+353 1 6991690 sales@xiir.com

Xiir Licence and Services Agreement Parties

  1. CLENBA Limited (trading as Xiir) having business address 6–9 Trinity Street, Dublin 2, I Ireland (registration number 608007) (the “Provider“); and
  1. Registered end user (the “Customer“).

Agreement

1.          Definitions

1.1          Except to the extent expressly provided otherwise, in this Agreement:

“Account” means an account enabling a person to access and use the Hoste d Services;

“Agreement” means this agreement including any Schedules, and any amendments to this Agreement from time to time; “Business Day” means any weekday other than a bank or public holiday in Ireland;

“Business Hours” means the hours of 09:00 to 17:00 GMT/BST on a Business Day;

“Charges” means the following amounts:

(a)          the amounts specified in Part 3 of Schedule 1 (Hosted Services particulars);

(b)          such other amounts as may be agreed in writing by the parties from time to time;

“Customer Confidential Information” means:

(a)          any information disclosed by or on behalf of the Customer to the Provider during the Term / at any time before the termination of this Agreement (whether disclosed in writing, orally or otherwise) that at the time of disclosure:

               (i)           was marked as “confidential”; or

               (ii)           should have been reasonably understood by the Provider to be confidential; and

(b)          the Customer Data.

“Customer Data” means all data, works and materials: uploaded to or stored on the Platform by the Customer; transmitted by the Platform at the instigation of the Customer; supplied by the Customer to the Provider for uploading to, transmission by or storage on the Platform; or generated by the Platform as a result of the use of the Hosted Services by the Customer;

“Data Protection Legislation” means the Irish Data Protection Acts 1988 and 2003 and the Data Protection Act 1998 in the UK (as both may be amended from time to time) and the General Data Protection Regulation (EU 2016/679) in the Republic of Ireland and the UK as applicable

“Documentation” means the documentation and/or instructions for the use of the Hosted Services produced by the Provider and delivered or made available by the Provider to the Customer;

“Force Majeure Event” means an event, or a series of related events, that is outside the reasonable control of the party affected (including failures of the internet or any public telecommunications network, hacker attacks, denial of service attacks, virus or other malicious software attacks or infections, power failures, industrial disputes affecting any third party, changes to the law, disasters, explosions, fires, floods, riots, terrorist attacks and wars);

“Hosted Services” means the SeniorManagers website or the Xiir web portal, as specified on SeniorManagers or Xiir.com or other SeniorManagers or Xiir URLs, which will be made available by the Provider to the Customer as a service via the internet in accordance with this Agreement;

“Hosted Services Defect” means a defect, error or bug in the Platform having an adverse effect on the appearance, operation, functionality or performance of the Hosted Services, but excluding any defect, error or bug caused by or arising as a result of:

(a)          any act or omission of the Customer;

(b)          any use of the Platform or Hosted Services contrary to the Documentation, whether by the Customer or by any person authorised by the Customer;

(c)           a failure of the Customer to perform or observe any of its obligations in this Agreement; and/or

(d)          an incompatibility between the Platform or Hosted Services and any other system, network, application, program, hardware or software not specified as compatible in the Hosted Services Specification;

“Hosted Services Specification” means the specification for the Platform and Hosted Services set out in Part 1 of Schedule 1 (Hosted Services particulars) and in the Documentation;

“Intellectual Property Rights” means all intellectual property rights wherever in the world, whether registrable or unregistrable, registered or unregistered, including any application or right of application for such rights (and these “intellectual property rights” include copyright and related rights, database rights, confidential information, trade secrets, know-how, business names, trade names, trade marks, service marks, passing off rights, unfair competition rights, patents, petty patents, utility models, semi-conductor topography rights and rights in designs);

“Maintenance Services” means the general maintenance of the Platform and Hosted Services, and the application of Updates and Upgrades;

“Permitted Purpose” means the use of SeniorManagers or Xiir as a support tool for data protection related queries, knowledge base, and online training;

“Personal Data” as referred to under the Data Protection Legislation;

“Platform” means the platform managed by the Provider and used by the Provider to provide the Hosted Services, including [the application and database software for the Hosted Services, the system and server software used to provide the Hosted Services, and the computer hardware on which that application, database, system and server software is installed;

“Services” means any services that the Provider provides to the Customer, or has an obligation to provide to the Customer, under this Agreement;

“Support Services” means support in relation to the use of, and the identification and resolution of errors in, the Hosted Services, but shall not include the provision of training services;

“Supported Web Browser” means the current release from time to time of Microsoft Internet Explorer, Mozilla Firefox, Google Chrome or Apple Safari, or any other web browser that the Provider agrees in writing shall be supported;

“Term” means the term of this Agreement, commencing in accordance with Clause 3.1 and ending in accordance with Clause 3.2; “Update” means a hotfix, patch or minor version update to any Platform software; and

“Upgrade” means a major version upgrade of any Platform software.

“Data Controller” The Data Controller is a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed;

“Data Processor” The Data Processor is any person (other than an employee of the Data Controller) who processes data on behalf of the Data Controller.

“Data Subject” means an individual who is the subject of Personal Data;

2.             Credit

2.1          This document was created using a template from SEQ Legal (http://www.seqlegal.com) and amended by Xiir.

3.            Term

3.1          This Agreement shall come into force upon first using the Platform.

3.2          This Agreement shall continue in force indefinitely, subject to termination in accordance with Clause 18.

4.            Hosted Services

4.1          The Provider shall ensure that the Platform will automatically generate an Account for the Customer and provide to the Customer login details for that Account.

4.2          The Provider hereby grants to the Customer a worldwide, non-exclusive licence to use the Hosted Services for the internal business purposes of the Customer during the Term.

4.3          The Hosted Services may only be used by the named users identified in Schedule 1 (Hosted Services particulars), providing that the Customer may change, add or remove a designated named user in accordance with the procedure set out therein;

4.4          Except to the extent expressly permitted in this Agreement or required by law on a non-excludable basis, the licence granted by the Provider to the Customer under Clause 4.2 is subject to the following prohibitions:

(a)          the Customer must not sub-license its right to access and use the Hosted Services;

(b)          the Customer must not permit any unauthorised person to access or use the Hosted Services;

(c)           the Customer must not use the Hosted Services to provide services to third parties;

(d)          the Customer must not republish or redistribute any content or material from the Hosted Services other than to individuals within its own organisation; and

(e)          the Customer must not make any alteration to the Platform, except as permitted by the Documentation.

4.5          The Customer shall use reasonable endeavours, including regular monitoring of usage and reasonable security measures relating to Account access details, to ensure that no unauthorised person may gain access to the Hosted Services using an Account.

4.6          The Provider shall use reasonable endeavours to maintain the availability of the Hosted Services to the Customer at the gateway between the public internet and the network of the hosting services provider for the Hosted Services, but does not guarantee 100% availability.

4.7          For the avoidance of doubt, downtime caused directly or indirectly by any of the following shall not be considered a breach of this Agreement:

(a)          a Force Majeure Event;

(b)          a fault or failure of the internet or any public telecommunications network;

(c)           a fault or failure of the Customer’s computer systems or networks;

(d)          any breach by the Customer of this Agreement; or

(e)          scheduled maintenance carried out in accordance with this Agreement.

4.8          The Customer must comply with Schedule 2 (Acceptable Use Policy), and must ensure that all persons using the Hosted Services with the authority of the Customer or by means of an Account comply with Schedule 2 (Acceptable Use Policy).

4.9          The Customer must not use the Hosted Services in any way that causes, or may cause, damage to the Hosted Services or Platform or impairment of the availability or accessibility of the Hosted Services.

4.10        The Customer must not use the Hosted Services:

(a)          in any way that is unlawful, illegal, fraudulent or harmful; or

(b)          in connection with any unlawful, illegal, fraudulent or harmful purpose or activity.

4.11        For the avoidance of doubt, the Customer has no right to access the software code (including object code, intermediate code and source code) of the Platform, either during or after the Term.

4.12        The Provider may suspend the provision of the Hosted Services if any amount due to be paid by the Customer to the Provider under this Agreement is overdue, and the Provider has given to the Customer at least 30 days’ written notice, following the amount becoming overdue, of its intention to suspend the Hosted Services on this basis.

5.            Maintenance Services

5.1          The Provider shall provide the Maintenance Services to the Customer during the Term.

5.2          The Provider shall where practicable give to the Customer at least 10 Business Days’ prior written notice of scheduled Maintenance Services that are likely to affect the availability of the Hosted Services or are likely to have a material negative impact upon the Hosted Services, without prejudice to the Provider’s other notice obligations under this main body of this Agreement.

6.            Support Services

6.1          The Provider shall provide the Support Services to the Customer during the Term.

6.2          The Provider shall make available to the Customer contact details in accordance with the provisions of this main body of this Agreement.

7.            Customer Data

7.1          The Customer hereby grants to the Provider a non-exclusive licence to copy, reproduce, store, distribute, publish, export, adapt, edit and translate the Customer Data to the extent reasonably required for the performance of the Provider’s obligations and the exercise of the Provider’s rights under this Agreement, together with the right to sub-license these rights to its hosting, connectivity and telecommunications service providers to the extent reasonably required for the performance of the Provider’s obligations and the exercise of the Provider’s rights under the Agreement.

7.2          The Customer warrants to the Provider that the Customer Data / the use of the Customer Data by the Provider in accordance with this Agreement will not:

(a)          breach the provisions of any law, statute or regulation;

(b)          infringe the Intellectual Property Rights or other legal rights of any person; or

(c)           give rise to any cause of action against the Provider, in each case in any jurisdiction and under any applicable law.

7.3          The Provider shall create a back-up copy of the Customer Data at least daily, shall ensure that each such copy is sufficient to enable the Provider to restore the Hosted Services to the state they were in at the time the back-up was taken, and shall retain and securely store each such copy for a minimum period of 30 days.

8.            No assignment of Intellectual Property Rights

8.1          Nothing in this Agreement shall operate to assign or transfer any Intellectual Property Rights from the Provider to the Customer, or from the Customer to the Provider.

9.          Charges

9.1          The Customer shall pay the Charges to the Provider in accordance with this Agreement.

9.2          All amounts stated in or in relation to this Agreement are, unless the context requires otherwise, stated exclusive of any applicable value added taxes, which will be added to those amounts and payable by the Customer to the Provider.

9.3          The Provider may elect to vary any element of the Charges by giving to the Customer not less than 30 days’ written notice of the variation.

10.          Payments

10.1        The Provider may issue invoices for the Charges to the Customer in advance of the period to which they relate from time to time during the Term.

11.2        The Customer must pay the Charges to the Provider within the period of 30 days following the issue of an invoice in accordance with this Clause 10.

11.3        The Customer must pay the Charges by debit card, credit card, direct debit, bank transfer or cheque (using such payment details as are notified by the Provider to the Customer from time to time).

11.4        If the Customer does not pay any amount properly due to the Provider under this Agreement, the Provider may charge the Customer interest on the overdue amount at the rate of 8% per annum above the European Central Bank base rate from time to time (which interest will accrue daily until the date of actual payment and be compounded at the end of each calendar month);

12.          Provider’s confidentiality obligations

12.1        The Provider must:

(a)          keep the Customer Confidential Information strictly confidential;

(b)          not disclose the Customer Confidential Information to any person without the Customer’s prior written consent, and then only under conditions of confidentiality approved in writing by the Customer / no less onerous than those contained in this Agreement;

(c)           use the same degree of care to protect the confidentiality of the Customer Confidential Information as the Provider uses to protect the Provider’s own confidential information of a similar nature, being at least a reasonable degree of care;

(d)          act in good faith at all times in relation to the Customer Confidential Information; and

(e)          not use any of the Customer Confidential Information for any purpose other than the Permitted Purpose.

12.2        Notwithstanding Clause 12.1, the Provider may disclose the Customer Confidential Information to the Provider’s officers, employees, professional advisers, insurers, agents and subcontractors who have a need to access the Customer Confidential Information for the performance of their work with respect to the Permitted Purpose and who are bound by a written agreement or professional obligation to protect the confidentiality of the Customer Confidential Information.

12.3        This Clause 12 imposes no obligations upon the Provider with respect to Customer Confidential Information that:

(a)          is known to the Provider before disclosure under this Agreement and is not subject to any other obligation of confidentiality; or

(b)          is or becomes publicly known through no act or default of the Provider.

12.4        The restrictions in this Clause 12 do not apply to the extent that any Customer Confidential Information is required to be disclosed by any law or regulation, by any judicial or governmental order or request, or pursuant to disclosure requirements relating to the listing of the stock of the Provider on any recognised stock exchange.

12.5        The provisions of this Clause 12 shall continue in force indefinitely following the termination of this Agreement

13.          Data protection

13.1        The Customer shall be the Data Controller” and hereby warrants to the Provider (who shall be the Data Processor, that it has the legal right to disclose all Personal Data and Customer Confidential Information that discloses to the Provider under or in connection with this Agreement, and that the processing of that Personal Data by the Provider for the Permitted Purpose in accordance with this Agreement will not breach any applicable Data Protection Legislation.

13.2        The Data Controller shall provide the Personal Data to the Data Processor together with such other information as the Data Processor may reasonably require in order for the Data Processor to provide the Services.

13.3        The instructions given by the Data Controller to the Data Processor in respect of the Personal Data shall at all times be in accordance with the applicable Data Protection Legislation.

13.4        The Data Processor will process the Personal Data in compliance with applicable Data Protection Legislation.

13.5        The Data Processor undertakes that it shall process the Personal Data strictly in accordance with the Data Controller’s instructions for the processing of that personal data.

13.6        The Data Processor will process the Personal Data for the following purposes

  • To provide tools for the Data Controller to upload and manage employee/contractors data to Xiir
  • To send out emails to staff/contractors on behalf of the Data Controller for the purposes of completing an online training module and for viewing policies/scripts/guidelines/documentation to the employee/contractor.
  • To process information contained within the ‘Chat’ functionality in Xiir.
  • To maintain subscribers details.

13.7        The Data Processor will treat the Personal Data, and any other information provided by the Data Controller as confidential, and will ensure that access to the Personal Data is limited to only those employees who require access to it for the purpose of the Data Processor carrying out the permitted processing and complying with its obligations under this Agreement.

13.8        The Data Processor will ensure that only such of its employees who may be required by it to assist it in meeting its obligations under the Agreement shall have access to the Personal Data. The Data Processor will ensure that all such employees have undergone training in the law of data protection, their duty of confidentiality under contract and in the care and handling of the Personal Data.

13.9        The Data Processor agrees to assist the Data Controller promptly with all subject access requests which may be received from Data Subjects to whom the Personal Data refers.

13.10     The Data Processor will NOT transfer the Personal data to a destination outside the European Economic Area (EEA), other than at the specific written request of the Data Controller, unless the transfer is required by law.

13.11     The Data Processor will not sub-contract any of the processing without the informed knowledge of the Data Controller.

13.12     The Data Processor will employ industry appropriate operational and technological processes and procedures regarding unauthorized use or access, loss, destruction, theft or disclosure of Personal Data.

13.13     The Data Processor will notify the Data Controller of any information security incident that may impact the processing of the personal data covered by this agreement within one working day of discovering, or becoming aware of any such incident. The Data Processor will co-operate with the Data Controller in implementing any required corrective action agreed between the parties.

13.14     The Data Controller reserves the right at their cost and upon giving reasonable notice (which shall be no less than 5 working days) and within normal business hours to carry out compliance and information security audits of the Data Processor, in order to satisfy itself that the Data Processor is adhering to the terms of this agreement.

14.          Warranties

14.1        The Provider warrants to the Customer that:

(a)          the Provider has the legal right and authority to enter into this Agreement and to perform its obligations under this Agreement;

(b)          the Provider will comply with all applicable legal and regulatory requirements applying to the exercise of the Provider’s rights and the fulfilment of the Provider’s obligations under this Agreement; and

(c)           the Provider has or has access to all necessary know-how, expertise and experience to perform its obligations under this Agreement.

14.2        The Provider warrants to the Customer that it will use all reasonable commercial endeavours to ensure that:

(a)          the Platform and Hosted Services will conform in all respects with the Hosted Services Specification;

(b)          the Hosted Services will be free from Hosted Services Defects;

(c)           the application of Updates and Upgrades to the Platform by the Provider will not introduce any Hosted Services Defects into the Hosted Services;

(d)          the Platform will be free from viruses, worms, Trojan horses, ransomware, spyware, adware and other malicious software programs; and

(e)          the Platform will incorporate security features reflecting the requirements of good industry practice.

14.3        The Provider warrants to the Customer that the Hosted Services, when used by the Customer in accordance with this Agreement, will not knowingly infringe the Intellectual Property Rights of any person in any jurisdiction and under any applicable law.

14.4        If the Provider reasonably determines, or any third party alleges, that the use of the Hosted Services by the Customer in accordance with this Agreement infringes any person’s Intellectual Property Rights, the Provider may at its own cost and expense:

(a)          modify the Hosted Services in such a way that they no longer infringe the relevant Intellectual Property Rights; or

(b)          procure for the Customer the right to use the Hosted Services in accordance with this Agreement.

14.6        The Customer warrants to the Provider that it has the legal right and authority to enter into this Agreement and to perform its obligations under the Agreement and that it will not breach any laws, statutes or regulations applicable to it under this Agreement.

14.7        All of the parties’ warranties and representations in respect of the subject matter of this Agreement are expressly set out in this Agreement. To the maximum extent permitted by applicable law, no other warranties or representations concerning the subject matter of this Agreement will be implied into the Agreement or any related contract.

15.           Acknowledgements and warranty limitations

15.1        The Customer acknowledges that complex software is never wholly free from defects, errors and bugs; and subject to the other provisions of this Agreement, the Provider gives no warranty or representation that the Hosted Services will be wholly free from defects, errors and bugs.

15.2        The Customer acknowledges that complex software is never entirely free from security vulnerabilities; and subject to the other provisions of this Agreement, the Provider gives no warranty or representation that the Hosted Services will be entirely secure.

15.3        The Customer acknowledges that the Hosted Services are designed to be compatible only with that software and those systems specified as compatible in the Hosted Services Specification; and the Provider does not warrant or represent that the Hosted Services will be compatible with any other software or systems.

15.4        The Customer acknowledges that the Provider will not provide any legal, financial, accountancy or taxation advice under this Agreement or in relation to the Hosted Services; and, except to the extent expressly provided otherwise in this Agreement, the Provider does not warrant or represent that the Hosted Services or the use of the Hosted Services by the Customer will not give rise to any legal liability on the part of the Customer or any other person.

16.          Limitations and exclusions of liability

16.1        Nothing in this Agreement will:

(a)          limit or exclude any liability for death or personal injury resulting from negligence;

(b)          limit or exclude any liability for fraud or fraudulent misrepresentation;

(c)           limit any liabilities in any way that is not permitted under applicable law; or

(d)          exclude any liabilities that may not be excluded under applicable law.

16.2        The limitations and exclusions of liability set out in this Clause 16 and elsewhere in this Agreement:

(a)          are subject to Clause 16.1; and

(b)          govern all liabilities arising under the Agreement or relating to the subject matter of the Agreement, including liabilities arising in contract, in tort (including negligence) and for breach of statutory duty, except to the extent expressly provided otherwise in the Agreement.

16.3        The Provider shall not be liable to the Customer in respect of any losses arising out of a Force Majeure Event.

16.4        The Provider shall not be liable to the Customer in respect of any loss of profits or anticipated savings.

16.5        The Provider shall not be liable to the Customer in respect of any loss of revenue or income.

16.6        The Provider shall not be liable to the Customer / The Customer shall not be liable to the Provider] in respect of any loss of use or production.

16.7        Neither party shall be liable to the other party in respect of any loss of business, contracts or opportunities.

16.8        The Provider shall not be liable to the Customer in respect of any loss or corruption of any data, database or software.

16.9        The Provider shall not be liable to the Customer in respect of any special, indirect or consequential loss or damage.

16.10     The liability of the Provider to the Customer under this Agreement in respect of any event or series of related events shall not exceed the greater of:

(a)          €3,500 ex VAT; and

(b)          the total amount paid and payable by the Customer to the Provider under the Agreement in the 12 month period preceding the commencement of the event or events.

17.         Force Majeure Event

17.1        If a Force Majeure Event gives rise to a failure or delay in either party performing any obligation under this Agreement (other than any obligation to make a payment), that obligation will be suspended for the duration of the Force Majeure Event.

17.2        A party that becomes aware of a Force Majeure Event which gives rise to, or which is likely to give rise to, any failure or delay in that party performing any obligation under this Agreement, must:

(a)          promptly notify the other; and

(b)          inform the other of the period for which it is estimated that such failure or delay will continue.

17.3        A party whose performance of its obligations under this Agreement is affected by a Force Majeure Event must take reasonable steps to mitigate the effects of the Force Majeure Event.

 18.         Term and Termination

18.1        Either party may terminate this Agreement by giving to the other party at least 30 days’ written notice of termination following the initial 11 months of this Agreement, and, thereafter on 60 days’ notice prior to the expiry of the next 12 month term thereafter or as otherwise may be agreed between the parties in writing.

18.2        Either party may terminate this Agreement immediately by giving written notice of termination to the other party if the other party commits a material breach of this Agreement.

18.3        Either party may terminate this Agreement immediately by giving written notice of termination to the other party if:

(a)          the other party:

               (i)            is dissolved;

              (ii)           ceases to conduct all (or substantially all) of its business;

              (iii)          is or becomes unable to pay its debts as they fall due;

              (iv)         is or becomes insolvent or is declared insolvent; or

              (v)          convenes a meeting or makes or proposes to make any arrangement or composition with its creditors;

(b)          an administrator, administrative receiver, liquidator, receiver, trustee, manager or similar is appointed over any of the assets of the other party;

(c)           an order is made for the winding up of the other party, or the other party passes a resolution for its winding up (other than for the purpose of a solvent company reorganisation where the resulting entity will assume all the obligations of the other party under the Agreement);

(d)          if that other party is an individual:

              (i)            that other party dies;

              (ii)           as a result of illness or incapacity, that other party becomes incapable of managing his or her own affairs; or

              (iii)          that other party is the subject of a bankruptcy petition or order.

19.        Effects of termination

19.1        Upon the termination of this Agreement, all of the provisions of this Agreement shall cease to have effect, save that the following provisions of this Agreement shall survive and continue to have effect (in accordance with their express terms or otherwise indefinitely): Clauses 1, 4.11, 8, 11.2, 11.4, 12, 16, 19, 22 and 23.

19.2        The termination of this Agreement shall not affect the accrued rights of either party.

19.3        Within 30 days following the termination of this Agreement for any reason the Customer must pay to the Provider any Charges in respect of Services provided to the Customer before the termination of the Agreement and without prejudice to the parties’ other legal rights.

 20.         Notices

20.1        Any notice from one party to the other party under this Agreement must be given by one of the following methods (using the relevant contact details set out in Clause 20.2 and Part 4 of Schedule 1 (Hosted Services particulars)):

(a)          delivered personally or sent by courier, in which case the notice shall be deemed to be received upon delivery;

(b)          sent by recorded signed-for post, in which case the notice shall be deemed to be received 2 Business Days following posting; or

(c)           by email via an authorised person on behalf of the Customer/The Provider to a designated contact.

providing that if the stated time of deemed receipt is not within Business Hours, then the time of deemed receipt shall be when Business Hours next begin after the stated time.

20.2        The Provider’s contact details for notices under this Clause 20 are as follows: sales@xiir.com or Sales Department, Xiir,

Regional Development Centre, Dundalk Institute of Technology, Dublin Road, Dundalk, Co. Louth, Ireland.

20.3        The addressee and contact details set out in Clause 20.2 and Part 4 of Schedule 1 (Hosted Services particulars) may be updated from time to time by a party giving written notice of the update to the other party in accordance with this Clause 20.

21.           Subcontracting

21.1        The Provider must not subcontract any of its obligations under this Agreement without the prior written consent of the Customer, providing that the Customer must not unreasonably withhold or delay the giving of such consent.

21.2        The Provider shall remain responsible to the Customer for the performance of any subcontracted obligations.

21.3        Notwithstanding any other provision of this Agreement, the Customer acknowledges and agrees that the Provider may subcontract to any reputable third party hosting business the hosting of the Platform and the provision of services in relation to the support and maintenance of elements of the Platform.

22.         General

22.1        No breach of any provision of this Agreement shall be waived except with the express written consent of the party not in breach.

22.2        If any provision of this Agreement is determined by any court or other competent authority to be unlawful and/or unenforceable, the other provisions of the Agreement will continue in effect. If any unlawful and/or unenforceable provision would be lawful or enforceable if part of it were deleted, that part will be deemed to be deleted, and the rest of the provision will continue in effect (unless that would contradict the clear intention of the parties, in which case the entirety of the relevant provision will be deemed to be deleted).

22.3        This Agreement may not be varied except by a written document signed by or on behalf of each of the parties.

22.4        Neither party may without the prior written consent of the other party assign, transfer, charge, license or otherwise deal in or dispose of any contractual rights or obligations under this Agreement.

22.5        This Agreement is made for the benefit of the parties, and is not intended to benefit any third party or be enforceable by any third party. The rights of the parties to terminate, rescind, or agree any amendment, waiver, variation or settlement under or relating to this Agreement are not subject to the consent of any third party.

22.6        Subject to Clause 16.1, this Agreement shall constitute the entire agreement between the parties in relation to the subject matter of this Agreement, and shall supersede all previous agreements, arrangements and understandings between the parties in respect of that subject matter.

22.7        This Agreement shall be governed by and construed in accordance with Irish law.

22.8        The courts of Ireland shall have exclusive jurisdiction to adjudicate any dispute arising under or in connection with this Agreement.

23.          Interpretation

23.1        In this Agreement, a reference to a statute or statutory provision includes a reference to:

(a)          that statute or statutory provision as modified, consolidated and/or re-enacted from time to time; and

(b)          any subordinate legislation made under that statute or statutory provision.

23.2        The Clause headings do not affect the interpretation of this Agreement.

23.3        In this Agreement, general words shall not be given a restrictive interpretation by reason of being preceded or followed by words indicating a particular class of acts, matters or things.

Execution

By using the Platform both parties accept this Agreement.

Schedule 1 (Hosted Services particulars)

1.            Specification of Hosted Services

Access to the following services through Xiir

  • Online data protection support
  • Online training functionality
  • Online knowledge base including documents and templates
2.            Financial provisions

Charges monthly in accordance with package purchased.

Schedule 2 (Acceptable Use Policy)
1.            Introduction

1.1          This acceptable use policy (the “Policy”) sets out the rules governing:

(a)          the use of SeniorMangers.com and Xiir.com any successor website, and the services available on that website or any successor website] (the “Services”); and

(b)          the transmission, storage and processing of content by you, or by any person on your behalf, using the Services (“Content”).

1.2          References in this Policy to “you” are to any customer for the Services and any individual user of the Services (and “your” should be construed accordingly); and references in this Policy to “us” are to SeniorMangers and Xiir (and “we” and “our” should be construed accordingly).

1.3          By using the Services, you agree to the rules set out in this Policy.

1.4          You must be at least 18 years of age to use the Services; and by using the Services or by agreeing to this Policy, you warrant and represent to us that you are at least 18 years of age.

2.            General usage rules

2.1          You must not use the Services in any way that causes, or may cause, damage to the Services or impairment of the availability or accessibility of the Services.

2.2          You must not use the Services:

(a)          in any way that is unlawful, illegal, fraudulent or harmful; or

(b)          in connection with any unlawful, illegal, fraudulent or harmful purpose or activity.

2.3          You must ensure that all Content complies with the provisions of this Policy.

3.            Unlawful Content

3.1          Content must not be illegal or unlawful, must not infringe any person’s legal rights, and must not be capable of giving rise to legal action against any person (in each case in any jurisdiction and under any applicable law).

3.2          Content, and the use of Content by us in any manner licensed or otherwise authorised by you, must not:

(a)          be libellous or maliciously false;

(b)          be obscene or indecent;

(c)           infringe any copyright, moral right, database right, trade mark right, design right, right in passing off, or other intellectual property right;

(d)          infringe any right of confidence, right of privacy or right under data protection legislation;

(e)          constitute negligent advice or contain any negligent statement;

(f)           constitute an incitement to commit a crime, instructions for the commission of a crime or the promotion of criminal activity;

(g)          be in contempt of any court, or in breach of any court order;

(h)          constitute a breach of racial or religious hatred or discrimination legislation;

(i)            be blasphemous;

(j)           constitute a breach of official secrets legislation; or

(k)          constitute a breach of any contractual obligation owed to any person.

3.3          You must ensure that Content is not and has never been the subject of any threatened or actual legal proceedings or other similar complaint.

4.            Graphic material

4.1          Content must be appropriate for all persons who have access to or are likely to access the Content in question.

4.2          Content must not depict violence in an explicit, graphic or gratuitous manner.

4.3          Content must not be pornographic or sexually explicit.

5.            Factual accuracy

5.1          Content must not be untrue, false, inaccurate or misleading.

5.2          Statements of fact contained in Content and relating to persons (legal or natural) must be true; and statements of opinion contained in Content and relating to persons (legal or natural) must be reasonable, be honestly held and indicate the basis of the opinion.

6.             Negligent advice

6.1          Content must not consist of or contain any advice, instructions or other information that may be acted upon and could, if acted upon, cause death, illness or personal injury, damage to property, or any other loss or damage.

7.             Etiquette

7.1          Content must be appropriate, civil and tasteful, and accord with generally accepted standards of etiquette and behaviour on the internet.

7.2          Content must not be offensive, deceptive, threatening, abusive, harassing, menacing, hateful, discriminatory or inflammatory.

7.3          Content must not be liable to cause annoyance, inconvenience or needless anxiety.

7.4          You must not use the Services to send any hostile communication or any communication intended to insult, including such communications directed at a particular person or group of people.

7.5          You must not use the Services for the purpose of deliberately upsetting or offending others.

7.6          You must not unnecessarily flood the Services with material relating to a particular subject or subject area, whether alone or in conjunction with others.

7.7          You must ensure that Content does not duplicate other content available through the Services.

7.8          You must ensure that Content is appropriately categorised.

7.9          You should use appropriate and informative titles for all Content.

7.10        You must at all times be courteous and polite to other users of the Services.

8.            Monitoring

8.1          You acknowledge that we may actively monitor the Content and the use of the Services.

9.            Data mining

9.1          You must not conduct any systematic or automated data scraping, data mining, data extraction or data harvesting, or other systematic or automated data collection activity, by means of or in relation to the Services.

10.          Hyperlinks

10.1        You must not link to any material using or by means of the Services that would, if it were made available through the Services, breach the provisions of this Policy.

11.           Harmful software

11.1        The Content must not contain or consist of, and you must not promote or distribute by means of the Services, any viruses, wor ms, spyware, adware or other harmful or malicious software, programs, routines, applications or technologies.

11.2        The Content must not contain or consist of, and you must not promote or distribute by means of the Services, any software, programs, routines, applications or technologies that will or may have a material negative effect upon the performance of a computer or introduce material security risks to a computer.

Schedule 3- (Service Level Agreement)

1. Introduction

The purpose of the Service Level Agreement (SLA) is to provide clarifications on the appropriate integrity, availability and responsiveness of the Xiir system within the following KPIs. Any failures to address KPIs over a three month time period may be flagged to the Xiir Account Manager, assigned, for escalation with senior management in Xiir, for immediate resolution. Save for security issues which will be dealt with on an immediate basis and in line with Data Breach Notification policies of the Data Controller (the Client):

Performance indicators  Area of performance  Measure  Performance target
1.1 Response Time System Efficiency

We will provide, a target response time from Xiir. This will be a reasonable value, determined from the capabilities which are under direct control, such as application performance, hardware capability, and database efficiency.

An average server response time of 250ms.

 Performance indicators

Area of performance

 Measure

 Performance target

1.2 Uptime

System Availability

Xiir will ensure availability of the system based on Microsoft’s Azure availability commitment and will put in place actions to resolve any uptime issues. We will provide support Mon- Friday from 9AM to 17.30PM GMT. Issues can be logged on our Online Support Ticket in Xiir.

Any issues relating to System Availability will be treated as Critical, as defined above and will be resolved within 1 hour of the issue being logged.

Xiir’ maintenance windows will be between 6PM and 11PM during work weeks. Some loss of access may occur, but a public announcement will be made up to 5 days prior to a scheduled release, and no less than 6 hours for any emergency releases

Xiir will provide a 99.5% availability of the system.

 Performance indicators

 Area of performance

 Measure

 Performance target

1.4 Patching

System Availability

Xiir will apply system and application patches to the Xiir infrastructure once a month on the first Saturday at 9AM. We may require rebooting of the production environment during this time period. All patches will be deployed and tested on our staging environment first to identify compatibility with the live environment before commencement of deployment.

No more than three manual reboots of the production environment for the deployment of system patches, all on the first Saturday in each month, per quarter.

 Performance indicators

 Area of performance

 Measure

 Performance target

1.5 Infrastructure Support

Quality Assurance

Infrastructure issues will be resolved based on a process of identification, validation and then resolution. Based on the nature of the issue reported Xiir will:

·         Validate the existence of the issue through internal testing;

·         Agree within internal governance processes, as to the severity of the issue;

·         Put in place a work-around if possible;

·         Based on the severity we will agree to resolve the issue within an agreed timeframe;

The definition of support request priorities is as follows:

Critical– System down and non-responsive;

High– System non-functional. No work around possible;

Medium– An issue is preventing complete access to the service. A workaround is possible;

Low– An issue that is not preventing the availability of the service and a workaround is possible;

Xiir will provide the following response and resolution targets for issue fixing:

Response Targets:

·         Critical– 1 hour;

·         High– 2-3 hours;

·         Medium– 1 Working Day;

·         Low– 3 Working Days;

 Resolution Targets:

·         Critical– 1 Working Day;

·         High– 2 Working Days;

·         Medium– 5 Working Days;

·         Low– 15 Working Days;

 Performance indicators

 Area of performance

 Measure

 Performance target

1.6 Monitoring

System Efficiency

Xiir will monitor the performance of the Xiir infrastructure in real time, 24/7/365. We will monitor CPU usage, RAM Usage, HDD capacity & performance and system response times.

We will action as appropriate if CPU usage goes over 90% for more than three hours, RAM usage goes over 95% for more than two hours and HDD capacity is over 70%. Long term patterns will be managed in consultation with experts  for the deployment of added resources.

We will action system response times as discussed in Response Time, above.

We will maintain an average CPU usage below 90% on a monthly measurement cycle.

We will maintain an average memory usage of below 95% on a monthly measurement cycle.

We will maintain an average HDD capacity below 70% on a monthly measurement cycle.

 Performance indicators

 Area of performance

 Measure

 Performance target

1.7 Backups & Redundancy

System Availability

Xiir will perform regular backups of both the database and all necessary application folders across the Xiir Infrastructure system as well as appropriate periodic testing.

Backups will be encrypted utilizing 256bit encryption to a remote secure environment in a separate datacenter.

Interim database backups (Incremental &/or Transaction log) will be automatically executed every two hours.

Full database backups will be automatically executed nightly.

Full application backups will be manually executed after the successful deployment of a new version or release.

Full redundancy is built into the infrastructure and is covered by Uptime, above.

Transaction Log backups every two hours.

Full database backup each night.

Secure and encrypted transfer to a remote location.

Full backups of the application folders and unstructured data folders each night.

 Performance indicators

 Area of performance

 Measure

 Performance target

1.8 Recovery

System Availability

Full redundancy is built into the System layer and there will be minimum loss of service. If the System fails a replacement will be put in situ within 3 working hours, depending on the nature of the fault. Full consultation with clients will take place during this time.

All data and applications will be restored utilizing the backup services in place with Amazon AWS services and within the timelines specified above with regards to a system failure.

Target availability is 99.5% Full restore within 3 hours.

 Performance indicators

 Area of performance

Measure

 Performance target

2.1

Infrastructure/Appli cation/Database Security

Security

Xiir will put in place all required best practice to ensure the infrastructure, application and database is secure. We will provide an agreed suite of tests to verify on a monthly basis and will hire a third party to conduct tests once a year.

We will audit:

·         Buffer overflow, cross-site scripting, SQL injection.

·         Network eaves-dropping, Brute force attack, dictionary attacks, cookie replay, credential theft.

·         Elevation of privilege, disclosure of confidential data, data tampering, luring attacks,

·         Unauthorized access, over-privileged service and process accounts.

·         Session hi-jacking, session replay.

·         Poor key generation, weak or custom encryption.

·         Query string manipulation, form field manipulation, cookie manipulation.

·         Denial of Service.

Maintain a 24/7/365 Security Centre to audit and alert on any threats to the infrastructure, application or database.

Performance indicators

 Area of performance

Measure

Performance target

2.2 Office Security

Security

Xiir will put in place required security practices for its internal staff and office facilities as well as IT assets, to ensure no compromising of Xiir information is allowed.

Access control will include:

·         CCTV

·         Visitors policy

·         Mobile devices (to include full security encryption and entry/password controls on laptops etc)

·         Controlled paper environment

·         Shredding facilities

·         Storage

·         Security signs & notices

No specific action

 

 

You will be contacted shortly

There was an error while trying to send your request. Please try again.

We will use the information you provide for the purpose of arranging a demo.