Subscription Agreement & Privacy Policy

See how our subscription agreement lives up to our Security & Privacy Pledges.

Trusted by

TERMS AND CONDITIONS

1. Definitions and interpretation

1.1 In this agreement (including the Schedules), the following words and expressions shall have the following meanings:

Account means the Client’s account on the Doorway platform;

Affiliate in relation to either party, any company, entity or undertaking within the same group as that party;

Authorised User(s) means those employees, representatives and personnel of the Client who are authorised by the Client to use the Services;

Authorised User Limit means the number of permitted users defined by the Service Tier selected in the Term Sheet;

Business Day a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business;

Client as defined in the Term Sheet;

Client Data the data information and materials inputted or uploaded by Client, Authorised Users, or Supplier on Client’s behalf or which may be accessed by Supplier for the purpose of facilitating Client’s use of the Services;

Client Materials any material provided or made available by or on behalf of Client to Supplier for the purposes of incorporation into the Services for Client or other use permitted by Supplier in connection with any Services or any marketing activity (including but not limited to Client’s trade mark or logo);

Client Representative has the meaning given to it in clause 6.1;

Confidential Information all information (whether written, oral or in some other form) disclosed to or obtained by one party (whether directly or indirectly) from the other (whether before or after the signing of this Agreement), including all and any personal data, all information relating to that other party’s business, operations, systems, processes, products, trade secrets, know how, contracts, finances, plans, strategies or current, former or prospective clients, customers, partners or suppliers (together with copies made of any of the foregoing) and which information is marked as being confidential or might reasonably be assumed to be confidential, but excluding information which:

(a) is available to the public other than because of any breach of this Agreement;

(b) is, when it is supplied, already known to whoever it is disclosed to in circumstances in which they are not prevented from disclosing it to others; or

(c) is independently obtained by whoever it is disclosed to in circumstances in which they are not prevented from disclosing it to others;

Supplier’s Confidential Information includes the Service and Software, the pricing and the terms of this Agreement;

Contract Year means each 12 month period starting from the Effective Date and each anniversary of the Effective Date;

Currency means the currency set out in the Term Sheet;

Doorway means an individual digital business card under the Client’s Account that may be assigned to an Authorised User;

Due Date has the meaning given to it in clause 7.4;

Free Period a limited 30 day period of access to a basic level of the Service without charge;

Indemnified Party the party seeking to make a claim pursuant to clause 10;

Indemnifying Party the party which grants an indemnity pursuant to clause 10;

Initial Term has the meaning given to it in clause 12.1;

Insolvency Event means:

(i) the other party suspends, or threatens to suspend, payment of its debts or is unable to pay its debts as they fall due or admits inability to pay its debts or  is deemed unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986 (IA 1986) as if the words “it is proved to the satisfaction of the court” did not appear in sections 123(1)(e) or 123(2) of the IA 1986;

(ii) the other party commences negotiations with all or any class of its creditors with a view to rescheduling any of its debts, or makes a proposal for or enters into any compromise or arrangement with any of its creditors other than for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party);

(iii) a petition is filed, a notice is given, a resolution is passed, or an order is made, for or in connection with the winding up of the other party (other than for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party);

(iv) an application is made to court, or an order is made, for the appointment of an administrator, or a notice of intention to appoint an administrator is given or an administrator is appointed, over the other party;

(v) the holder of a qualifying floating charge over the assets of that other party has become entitled to appoint or has appointed an administrative receiver;

(vi) a person becomes entitled to appoint a receiver over all or any of the assets of the other party or a receiver is appointed over all or any of the assets of the other party;

(vii) a creditor or encumbrancer of the other party attaches or takes possession of, or a distress, execution, sequestration or other such process is levied or enforced on or sued against, the whole or any part of the other party’s assets and such attachment or process is not discharged within 14 days;

(viii) any event occurs, or proceeding is taken, with respect to the other party in any jurisdiction to which it is subject that has an effect equivalent or similar to any of the events mentioned in this paragraph; or

(ix) the other party suspends or ceases, or threatens to suspend or cease, carrying on all or a substantial part of its business;

Intellectual Property Rights patents, rights to inventions, copyright and related rights, moral rights, trade marks and service marks, business names and domain names, rights in get-up, goodwill and the right to sue for passing off or unfair competition, rights in designs, rights in computer software, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world;
Normal Business Hours 9.00 am to 6.00 pm local UK time, each Business Day;

Payment Frequency means the frequency for payment of the Subscription Fees as set out in the Term Sheet;

Quarter means each consecutive 3 month period during the Term commencing on the Effective Date;

Renewal Term has the meaning given to it in clause 12.3;

Representatives in respect of each party, its officers, employees, representatives or Affiliates;

Service Tier means the functionality level applicable to the Service as selected and set out in the Term Sheet;

Services means Supplier’s digital business card software-as-a-service and related services described in the Service Tier section of the Term Sheet and in Schedule 1;

Software the online software applications provided by Supplier as part of the Services as described in the Term Sheet and Schedule 1;

Subscription Fees means the fees payable by Client for the Services as set out in the Term Sheet;

Supplier Materials means all proprietary materials and documents of the Supplier that may be provided by the Supplier to Client in connection with the Services;

Term has the meaning given to it in clause 12.3;

Term Sheet means the document set out at the beginning of this Agreement setting out the key commercial terms applicable to the Agreement;

Virus any thing or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices.

1.2 In this Agreement unless the context otherwise requires:

(a) Supplier and the Client are severally referred to as “party”, and collectively as “parties”.

(b) clause, Schedule and paragraph headings shall not affect the interpretation of this Agreement;

(c) a reference to person includes an individual, corporate or unincorporated body (whether or not having separate legal personality) and a reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established;

(d) unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular;

(e) reference to “including” or any similar terms on this Agreement shall be treated as being by way of example and shall not limit the general applicability of any preceding words; and

(f) reference to a statute or statutory provision is a reference to it as it is in force as at the date of this Agreement; and shall include all subordinate legislation made as at the date of this Agreement under that statute or statutory provision.

 

2. The Services

2.1 Access: Client may create an Account on the Supplier’s website (https://www.doorway.io/) and use the Account, with limited functionality, for the Free Period. Client’s use of the Account and Services during the Free Period shall be subject to this Agreement. Unless Client subscribes to a paid Service Tier, on expiry of the Free Period Client’s access to the Services shall cease.

2.2 In consideration of the mutual promises set out in this Agreement, Supplier shall provide the Services to the Client throughout the Term.

2.3 Each reference to the Client shall include each Affiliate of Client, except that no such Affiliate shall have any rights to directly enforce this Agreement against Supplier.

2.4 Subject to the terms and conditions of this Agreement, Supplier grants to Client a non-exclusive, royalty-free, non-transferable right to permit Authorised Users to use the Services during the Term solely for Client and its Clients’ internal business operations.

2.5 Client shall prevent any unauthorised access to, or use of, the Services and, in the event of any such unauthorised access or use, promptly notify Supplier in writing.

2.6 Each party warrants that it shall comply with all applicable laws and regulations with respect to its activities under and performance of this Agreement.

2.7 Each party agrees to comply with its obligations under Schedule 2 (Data Processing).

 

3. Additional Doorways

3.1 Where Client has subscribed to an enterprise Service Tier (being small, medium or large enterprise, as set out in the Term Sheet) and subject to clauses 3.2 and 3.3, Client may, from time to time during the Term, purchase additional Doorways and Supplier shall grant access to the Services to such additional Authorised Users in accordance with the provisions of this Agreement (“Additional Doorways”).

3.2 Additional Doorways can only be purchased in batches of 300 Doorways and via the Client Account portal. Additional Doorways shall be activated promptly following payment

3.3 Client shall pay to the Supplier the relevant fees for such Additional Doorways in accordance with the Supplier’s standard rate card in force from time to time. If such Additional Doorways are purchased by Client part way through the Initial Term or any Renewal Term (as applicable), such fees shall be pro-rated from the date of activation by the Supplier for the remainder of the Initial Term or then current Renewal Term (as applicable).

 

4. Client Data and Client Materials

4.1 Client shall own all right, title and interest (including any and all Intellectual Property Rights) in and to all of the Client Data and Client Materials and shall have sole responsibility for the legality (including ensuring that Supplier has the right to use and process the Client Data and Client Materials to provide the Services), reliability, integrity, accuracy and quality of the Client Data and Client Materials.

4.2 Supplier shall, in providing the Services, use the Client Data and Client Materials:

(a) only to the extent necessary to properly implement this Agreement and to provide the Services and Doorways to Client and its Authorised Users; and

(b) to the extent that the Client Data is Personal Data (as defined in Schedule 2), in compliance with the obligations set out in Schedule 2.

4.3 Supplier shall not use Client Data or Client Materials except as expressly permitted by this Agreement.

4.4 In the event of any loss or damage to Client Data, Client’s sole and exclusive remedy against the Supplier shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Client Data from the latest back-up of such Client Data maintained by the Supplier.  The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Client Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Client Data maintenance and back-up for which it shall remain fully liable).

 

5. Supplier’s obligations

5.1 Supplier warrants that:

(a) the Services will be performed with reasonable skill and care;

(b) it has and will maintain all necessary licences, consents, and permissions necessary for the performance of its obligations under this Agreement; and

(c) it shall take appropriate measures commensurate with its own information security and diversity and inclusion policies to not access, store, distribute or transmit any Viruses in the provision of the Services, or distribute any material which:

i. is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;

ii. facilitates illegal activity;

iii. depicts sexually explicit images;

iv. promotes unlawful violence;

v. is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or

vi. is otherwise illegal or causes damage or injury to any person or property.

5.2 The warranty at clause 5.1

(a) shall not apply to the extent of any non-conformance which is caused by use of the Services by the Client contrary to Supplier’s instructions, or modification or alteration of the Services by any party other than Supplier or Supplier’s duly authorised contractors or agents. If the Services do not conform with the foregoing warranty, Supplier will, at its expense, use reasonable commercial endeavours to correct any such non-conformance promptly, or provide Client with an alternative means of accomplishing the desired performance, failing which Client shall be entitled to terminate this Agreement forthwith. Such correction or substitution or termination, as the case may be, constitutes Client’s exclusive remedies for any breach of the warranty set out in clause 5.1(a).  Notwithstanding the foregoing, Supplier:

(a) does not warrant that Client’s use of the Services will be uninterrupted or error-free; or that the Software or Services will meet Client’s requirements; and

(b) is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and Client acknowledges that the Services and/or Software may be subject to limitations, delays and other problems inherent in the use of such communications facilities.

 

6. Client’s obligations

6.1 Promptly upon the date of this Agreement, Client shall introduce Supplier to its representative who shall be appointed as the Account administrator or Admin(s) (the “Client Representative”). Client shall use its reasonable efforts to ensure that the Client Representative works with Supplier to provide the information and support as reasonably required by Supplier to provide the Services.  Client agrees that the Client Representative shall be authorised on its behalf to provide such support and information.

6.2 In respect of the Services, Client undertakes that it shall:

(a) ensure that the number of Authorised Users does not exceed the Authorised User Limit applicable to the Client’s selected Service Tier

(b) it will not allow or suffer any Doorway to be used by more than one individual Authorised User unless it has been reassigned in its entirety to another individual Authorised User, in which case the prior Authorised User shall no longer have any right to access or use the Doorway, the Services and/or any Supplier Materials;

(c) provide Supplier with all necessary co-operation in relation to this Agreement and all necessary access to such information and/or personnel as may be reasonably required by Supplier;

(d) carry out all other Client responsibilities set out in this Agreement in a timely and efficient manner. In the event of any delays in Client’s provision of such assistance as agreed by the parties, Supplier may adjust any agreed timetable or delivery schedule as reasonably necessary;

(e) ensure that the Authorised Users use the Services in accordance with the terms and conditions of this Agreement and shall be responsible for any breach of this Agreement caused by an act or omission of Client’s Authorised Users;

(f) obtain and shall maintain all necessary licences, consents, and permissions necessary to perform its obligations under this agreement, including without limitation receipt of the Services;

(g) ensure that its network and systems comply with the relevant specifications provided by Supplier from time to time (provided that it shall not be required to make changes to its time recording system); and

(h) be solely responsible for procuring and maintaining its network connections and telecommunications links from its systems to Supplier’s data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to Client’s network connections or telecommunications links or caused by the internet.

6.3 Client warrants that:

(i) each Authorised User and/or Account administrator (depending on the applicable Service Tier selected in the Term Sheet) of the Client shall keep a secure password for their use of the Services;

(ii) it shall take appropriate measures commensurate with its own information security and diversity and inclusion policies to not access, store, distribute or transmit any Viruses, or any material during the course of its use of the Services which:

i. is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;

ii. facilitates illegal activity;

iii. promotes unlawful violence;

iv. is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or

v. is otherwise illegal or causes damage or injury to any person or property, and
Supplier reserves the right, without liability or prejudice to its other rights to Client, to disable Client’s, Account administrators’ and any Authorised Users’ access to the Services in the event that Client is in breach of this clause 6.3

(ii), provided that Supplier has first notified Client of its intention to disable such access and permits Client a reasonable opportunity to remove the breaching materials.
Audit

6.4 Supplier and/or its designated auditor may audit the Client’s use of the Services and Client’s Account in order to establish the name and password of each Authorised User and Client’s compliance with this Agreement.  Each such audit may be conducted no more than once per quarter, at the Supplier’s expense. This right shall be exercised with reasonable prior written notice, in such a manner as not to materially interfere with Client’s ordinary business.

6.5 If any audit conducted under clause 6.4 reveals that any password has been provided to any individual who is not an Authorised User, then without prejudice to the Supplier’s other rights, Supplier may promptly disable such Doorway(s) and the individual(s) shall not be permitted to continue use the Doorway or the Services.

6.6 If any audit conducted under clause 6.4 reveals that Client has underpaid any Subscription Fees to the Supplier, then without prejudice to the Supplier’s other rights, Client shall pay to the Supplier an amount equal to such underpayment as calculated in accordance with the prices set out in the Term Sheet within 10 Business Days of the date of the relevant audit together with accrued interest calculated in accordance with clause 7.5(b).

 

7. Payment

7.1 Client shall pay the Subscription Fees in accordance with the terms of this Agreement.  Subscription Fees are not payable in respect of the Free Period.

7.2 Supplier operates automated payment processing through it’s third party payment provider, Stripe. Client shall on, or prior to, the Effective Date provide to the Supplier valid, up-to-date and complete credit card details or approved purchase order information acceptable to the Supplier and any other relevant valid, up-to-date and complete contact and billing details and, if Client provides:

(a) its credit card details to the Supplier, Client hereby authorises the Supplier to bill such credit card: (i) on the Effective Date for either (1) the Subscription Fees payable in respect of the Initial Term; or (2) where the Payment Frequency is monthly or Quarterly, the first instalment of the Subscription Fees; and
(ii) subject to clauses 12.2 and 12.3, the Subscription Fees payable in respect of the next Renewal Term, Quarter or month (in accordance with the Payment Frequency);

(b) its approved purchase order information to the Supplier, the Supplier shall invoice Client:
(i) on the Effective Date for the Subscription Fees payable in respect of the Initial Term; and
(ii) subject to clauses 12.2 and 12.3, at least 30 days prior to the commencement of the next month, Quarter or year (in accordance with the Payment Frequency) for the Subscription Fees payable.

7.3 All Subscription Fees are payable an advance.

7.4 The Client shall pay each invoice within thirty (30) days of the date of invoice (the “Due Date”).

7.5 If Supplier has not received payment by the Due Date, and without prejudice to any other rights and remedies of Supplier:

(a) Supplier may, without liability to Client, disable the Client’s Account and access to all or part of the Services and Supplier shall be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid; and

(b) interest shall accrue on a daily basis on such due amounts at an annual rate equal to 4% over the then current base lending rate of the Bank of England from time to time, commencing on the Due Date and continuing until fully paid, whether before or after judgment.

7.6 All Subscription Fees payable in accordance with this Agreement:

(a) shall be payable in the Currency and Payment Frequency;

(b) are non-cancellable and non-refundable; and

(c) are exclusive of value added tax, which shall be added to Supplier’s invoice(s) at the appropriate rate.

7.7 Supplier shall be entitled to increase the Subscription Fees with effect from commencement of each Renewal Term. Supplier shall give sixty (60) days’ prior written notice of such increase.

 

8. Proprietary rights

8.1 Subject to clause 4.1, Client acknowledges and agrees that Supplier and/or its licensors own all Intellectual Property Rights in the Software and Services. Except as expressly stated herein, this Agreement does not grant Client any rights to, or in, any Intellectual Property Rights in respect of the Software or Services.

8.2 Supplier confirms that it has all the rights in relation to the Services and the Supplier Materials that are necessary to grant all the rights it purports to grant under, and in accordance with, the terms of this Agreement.

8.3 Client shall not (except as may be allowed by any applicable law which is incapable of exclusion):

(a) attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Software or Services (as applicable) in any form or media or by any means;

(b) attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Software or Services;

(c) access all or any part of the Software or Services in order to build a product or service which competes with the Software or Services;

(d) use the Software or Services to provide services to third parties (except in relation to the provision of services to Clients in the ordinary course of the Client’s business);

(e) license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Software or Services available to any third party except the Authorised Users; or

(f) attempt to obtain, or assist third parties in obtaining, access to the Software or Services, other than as explicitly provided under this Agreement.

8.4 Client grants to Supplier a limited, non-exclusive, non-transferable licence to use aggregated and anonymised data derived from the Client Data in connection with the development of Supplier’s software and services and their promotion (subject always to Supplier’s obligations under clause 9).

8.5 Nothing in this Agreement shall operate to assign any Intellectual Property Rights. To the extent any such assignment occurs by operation of law or otherwise, each party shall cooperate with the other and shall execute all such documents as may be reasonably requested to ensure each party owns and retains its Intellectual Property Rights.

8.6 Notwithstanding the foregoing, Client consents to Supplier referring to this Agreement (but not any Confidential Information) and publically displaying any trade mark, logo, business, company or trade name of Client that Client has uploaded to its Account; in order to indicate that Client is a customer of Supplier (including, without limitation, on Supplier’s website, social media, publicity or advertising material), subject to Supplier complying with brand guidelines or other reasonable instructions provided by Client from time to time.

 

9. Confidentiality

9.1 Subject to clause 9.2, each party shall:

(a) keep confidential (and procure that its Representatives keep confidential) all Confidential Information of the other party which it receives, creates or otherwise becomes aware of in connection with this Agreement;

(b) apply to such Confidential Information no lesser security measures and degree of care than those which it takes in protecting its own Confidential Information and in any event no less than that which a reasonable person or business would take in protecting its own confidential information

(c) only use such Confidential Information as strictly necessary for the performance of, or exercise of its rights under, this Agreement;

(d) not disclose such Confidential Information to any third party (other than its professional advisors, officers, employees, agents, contractors and sub¬contractors on a ‘need to know’ basis as strictly required for the purposes of this Agreement and subject to each such person being bound by an obligation of confidentiality equivalent to this clause 9); and

(e) promptly, upon request and, in any event, upon termination of this Agreement (for whatever reason), return to the other party all materials (in whatever form) incorporating, embodying or recording any such Confidential Information in its possession or control and, if requested by the other party, certify in writing that it has done so.

9.2 Either party may disclose the other’s Confidential Information to the extent required by law or by any court, tribunal, regulator or other authority with competent jurisdiction to order its disclosure (but only to the extent of such requirement), provided that where legally permitted it first notifies the other party of such requirement and takes all reasonable steps as required by that party to maintain the confidentiality of such Confidential Information.

9.3 The parties acknowledge and agree that:

(a) damages would not be an adequate remedy for any breach of the provisions of this clause 9;

(b) the receiving party shall be entitled to the remedies of injunction, specific performance and other equitable relief for any threatened or actual breach of the provisions of this clause 9; and

(c) no proof of special damage shall be necessary for the enforcement of this clause 9.

 

10. Indemnity

10.1 Supplier shall be liable for and shall indemnify Client, its officers, directors and employees against any and all costs, liabilities, losses, damages or expenses (including reasonable legal expenses) arising from any claim that the Services or Software infringe any Intellectual Property Rights of a third party.

10.2 Client shall be liable for and shall indemnify Supplier, its officers, directors and employees against any and all costs, liabilities, losses, damages or expenses (including reasonable legal expenses) arising from any claim:

(a) that the Client Materials infringe any Intellectual Property Rights of a third party; and/or

(b) arising out of or in connection with a breach by Client of clause 6.3.

10.3 Any claim pursuant to clauses 10.1 and 10.2 shall be subject to:

(a) the Indemnified Party giving the Indemnifying Party prompt notice of any such claim;

(b) the Indemnified Party providing reasonable co-operation to the Indemnifying Party in the defence and settlement of such claim, at the Indemnifying Party’s expense; and

(c) the Indemnifying Party is given sole authority to defend or settle the claim subject to the Indemnified Party’s approval, such approval not to be unreasonably withheld or delayed.

10.4 In the defence or settlement of any claim under clause 8.2 or 10.1, Supplier may procure the right for Client to continue using the Services, replace or modify the Services so that they become non-infringing or, if such remedies are not reasonably available, terminate this Agreement on immediate written notice.

10.5 In no event shall the Indemnifying Party, its employees, agents and sub-contractors be liable to the Indemnified Party to the extent that the alleged infringement is based on:

(a) in respect of a claim by Client:
i. a modification of the Services or Supplier Materials by anyone other than Supplier or Supplier’s authorised contractors;

ii. Client’s or any Authorised Users’ use of the Services or Supplier Materials in a manner contrary to the instructions given to Client by Supplier; or

iii. Client’s or any Authorised Users’ use of the Services or Supplier Materials after notice of the alleged or actual infringement from Supplier or any appropriate authority; and

(b) in respect of a claim by Supplier:

i. a modification of the Client Materials by anyone other than Client or Client’s authorised contractors;

ii. Supplier’s use of the Client Materials in a manner contrary to the written instructions given to Supplier by Client; or

iii. Supplier’s use of the Client Materials after notice of the alleged or actual infringement from Client or any appropriate authority.

 

11. Limitation of liability

11.1 This clause 11 sets out the entire financial liability of each party (including any liability for the acts or omissions of its employees, agents and sub-contractors) to the other party:

(a) arising under or in connection with this Agreement;

(b) in respect of any use made by Client and the Authorised Users of the Services or any part of it; and

(c) in respect of any representation, statement or tortious act or omission (including negligence) arising under or in connection with this Agreement.

11.2 Except as expressly and specifically provided in this Agreement:

(a) Client assumes sole responsibility for results obtained from the use of the Services by Client and Authorised Users, and for conclusions drawn from such use. Supplier shall have no liability for any damage caused by errors or omissions in any Client Data, information or instructions provided to Supplier by Client in connection with the Services, or any actions taken by Supplier at Client’s direction; and

(b) all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this Agreement.

11.3 Nothing in this Agreement excludes either party’s liability for:

(a) death or personal injury caused by its negligence;

(b) fraud or fraudulent misrepresentation;

(c) a breach of clause 9;

(d) any obligation to make payment under this Agreement; or

(e) any matter which cannot by law be limited or executed.

11.4 Subject to clause 11.2, clause 11.3 and clause 11.5:

(a) neither party shall be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or for any special, indirect or consequential loss, costs, damages, charges or expenses however arising under this Agreement; and

(b) each party’s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of this Agreement shall be limited to the Subscription Fees paid or payable by the Client to the Supplier in the 12 month period immediately preceding the event giving rise to the claim.

11.5 Subject to clause 11.3 and 11.4(a):

(a) Supplier’s total aggregate liability in respect of any claim under the indemnity set out in clause 10.1 shall be limited to £1,000,000;

(b) Client’s total aggregate liability in respect of any claim under the indemnity set out in clause 10.2(a) shall be limited to £1,000,000; and

(c) Client’s total aggregate liability in respect of any claim under the indemnity set out in clause 10.2(b) shall be limited to £1,000,000.

 

12. Term and termination

12.1 Free Period. This Agreement commences on the date of last signature or, if earlier, on the date that the Client’s access to the Service commences and unless terminated earlier in accordance with its terms, continues for the duration of the Free Period. On expiry of the Free Period, this Agreement shall automatically enter the Initial Term.

12.2 Initial Term. Unless terminated earlier in accordance with its terms, the Agreement shall continue for a period of twelve (12) months from expiry of the Free Period (the “Initial Term”).

12.3 Renewal Term. On expiry of the Initial Term, this Agreement shall automatically renew for further periods of twelve (12) months (each a “Renewal Term”), unless either party gives to the other at least 45 days’ prior written notice not to renew, such notice to take effect on the expiry of the Initial Term or then-current Renewal Term. The Free Period, the Initial Term and any Renewal Term shall together be the “Term”.

12.4 Either party may terminate this Agreement during the Free Period on giving written notice to the other party.

12.5 Without affecting any other right or remedy available to it, either party may terminate this Agreement with immediate effect by giving written notice to the other party if:

(a) the other party commits a material breach of any term of this Agreement (including their respective obligations set out in Schedule 2) which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 30 Business Days after being notified in writing to do so; or

(b) where permitted under applicable law, either party suffers an Insolvency Event.
12.6 On termination of this Agreement for any reason:

(a) all licences granted under this Agreement shall immediately terminate and Client shall immediately cease and shall ensure that all Authorised Users cease using the Services;

(b) the Supplier may cancel access to the Account, Services and all Doorways in use by Authorised Users;

(c) any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the Agreement which existed at or before the date of termination shall not be affected or prejudiced; and

(d) the following provisions shall survive termination: 9, 10, 11 and Schedule 23 (to the extent necessary).

12.7 On termination or expiry of this Agreement or otherwise on request by Client, the Client Data shall be destroyed by Supplier to the extent that the Client Data cannot be retrieved or otherwise restored by Supplier, its employees, agents or subcontractors. Supplier shall destroy the Client Data within 30 Business Days after termination or expiy of this Agreement. Supplier shall, where required by law, be permitted to retain one copy of the Client Data which shall continue to be subject to this clause 12 and, to the extent relevant, Schedule 2 (Data Protection), notwithstanding termination or expiry of this Agreement. If Client wishes to retain a copy of the Client Data, the Client may export a copy of such Client Data from their Account within 10 days of termination or expiry of this Agreement.

 

13. General

13.1 Force Majeure. Neither party shall have liability to the other party under this Agreement if it is prevented from or delayed in performing its obligations under this Agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes (except to the extent such dispute involves the workforce of the affected party or its contractors), failure of a utility service or transport or telecommunications network, act of God, pandemic, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or sub-contractors, provided that the other party is notified of such an event and its expected duration.

13.2 Conflict of terms. If there is an inconsistency between any of the provisions in the main body of this Agreement, the Term Sheet and the Schedules, the following order of precedence shall apply:

(a) Term Sheet;

(b) main body of this Agreement;

(c) Schedules.

13.3 Variation. No variation of this Agreement shall be effective unless it is in writing and signed by the parties (or their authorised representatives).

13.4 Waiver. No failure or delay by a party to exercise any right or remedy provided under this Agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.
13.5 Severance. If any provision (or part of a provision) of this Agreement is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, the other provisions shall remain in force. If any invalid, unenforceable or illegal provision would be valid, enforceable or legal if some part of it were deleted, the provision shall apply with whatever modification is necessary to give effect to the commercial intention of the parties.

13.6 Whole agreement. This Agreement, and any documents referred to in it (including the Term Sheet and Schedules), constitute the whole agreement between the parties and supersede any previous arrangement, understanding or agreement between them relating to the subject matter they cover. Each of the parties acknowledges and agrees that in entering into this Agreement it does not rely on any undertaking, promise, assurance, statement, representation, warranty or understanding (whether in writing or not) of any person (whether party to this Agreement or not) relating to the subject matter of this Agreement, other than as expressly set out in this Agreement.  Notwithstanding the previous provisions of this clause, nothing in this Agreement shall limit liability for fraudulent misrepresentation.

13.7 Assignment. Neither party shall, without the prior written consent of the other party, assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement.

13.8 No partnership. Nothing in this Agreement is intended to or shall operate to create a legal partnership between the parties, or authorise either party to act as agent for the other, and neither party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way (including, but not limited to, the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).

13.9 Third Party Rights. This Agreement does not confer any rights on any person or party (other than the parties to this Agreement and, where applicable, their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.

13.10 Notices.

13.11 Any notice required to be given under this Agreement shall be in writing and shall be delivered by hand or sent by pre-paid first-class post or recorded delivery post to the other party at its address set out in this Agreement, or such other physical address as may have been notified by that party for such purposes. A notice delivered by hand shall be deemed to have been received when delivered (or if delivery is not in Normal Business Hours, at 9 am on the first Business Day following delivery). A correctly addressed notice sent by pre-paid first-class post or recorded delivery post shall be deemed to have been received at the time at which it would have been delivered in the normal course of post. A copy of any notices sent pursuant to this clause 13.11 shall also be sent by email to the email address set out in the Term Sheet.

 

14. Governing law and Jurisdiction

14.1 This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of England.

14.2 Each party irrevocably agrees that the courts of England shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims).

 

SCHEDULE 1

THE SERVICE

Service Tiers
1. Starter: < 20 Doorways per Account.

(a) The Account designates one administrator who is responsible for the design of the Client’s Doorway and subsequent distribution of Doorways to Authorised Users. The Account is limited to one Doorway design for all Authorised Users. The Account administrator can update the Account’s Doorway design at any time and can add and remove Authorised Users from the Account provided the number of Authorised Users does not exceed the Authorised User Limit. The Account administrator is responsible for payment of the Subscription Fee. The administrator does not have the ability to control Authorised Users’ Doorway details; Authorised Users have the unique ability to control the details within their individual Doorway.

2. Professional: <150 Doorways per Account.

(a) The Account designates one administrator who is responsible for the design of the Doorways and subsequent distribution of Doorways to Authorised Users. The account is limited to one Doorway design for all Authorised Users. The Account administrator can update the Account’s Doorway design at any time and can add and remove Authorised Users provided the number of Authorised Users does not exceed the Authorised User Limit.

(b) The Account administrator is responsible for payment of the Subscription Fee.

(c) The Account administrator is responsible for controlling the details each Authorised User can share. The Account administrator has access to bulk management features, wherein they can create Doorways via .csv upload. Once the Account administrator has created Doorways for Authorised Users the Account administrator can update the details of the Authorised Users’ Doorways at any time (e.g. update a job title).

(d) Supplier and/or its affiliated partner shall plant 20 trees per month on behalf of the Client (“Account Forest”). The administrator has access to data provided by Supplier and/or its affiliated partners, which includes tracking of the location, species and generated CO2 offset of the Account Forest, with metrics updated on a monthly basis.

3. Business: <300 Doorways per Account.

(a) The Client Account has the ability to grant one or more Account administrator(s) (“Admin(s)”) who are responsible for the design of the Doorways and subsequent distribution of Doorways to Authorised Users. The Account can have an unlimited number of Doorway designs for Authorised Users. Admins can (i) update the Account Doorway design(s) at any time; (ii) add and remove Authorised Users from the Account  provided the number of Authorised Users does not exceed the Authorised User Limit; and (iii) attribute Doorway designs to specific Authorised Users or groups of  Authorised Users.

(b) The Account Admin(s) are responsible for payment of the Subscription Fee.

(c) Admins have access to bulk management features, wherein they can create Doorways via .csv upload. Once Admins have created Doorways for  Authorised Users, the Admin(s) can update the details of the  Authorised Users Doorway at any time (e.g. update a job title).

(d) Admins can grant permission to Authorised Users to control their respective details (i.e. Admins can allow  Authorised Users to update their own job titles or add an additional field for a personal URL).

(e) Supplier and/or its affiliated partner shall plant 50 trees per month on behalf of the Client (“Account Forest”). The administrator has access to data provided by Supplier and/or its affiliated partners, which includes tracking of the location, species and generated CO2 offset of the Account Forest, with metrics updated on a monthly basis.

Enterprise Tiers: All three enterprise tiers have the same functionality, each with a unique Authorised User Limit. All enterprise tiers have access to the Administrative Units feature, as detailed below.

4. Small Enterprise:  <1,000 Doorways per Account

5. Medium Enterprise: <5,000 Doorways per Account

6. Large Enterprise: Unlimited Doorways per Account

(a) The Client Account has the ability to grant one or more Account administrator(s) (“Admin(s)”) who are responsible for the design of the Doorways and subsequent distribution of Doorways to Authorised Users. The Account can have an unlimited number of Doorway designs for Authorised Users. Admins can (i) update the Account Doorway design(s) at any time; (ii) add and remove Authorised Users from the Account  provided the number of Authorised Users does not exceed the Authorised User Limit; and (iii) attribute Doorway designs to specific Authorised Users or groups of  Authorised Users.

(b) Admins have access to bulk management features, wherein they can create Doorways via .csv upload. Once Admins have created Doorways for  Authorised Users, the Admin(s) can update the details of the Authorised Users Doorway at any time (e.g. update a job title).

(c) Admins have access to HR integration features, wherein the Account’s Doorway can be linked to an incumbent employee detail management software (e.g. Okta or Microsoft Azure AD) to generate Doorways for Authorised Users.

(d) Once Admins have created Doorways for  Authorised Users, the Admin(s) can update the details of the Authorised Users Doorway at any time (e.g. update a job title).  Admins can grant permission to Authorised Users to control their respective details (i.e. Admins can allow  Authorised Users to update their own job titles or add an additional field for a personal URL).

(e) Admins are able to create a custom domain for their Account via adding a unique prefix to the Doorway domain. Admins can only create a custom domain that has not already been taken by an existing Account. If Admins create a custom domain, Admins can link their custom domain to SSO capabilities, wherein Authorised Users created by a HR integration are able to use SSO to access their Doorway via the custom domain.
“Administrative Units” feature for Enterprise tiers.
Enterprise Accounts have access to the Administrative Units feature, which creates a unique billing plan for the Account. Admins can create Administrative Units (“AU”) to delegate localised management of billing, Authorised User creation, and Doorway designs. Using the AU feature, there will be a tier of ‘Super Admins’ and ‘AU Admins’, each tier with its own respective responsibilities. Super Admins can (i) create Doorway designs across the Account; (ii) create Authorised Users via a .csv or HR integration; and (iii) create AU Admins. The Super Admin can delegate permissions for AU Admins to allow the AU Admin to control their respective AU billing, Doorway design, and to create AU Authorised Users. AU Admins are only able to manage and see the Authorised Users within the respective AU. In the case of localised AU billing, the AU Admin will be able to purchase batches of 300 Authorised Users in accordance with Supplier’s standard rate card in force from time to time.

Supplier is a SaaS provider that allows businesses to provide employees with a digital business card. The service is a web application, hosted in AWS, with a front end that allows users to log in and manage their Account, Authorised Users and Doorway design. This Schedule 1, together with the Term Sheet, provides an overview of each component of the Service.

 

Granting access

Each Authorised User nominated by Client shall receive access to Supplier’s Services, up to the Authorised User Limited as indicated in the Term Sheet.

Supplier shall, on request, provide reasonable assistance to the Client and to the nominated administrators to onboard Authorised Users.

‘Share details back’ feature

All Authorised Users have access to a record of everybody they have met through their Doorway’s “share details back feature”. When An Authorised User has their Doorway scanned, the scanner can click a link that is embedded in the Doorway to “share details back”. Through the link, the scanner enters their name, email, phone number, and other voluntary information around e.g.company and job title. This information is, in turn, sent to the Doorway holder’s registered email address. The Doorway holder will have a record in their account of anybody who has used this feature, and through this record, can see time stamping of when a scanner “shared details back”, as well as all contact details that were shared.

If an Authorised User belongs to an Account (i.e. they are part of a paid service plan), the Account administrator will have access to the record of all scanners who “shared details back” with all Authorised Users registered to that Account, and consequently, the Account administrator will have access to all of the scanners contact information that was shared back.

Scanners who “share details back” are then “connected” to the Authorised User. If the Authorised User updates their information (i.e. changes phone number or job title, but is tied with the same email address used for the Authorised Users’ Doorway account), the person who “shared details back” will receive a notification of the updated information.

A scanner is only “connected” with an Authorised User if the scanner chooses to “Receive detail updates” from the Authorised User when sharing their details via the ‘Share Details Back’ form. If the Scanner chooses to not receive detail updates from the Authorised User then the Scanner’s details are still stored with the Authorised User and their associated Doorway but they will not automatically receive detail updates via email from the Authorised User.

A record of anybody who “shared details back” will be retained in the Client Account.

 

Maintenance and Support

Support for Authorised Users is provided via email, through the [email protected] address. Support is available during Normal Business Hours.

Subject to prior agreement between the parties, Supplier will provide, on request, remote training for Authorised Users during Normal Business Hours.

All upgrades for the existing modules are included free of charge.

 

Back-up, Archiving and Recovery Service

Web traffic is distributed across multiple data centres (AWS availability zones) using an active-active model. Each data centre is isolated from failures in another, using separate physical equipment, generators and cooling.

Similarly, the data in Supplier is stored in a database that is synchronised to and replicated with a separate data centre. At the storage layer, data is replicated to multiple separate servers to prevent the failure of any single hardware component causing data loss or corruption. This provides Supplier with durability and availability in the event of a loss of either database or even the loss of an entire data centre. Loss of a data centre will result in automatic failover to alternate data centres with minimal downtime.

Database backups are taken daily, replicated to multiple data centres and retained for seven days, and point-in-time restores can be performed from database backups as required.

Supplier’s entire infrastructure is defined in code and also held in source control such that should the need arise, new infrastructure can be built on AWS very swiftly using automated scripted deployment processes.

 

SCHEDULE 2 – Data Protection

1. Definitions

1.1 In this Schedule 2 (including the Annexes), the following terms shall have the following meanings:

(a) “Adequate Country” means a country or territory recognised as providing an adequate level of protection for personal data transfers under an adequacy decision or regulations made from time to time by (as applicable) (i) the European Commission under the EU GDPR; or (ii) the UK Secretary of State under UK GDPR;

(b) “Anonymized Data” means personal data that has been processed in such a manner that it can no longer be attributed to an identified or identifiable natural person;

(c) “Applicable Data Protection Law” means all worldwide data protection and privacy laws and regulations applicable to the processing of personal data under the Agreement, including without limitation (where applicable) EU Data Protection Law and UK Data Protection Law;

(d) “CPRA” means the California Privacy Rights Act of 2020 Cal. Civil Code § 1798.100 et seq., as updated, amended or replaced from time to time (and including those sections of the California Consumer Privacy Act not amended by the CPRA).

(e) “controller”, “processor”, “data subject”, “personal data”, “processing” (and “process”) and “special categories of personal data” shall have the meanings given in Applicable Data Protection Law;

(f) “Client Personal Data” means the personal data set out at Annex A processed by the Supplier for the Permitted Purpose;

(g) “EEA” means the European Economic Area;

(h) “EU Data Protection Law” means:

(i) all EU regulations or other legislation applicable (in whole or in part) to the processing of personal data (such as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data  (the “GDPR”));

(ii) the national laws of each EEA member state implementing any EU directive applicable (in whole or in part) to the processing of personal data (such as Directive 2002/58/EC); and

(iii) any  other national laws of each EEA member state applicable (in whole or in part) to the processing of personal data,
as amended or superseded from time to time;

(i) “EU Standard Contractual Clauses” means the European Commission’s implementing decision 2021/914/EU of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to the GDPR and currently available at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX:32021D0914&locale=en;

(j) “Permitted Purpose” means the purposes for which the Supplier processes Client Personal Data under this Agreement as set out at Annex A;

(k) “Personal Information” means personal information (as defined under the CPRA) provided by Client to Supplier (or indirectly by any third party) in respect of which Client is subject to the CPRA.

(l) “UK Standard Contractual Clauses” means the UK International Data Transfer Agreement dated 21 March 2022 issued under s119A(1) of the Data Protection Act 2018 and currently available at https://ico.org.uk/media/for-organisations/documents/4019538/international-data-transfer-agreement.pdf.

(m) “UK Addendum” means the template Addenum B.1.0. dated 21 March 2022 issued under s119A(1) of the Data Protection Act 2018 and currently available at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf.

(n) “UK Data Protection Law” means:

(i) the GDPR as it forms part of UK law by virtue of section 3 of the European Union (Withdrawal) Act 2018 (the “UK GDPR”);

(ii) the Data Protection Act 2018;

(iii) the Privacy and Electronic Communications (EC Directive) Regulations 2003 as they continue to have effect by virtue of section 2 of the European Union (Withdrawal) Act 2018; and

(iv) any other laws in force in the UK from time to time applicable (in whole or in part) to the processing of personal data,
as amended or superseded from time to time.

(o) “US Privacy Law” means the California Consumer Privacy Act of 2018 (“CCPA”) and the CPRA and any other state or federal laws applicable to the processing of personal data relating to US data subjects.

 

Controller and Processor

2. Relationship of the parties

2.1 Client (the controller) appoints the Supplier as a processor to process Client Personal Data for the Permitted Purpose.

2.2 Client acknowledges that as Client (or Authorised Users) use the Services, the Supplier (as controller) may (i) process personal data to manage the relationship with Client (including for accounting and taxation purposes; and (ii) create and derive from processing under the Agreement, Anonymized Data  for the purpose of product improvement and development purposes. Supplier may use and disclose Anonymized Data in any manner it deems useful, provided that any disclosure of Anonymized Data is done in a manner that does not permit the identification of Client or Authorised Users in relation to such Anonymized Data.

2.3 Each party shall comply (and will procure that its personnel, and in the case of Client it’s Authorised Users, comply and use commercially reasonable efforts to procure that its subprocessors comply) with the obligations that apply to it under Applicable Data Protection Law.  As between the parties, Client shall have sole responsibility for the accuracy, quality and legality of personal data and the means by which Client acquired (or acquires) Client Personal Data and will ensure it provides any notices to, and obtains any consents from data subjects where required by

 

Data Protection Laws.

2.4 In the event that the Supplier processes any Client Personal Data to which US Privacy Law applies, the terms of Annex C shall apply in addition in respect of such Client Personal Data.
Supplier processor obligations

 

3. Client Instructions
3.1 Supplier shall only process Client Personal Data (i) in accordance with this Schedule 2; and (ii) Client’s written instructions. If the Supplier becomes aware that any Client instruction infringes Applicable Data Protection Law, it shall promptly inform Client.

3.2 In the unlikely event that applicable law requires Supplier to process Client Personal Data other than pursuant to Client’s instructions, Supplier will notify Client (unless prohibited from so doing by applicable law).

 

4. Security

4.1 The Supplier shall:

4.1.1 implement and maintain appropriate technical and organisational measures to protect Client Personal Data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Client Personal Data (a “Security Incident”).  Such measures shall have regard to the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons and shall include without limitation the security measures set out at https://www.doorway.io/security/; and

4.1.2 where required by Applicable Data Protection Law, provide other such reasonable cooperation and assistance to the Client (at Client’s reasonable cost and expense) with respect to Client’s obligations with respect to the security of processing.

 

5. Confidentiality
5.1 Supplier shall take reasonable steps to ensure that any person that it authorises to process Client Personal Data (including Supplier’s staff, agents and subcontractors) (an “Authorised Person”) shall be subject to a duty of confidentiality (whether a contractual duty or a statutory duty), and shall not permit any person to process Client Personal Data who is not under such a duty of confidentiality.

 

6. International transfers
6.1 The Supplier shall not transfer Client Personal Data (nor permit Client Personal Data to be transferred) outside of the EEA and/or the UK unless it takes such measures as are necessary to ensure the transfer is in compliance with Applicable Data Protection Law. Such measures may include (without limitation) (i) transferring Client Personal Data to a recipient an Adequate Country; (ii) to a recipient that has achieved binding corporate rules authorisation in accordance with Applicable Data Protection Law; or (iii) to a recipient that has executed (a) EU Standard Contractual Clauses, adopted or approved by the European Commission; or (b) for transfers from the UK, UK Standard Contractual Clauses or (c) the UK Addendum to the EU Standard Contractual Clauses approved by the Secretary of State; and as applicable, transferring Client Personal Data subject any reasonably appropriate supplementary safeguards in support of the above.

 

7. Subprocessing
7.1 The Client consents to the Supplier engaging the third party subprocessors listed in Annex B and any other subprocessors the Supplier may instruct to process Client Personal Data for the Permitted Purpose provided that: (i) the Supplier shall update the Client with details of any change in subprocessors; (ii) the Supplier imposes data protection terms on any subprocessor it appoints that require it to protect Client Personal Data to the standard required by Applicable Data Protection Law; and (iii) the Supplier remains liable for any breach of this paragraph 7 that is caused by an act, error or omission of its subprocessor. Client may object to the Supplier’s appointment or replacement of a subprocessor within twenty-one (21) days of receiving the information, provided such objection is based on reasonable grounds relating to data protection. Should Client object, the parties shall work together in good faith to appoint an alternative sub-processor.

 

8. Cooperation and data subjects’ rights
8.1 The Supplier shall provide reasonable assistance to Client (at Client’s expense) to enable Client to respond to any request from a data subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure and data portability, as applicable).

 

9. Data Protection Impact Assessment
9.1 The Supplier shall provide reasonable cooperation to Client (at Client’s expense) in connection with any data protection impact assessment or prior consultation with a regulatory authority that may be required under Applicable Data Protection Law for any data protection impact assessment conducted under this paragraph 9.

 

10. Return and Deletion
10.1 The Supplier shall unless otherwise required to comply with applicable law, delete or return to Client all personal data (including copies thereof) for which Supplier is the processor and that is processed pursuant to this Schedule 2 in accordance with the procedures and timeframes specified at clause 13.7 of the Agreement.

 

11. Security incidents
11.1 If Supplier becomes aware of a confirmed Security Incident, the Supplier shall inform Client without undue delay and shall provide reasonable information and cooperation to Client so that Client can fulfil any data breach reporting obligations it may have under (and in accordance with the timescales required by) Applicable Data Protection Law.

 

12. Audit and records
12.1 Client acknowledges that the Supplier is regularly audited by independent third party auditors. Upon request, the Supplier shall supply a summary copy of its audit report(s) to Client, and /or make available to Client (at Client’s expense) such other information in Supplier’s possession or control as Client may reasonably request with a view to demonstrating Supplier’s compliance with the obligations of processors under Applicable Data Protection Law in relation to its processing of personal data under this Schedule which shall be subject to the confidentiality provisions of this Agreement.

 

13. Other information that we collect
13.1 Client acknowledges that, in using the Services, the Supplier may collect certain information automatically from an Authorised User’s device.  This information may be considered personal data under Applicable Data Protection Law.

13.2 Specifically, the information the Supplier collects automatically may include information like an Authorised User’s IP address, device type, unique device identification numbers, other internal identifiers (integers), browser-type, broad geographic location (e.g. country or city-level location) and other technical information.  The Supplier may also collect information about how an Authorised User’s device has interacted with the Services.

13.3 Client acknowledges that collecting this information enables the Supplier to better understand the users of the Services, where they come from, and what content or functionality in the Services is of interest to them.  The Supplier uses this information for its internal analytics purposes and to improve the quality and relevance of the Services to its users.

 

Annex A

Subject matter of processing
Supplier’s provision of the Services to Client, including the use of Supplier’s Software for the development and maintenance of virtual business cards.

Nature and purpose of processing
The collection, analysis (including improving Supplier’s Software and Services) storage, duplication, deletion and disclosure of Personal Data as necessary to provide the Services, and as may be further instructed by Client in writing or as agreed in the Term Sheet.

Data subjects
The categories of data subject whose personal data that may be processed in order to provide the Services may include the Client’s representatives and Authorised Users.

Categories of personal data
The categories of personal data that may be processed in order to provide the Services includes the first names, surnames, email addresses, telephone number, organisation and position of Client’s representatives and Authorised Users.

Special categories of data (if applicable)
None.

Processing operations
Supplier may process Client Personal Data as necessary to perform the Services including hosting and storage; service change management; issue resolution; IT security purposes including incident management; maintenance and performance of technical support systems and IT infrastructure; and implementation, configuration and performance testing.

Duration of the processing
Supplier will process Client Personal Data for the Term of this Agreement, or until such data is no longer necessary for the purposes of either party performing its obligations under this Agreement (to the extent applicable), unless otherwise agreed between the parties in writing.

 

Annex B – Approved Subprocessors

Name Processing Territory(ies)
Amazon Web Services, Inc. Cloud service provider United States & EU
Heroku, Inc. Clous service provider United States & EU


Salesforce.com, Inc. Cloud service provider United States & EU


SendGrid, Inc. Cloud-based notification services United States


Twilio, Inc. Cloud-based notification services United States


Stripe, Inc. Subscription data and payment information United States & EU


CloudFlare, Inc. Content delivery provider United States


Hubspot, Inc. Client relationship manager United States


Alphabet, Inc. Software service provider United States


Mixpanel UK Limited Software service provider United States & EU


Hotjar Ltd Software service provider United States & EU

 

Annex C – US Privacy Laws

In this Annex C , Business” “Collects” (and “collected” and “collection”), “Consumer”, “Business Purpose”, “Sell” (and “selling”, “sale”, and “sold”) and “Service Provider” are as defined under the CPRA.

1. Scope.  This Annex C applies only where, and to the extent that, Supplier processes Personal Information that is subject to the CPRA on behalf of Client as a Service Provider in the course of providing the Services pursuant to the Agreement.

2. Service provider appointment: Client is a Business and appoints Supplier as its Service Provider to Collect and process the Personal Information for the Business Purpose. Supplier is responsible for its compliance with its obligations under this Annex C and for compliance with its obligations as a Service Provider under the CPRA. Client is responsible for compliance with its own obligations as a Business under the CPRA.

3. Business purpose: Supplier shall only Collect and process Personal Information as a Service Provider upon lawful documented instructions from Client, including those in the Agreement and this Annex C or as otherwise necessary to provide the Services (the “Business Purpose”). Supplier must not process the Personal Information for any purpose other than for the Business Purpose, except where and to the extent permitted by the CPRA.

4. Service provider certification: Supplier shall not: (a) Sell or Share any Personal Information; (b) retain, use, or disclose the Personal Information for any purpose other than for the Business Purpose, including to retain, use, or disclose the Personal Information for a commercial purpose other than providing its Services under the Agreement; (c) retain, use, or disclose the Personal Information outside of the direct business relationship between the Supplier and Client (other than to Supplier’s own service providers); (d) combine Personal Information with any other data if and to the extent this would be inconsistent with the limitations on service providers under the CPRA. Supplier certifies that it understands the restrictions set out in this paragraph 4 and will comply with them.

5. Consumer’s rights: Supplier will, upon Client’s instructions (and at Client’s expense): (a) use reasonable efforts to assist Client in deleting Personal Information in accordance with a Consumer’s request (and shall instruct any service providers it has appointed to do the same) except where and to the extent permitted to retain the Personal Information pursuant to an exemption under the CPRA; and (b) use reasonable efforts to assist Client in responding to verified Consumer requests received by Client to provide information as it relates to the Collection of Personal Information for the Business Purpose.

6. Assistance: Supplier will, upon Client’s instruction and upon proof of such a communication, provide reasonable assistance to Client to enable Client to respond to any correspondence, enquiry or complaint received from a Consumer or the California Attorney General and/or the Californian Privacy Protection Agency in connection with the Collection and processing of the Personal Information.

Learn More

Security & Privacy Pledges

Download Doorway’s Information Security Bundle, including SOC2 report