will notify the Customer in writing of that retention requirement, giving details of the documents, materials or Personal Data that it must retain, the legal basis for such retention, and establishing a specific timeline for deletion or destruction once the retention requirement ends.

11.1  Datamaran shall make available to the Customer all information reasonably necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, conducted by the Customer or another authorised auditor mandated by the Customer with a seven working days notice.  Such audits shall not take place more than once in any 12-month period and will not interfere with the regular use of the platform. 

Subject matter and nature of processing: the performance of the Services.

Duration of Processing: the Subscription Period

Personal Data Categories: name, last name and email address

Data Subject Types: Authorised Users of the Service appointed by the Customer 

Approved Subcontractors: Amazon Web Services or equivalent cloud hosting suppliers. 

The Customer consents to Datamaran appointing Amazon Web Services or equivalent cloud hosting suppliers as third-party processors of Personal Data under this agreement.

 Datamaran will provide at least 99.50% Actual Availability during each one-calendar-month period during the Subscription Period. 

Actual Availability will be monitored and calculated on a monthly basis using the following formula:

Actual Availability (%) = [(X – Y) / X ] * 100

Where: 
X = scheduled Service availability (excluding scheduled Service downtime) during the applicable month
Y = unscheduled Service downtime during the applicable month.