Effective from 18 June 2021
- This Subscription Agreement (“Agreement”) is between NameScan, a division of Member Check Pty Limited (ABN 64 129 012 344) of Suite 213, 7 Railway Street, Chatswood NSW 2067, Australia (“MemberCheck”) and the Client registered with MemberCheck as a user of the NameScan Service as defined below (“Client”).
This Agreement governs the Client’s use of the NameScan Service (defined in clause 2). The Client
may not receive the NameScan Service unless and until the Client has:
- been registered by MemberCheck as a Client; and
- agreed to this Agreement, (which includes any Addenda), by clicking on the Website ‘I HAVE READ AND AGREE TO THE TERMS OF THE SUBSCRIPTION AGREEMENT’.
- Any individual who enters into this Agreement on behalf of the Client warrants that he or she is authorised to enter into this Agreement on behalf of the Client and to bind the Client to this Agreement.
- This Agreement commences on the date it is agreed to by the Client (“Commencement Date”).
- MemberCheck may amend this Agreement from time to time and will publish those amendments on its Website. The Client’s continued use of the NameScan Service after such amendments will constitute acceptance of the amendments by the Client.
Scope of NameScan Service
- “NameScan Service” means the service supplied by MemberCheck described in Schedule 1, including any part of that service supplied by MemberCheck from a third party, through NameScan’s Website such as the services referred to in clause 2(b) below.
Some parts of the NameScan Service are subject to specific terms and conditions. These include:
- Those specific terms and conditions may incorporate third parties, as specified in each Addendum.
Client’s use of the NameScan Service
- MemberCheck will supply to the Client the NameScan Service in accordance with this Agreement.
- During this Agreement, MemberCheck grants to the Client a non-exclusive, non-transferable, revocable licence to access and use the NameScan Service only for the purposes, and subject to any restrictions, specified in this Agreement, including in any Addenda.
The Client must:
use the NameScan Service only for the purpose of:
- assisting in complying with legal duties and regulations which apply to the Client;
- performing a statutory role as a Governmental organisation;
- performing law enforcement duties; or
- assisting a third party entity in relation to the obligations set out in (A) to (C) above.
- only allow Permitted Users to access and use the NameScan Service;
- prevent any third person from using the Client’s user ID or password;
- inform MemberCheck immediately of any actual or potential unauthorised access to the Client’s MemberCheck account, or to any part of the NameScan Service.
- use the NameScan Service only for the purpose of:
The Client must not:
- reproduce, distribute, display, sell, publish, broadcast or circulate the NameScan Service or any information retrieved from the NameScan Service to any third party (than otherwise required by law), nor make the NameScan Service available for any such use, unless authorised in writing by MemberCheck;
- use any device, software or routine to interfere or attempt to interfere with the proper working of the NameScan Service or any activity conducted through the Website; or
- take any action which imposes an unreasonable or disproportionately large load on MemberCheck infrastructure.
- The Client allows the use of its name and logo in any NameScan Service marketing material, including references to you as a user of the NameScan Service, on the NameScan Services Website. NameScan will cease the use of the name and logo of your company as permitted by this clause, if requested to do so in writing by your company.
- This Agreement commences on the Commencement Date and continues unless terminated in accordance with this Agreement.
- The Client must pay to MemberCheck the fees specified on the Website.
- Any reference in this clause to a term defined or used in the A New Tax System (Goods and Services Tax) Australian Act 1999 is, unless the context indicates otherwise, a reference to that term as defined or used in that Act.
- Unless expressly included, the consideration for any supply made under or in connection with this agreement does not include an amount on account of GST in respect of the supply (GST Exclusive Consideration) except as provided under this clause.
- Any amount referred to in this agreement (other than an amount referred to in clause 6(g), which is relevant in determining a payment to be made by one of the parties to the other is, unless indicated otherwise, a reference to that amount expressed on a GST exclusive basis.
- To the extent that GST is payable in respect of any supply made by a party (Supplier) under or in connection with this agreement, the consideration to be provided under this agreement for that supply (unless it is expressly stated to include GST) is increased by an amount equal to the GST Exclusive Consideration (or its GST exclusive market value if applicable) multiplied by the rate at which GST is imposed in respect of the supply.
- The recipient must pay the additional amount payable under clause 6(d) to the Supplier at the same time as the GST Exclusive Consideration is otherwise required to be provided.
- Whenever an adjustment event occurs in relation to any taxable supply made under or in connection with this agreement the Supplier must determine the net GST in relation to the supply (taking into account any adjustment) and if the net GST differs from the amount previously paid under clause 6(e), the amount of the difference must be paid by, refunded to or credited to the recipient, as applicable.
- If one of the parties to this agreement is entitled to be reimbursed or indemnified for a loss, cost, expense or outgoing incurred in connection with this agreement, then the amount of the reimbursement or indemnity payment must first be reduced by an amount equal to any input tax credit to which the party being reimbursed or indemnified (or its representative member) is entitled in relation to that loss, cost, expense or outgoing and then, if the amount of the payment is consideration or part consideration for a taxable supply, it must be increased on account of GST in accordance with clause 6(e).
- Each party agrees to comply with all privacy and other data protection laws that apply to it and the reasonable directions of the other party in relation to personal information supplied by that other party.
- If the GDPR is applicable to the Client’s processing of personal data using the NameScan Service the Client must notify MemberCheck.
- If the Client has given MemberCheck a notice under clause 7(b) then to the extent MemberCheck processes personal data subject to the GDPR on behalf of the Client, the Client acknowledges and agrees that terms and conditions of the Data Processing Addendum set out in Addendum B will apply to the processing of that personal data.
Intellectual Property Rights
- The intellectual property rights in all software, content, and functionality of the NameScan Service and all information supplied through the NameScan Service are owned by MemberCheck or another third party (“MemberCheck IP”). MemberCheck grants to the Client a non-exclusive, revocable licence to use the MemberCheck IP solely for the purpose of, and in accordance with, this Agreement.
- The Client retains all intellectual property rights in all information and other materials the Client supplies to MemberCheck under this Agreement. The Client grants to MemberCheck a nonexclusive licence to use such information and materials for the purpose of MemberCheck supplying the NameScan Service to the Client.
The Client warrants and undertakes that:
- this Agreement creates legally binding obligations of the Client;
- it is bound by and agrees to comply with the terms of the Sapphire Check Service Addendum, which appears in Addendum A, if the Client is provided with access to the Sapphire Check Service.
- The Client warrants and undertakes that:
MemberCheck warrants that:
- the NameScan Service will operate substantially as described in Schedule 1; and
- it is entitled to enter into this Agreement and perform its obligations under this Agreement.
- The Client may have rights under statutory consumer protection laws in its jurisdiction (including the Australian Competition and Consumer Act 2010 (Cth)), which cannot be excluded, restricted, limited or modified. The following exclusions of warranties, and the limitations of liability in clause 11 below, apply subject to any non-excludable rights the Client may have under such laws.
- Subject to clause 10(b), all representations, warranties, conditions, terms, guarantees and other provisions implied or imposed by or under statute or common law including, without limitation, warranties, guarantees or other terms as to suitability, merchantability, satisfactory or acceptable quality and fitness for a particular purpose, are excluded to the maximum extent permitted by law. Unless expressly provided, the NameScan Service is delivered “as is” without warranty of any kind. MemberCheck does not warrant or represent that the NameScan Service (or information or material supplied to MemberCheck on which all or part of the NameScan Service depends) will be delivered free of any inaccuracies, interruptions, delays, omissions or errors (“Faults”), or that all Faults will be corrected. MemberCheck shall not be liable for any loss, damages or costs resulting from any such Faults. The Client assumes sole responsibility and entire risk as to the suitability and results obtained from use of the NameScan Service, and any decisions made or actions taken based on the information contained in or generated by the NameScan Service.
- If the Client is in New Zealand, the parties agree that any goods or services supplied or acquired under this Agreement are supplied or acquired in trade as defined in the Consumer Guarantees Act 1993 (NZ) (CGA). The parties agree that the CGA will not apply to this Agreement and it is fair and reasonable that the parties are bound by this provision. The Client agrees that any provisions of the CGA that applies to a non-contracting supplier of services are excluded to the extent permitted by the CGA.
- The Client acknowledges that it is acquiring the NameScan Service relying solely on the Client’s skill and judgement and not on MemberCheck’s representations or other conduct, except as expressly provided by MemberCheck in writing. The purpose of this clause is to expressly contract out of the Fair Trading Act 1986 (NZ) to the maximum extent possible and the parties agree that it is fair and reasonable to do so.
- The Client understands that MemberCheck is an aggregator and provider of information for general information purposes only and does not provide financial, tax, accounting or legal advice. MemberCheck is also not responsible for any loss, damages or costs resulting from any decisions of the Client, or anybody accessing the NameScan Service through the Client, that are made in reliance on the NameScan Service, including decisions relating to legal, compliance and/or risk management decisions. The Client agrees that it uses the NameScan Service at its own risk.
- MemberCheck warrants that:
Limitation of liability
- If any term, condition, warranty, guarantee or other provision is impliedinto to this Agreement or applies to goods or services supplied by MemberCheck (whether by legislation, common law or otherwise) and it cannot be excluded, restricted or modified (a “Non-Excludable Term”), but MemberCheck is able to limit its liability for a breach of such Non-Excludable Term, then MemberCheck’s liability for breach of the Non-Excludable Term is limited to one or more of the following at MemberCheck’s option, the supplying of the services again or the payment of the cost of having the services supplied again.
Subject to paragraph 11(a) above and clause 4 of Addendum A in relation to the Sapphire Check
Service, MemberCheck’s liability, whether arising in contract, tort (including negligence), statute
or otherwise under or in connection with the NameScan Service or this Agreement:
- is limited to an amount equal to 50% of the total Fees paid by the Client in the 12 months preceding such claim.; and
- is excluded in respect of all Consequential Loss.
- Subject to clause 12, the Client’s liability whether arising in contract, tort (including negligence), statute or otherwise under or in connection with the NameScan Service or this Agreement is excluded in respect of all Consequential Loss.
- Nothing in this Agreement limits liability that cannot be limited under law (including in relation to Non-Excludable Terms).
The Client agrees to indemnify MemberCheck and its related entities, representatives, partners,
directors, agents and employees from and against any and all liabilities, claims, costs, losses,
damages and expenses, including reasonable legal fees on a full indemnity basis, suffered or
incurred by MemberCheck, its related entities, representatives, partners, directors, agents and
employees as a result of:
- the use of the NameScan Service for a purpose or in a manner other than as permitted by this Agreement or a breach of this Agreement;
- a failure of the Client to give a notice to MemberCheck when required by clause 7(b);
- any negligent, unlawful or willfully wrong act or omission of the Client or its related entities, representative, partners, directors, agents or employees; or
- any claim by a third party arising out of or in connection with the Client’s use of the NameScan Service.
- Where the Client is a trustee, the Client’s liability for debts incurred in acting as trustee are limited to the trust assets, provided the trustee has not acted without power or in breach of the trust.
- If the trustee acts without power or acts in breach of trust, then the trustee is personally liable for debts incurred in acting as trustee.
- The Client agrees to indemnify MemberCheck and its related entities, representatives, partners, directors, agents and employees from and against any and all liabilities, claims, costs, losses, damages and expenses, including reasonable legal fees on a full indemnity basis, suffered or incurred by MemberCheck, its related entities, representatives, partners, directors, agents and employees as a result of:
- Either party may terminate this Agreement at any time.
If this Agreement is terminated, the Client must:
- cease using the NameScan Service by the effective date of expiration or termination;
- pay to MemberCheck all Fees for all NameScan Services supplied up to the effective date of termination; and
- return to MemberCheck, or at MemberCheck’s direction, destroy, all copies of all information, content and other materials obtained by the Client from the NameScan Service, except to the extent the Client is required by law to retain any such information, content or other materials.
- Each party must keep confidential and not use or disclose any Confidential Information of the other party, except as permitted by this Agreement.
- The obligation of confidence in clause 14(a) extends to Confidential Information provided to or obtained by a party before entering into this Agreement.
The obligation of confidence in clause 14(a) does not apply to Confidential Information that is:
required to be disclosed by law, as long as the recipient:
- discloses the minimum amount of Confidential Information required to satisfy the law; and
- before disclosing any information gives a reasonable amount of notice to the discloser and takes all reasonable steps (whether required by discloser or not) to maintain that Confidential Information in confidence;
- in the public domain otherwise than as a result of a breach of this Agreement or another obligation of confidence; or
- already known by the recipient independently of its interaction with the other party and free of any obligation of confidence.
- required to be disclosed by law, as long as the recipient:
- Each party must take all steps and do all things necessary prudent or desirable in order to safeguard the confidentiality of the Confidential Information of the other party.
- Each party acknowledges that the value of the other party’s Confidential Information is such that an award of damages or an account of profits may not adequately compensate if this clause 14 is breached.
- The obligations of confidentiality in this clause 14 survive the termination of this agreement.
The Client may not assign any rights arising out of this Agreement without the prior written consent of MemberCheck which consent is not to be unreasonably withheld.
Specifying anything in this Agreement after the words ‘include’ or ‘for example’ or similar expressions does not limit what else is included.
Definitions and interpretation
The meanings of the terms used in this agreement are set out below.
Term Meaning Agreement means this Subscription Agreement including all Schedules, Addenda and Annexures. Confidential Information
in relation to a party means any information:
- regarding the business or affairs of that party;
- regarding the customers, employees or contractors of, or other persons doing business with that party;
- regarding the terms of this Agreement, or the commercial arrangements between the parties;
- which is by its nature confidential or which is designated as confidential by that party;
- which is designated as confidential in this Agreement; or
- which the other party knows, or ought to know, is confidential.
Consequential Loss means loss of revenues, profits, goodwill, bargain or loss of opportunities, anticipated savings, loss of or corruption of data, and any indirect, incidental, special or consequential loss or damage, howsoever caused (regardless of whether or not the possibility of the loss or damage was contemplated or communicated when this Agreement was entered into). GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Insolvency Event is when a receiver, receiver and manager, administrator, trustee or similar official is appointed over any of the Client’s assets or undertakings, an application or order is made for the winding up or dissolution of the Client, or a resolution is passed or any steps are taken to pass a resolution for the winding up or dissolution of the Client. Permitted User
means an individual who is either:
- an employee of the Client and who is authorised by the Client to access and use the NameScan Service; or
- performing the functions of an employee on a temporary basis, independent contractor or consultant who is performing work solely for the Client at the Client’s offices and is authorised by the Client to access and use the NameScan Service, for so long such user remains authorised by the Client to perform work for the Client;
PII Personally identifiable information (PII) is any data that could potentially identify a specific individual. Website means www.namescan.io, www.namescan.com.au and www.namescan.ai or other domains under which the NameScan Service has been provided.
This Agreement is the entire agreement between the parties in respect of its subject matter. It supersedes all prior discussions, negotiations, understandings and agreements in respect of its subject matter.
Part or all of any clause of this Agreement that is unenforceable or illegal will be severed from this Agreement and will not affect the enforceability of the remaining provisions of this Agreement.
A notice or other communication under this Agreement can be in writing and delivered by hand or sent by pre paid post or fax to a party at the address or the fax number for that party or email or similar electronic means of communication or as otherwise specified by a party by notice.
A party’s failure to insist that the other party perform any obligation under this Agreement is not a waiver of that right:
- to insist the other party perform, or to claim damages for breach of, that obligation; or
- to insist the other party perform any other obligation, unless other party provides a waiver in writing.
If a dispute arises out of or relates to this Agreement, or the breach, termination, validity or
subject matter thereof, or as to any claim in tort, in equity or pursuant to any domestic or
international statute or law, the parties to this Agreement and to the dispute expressly agree to
try to settle the dispute by mediation administered by the Australian Disputes Centre (“ADC”) or
similar body before having recourse to litigation:
- A Party claiming that a dispute has arisen, must give written notice to the other Party to the dispute specifying the nature of the dispute.
- On receipt of the notice specified in (1) the Parties to the dispute must within seven (7) days of receipt of said notice seek to resolve the dispute.
- If the dispute is not resolved within seven (7) days or within such further period as the Parties agree in writing then the dispute is to be referred to ADC for mediation.
- The mediation shall be conducted in accordance with ADC Guidelines for Commercial Mediation operating at the time the dispute is referred to ADC.
- If mediation fails to resolve the dispute within thirty (30) days of the dispute being referred to ADC, either party may give notice to the other to end the mediation.
- If a dispute arises out of or relates to this Agreement, or the breach, termination, validity or subject matter thereof, or as to any claim in tort, in equity or pursuant to any domestic or international statute or law, the parties to this Agreement and to the dispute expressly agree to try to settle the dispute by mediation administered by the Australian Disputes Centre (“ADC”) or similar body before having recourse to litigation:
Governing law and jurisdiction
This agreement is governed by the law in force in New South Wales.
Each party irrevocably submits to the exclusive jurisdiction of courts exercising jurisdiction in New South Wales and courts of appeal from them in respect of any proceedings arising out of or in connection with this Agreement. Each party irrevocably waives any objection to the venue of any legal process in these courts on the basis that the process has been brought in an inconvenient forum.
- This agreement is governed by the law in force in New South Wales.
Schedule 1 - The NameScan Service
The NameScan Service provides users with the ability to carry out checks in order to assist with their Anti-Money Laundering and Counter-Terrorism Financing Act obligations. The NameScan Service provides access to various data sources for carrying out these checks, which may include the following:
- PEPs (Political Exposed Persons), their relatives and close associates
- Sanctions and Official Lists
- Persons of Special Interest
Access to these sources is governed by the Subscription Agreement and various Addenda annexed to the Subscription Agreement.
The NameScan Service consists of reporting and research material, scanning and matching algorithms provided through a web based user interface.
The Client has the option to choose from Emerald Check or Sapphire Check Services as described on the NameScan Website.
Table of contents
Addendum A - Sapphire Check Service Addendum
Addendum B - GDPR Data Processing Addendum
ADDENDUM A - SAPPHIRE CHECK SERVICE ADDENDUM
The following terms and conditions apply to the Client’s use of the NameScan Service to the extent the Client has selected to subscribe for or uses scans designated as being from the Sapphire Data Source (“Sapphire Check Service“) after 1 July 2019. If there is any inconsistency between this Addendum and clauses 1 to 23 of the Agreement, this Addendum prevails in so far as it relates to the Sapphire Check Service. By using the Sapphire Check Service, the Client agrees to be bound by and comply with this Addendum A. Terms used in this Addendum are defined in the Agreement unless defined in clause 1 of this Addendum. Unless otherwise specified clause references are to clauses in this Addendum.
- Data means data requested from the Database by a Permitted User as part of a Data Request.
- Database means the Sapphire Data Source.
- Data Request means a request made by a Permitted User through the Sapphire Check Service, being a Search Request and/or a Monitor Request.
- Monitor Request means a request made through the Sapphire Check Service to monitor an individual or entity against the Database.
- Search Request means a request made through the Sapphire Check Service to search for information relating to an individual or entity in the Database.
The Sapphire Check Service
- The Client acknowledges that MemberCheck provides the Database under licence from Mergermarket Consulting (Singapore) Pte Ltd trading as Acuris Risk Intelligence of 96 Robinson Road, #13-02 SIF Building Singapore 068899 (“C6") and it is a requirement of that licence that certain terms and conditions are included in the Client’s Agreement in relation to the use of the Database and Data.
- MemberCheck grants a non-transferable, non-assignable, non-sublicenseable and non-exclusive licence to Client to allow Client’s Permitted Users to access and use the Database to retrieve the Data identified in a Data Request.
Scope of Use
The Client undertakes that it shall, and shall procure that each Permitted User shall at all
- not use the Data in any way which might infringe any licence granted to MemberCheck or C6, any law (including criminal and/or data protection law} and/or use any Data for any unlawful and/or unauthorised purpose;
- only allow Permitted Users to make use of and have access to the Database;
- not remove any copyright or other notice contained or included in any Data;
- acknowledge that the Data is licensed, not sold, and that it obtains no ownership of the Data;
- not use the Database and/or Data to compete in any way with MemberCheck;
- not in any circumstances use nor allow any third party to use, any automated software, process, programme, robot, web crawler, spider, data mining, trawling, screen scraping or other similar software (regardless of whether or not the resulting information would then be used for its internal purposes);
- promptly upon becoming aware of any breach of this clause 3.1 notify MemberCheck of the breach, and promptly provide such details as MemberCheck may reasonably request.
- The Client acknowledges and accepts as reasonable that the undertakings given in clause 3.1 above are of material importance to MemberCheck and that MemberCheck has entered into the Agreement in reliance on these undertakings. The Client acknowledges that without affecting any rights or remedies that MemberCheck may have, damages would not be an adequate remedy for any breach by the Client of clause 3.1 and that MemberCheck shall be entitled to apply for the remedies of injunction, specific performance and other equitable relief for any breach of clause 3.1.
The Client acknowledges that:
- the Database and the Data are licensed to the Client, not sold; and
- it obtains no ownership of the Database or the Data;
- it has no right (and shall not permit any third party) to adapt, reverse engineer, decompile, disassemble, modify or make error corrections to the Database or the Data; and
- if and to the extent MemberCheck or C6 is liable to the Client in respect of the Database or the Sapphire Check Service liability is limited in accordance with Clause 4 of this Addendum.
- The Client undertakes that it shall, and shall procure that each Permitted User shall at all times:
- Notwithstanding any other provision of the Agreement or this Addendum, no liability is excluded or limited to the extent that the same may not be excluded or limited by any applicable law.
- THE CLIENT ACKNOWLEDGES THAT MEMBERCHECK AND C6 (TOGETHER THE “SUPPLIERS”) COMPILE DATA BUT DO NOT ORIGINATE IT. ACCORDINGLY, THE DATABASE, ANY SERVICE AND/OR DATA ARE PROVIDED ON AN AS IS AND AS AVAILABLE BASIS AND THE SUPPLIERS DO NOT MAKE ANY REPRESENTATIONS OR WARRANTIES OF ANY KIND, AND WHETHER STATUTORY, EXPRESS OR IMPLIED, RELATING TO THE DATA (INCLUDING RELATING TO THE TIMELINESS, CURRENCY, CONTINUITY, ACCURACY, COMPLETENESS, MERCHANTABILITY, ACCEPTABLE QUALITY, NON-INFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE THEREOF.) IN PARTICULAR, THE CLIENT ACKNOWLEDGES THAT DATA MAY BE OBTAINED FROM SOURCES INCLUDING THE DARKWEB, AND ACCORDINGLY NO REPRESENTATION AND/OR WARRANTY IS GIVEN THAT THE PROVISION OF THE DATA BY SUPPLIERS COMPLIES WITH ANY LAW.
- THE CLIENT ACKNOWLEDGES THAT EVERY BUSINESS DECISION INVOLVES THE ASSUMPTION OF A RISK AND THAT THE SUPPLIERS, IN FURNISHING THE DATA TO THE CLIENT, DO NOT AND WILL NOT UNDERWRITE THAT RISK, IN ANY MANNER WHATSOEVER. NEITHER THE SUPPLIERS NOR ANY OTHER DATA SUPPLIER, SHALL BE LIABLE TO EITHER THE CLIENT OR ANY THIRD PARTY FOR ANY LOSS CAUSED IN WHOLE OR IN PART BY THE SUPPLIERS PROCURING, COMPILING, COLLECTING, INTERPRETING, REPORTING, COMMUNICATING, SUPPLYING OR DELIVERING THE DATA AND THE CLIENT AGREES NOT TO BRING ANY CLAIM AGAINST MEMBERCHECK, C6 AND/OR OTHER DATA SUPPLIERS IN RESPECT THEREOF.
- THE CLIENT ACKNOWLEDGES THAT (A) USE OF THE DATABASE BY IT AND/OR ANY PERMITTED USER IS AT THE CLIENT’S SOLE RISK, (B) WHILST THE SUPPLIERS OBTAINS THE DATA IN GOOD FAITH FROM SOURCES WHICH THE SUPPLIERS CONSIDER TO BE RELIABLE, THE CONTENTS OF THE DATABASE ARE BASED ON DATA SUPPLIED BY THIRD PARTIES AND ARE NOT INDEPENDENTLY VERIFIED, (C) THE SUPPLIERS DO NOT GUARANTEE THE SEQUENCE, ACCURACY, COMPLETENESS AND/OR TIMELINESS OF THE DATABASE, (D) THE SERVICE IS NOT INTENDED TO AND DOES NOT PROVIDE TAX, LEGAL OR INVESTMENT ADVICE, (E) THE CLIENT SHOULD SEEK INDEPENDENT TAX, LEGAL AND/OR INVESTMENT ADVICE BEFORE ACTING ON DATA OBTAINED FROM THE DATABASE, AND (F) THE SUPPLIERS SHALL NOT BE UNDER, AND EXCLUDE TO THE FULLEST EXTENT PERMITTED BY LAW ALL LIABILITY TO THE CLIENT FOR, ANY LIABILITY WHATSOEVER IN RESPECT OF (i) ANY MISTAKES, ERRORS, INACCURACIES OR OMISSIONS IN, OR INCOMPLETENESS OF, THE DATABASE, (ii) DELAYS IN UPDATING THE DATABASE OR NON-AVAILABILITY THEREOF (iii) LOSS OF PROFIT, BUSINESS REVENUE, GOODWILL AND ANTICIPATED SAVINGS (WHETHER DIRECT OR INDIRECT) INCURRED THROUGH THE USE OF THE DATABASE; (iv) TRADING, INVESTMENT OR OTHER LOSSES WHICH CLIENT MAY INCUR AS A RESULT OF USE OF OR RELIANCE UPON THE DATABASE AND/OR DATA AND/OR (v) INTERNET FAILURE, AND/OR FAILURE OF THE CLIENT TO HAVE IN PLACE ANY NECESSARY SOFTWARE OR EQUIPMENT; AND/OR (vi) ANY CLAIM THAT THE PROVISION OF THE DATA INFRINGES ANY LAW.
- For the avoidance of doubt MemberCheck and its licensors may disclose the identity of the Client, its Permitted Users and employees to meet any requirement of any obligation of law. The Client warrants and represents that it has secured the consent of each Permitted User or other person whose personal data is disclosed to MemberCheck to the use and disclosure of that information by MemberCheck and its licensors as may be required under any applicable law.
- Governing Law of Addendum This Addendum shall be governed by and construed in accordance with the laws of England and Wales and the parties hereto hereby agree to submit to the non-exclusive jurisdiction of the English courts.
ADDENDUM B - GDPR DATA PROCESSING ADDENDUM
This Data Processing Addendum ("Addendum") applies if the Client has given MemberCheck notice under clause 7(b) of the Agreement, Client Personal Data is Processed by MemberCheck on behalf of the Client and the GDPR applies to the Client and that Client Personal Data.
The terms used in this Addendum have the meanings set out in this Addendum. Capitalised terms not otherwise defined in this Addendum have the meaning given to them in the Agreement. Except as modified below, the terms of the Agreement remain in full force and effect and govern this Addendum.
In this Addendum, the following terms have the meanings set out below:
- "Clauses" means the standard contractual clauses set out in Annexure 2;
- "Client Personal Data" means any Personal Data, to which the GDPR applies, Processed by a Contracted Processor on behalf of the Client pursuant to or in connection with the Agreement and specifically the Personal Data (as that term is defined in the GDPR) uploaded to the NameScan Service;
- "Contracted Processor" means Processor or a Subprocessor;
- "Processor" means MemberCheck;
- "Restricted Transfer" means a transfer of Client Personal Data from the Client to the Processor where the transfer is prohibited by the GDPR in the absence of the Clauses;
- "Subprocessor" means any person (excluding an employee of Processor or any of its sub-contractors) appointed by or on behalf of Processor to Process Client Personal Data in connection with the Agreement.
- The terms, "Data Subject", "Personal Data", "Personal Data Breach", and "Processing" have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.
- Te word "include" shall be construed to mean include without limitation, and cognate terms shall be construed accordingly.
- In this Addendum, the following terms have the meanings set out below:
Processing of Client Personal Data
- Processor will not Process Client Personal Data other than on the Client’s documented instructions which are set out in this Addendum and the Agreement.
- The Client instructs Processor (and authorises Processor to instruct each Subprocessor) to Process Client Personal Data as necessary for the provision of the NameScan Service and consistent with the Agreement.
- Annexure 1 to this Addendum sets out certain information regarding the Contracted Processors' Processing of the Client Personal Data as required by Article 28(3) of the GDPR.
- Processor will take steps to ensure that access to Client Personal Data is limited to those individuals who need to know or access the relevant Client Personal Data, for the purposes of the Agreement, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
- Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor will in relation to the Client Personal Data implement appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.
- In assessing the appropriate level of security, Processor will take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.
- The Client authorises Processor to appoint (and permits each Subprocessor appointed in accordance with this clause 5 to appoint) Subprocessors in accordance with this clause 5 and any restrictions in the Agreement.
- Processor may continue to use those Subprocessors already engaged by Processor as at the date of this Addendum, subject to Processor as soon as practicable meeting the obligations set out in clause 5.4 of this Addendum.
- Processor will not appoint (nor disclose any Client Personal Data to) a proposed Subprocessor except with the prior written consent of Client.
- Processor will give the Client prior written notice of any change (appointment or replacement) of a Subprocessor, including full details of the Processing to be undertaken by the Subprocessor, and give the Client the opportunity to object to the change.
With respect to each Subprocessor, Processor will:
- before the Subprocessor first Processes Client Personal Data (or, where relevant, in accordance with clause 5.2 of this Addendum), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Client Personal Data required by the Agreement;
- enter into a written contract with the Subprocessor which provides sufficient guarantees to implement appropriate technical and organisational measures to meet the requirements of the GDPR
Data Subject Rights
- Taking into account the nature of the Processing, Processor will assist the Client by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Client’s obligations to respond to requests to exercise Data Subject rights under the GDPR.
- before the Subprocessor first Processes Client Personal Data (or, where relevant, in accordance with clause 5.2 of this Addendum), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Client Personal Data required by the Agreement;
- enter into a written contract with the Subprocessor which provides sufficient guarantees to implement appropriate technical and organisational measures to meet the requirements of the GDPR
Personal Data Breach
- Processor will notify the Client without undue delay if Processor becomes aware of a Personal Data Breach affecting Client Personal Data, providing Client with sufficient information (to the extent it is reasonably able) to allow the Client to meet any obligations to report, or inform Data Subjects of, the Personal Data Breach.
Deletion or return of Client Personal Data
- Subject to clause 8.2 of this Addendum, the Client instructs the Processor to delete all copies of the Client Personal Data after the date of termination of the NameScan Service where it involves the Processing of Client Personal Data.
- A Contracted Processor may retain Client Personal Data if permitted to do so by applicable law.
- Subject to clause 9.2 of this Addendum, Processor will make available to the Client on request all information necessary to demonstrate compliance with this Addendum, and allow for and contribute to audits, including inspections, by the Client or an auditor mandated by the Client in relation to the Processing of the Client Personal Data.
Client will give Processor reasonable notice of any audit or inspection to be conducted under
clause 9.1 of this Addendum and will make (and ensure that each of its mandated auditors makes)
reasonable endeavours to avoid causing (or, if it cannot avoid, to minimise) any damage, injury
or disruption to the Contracted Processors' premises, equipment, personnel and business while
its personnel are on those premises in the course of such an audit or inspection. A Contracted
Processor need not give access to its premises for the purposes of such an audit or inspection:
- to any individual unless he or she produces reasonable evidence of identity and authority; or
- outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Client has given notice to Processor that this is the case before attendance outside those hours begins.
- Subject to clause 10.3 of this Addendum, the Client and the Processor hereby enter into the Clauses in respect of any Restricted Transfer from the Client to the Processor.
- The Clauses come into effect under clause 10.1 of this Addendum on commencement of the relevant Restricted Transfer.
- Clause 10.1 of this Addendum, does not apply to a Restricted Transfer unless its effect, together with other reasonably practicable compliance steps (which, for the avoidance of doubt, do not include obtaining consents from Data Subjects), is to allow the relevant Restricted Transfer to take place without breach of applicable law.
- In the event of any conflict between this Addendum and the Clauses, the Clauses prevail.
- Subject to clause 11.1 of this Addendum, with regard to the subject matter of this Addendum, in the event of inconsistencies between the provisions of this Addendum and any other agreements between the parties, including the Agreement and including (except where explicitly agreed otherwise in writing, signed on behalf of the parties) agreements entered into or purported to be entered into after the date of this Addendum, the provisions of this Addendum shall prevail.
- For the avoidance of doubt and to the extent permitted by applicable law, any and all liability under this Addendum (including the Annexes) will be governed by the limitations of liability and other relevant provision so the Agreement.
If any provision of this Addendum is invalid or unenforceable, then the remainder of this
Addendum remains valid and in force. The invalid or unenforceable provision will be either:
- amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible,
- construed in a manner as if the invalid or unenforceable part had never been contained in the Addendum.
ANNEXURE 1: DETAILS OF PROCESSING OF CLIENT PERSONAL DATA
This Annexure 1 includes certain details of the Processing of Client Personal Data as required by Article 28(3) GDPR.
Subject matter of the Processing of Client Personal Data
The subject matter of the Processing is the Client Personal Data
Duration of the Processing of Client Personal Data
The duration of the Processing is as set out in the Agreement and this Addendum.
The nature and purpose of the Processing of Client Personal Data
The nature and purpose of the Processing is as set out in the Agreement (in particular Schedule 1 to the Agreement) and this Addendum.
The types of Client Personal Data to be Processed
Client Personal Data uploaded to the NameScan Service which includes name, date of birth, address or country of residence, gender and other information consider appropriate to assist in identifying the Data Subject.
The categories of Data Subject to whom the Client Personal Data relates
The Data Subjects may include Client’s employees, contractors, end users, customers and potential customers.
The obligations and rights of Client
The obligations and rights of Client are set out in the Agreement and this Addendum.
ANNEXURE 2: STANDARD CONTRACTUAL CLAUSES
The entity identified as "Client" in the Addendum (the "data exporter")
MemberCheck Pty Ltd ACN 129 012 344 (the “data importer”)
each a "party"; together "the parties",
HAVE AGREED on the following contractual clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
DefinitionsFor the purposes of the Clauses:
- 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
- 'the data exporter' means the controller who transfers the personal data;
- 'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
- 'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
- 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
- 'technical and organisational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Details of the transfer
The details of the transfer and in particular the special categories of personal data (where applicable) are specified in Appendix 1 which forms an integral part of the Clauses.
Third-party beneficiary clause
- The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
- The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
- The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
- The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by law.
Obligations of the data exporterThe data exporter agrees and warrants:
- that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
- that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
- that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
- that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
- that it will ensure compliance with the security measures;
- that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
- to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
- to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
- that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
- that it will ensure compliance with Clause 4(a) to (i).
Obligations of the data importerThe data importer agrees and warrants:
- to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
- that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
- that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
that it will promptly notify the data exporter about:
- any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
- any accidental or unauthorised access, and
- any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
- to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
- at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
- to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
- that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
- that the processing services by the subprocessor will be carried out in accordance with Clause 11;
- to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
- The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
- If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity. The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
- If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.
Mediation and jurisdiction
The data exporter agrees and warrants:
The data importer agrees that if the data subject invokes against it third-party beneficiary
rights and/or claims compensation for damages under the Clauses, the data importer will accept
the decision of the data subject:
- to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
- to refer the dispute to the courts in the Member State in which the data exporter is established.
- The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
- The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
Cooperation with supervisory authorities
The data exporter agrees and warrants:
- The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
- The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
- The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clauses.
The data importer shall not subcontract any of its processing operations performed on behalf of the
data exporter under the Clauses without the prior written consent of the data exporter.
Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.
- The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
- The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
- The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.
Obligation after the termination of personal data processing services
- The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
- The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES
The data exporter is the entity identified as “Client” in the Addendum
The data importer is MemberCheck Pty Ltd ACN 129 012 344.
Data subjects are defined in the Addendum.
Categories of data
The personal data is defined in the Addendum.
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data: Not Applicable
The personal data transferred will be subject to the following basic processing activities (please specify): The processing operations are defined in the Addendum and or the Agreement.
APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES
This Appendix forms part of the Clauses and must be completed by the parties.
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
The technical and organisational security measures implemented by the data importer are as described in the Addendum.