EXI has developed a web-based dashboard (“Portal”) and a mobile application (“App“) which enable organisations and/or their users to: (i) refer users to the App; (ii) use the App in connection with exercise activities; and (iii) monitor data relating to health and those exercise activities (together the “Purpose”) and EXI may make parts of the Portal and App available and provide consultancy or bespoke development services, in each case, for the Purpose (together the “Services”).
The Portal and Services are provided by iPrescribe Exercise Digital Ltd (trading as EXI) a company incorporated in England and Wales with company number 11944017 whose registered office is at X and Why, 20-30 Whitechapel Road, London, E1 1EW (“EXI”, “we”, “us”, or “our”).
2 Ordering, Configuration and Access to Services
- 2.2 Client Users those personnel of yours authorised to access the Portal, and End Users include your Client Users and users of the App referred to us by you.
- 2.3 Before we provide access to the Portal, you agree to follow our on-boarding process (“On-Boarding”) as instructed by our accounts team, which may include:
- 2.3.1 provision by you of user details, and
- 2.3.2 procuring materials, access, personnel and information as required by us to configure the Portal and supply the Services, and
- 2.3.3 payment of such Fees and expenses (if any) as are agreed to be due in advance.
- 2.4 You may start using the Services as soon as we give you access to them. You can continue to use the Services as long as you Subscribe to them. Time shall be material but not of the essence with respect to our supply of the Services.
- 2.5 It is your responsibility to determine the Services meet your business requirements and, to the fullest extent permissible by law and without limitation, we give no warranties that they will be fit for purpose, of satisfactory quality, uninterrupted or error free.
- 2.6 The Portal enables communication and display of content collected from or supplied by End Users, including through use of the App (“User Data”). To the fullest extent permitted by law we assume no liability for loss incurred as a result of User Data nor for its accuracy, availability or completeness. While not obliged to, we may remove or reject User Data.
- 2.7 To the extent that the Services include consultancy or development, for example to integrate with third party services or APIs, or customise the Portal:
- 2.7.1 the scope of such Services, including the Services to be performed, any product or work intended to result from those Services and to be supplied to you, applicable Fees, and timescales shall be set out in the applicable Order or otherwise agreed between us in writing (“Deliverables”);
- 2.7.2 you shall provide us with such access, materials, personnel, cooperation and information as are reasonably required by us to perform the Services;
- 2.7.3 we shall not be liable for any delay or default in performance arising from your failure to comply with clause 2.7.2 and no such delay will relieve or suspend your obligation to pay us under this Agreement and we shall have the right to charge you for any and all costs and expenses incurred by us arising from any delay caused by you in accordance with the rates and charges set out in the Order or otherwise agreed between us in writing;
- 2.7.4 no change to the scope of the Services shall be effective unless signed in writing by you and us and in the absence of any such change we may continue to perform such Services as if such change had not been requested;
- 2.7.5 we shall invoice you for such Services either in advance, or (at our option) once such Services or part thereof are completed, or otherwise as agreed in the Order and you shall pay our invoices in accordance with clause 4; and
- 2.7.6 all such Services and Deliverables arising therefrom, or parts thereof, shall be deemed accepted on the earlier of: (i) the date upon which they are completed in all material respects in accordance with the Order; (ii) the date upon which you tell us they are accepted; (iii) the date upon which you make use of them, or instruct us to do so, or make them available to any Client User or End User or third party; or (iv) within five working days of our supplying them, and you shall not unreasonably withhold, condition, or delay acceptance of any such Services or Deliverables.
3 Formation of Contract
- 3.1 All Orders are subject to our receipt of any applicable Fees, and acceptance by us by notifying you in writing that we have accepted your Order whereupon a legally binding agreement will be formed between you and us.
4 Price, Payment and Data
- 4.1 Our Fees (if any are applicable) for the Services will be calculated as set out in the Order or otherwise agreed between the parties. Fees are exclusive of VAT unless otherwise indicated.
- 4.2 You will be charged your Subscription fee (if any) (plus VAT or other applicable taxes) for the Services from the Commencement Date set out in the Order, payable [annually or monthly in advance] by such method as we shall require from time to time, or as otherwise agreed in the Order. Unless otherwise indicated invoices are payable within 30 days.
- 4.5 The Portal and App may allow your End Users to keep track of certain information such as information relating to exercise, health and wellbeing. In order to use the App your End Users must enter into a separate agreement with us directly, on our standard end user licence terms as amended from time to time. User Data may only be available to you through the Portal to the extent that the relevant End User has agreed to share it with you.
- 5.1 You warrant, represent and undertake that you shall:
- 5.1.1 comply with all laws, regulations, regulatory policies, guidelines or industry codes (and shall be responsible for obtaining all licences, clearances and consents) which apply to your use of the Services, and acknowledge that we are merely a provider of access to the App or Portal and accept no responsibility for your use thereof, or to any End User (other than to the extent we are required by statutory law or under the terms of our agreement directly with End Users);
- 5.1.2 not use the Services for any unlawful purposes;
- 5.1.3 not use the Services for any purpose other than the Purpose;
- 5.1.4 co-operate with us in all matters relating to the Services;
- 5.1.5 provide, in a timely manner, any information we may reasonably require in relation to the Services and ensure it is accurate in all material respects;
- 5.1.6 not do, or omit to do, anything which disparages, defames or puts into disrepute us, our trade marks, goodwill and/or the Services; and
- 5.1.7 be and are fully entitled to enter into and grant all rights granted under this Agreement and that entering into this Agreement shall not in any way conflict with any of your existing obligations, now and/or throughout the Term.
- 5.2 Subject to the remaining provisions in this Clause 5, we warrant that:
- 5.2.2 subject to completion of On-Boarding, the Services and Portal will perform substantially in accordance with their Specification.
- 5.3 The warranties in Clause 5.2 do not apply to failures caused by, arising out of:
- 5.3.1 your or any End User’s connection to the Internet;
- 5.3.2 combination of the Services with any devices or software not supplied or approved by us;
- 5.3.4 circumstances and events which are beyond our reasonable control.
- 5.4 Subject to Clause 5.3, if the Services do not meet the warranties in Clause 5.2, we will, at our sole option, either:
- 5.4.1 modify, improve or update the Services to make them conform; or
- 5.4.2 return Subscriptions (if any) paid for such Services for the period that they failed to conform; and
- 5.4.3 this shall be your exclusive remedy for any breach of such warranties under the Agreement.
- 5.5 We shall have no liability for any breach of the Agreement, if any claim relates to or arises from:
- 5.5.1 a modification of the Services, or use of the Services in combination with any third party software or data, by you, End Users or your agents; or
- 5.5.2 your use (or use by your End Users) of the Services in a manner contrary to the instructions given to you by us or any claim relating to Client Data.
- 5.6 We will use reasonable endeavours to maintain the Services free of viruses but we do not warrant or represent that no viruses or other contaminating or destructive materials or elements will be transmitted to you or that defects will be corrected. Accordingly, we recommend you have your own local anti-virus, anti-spam and anti-spyware programs, that they are of good quality and that they are kept up to date.
- 6.1 This Clause 6 sets out our entire financial and other liability (including any liability for acts or omissions of our officers, employees, agents or contractors) to you in respect of:
- 6.1.1 any breach of this Agreement; and
- 6.3 Nothing in this Agreement excludes our liability:
- 6.3.1 for death or personal injury caused by our negligence; or
- 6.3.2 for fraud or fraudulent misrepresentation; or
- 6.3.3 any other liability which cannot be excluded by law.
- 6.4 We shall accept liability for reasonably foreseeable losses arising as a direct result of breach by us of our statutory duty or the Agreement. However we shall not be liable where causes of loss:
- 6.4.1 arose from any act or omission of you, your agents, sub-contractors. consultants or employees;
- 6.4.2 arose from the use of the Services for purposes other than for the Purpose;
- 6.4.3 were reasonably foreseeable and preventable by you such as those arising from, but not limited to:
- 22.214.171.124 loss of data due to your failure to keep back-ups; or
- 126.96.36.199 user inflicted problems such as those caused by failure to read and/or follow user instructions provided in writing or orally by one of our technicians.
- 6.5 In claiming against us for losses you are expected to avoid losses occurring and take reasonable precautions to avoid loss (such as contacting us promptly upon becoming aware of an issue).
- 6.6 Our total aggregate liability arising under or in connection with this Agreement or otherwise (whether in contract, tort, including negligence or otherwise, or for breach of statutory duty), whether foreseeable or not will not exceed a sum equal to the greater of £100 and 100% of the amount due to be paid by you to us in connection with the provision of the Services to you in the 12 month period preceding the date upon which the claim arose.
- 6.7 We will not be liable under this Agreement for:
- 6.7.1 use not consistent with our applicable description of the Services in question; or
- 6.7.2 indirect, special or consequential losses or loss of profits, data, revenue, business, goodwill, reputation, management or other time or anticipated savings.
- 6.8 If our performance of our obligations under this Agreement is prevented or delayed by any act or omission of you, your Affiliates, agents, subcontractors, employees, or End Users we shall not be liable for costs, liabilities, charges or losses sustained or incurred that arise directly or indirectly from such prevention or delay.
7 Confidentiality and Audit
- 7.1 Each party may be given access to Confidential Information from the other party in order to perform its obligations under this Agreement. A party’s Confidential Information shall be deemed not to include information that:
- 7.1.1 is or becomes publicly known other than through any act or omission of the receiving party; or
- 7.1.2 was in the other party’s lawful possession before the disclosure without obligation of confidentiality; or
- 7.1.3 is lawfully disclosed to the receiving party without restriction on disclosure; or
- 7.1.4 is independently developed or obtained by the receiving party without reference to the Confidential Information; or
- 7.1.5 is required to be disclosed by law, by any court of competent jurisdiction or by any regulatory or administrative body.
- 7.2 Each party shall hold the other’s Confidential Information in confidence and, unless required by law, not make the other’s Confidential Information available to any third party, or use the other’s Confidential Information for any purpose other than for the purposes of the Agreement.
- 7.4 Neither party shall be responsible for any loss, destruction, alteration or disclosure of Confidential Information caused by any third party without the participation and/or knowledge of a party hereto.
8 Client and User Data
- 8.1 You shall comply with all applicable law and regulation in connection with your use of the Services and the processing of User Data, including personal data. Each of you and us will comply with Data Protection Laws applicable to the processing of personal data under or in connection with the Agreement, and with Schedule 2. Client Data includes information, data and other material provided by you or Client Users other than through the App, while User Data includes information, data and other material provided by or relating to End Users of the App.
9 Intellectual Property Rights
- 9.2 The Services are provided subject to the following:
- 9.2.1 you undertake you shall not (and shall not permit any End User or third party to) copy, adapt, reverse engineer, decompile, disassemble, modify, adapt or make error corrections to the Services in whole or in part, except to the extent permitted by law or with our prior written consent.
- 9.2.2 payment of the applicable Fees.
11 Term and Termination
- 11. The Agreement will come into effect on the date of, or specified in, the Order, subject to Clause 3.1, and shall remain in effect for the initial term specified in the Order (or, for 12 months where no such period is specified in the Order) (“Initial Term”) and shall automatically renew for a period equal to the Initial Term upon the expiry of any Subscription Period (where each of the Initial Period and any such renewal period shall constitute a “Subscription Period”) unless and until terminated in accordance with its terms.
- 11.2 Unless agreed otherwise in writing between you and us (for example where an alternative “Notice Period” is agreed in the Order), the Agreement may be terminated for convenience by either party giving notice at least one (1) month prior to the expiry of any Subscription Period, provided that such notice shall not expire earlier than the expiry of the then current Subscription Period. Where you are not paying us a subscription fee for use of the Services, we may terminate the Agreement at any time by written notice (which may include notice through the App or Portal) without further liability to you.
- 11.4 If you choose to cancel your Subscription pursuant to the terms of Clause 11.2 you are not entitled to a refund in respect of the remainder of any period in respect of which your Subscription or other fee was paid in advance (if applicable). If we terminate without cause (which we may do on 90 days’ written notice), then we will refund to you (to the extent you have already paid it to us), on a pro-rata basis, the amount of unused Subscription remaining right before the cancellation.
- 11.5 Notwithstanding the above, we may suspend access to the Portal or Services without notice if: (a) you are in breach of this Agreement; (b) your use of the Portal, App or Services has or is likely to have an adverse impact on us, our clients, or any other third party.
- 11.6 Without prejudice to any other rights or remedies which the parties may have, either party may terminate the Agreement without liability to the other immediately on written notice to the other if:
- 11.6.2 the other party suspends, or threatens to suspend, payment of its debts, is unable to pay its debts as they fall due, admits inability to pay its debts or is deemed unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986 or is deemed unable to pay its debts or as having no reasonable prospect of so doing, in either case, within the meaning of section 268 of the Insolvency Act 1986 or (if a partnership) has a partner to whom any of the foregoing apply; or
- 11.6.3 the other party commences negotiations with creditors with a view to rescheduling its debts, or makes a proposal for, or enters into any compromise or arrangement with, its creditors other than for the sole purpose of a scheme for a solvent amalgamation of that other party with other companies, or the solvent reconstruction of that other party; or
- 11.6.4 any event occurs, or proceeding is taken, with respect to the other party in any jurisdiction to which it is subject that has an effect equivalent or similar to any of the events mentioned in this clause 11.6.
- 11.7 Any termination of the Agreement howsoever occasioned shall not affect any accrued rights or liabilities of either party nor affect the coming into force or the continuance in force of any provision expressly or by implication intended to come into or continue in force on or after such termination.
12 Force Majeure
- 12.1 Provided we have complied with Clause 12.3, we shall not be in breach of the Agreement nor liable for a failure to perform, or delay in performance of, any of our obligations under the Agreement that is caused by pandemic, epidemic, natural or other disaster, failure of telecommunications network, or any other events outside our reasonable control (“Force Majeure Event”).
- 12.2 Our obligation to perform the Agreement is deemed suspended for the period that the Force Majeure Event continues, and we will have an extension of time for performance for the duration of that period.
- 12.3 We will use our reasonable commercial endeavours to mitigate the effect of any Force Majeure Event and to carry out our obligations under the Agreement in any way that is reasonably practicable despite the Force Majeure Event and to resume the performance of our obligations as soon as reasonably possible.
- 13.3 In addition, you acknowledge that from time to time during the Term we may apply upgrades to the App or Portal, and that such upgrades may result in changes to appearance and/or functionality of the App or Portal, provided that no upgrade shall disable, delete or significantly impair the existing functionality of the Portal or App.
- 13.4 You shall not be subject to any additional charges arising out of the application of the upgrade, save where:
- 13.4.1 the upgrade introduces new functionality to the Portal or App;
- 13.4.2 you are given the opportunity whether or not to accept such new functionality and any additional changes associated with such functionality (after, if applicable, any free trial period); and
- 13.4.3 any decision by you not to pay the charges for the new functionality will not prejudice your access to and use of the rest of the Portal or App.
- 14.1 You may not assign or sub-contract the Agreement or any rights and obligations thereunder without our prior written consent. We may assign our rights and obligations under the Agreement to our Affiliates.
- 14.2 Except as set out in the Agreement any notice under the Agreement must be in writing and delivered by hand or sent by recorded delivery to the address specified in the Order, or by email to the email address notified by a party for such purposes or to such other address as may have been notified by a party for such purposes.
- 14.3 No failure by either party to enforce any rights under the Agreement shall constitute a waiver of such right then or in the future. Any waiver must be in writing and signed by an authorised representative of the waiving party.
- 14.5 Other than our Affiliates, a person who is not a party to the Agreement has no right or benefit under or to enforce the Agreement under the Contracts (Rights of Third Parties) Act 1999 or otherwise.
- 14.7 We are an independent contractor. Neither we nor any of our personnel assigned to provide Services to you under this Agreement will be, or be deemed to be for any purpose, an employee or agent of yours.
- 14.8 We may use subcontractors to provide the Services provided that we remain solely responsible for the Services of such subcontractors.
SCHEDULE 1 – GLOSSARY
Affiliate means, in relation to a body corporate, any subsidiary, subsidiary undertaking or holding company of this body corporate, and any subsidiary or subsidiary undertaking of any such holding company for the time being as defined in section 1159 of the Companies Act 2006;
Commencement Date has the meaning given to it in the Order, and otherwise, if not specified, means the date on which we make the Services or part thereof available to you;
Confidential Information means any non-public information, know how, trade secrets or data in any form which is designated as being “proprietary”, “confidential” or “secret” or could reasonably be understood by a reasonable person to be confidential. The term “Confidential Information” shall also include any information not publicly available concerning the products, services (including the Services), finances, personnel or business of a party (and/or, if either party is bound to protect the confidentiality of any third party’s information, of a third party);
Controller, processor, data subject, personal data, personal data breach, and processing have the meanings set out in the Data Protection Law;
Data Protection Law means: (a) To the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom which relates to the protection of personal data; and (b) To the extent the EU GDPR applies, the law of the European Union or any member state of the European Union to which the applicable party is subject, which relates to the protection of personal data;
EU GDPR means the General Data Protection Regulation ((EU) 2016/679);
Fees includes Subscription fees, together with any other on-boarding, support or similar fees (if any);
GDPR means, to the extent the UK GDPR applies, the UK GDPR and, to the extent the EU GDPR applies, the EU GDPR.
Permitted Recipients means, for the purpose of Schedule 2, the parties to this Agreement, the employees of each party, any third parties engaged to perform obligations in connection with this agreement;
Shared Personal Data means, for the purpose of Schedule 2, User Data collected by the App and shared (subject to the consent of the relevant End User and Data Protection Law) by us with you through the Portal, in particular: health and physical activity data relating to End Users of the App.
UK GDPR has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018;
User Data means information, materials or data supplied by or collected from, End Users through the App;
- Unless the context otherwise so requires:
a) references to statutory provisions include those statutory provisions as amended or re-enacted; and
b) references to any gender include all genders.
c) Words in the singular include the plural and in the plural include the singular.
d) The word, “including” shall be deemed to mean, “including, without limitation” and shall not limit the types or categories to the information or items following such types or categories.
SCHEDULE 2: DATA PROCESSING ADDENDUM
- We may process personal data in connection with our provision of the Services. This Data Processing Addendum (“DPA”) explains our respective responsibilities in relation to the processing of personal data.
- If we process personal data on your behalf you shall be the data controller and we shall be a data processor. Where we determine the purpose and means of processing, in particular, for the general operation of the App and Portal, administering your user accounts and providing services directly to End Users, we shall be the data controller.
- Where we share Shared Personal Data with you (as defined below) you and we acknowledge that we are independent data controllers in respect of the processing of Shared Personal Data. Please refer to sections 5-11 below for further details regarding our respective obligations in relation to such Shared Personal Data.
- Where permitted by Data Protection Law and to the extent an End User of the App has given their explicit consent, we will share their User Data with you through the Portal. You will only process that personal data for the Agreed Purposes (as defined in the Appendix to this Schedule 2, which describes the categories of personal data, and permitted recipients in respect of that personal data) in accordance with the wishes of the End User.
- In respect of that shared data (“Shared Personal Data”) where an End User withdraws their consent, we may cease sharing such personal data with you. Where an End User wishes to exercise their rights (to erasure, to object to processing, to access data or have it rectified or otherwise) under Data Protection Laws, and notifies either you or us, each of you and us will notify the other promptly and provide the other such assistance as is reasonably necessary to comply with that request.
- Each party shall provide the other with details of at least one employee as a point of contact and responsible manager for issues arising out of Data Protection Laws (including, but not limited to, compliance, training, and the handling of personal data breaches).
- You shall: (a) process Shared Personal Data fairly and lawfully and ensure you have legitimate grounds under the Data Protection Laws for the processing of Shared Personal Data; (b) provide clear and sufficient information to data subjects, in accordance with the Data Protection Laws, of the purposes for which you will process Shared Personal Data, the legal basis for such purposes and such other information as is required by Data Protection Laws; (c) maintain complete and accurate records and information to demonstrate compliance with this Schedule 2 and not retain or process Shared Personal Data for longer than is necessary for the Agreed Purposes or as otherwise required by law; (d) have in place appropriate technical and organisational security measures to prevent unauthorised or unlawful processing of the Shared Personal Data and the accidental loss or destruction of, or damage to, the Shared Personal Data and to ensure a level of security appropriate to the harm which might result from such unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the Shared Personal Data to be protected; (e) ensure your staff members are appropriately trained to handle and process the Shared Personal Data and have entered into confidentiality agreements relating to the processing of personal data; (f) comply with obligations to report a personal data breach to the appropriate supervisory authority and (where applicable) data subjects under Article 33 of the GDPR and inform us of any personal data breach irrespective of whether there is a requirement to notify; (g) provide reasonable assistance as is necessary to facilitate handling any personal data breach in an expeditious and compliant manner; (h) immediately inform us, and cooperate with us in the event of a dispute or claim brought by a data subject or supervisory authority (or the Information Commissioner’s Office) concerning the processing of Shared Personal Data.
- You shall not transfer any Shared Personal Data outside the UK or European Economic Area unless you ensure the transfer complies with the Data Protection Laws and: is to a country approved under the Data Protection Laws as providing adequate protection; or there are appropriate safeguards or binding corporate rules in place pursuant to Data Protection Laws; or one of the derogations for specific situations in the applicable Data Protection Laws applies to the transfer.
- Where we receive a request from a data subject to exercise their rights in respect of Shared Personal Data under Data Protection Law, we shall communicate that request to you and you shall comply with it promptly in accordance with Data Protection Law and such other laws or regulation as may be applicable.
- We may inspect your arrangements for the processing of Shared Personal Data and terminate the Agreement (or part thereof) where we reasonably consider that you are not processing Shared Personal Data in accordance with this Agreement.
- Each of you and us shall, together, review the sharing of the Shared Personal Data under this Agreement on at least a yearly basis, including to evaluate: the purposes for which Shared Personal Data is being processed in order to determine whether those purposes are still limited to the Agreed Purposes; whether each of you and us are complying with Data Protection Laws and with the provisions of this DPA; whether any personal data breaches affecting the Shared Personal Data have been handled in accordance with this DPA and the Data Protection Laws.
- You instruct us to process personal data as reasonably necessary for the provision of the Services. In particular, you instruct us to process the following data:
|Subject matter and duration of the Processing of Personal Data:||Personal data included within the Client Data will be processed during the term of the Agreement (“Client Personal Data”).|
|The types of Personal Data to be Processed:||Client User and prospective End User data including names, usernames, roles, and email addresses.|
|The obligations and rights of data controller:||The obligations and rights of the data controller are set out in this Agreement.|
- In relation to Client Personal Data processed in connection with the operation by us of the Services, to the extent we are a data processor, we shall:
- 14.1 only process Client Personal Data on your documented instructions (including those set out above and otherwise in our Agreement), including in respect of transfers to a country outside of the UK or European Economic Area (EEA), unless processing is required by applicable laws in which case we shall, to the extent permitted by applicable law, inform you of that legal requirement prior to the relevant processing;
- 14.2 take reasonable steps to ensure the reliability of staff who have access to personal data, ensuring all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality;
- 14.3 taking into account the nature, scope, context and purpose of the processing, implement appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR in order to protect against unauthorised or unlawful processing of any personal data, or any accidental loss, destruction or damage of such data;
- 14.4 taking into account the nature of the processing and the information available to us, we shall, to a reasonable extent, assist you (at your expense): (i) by implementing appropriate technical and organisational measures for the fulfilment of your obligations to respond to requests to exercise data subject rights under the Data Protection Laws, and in particular Chapter III of GDPR, and (ii) in ensuring compliance with your obligations pursuant to Articles 32 to 36 of GDPR;
- 14.5 (to the extent permitted by law) notify you without undue delay on becoming aware of a personal data breach relating to the Client Personal Data.
- We shall make available to you information reasonably necessary to demonstrate compliance with the obligations laid down in clause 14, and allow for and contribute to audits (at your cost), conducted by you or an auditor designated by you. We will maintain a record of any processing of Client Personal Data pursuant to Article 30(2) of GDPR.
- You hereby grant a general authorisation to us to engage sub-processors. We shall inform you of any intended changes concerning the addition or replacement of sub-processors. We shall ensure that the arrangement between us and sub-processors is governed by a written agreement, including, to the extent required by applicable Data Protection Laws, terms which meet the requirements of Article 28(3) of the GDPR.
- To the extent we are a data processor, we shall notify you within 3 business days if we or any sub-processor receives a request from a data subject under any Data Protection Law in respect of Client Personal Data unless the data subject has forbidden the notification. To the extent End User personal data is included within Client Personal Data, you hereby instruct us to user our reasonable efforts to comply with requests received from those data subjects, in particular: where an End User requests erasure or rectification of, or access to, their personal data, you instruct us to erase, rectify or provide access to that personal data within one calendar month of our receipt of that request; where an End User objects to the processing of their personal data, you instruct us to cease, as far as reasonably practicable in accordance with that objection, processing that personal data, and to consult with you and the data subject in connection with any further processing.
- You shall indemnify us and keep us indemnified against all costs, damages, expenses (including reasonable legal expenses) incurred by us arising out of your or any Client User breach of this DPA, or applicable law (including Data Protection Laws) or non-compliance by you or any Client User with a data subject request in connection with their personal data. We shall not be liable for any claim brought by a data subject arising from any action or omission to the extent that such action or omission resulted from your instructions.